From 2be65f606928f0fa9e99f2a237c7f830011ab616 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= <jakub.travnik@gmail.com>
Date: Mon, 1 Dec 2025 10:59:30 +0100
Subject: [PATCH 01/49] config export feature

---
 README.md                                     |  20 +
 app/client/components/export-dialog.tsx       | 330 +++++++++++++++++
 .../backups/components/schedule-summary.tsx   |   2 +
 app/client/modules/backups/routes/backups.tsx |   6 +
 .../routes/notification-details.tsx           |   5 +-
 .../notifications/routes/notifications.tsx    |  12 +-
 .../repositories/routes/repositories.tsx      |  12 +-
 .../routes/repository-details.tsx             |   5 +-
 .../modules/settings/routes/settings.tsx      |   4 +
 .../modules/volumes/routes/volume-details.tsx |   4 +
 app/client/modules/volumes/routes/volumes.tsx |  12 +-
 app/server/index.ts                           |   4 +-
 .../lifecycle/config-export.controller.ts     | 346 ++++++++++++++++++
 app/server/utils/crypto.ts                    |   5 +
 14 files changed, 752 insertions(+), 15 deletions(-)
 create mode 100644 app/client/components/export-dialog.tsx
 create mode 100644 app/server/modules/lifecycle/config-export.controller.ts

diff --git a/README.md b/README.md
index f2f3652e..ff7adb60 100644
--- a/README.md
+++ b/README.md
@@ -196,6 +196,26 @@ Zerobyte allows you to easily restore your data from backups. To restore data, n
 
 ![Preview](https://github.com/nicotsx/zerobyte/blob/main/screenshots/restoring.png?raw=true)
 
+## Exporting configuration
+
+Zerobyte allows you to export your configuration for backup, migration, or documentation purposes. You can export:
+
+- **Full configuration** - All volumes, repositories, backup schedules, and notification destinations
+- **Individual entities** - Export specific volumes, repositories, notifications, or backup schedules
+
+To export, click the "Export" button on any list page or detail page. A dialog will appear with options to:
+
+- **Include database IDs** - Useful for debugging or when you need to reference internal identifiers
+- **Include timestamps** - Include createdAt/updatedAt fields in the export
+- **Secrets handling** (for repositories and notifications):
+  - **Exclude** - Remove sensitive fields like passwords and API keys
+  - **Keep encrypted** - Export secrets in encrypted form (requires the same recovery key to decrypt on import)
+  - **Decrypt** - Export secrets as plaintext (use with caution)
+- **Include recovery key** (full export only) - Include the master encryption key for all repositories
+- **Include password hash** (full export only) - Include the hashed admin password for seamless migration
+
+Exports are downloaded as JSON files that can be used for reference or future import functionality.
+
 ## Propagating mounts to host
 
 Zerobyte is capable of propagating mounted volumes from within the container to the host system. This is particularly useful when you want to access the mounted data directly from the host to use it with other applications or services.
diff --git a/app/client/components/export-dialog.tsx b/app/client/components/export-dialog.tsx
new file mode 100644
index 00000000..902e112b
--- /dev/null
+++ b/app/client/components/export-dialog.tsx
@@ -0,0 +1,330 @@
+import { Download } from "lucide-react";
+import { useState } from "react";
+import { toast } from "sonner";
+import { Button } from "~/client/components/ui/button";
+import { Checkbox } from "~/client/components/ui/checkbox";
+import {
+	Dialog,
+	DialogContent,
+	DialogDescription,
+	DialogFooter,
+	DialogHeader,
+	DialogTitle,
+	DialogTrigger,
+} from "~/client/components/ui/dialog";
+import { Label } from "~/client/components/ui/label";
+import {
+	Select,
+	SelectContent,
+	SelectItem,
+	SelectTrigger,
+	SelectValue,
+} from "~/client/components/ui/select";
+
+export type SecretsMode = "exclude" | "encrypted" | "cleartext";
+
+export type ExportOptions = {
+	includeIds?: boolean;
+	includeTimestamps?: boolean;
+	includeRecoveryKey?: boolean;
+	includePasswordHash?: boolean;
+	secretsMode?: SecretsMode;
+	name?: string;
+	id?: string | number;
+};
+
+function downloadAsJson(data: unknown, filename: string): void {
+	const blob = new Blob([JSON.stringify(data, null, 2)], { type: "application/json" });
+	const url = URL.createObjectURL(blob);
+	const a = document.createElement("a");
+	a.href = url;
+	a.download = `${filename}.json`;
+	document.body.appendChild(a);
+	a.click();
+	document.body.removeChild(a);
+	URL.revokeObjectURL(url);
+}
+
+async function exportFromApi(endpoint: string, filename: string, options: ExportOptions = {}): Promise<void> {
+	const params = new URLSearchParams();
+	if (options.includeIds === false) params.set("includeIds", "false");
+	if (options.includeTimestamps === false) params.set("includeTimestamps", "false");
+	if (options.includeRecoveryKey === true) params.set("includeRecoveryKey", "true");
+	if (options.includePasswordHash === true) params.set("includePasswordHash", "true");
+	if (options.secretsMode && options.secretsMode !== "exclude") params.set("secretsMode", options.secretsMode);
+	if (options.id !== undefined) params.set("id", String(options.id));
+	if (options.name) params.set("name", options.name);
+
+	const url = params.toString() ? `${endpoint}?${params}` : endpoint;
+	const res = await fetch(url, { credentials: "include" });
+
+	if (!res.ok) {
+		throw new Error(`Export failed: ${res.statusText}`);
+	}
+
+	const data = await res.json();
+	downloadAsJson(data, filename);
+}
+
+export type ExportEntityType = "volumes" | "repositories" | "notifications" | "backups" | "full";
+
+type ExportConfig = {
+	endpoint: string;
+	label: string;
+	labelPlural: string;
+	getFilename: (options: ExportOptions) => string;
+};
+
+const exportConfigs: Record<ExportEntityType, ExportConfig> = {
+	volumes: {
+		endpoint: "/api/v1/config/export/volumes",
+		label: "Volume",
+		labelPlural: "Volumes",
+		getFilename: (opts) => {
+			const identifier = opts.id ?? opts.name;
+			return identifier ? `volume-${identifier}-config` : "volumes-config";
+		},
+	},
+	repositories: {
+		endpoint: "/api/v1/config/export/repositories",
+		label: "Repository",
+		labelPlural: "Repositories",
+		getFilename: (opts) => {
+			const identifier = opts.id ?? opts.name;
+			return identifier ? `repository-${identifier}-config` : "repositories-config";
+		},
+	},
+	notifications: {
+		endpoint: "/api/v1/config/export/notifications",
+		label: "Notification",
+		labelPlural: "Notifications",
+		getFilename: (opts) => {
+			const identifier = opts.id ?? opts.name;
+			return identifier ? `notification-${identifier}-config` : "notifications-config";
+		},
+	},
+	backups: {
+		endpoint: "/api/v1/config/export/backups",
+		label: "Backup Schedule",
+		labelPlural: "Backup Schedules",
+		getFilename: (opts) => (opts.id ? `backup-schedule-${opts.id}-config` : "backup-schedules-config"),
+	},
+	full: {
+		endpoint: "/api/v1/config/export",
+		label: "Full Config",
+		labelPlural: "Full Config",
+		getFilename: () => "zerobyte-full-config",
+	},
+};
+
+export async function exportConfig(
+	entityType: ExportEntityType,
+	options: ExportOptions = {}
+): Promise<void> {
+	const config = exportConfigs[entityType];
+	const filename = config.getFilename(options);
+	await exportFromApi(config.endpoint, filename, options);
+}
+
+type ExportDialogProps = {
+	entityType: ExportEntityType;
+	name?: string;
+	id?: string | number;
+	trigger?: React.ReactNode;
+	variant?: "default" | "outline" | "ghost" | "card";
+	size?: "default" | "sm" | "lg" | "icon";
+	triggerLabel?: string;
+	showIcon?: boolean;
+};
+
+export function ExportDialog({
+	entityType,
+	name,
+	id,
+	trigger,
+	variant = "outline",
+	size = "default",
+	triggerLabel,
+	showIcon = true,
+}: ExportDialogProps) {
+	const [open, setOpen] = useState(false);
+	const [includeIds, setIncludeIds] = useState(true);
+	const [includeTimestamps, setIncludeTimestamps] = useState(true);
+	const [includeRecoveryKey, setIncludeRecoveryKey] = useState(false);
+	const [includePasswordHash, setIncludePasswordHash] = useState(false);
+	const [secretsMode, setSecretsMode] = useState<SecretsMode>("exclude");
+	const [isExporting, setIsExporting] = useState(false);
+
+	const config = exportConfigs[entityType];
+	const isSingleItem = !!(name || id);
+	const isFullExport = entityType === "full";
+	// TODO: Volumes will have encrypted secrets (e.g., SMB/NFS credentials) in a future PR
+	const hasSecrets = entityType !== "backups" && entityType !== "volumes";
+	const entityLabel = isSingleItem ? config.label : config.labelPlural;
+
+	const handleExport = async () => {
+		setIsExporting(true);
+		try {
+			await exportConfig(entityType, {
+				includeIds,
+				includeTimestamps,
+				includeRecoveryKey: isFullExport ? includeRecoveryKey : undefined,
+				includePasswordHash: isFullExport ? includePasswordHash : undefined,
+				secretsMode: hasSecrets ? secretsMode : undefined,
+				name,
+				id,
+			});
+			toast.success(`${entityLabel} exported successfully`);
+			setOpen(false);
+		} catch (err) {
+			toast.error("Export failed", {
+				description: err instanceof Error ? err.message : String(err),
+			});
+		} finally {
+			setIsExporting(false);
+		}
+	};
+
+	const defaultTrigger =
+		variant === "card" ? (
+			<div className="flex flex-col items-center justify-center gap-2 cursor-pointer">
+				<Download className="h-8 w-8 text-muted-foreground" />
+				<span className="text-sm font-medium text-muted-foreground">
+					{triggerLabel ?? `Export ${isSingleItem ? "config" : "configs"}`}
+				</span>
+			</div>
+		) : (
+			<Button variant={variant} size={size}>
+				{showIcon && <Download className="h-4 w-4 mr-2" />}
+				{triggerLabel ?? `Export ${isSingleItem ? "config" : "configs"}`}
+			</Button>
+		);
+
+	return (
+		<Dialog open={open} onOpenChange={setOpen}>
+			<DialogTrigger asChild>{trigger ?? defaultTrigger}</DialogTrigger>
+			<DialogContent>
+				<DialogHeader>
+					<DialogTitle>Export {entityLabel}</DialogTitle>
+					<DialogDescription>
+						{isSingleItem
+							? `Export the configuration for this ${config.label.toLowerCase()}.`
+							: `Export all ${config.labelPlural.toLowerCase()} configurations.`}
+					</DialogDescription>
+				</DialogHeader>
+
+				<div className="space-y-4 py-4">
+					<div className="flex items-center space-x-3">
+						<Checkbox
+							id="includeIds"
+							checked={includeIds}
+							onCheckedChange={(checked) => setIncludeIds(checked === true)}
+						/>
+						<Label htmlFor="includeIds" className="cursor-pointer">
+							Include database IDs
+						</Label>
+					</div>
+					<p className="text-xs text-muted-foreground ml-7">
+						Include internal database identifiers in the export. Useful for debugging or when IDs are needed for reference.
+					</p>
+
+					<div className="flex items-center space-x-3">
+						<Checkbox
+							id="includeTimestamps"
+							checked={includeTimestamps}
+							onCheckedChange={(checked) => setIncludeTimestamps(checked === true)}
+						/>
+						<Label htmlFor="includeTimestamps" className="cursor-pointer">
+							Include timestamps
+						</Label>
+					</div>
+					<p className="text-xs text-muted-foreground ml-7">
+						Include createdAt and updatedAt timestamps. Disable for cleaner exports when timestamps aren't needed.
+					</p>
+
+					{hasSecrets && (
+						<>
+							<div className="flex items-center justify-between pt-2 border-t">
+								<Label className="cursor-pointer">Secrets handling</Label>
+								<Select value={secretsMode} onValueChange={(v) => setSecretsMode(v as SecretsMode)}>
+									<SelectTrigger className="w-40">
+										<SelectValue />
+									</SelectTrigger>
+									<SelectContent>
+										<SelectItem value="exclude">Exclude</SelectItem>
+										<SelectItem value="encrypted">Keep encrypted</SelectItem>
+										<SelectItem value="cleartext">Decrypt</SelectItem>
+									</SelectContent>
+								</Select>
+							</div>
+							<p className="text-xs text-muted-foreground">
+								{secretsMode === "exclude" && "Sensitive fields (passwords, API keys, webhooks) will be removed from the export."}
+								{secretsMode === "encrypted" && "Secrets will be exported in encrypted form. Requires the same recovery key to decrypt on import."}
+								{secretsMode === "cleartext" && (
+									<span className="text-yellow-600">
+										⚠️ Secrets will be decrypted and exported as plaintext. Keep this export secure!
+									</span>
+								)}
+							</p>
+						</>
+					)}
+
+					{isFullExport && (
+						<>
+							<div className="flex items-center space-x-3 pt-2 border-t">
+								<Checkbox
+									id="includeRecoveryKey"
+									checked={includeRecoveryKey}
+									onCheckedChange={(checked) => setIncludeRecoveryKey(checked === true)}
+								/>
+								<Label htmlFor="includeRecoveryKey" className="cursor-pointer">
+									Include recovery key
+								</Label>
+							</div>
+							<p className="text-xs text-muted-foreground ml-7">
+								<span className="text-yellow-600 font-medium">⚠️ Security sensitive:</span> The recovery key is the master encryption key for all repositories. Keep this export secure and never share it.
+							</p>
+
+							<div className="flex items-center space-x-3">
+								<Checkbox
+									id="includePasswordHash"
+									checked={includePasswordHash}
+									onCheckedChange={(checked) => setIncludePasswordHash(checked === true)}
+								/>
+								<Label htmlFor="includePasswordHash" className="cursor-pointer">
+									Include password hash
+								</Label>
+							</div>
+							<p className="text-xs text-muted-foreground ml-7">
+								Include the hashed admin password for seamless migration. The password is already securely hashed (argon2).
+							</p>
+						</>
+					)}
+				</div>
+
+				<DialogFooter>
+					<Button variant="outline" onClick={() => setOpen(false)}>
+						Cancel
+					</Button>
+					<Button onClick={handleExport} loading={isExporting}>
+						<Download className="h-4 w-4 mr-2" />
+						Export
+					</Button>
+				</DialogFooter>
+			</DialogContent>
+		</Dialog>
+	);
+}
+
+export function ExportCard({ entityType, ...props }: Omit<ExportDialogProps, "variant" | "trigger">) {
+	const config = exportConfigs[entityType];
+
+	return (
+		<ExportDialog
+			entityType={entityType}
+			variant="card"
+			triggerLabel={props.triggerLabel ?? `Export ${props.id || props.name ? "config" : "configs"}`}
+			{...props}
+		/>
+	);
+}
diff --git a/app/client/modules/backups/components/schedule-summary.tsx b/app/client/modules/backups/components/schedule-summary.tsx
index 4422c775..c8b5187b 100644
--- a/app/client/modules/backups/components/schedule-summary.tsx
+++ b/app/client/modules/backups/components/schedule-summary.tsx
@@ -1,4 +1,5 @@
 import { Eraser, Pencil, Play, Square, Trash2 } from "lucide-react";
+import { ExportDialog } from "~/client/components/export-dialog";
 import { useMemo, useState } from "react";
 import { OnOff } from "~/client/components/onoff";
 import { Button } from "~/client/components/ui/button";
@@ -125,6 +126,7 @@ export const ScheduleSummary = (props: Props) => {
 							<Pencil className="h-4 w-4 mr-2" />
 							<span className="sm:inline">Edit schedule</span>
 						</Button>
+						<ExportDialog entityType="backups" id={schedule.id} size="sm" triggerLabel="Export config" />
 						<Button
 							variant="outline"
 							size="sm"
diff --git a/app/client/modules/backups/routes/backups.tsx b/app/client/modules/backups/routes/backups.tsx
index 505d124b..01d28852 100644
--- a/app/client/modules/backups/routes/backups.tsx
+++ b/app/client/modules/backups/routes/backups.tsx
@@ -1,5 +1,6 @@
 import { useQuery } from "@tanstack/react-query";
 import { CalendarClock, Database, HardDrive, Plus } from "lucide-react";
+import { ExportDialog } from "~/client/components/export-dialog";
 import { Link } from "react-router";
 import { BackupStatusDot } from "../components/backup-status-dot";
 import { EmptyState } from "~/client/components/empty-state";
@@ -119,6 +120,11 @@ export default function Backups({ loaderData }: Route.ComponentProps) {
 						</CardContent>
 					</Card>
 				</Link>
+				<Card className="flex flex-col items-center justify-center h-full hover:bg-muted/50 transition-colors cursor-pointer">
+					<CardContent className="flex flex-col items-center justify-center gap-2">
+						<ExportDialog entityType="backups" variant="card" />
+					</CardContent>
+				</Card>
 			</div>
 		</div>
 	);
diff --git a/app/client/modules/notifications/routes/notification-details.tsx b/app/client/modules/notifications/routes/notification-details.tsx
index 082f475d..3a1e3c50 100644
--- a/app/client/modules/notifications/routes/notification-details.tsx
+++ b/app/client/modules/notifications/routes/notification-details.tsx
@@ -24,7 +24,8 @@ import { getNotificationDestination } from "~/client/api-client/sdk.gen";
 import type { Route } from "./+types/notification-details";
 import { cn } from "~/client/lib/utils";
 import { Card, CardContent, CardHeader, CardTitle } from "~/client/components/ui/card";
-import { Bell, TestTube2 } from "lucide-react";
+import { Bell, TestTube2, Trash2 } from "lucide-react";
+import { ExportDialog } from "~/client/components/export-dialog";
 import { Alert, AlertDescription } from "~/client/components/ui/alert";
 import { CreateNotificationForm, type NotificationFormValues } from "../components/create-notification-form";
 
@@ -142,11 +143,13 @@ export default function NotificationDetailsPage({ loaderData }: Route.ComponentP
 						<TestTube2 className="h-4 w-4 mr-2" />
 						Test
 					</Button>
+					<ExportDialog entityType="notifications" name={data.name} triggerLabel="Export config" />
 					<Button
 						onClick={() => setShowDeleteConfirm(true)}
 						variant="destructive"
 						loading={deleteDestination.isPending}
 					>
+						<Trash2 className="h-4 w-4 mr-2" />
 						Delete
 					</Button>
 				</div>
diff --git a/app/client/modules/notifications/routes/notifications.tsx b/app/client/modules/notifications/routes/notifications.tsx
index 4c3d4f97..8d7b9ea4 100644
--- a/app/client/modules/notifications/routes/notifications.tsx
+++ b/app/client/modules/notifications/routes/notifications.tsx
@@ -1,5 +1,6 @@
 import { useQuery } from "@tanstack/react-query";
 import { Bell, Plus, RotateCcw } from "lucide-react";
+import { ExportDialog } from "~/client/components/export-dialog";
 import { useState } from "react";
 import { useNavigate } from "react-router";
 import { EmptyState } from "~/client/components/empty-state";
@@ -122,10 +123,13 @@ export default function Notifications({ loaderData }: Route.ComponentProps) {
 						</Button>
 					)}
 				</span>
-				<Button onClick={() => navigate("/notifications/create")}>
-					<Plus size={16} className="mr-2" />
-					Create Destination
-				</Button>
+				<div className="flex gap-2">
+					<ExportDialog entityType="notifications" />
+					<Button onClick={() => navigate("/notifications/create")}>
+						<Plus size={16} className="mr-2" />
+						Create Destination
+					</Button>
+				</div>
 			</div>
 			<div className="overflow-x-auto">
 				<Table className="border-t">
diff --git a/app/client/modules/repositories/routes/repositories.tsx b/app/client/modules/repositories/routes/repositories.tsx
index 4e65bacd..40fc4d93 100644
--- a/app/client/modules/repositories/routes/repositories.tsx
+++ b/app/client/modules/repositories/routes/repositories.tsx
@@ -1,5 +1,6 @@
 import { useQuery } from "@tanstack/react-query";
 import { Database, Plus, RotateCcw } from "lucide-react";
+import { ExportDialog } from "~/client/components/export-dialog";
 import { useState } from "react";
 import { useNavigate } from "react-router";
 import { listRepositories } from "~/client/api-client/sdk.gen";
@@ -119,10 +120,13 @@ export default function Repositories({ loaderData }: Route.ComponentProps) {
 						</Button>
 					)}
 				</span>
-				<Button onClick={() => navigate("/repositories/create")}>
-					<Plus size={16} className="mr-2" />
-					Create Repository
-				</Button>
+				<div className="flex gap-2">
+					<ExportDialog entityType="repositories" />
+					<Button onClick={() => navigate("/repositories/create")}>
+						<Plus size={16} className="mr-2" />
+						Create Repository
+					</Button>
+				</div>
 			</div>
 			<div className="overflow-x-auto">
 				<Table className="border-t">
diff --git a/app/client/modules/repositories/routes/repository-details.tsx b/app/client/modules/repositories/routes/repository-details.tsx
index 394b7d7b..0ddf3e7a 100644
--- a/app/client/modules/repositories/routes/repository-details.tsx
+++ b/app/client/modules/repositories/routes/repository-details.tsx
@@ -25,7 +25,8 @@ import { cn } from "~/client/lib/utils";
 import { Tabs, TabsContent, TabsList, TabsTrigger } from "~/client/components/ui/tabs";
 import { RepositoryInfoTabContent } from "../tabs/info";
 import { RepositorySnapshotsTabContent } from "../tabs/snapshots";
-import { Loader2 } from "lucide-react";
+import { Loader2, Trash2 } from "lucide-react";
+import { ExportDialog } from "~/client/components/export-dialog";
 
 export const handle = {
 	breadcrumb: (match: Route.MetaArgs) => [
@@ -157,7 +158,9 @@ export default function RepositoryDetailsPage({ loaderData }: Route.ComponentPro
 							"Run Doctor"
 						)}
 					</Button>
+					<ExportDialog entityType="repositories" name={data.name} triggerLabel="Export config" />
 					<Button variant="destructive" onClick={() => setShowDeleteConfirm(true)} disabled={deleteRepo.isPending}>
+						<Trash2 className="h-4 w-4 mr-2" />
 						Delete
 					</Button>
 				</div>
diff --git a/app/client/modules/settings/routes/settings.tsx b/app/client/modules/settings/routes/settings.tsx
index a5397124..511793d9 100644
--- a/app/client/modules/settings/routes/settings.tsx
+++ b/app/client/modules/settings/routes/settings.tsx
@@ -1,5 +1,6 @@
 import { useMutation } from "@tanstack/react-query";
 import { Download, KeyRound, User } from "lucide-react";
+import { ExportDialog } from "~/client/components/export-dialog";
 import { useState } from "react";
 import { useNavigate } from "react-router";
 import { toast } from "sonner";
@@ -143,6 +144,9 @@ export default function Settings({ loaderData }: Route.ComponentProps) {
 				<CardDescription className="mt-1.5">Your account details</CardDescription>
 			</div>
 			<CardContent className="p-6 space-y-4">
+				<div className="flex justify-end">
+					<ExportDialog entityType="full" triggerLabel="Export All Config (JSON)" />
+				</div>
 				<div className="space-y-2">
 					<Label>Username</Label>
 					<Input value={loaderData.user?.username || ""} disabled className="max-w-md" />
diff --git a/app/client/modules/volumes/routes/volume-details.tsx b/app/client/modules/volumes/routes/volume-details.tsx
index 3ee690a3..b16815f5 100644
--- a/app/client/modules/volumes/routes/volume-details.tsx
+++ b/app/client/modules/volumes/routes/volume-details.tsx
@@ -25,6 +25,8 @@ import { Tooltip, TooltipContent, TooltipTrigger } from "~/client/components/ui/
 import { useSystemInfo } from "~/client/hooks/use-system-info";
 import { getVolume } from "~/client/api-client";
 import type { VolumeStatus } from "~/client/lib/types";
+import { Trash2 } from "lucide-react";
+import { ExportDialog } from "~/client/components/export-dialog";
 import {
 	deleteVolumeMutation,
 	getVolumeOptions,
@@ -160,7 +162,9 @@ export default function VolumeDetails({ loaderData }: Route.ComponentProps) {
 					>
 						Unmount
 					</Button>
+					<ExportDialog entityType="volumes" name={volume.name} triggerLabel="Export config" />
 					<Button variant="destructive" onClick={() => setShowDeleteConfirm(true)} disabled={deleteVol.isPending}>
+						<Trash2 className="h-4 w-4 mr-2" />
 						Delete
 					</Button>
 				</div>
diff --git a/app/client/modules/volumes/routes/volumes.tsx b/app/client/modules/volumes/routes/volumes.tsx
index fc8bbda4..14da0b13 100644
--- a/app/client/modules/volumes/routes/volumes.tsx
+++ b/app/client/modules/volumes/routes/volumes.tsx
@@ -1,5 +1,6 @@
 import { useQuery } from "@tanstack/react-query";
 import { HardDrive, Plus, RotateCcw } from "lucide-react";
+import { ExportDialog } from "~/client/components/export-dialog";
 import { useState } from "react";
 import { useNavigate } from "react-router";
 import { EmptyState } from "~/client/components/empty-state";
@@ -129,10 +130,13 @@ export default function Volumes({ loaderData }: Route.ComponentProps) {
 						</Button>
 					)}
 				</span>
-				<Button onClick={() => navigate("/volumes/create")}>
-					<Plus size={16} className="mr-2" />
-					Create Volume
-				</Button>
+				<div className="flex gap-2">
+					<ExportDialog entityType="volumes" />
+					<Button onClick={() => navigate("/volumes/create")}>
+						<Plus size={16} className="mr-2" />
+						Create Volume
+					</Button>
+				</div>
 			</div>
 			<div className="overflow-x-auto">
 				<Table className="border-t">
diff --git a/app/server/index.ts b/app/server/index.ts
index 09e8045b..c7dec603 100644
--- a/app/server/index.ts
+++ b/app/server/index.ts
@@ -22,6 +22,7 @@ import { logger } from "./utils/logger";
 import { shutdown } from "./modules/lifecycle/shutdown";
 import { REQUIRED_MIGRATIONS, SOCKET_PATH } from "./core/constants";
 import { validateRequiredMigrations } from "./modules/lifecycle/checkpoint";
+import { configExportController } from "./modules/lifecycle/config-export.controller";
 
 export const generalDescriptor = (app: Hono) =>
 	openAPIRouteHandler(app, {
@@ -51,7 +52,8 @@ const app = new Hono()
 	.route("/api/v1/backups", backupScheduleController.use(requireAuth))
 	.route("/api/v1/notifications", notificationsController.use(requireAuth))
 	.route("/api/v1/system", systemController.use(requireAuth))
-	.route("/api/v1/events", eventsController.use(requireAuth));
+	.route("/api/v1/events", eventsController.use(requireAuth))
+	.route("/api/v1/config", configExportController.use(requireAuth));
 
 app.get("/api/v1/openapi.json", generalDescriptor(app));
 app.get("/api/v1/docs", scalarDescriptor);
diff --git a/app/server/modules/lifecycle/config-export.controller.ts b/app/server/modules/lifecycle/config-export.controller.ts
new file mode 100644
index 00000000..006a0327
--- /dev/null
+++ b/app/server/modules/lifecycle/config-export.controller.ts
@@ -0,0 +1,346 @@
+import { Hono } from "hono";
+import type { Context } from "hono";
+import { eq } from "drizzle-orm";
+import {
+	backupSchedulesTable,
+	notificationDestinationsTable,
+	repositoriesTable,
+	backupScheduleNotificationsTable,
+	usersTable,
+	volumesTable,
+} from "../../db/schema";
+import { db } from "../../db/db";
+import { logger } from "../../utils/logger";
+import { RESTIC_PASS_FILE } from "../../core/constants";
+import { cryptoUtils } from "../../utils/crypto";
+
+// ============================================================================
+// Types
+// ============================================================================
+
+type SecretsMode = "exclude" | "encrypted" | "cleartext";
+
+type ExportParams = {
+	includeIds: boolean;
+	includeTimestamps: boolean;
+	secretsMode: SecretsMode;
+	excludeKeys: string[];
+};
+
+type FilterOptions = { id?: string; name?: string };
+
+type FetchResult<T> = { data: T[] } | { error: string; status: 400 | 404 };
+
+// ============================================================================
+// Helper Functions
+// ============================================================================
+
+function omitKeys<T extends Record<string, unknown>>(obj: T, keys: string[]): Partial<T> {
+	const result = { ...obj };
+	for (const key of keys) {
+		delete result[key as keyof T];
+	}
+	return result;
+}
+
+function getExcludeKeys(includeIds: boolean, includeTimestamps: boolean): string[] {
+	const idKeys = ["id", "volumeId", "repositoryId", "scheduleId", "destinationId"];
+	const timestampKeys = ["createdAt", "updatedAt"];
+	return [
+		...(includeIds ? [] : idKeys),
+		...(includeTimestamps ? [] : timestampKeys),
+	];
+}
+
+/** Parse common export query parameters from request */
+function parseExportParams(c: Context): ExportParams {
+	const includeIds = c.req.query("includeIds") !== "false";
+	const includeTimestamps = c.req.query("includeTimestamps") !== "false";
+	const secretsMode = (c.req.query("secretsMode") as SecretsMode) || "exclude";
+	const excludeKeys = getExcludeKeys(includeIds, includeTimestamps);
+	return { includeIds, includeTimestamps, secretsMode, excludeKeys };
+}
+
+/** Get filter options from request query params */
+function getFilterOptions(c: Context): FilterOptions {
+	return { id: c.req.query("id"), name: c.req.query("name") };
+}
+
+/**
+ * Process secrets in an object based on the secrets mode.
+ * Automatically detects encrypted fields using cryptoUtils.isEncrypted.
+ */
+async function processSecrets(
+	obj: Record<string, unknown>,
+	secretsMode: SecretsMode
+): Promise<Record<string, unknown>> {
+	if (secretsMode === "encrypted") {
+		return obj;
+	}
+
+	const result = { ...obj };
+
+	for (const [key, value] of Object.entries(result)) {
+		if (typeof value === "string" && cryptoUtils.isEncrypted(value)) {
+			if (secretsMode === "exclude") {
+				delete result[key];
+			} else if (secretsMode === "cleartext") {
+				try {
+					result[key] = await cryptoUtils.decrypt(value);
+				} catch {
+					delete result[key];
+				}
+			}
+		} else if (value && typeof value === "object" && !Array.isArray(value)) {
+			result[key] = await processSecrets(value as Record<string, unknown>, secretsMode);
+		}
+	}
+
+	return result;
+}
+
+/** Clean and process an entity for export */
+async function exportEntity(
+	entity: Record<string, unknown>,
+	params: ExportParams
+): Promise<Record<string, unknown>> {
+	const cleaned = omitKeys(entity, params.excludeKeys);
+	return processSecrets(cleaned, params.secretsMode);
+}
+
+/** Export multiple entities */
+async function exportEntities<T extends Record<string, unknown>>(
+	entities: T[],
+	params: ExportParams
+): Promise<Record<string, unknown>[]> {
+	return Promise.all(entities.map((e) => exportEntity(e as Record<string, unknown>, params)));
+}
+
+// ============================================================================
+// Data Fetchers with Filtering
+// ============================================================================
+
+async function fetchVolumes(filter: FilterOptions): Promise<FetchResult<typeof volumesTable.$inferSelect>> {
+	if (filter.id) {
+		const id = Number.parseInt(filter.id, 10);
+		if (Number.isNaN(id)) return { error: "Invalid volume ID", status: 400 };
+		const result = await db.select().from(volumesTable).where(eq(volumesTable.id, id));
+		if (result.length === 0) return { error: `Volume with ID '${filter.id}' not found`, status: 404 };
+		return { data: result };
+	}
+	if (filter.name) {
+		const result = await db.select().from(volumesTable).where(eq(volumesTable.name, filter.name));
+		if (result.length === 0) return { error: `Volume '${filter.name}' not found`, status: 404 };
+		return { data: result };
+	}
+	return { data: await db.select().from(volumesTable) };
+}
+
+async function fetchRepositories(filter: FilterOptions): Promise<FetchResult<typeof repositoriesTable.$inferSelect>> {
+	if (filter.id) {
+		const result = await db.select().from(repositoriesTable).where(eq(repositoriesTable.id, filter.id));
+		if (result.length === 0) return { error: `Repository with ID '${filter.id}' not found`, status: 404 };
+		return { data: result };
+	}
+	if (filter.name) {
+		const result = await db.select().from(repositoriesTable).where(eq(repositoriesTable.name, filter.name));
+		if (result.length === 0) return { error: `Repository '${filter.name}' not found`, status: 404 };
+		return { data: result };
+	}
+	return { data: await db.select().from(repositoriesTable) };
+}
+
+async function fetchNotifications(filter: FilterOptions): Promise<FetchResult<typeof notificationDestinationsTable.$inferSelect>> {
+	if (filter.id) {
+		const id = Number.parseInt(filter.id, 10);
+		if (Number.isNaN(id)) return { error: "Invalid notification destination ID", status: 400 };
+		const result = await db.select().from(notificationDestinationsTable).where(eq(notificationDestinationsTable.id, id));
+		if (result.length === 0) return { error: `Notification destination with ID '${filter.id}' not found`, status: 404 };
+		return { data: result };
+	}
+	if (filter.name) {
+		const result = await db.select().from(notificationDestinationsTable).where(eq(notificationDestinationsTable.name, filter.name));
+		if (result.length === 0) return { error: `Notification destination '${filter.name}' not found`, status: 404 };
+		return { data: result };
+	}
+	return { data: await db.select().from(notificationDestinationsTable) };
+}
+
+async function fetchBackupSchedules(filter: { id?: string }): Promise<FetchResult<typeof backupSchedulesTable.$inferSelect>> {
+	if (filter.id) {
+		const id = Number.parseInt(filter.id, 10);
+		if (Number.isNaN(id)) return { error: "Invalid backup schedule ID", status: 400 };
+		const result = await db.select().from(backupSchedulesTable).where(eq(backupSchedulesTable.id, id));
+		if (result.length === 0) return { error: `Backup schedule with ID '${filter.id}' not found`, status: 404 };
+		return { data: result };
+	}
+	return { data: await db.select().from(backupSchedulesTable) };
+}
+
+/** Transform backup schedules with resolved names and notifications */
+function transformBackupSchedules(
+	schedules: typeof backupSchedulesTable.$inferSelect[],
+	scheduleNotifications: typeof backupScheduleNotificationsTable.$inferSelect[],
+	volumeMap: Map<number, string>,
+	repoMap: Map<string, string>,
+	notificationMap: Map<number, string>,
+	params: ExportParams
+) {
+	return schedules.map((schedule) => {
+		const assignments = scheduleNotifications
+			.filter((sn) => sn.scheduleId === schedule.id)
+			.map((sn) => ({
+				...(params.includeIds ? { destinationId: sn.destinationId } : {}),
+				name: notificationMap.get(sn.destinationId) ?? null,
+				notifyOnStart: sn.notifyOnStart,
+				notifyOnSuccess: sn.notifyOnSuccess,
+				notifyOnFailure: sn.notifyOnFailure,
+			}));
+
+		return {
+			...omitKeys(schedule as Record<string, unknown>, params.excludeKeys),
+			volume: volumeMap.get(schedule.volumeId) ?? null,
+			repository: repoMap.get(schedule.repositoryId) ?? null,
+			notifications: assignments,
+		};
+	});
+}
+
+// ============================================================================
+// Controller
+// ============================================================================
+
+/**
+ * Config Export API
+ * 
+ * Query parameters:
+ * - includeIds: "true" | "false" (default: "true") - Include database IDs
+ * - includeTimestamps: "true" | "false" (default: "true") - Include createdAt/updatedAt
+ * - includeRecoveryKey: "true" | "false" (default: "false") - Include recovery key (full export only)
+ * - includePasswordHash: "true" | "false" (default: "false") - Include admin password hash (full export only)
+ * - secretsMode: "exclude" | "encrypted" | "cleartext" (default: "exclude") - How to handle secrets
+ * - id: string (optional) - Filter by ID
+ * - name: string (optional) - Filter by name (not for backups)
+ */
+export const configExportController = new Hono()
+	.get("/export", async (c) => {
+		try {
+			const params = parseExportParams(c);
+			const includeRecoveryKey = c.req.query("includeRecoveryKey") === "true";
+			const includePasswordHash = c.req.query("includePasswordHash") === "true";
+
+			const [volumes, repositories, backupSchedulesRaw, notifications, scheduleNotifications, [admin]] = await Promise.all([
+				db.select().from(volumesTable),
+				db.select().from(repositoriesTable),
+				db.select().from(backupSchedulesTable),
+				db.select().from(notificationDestinationsTable),
+				db.select().from(backupScheduleNotificationsTable),
+				db.select().from(usersTable).limit(1),
+			]);
+
+			const volumeMap = new Map<number, string>(volumes.map((v) => [v.id, v.name]));
+			const repoMap = new Map<string, string>(repositories.map((r) => [r.id, r.name]));
+			const notificationMap = new Map<number, string>(notifications.map((n) => [n.id, n.name]));
+
+			const backupSchedules = transformBackupSchedules(
+				backupSchedulesRaw, scheduleNotifications, volumeMap, repoMap, notificationMap, params
+			);
+
+			// TODO: Volumes will have encrypted secrets (e.g., SMB/NFS credentials) in a future PR
+			const [exportVolumes, exportRepositories, exportNotifications] = await Promise.all([
+				exportEntities(volumes, params),
+				exportEntities(repositories, params),
+				exportEntities(notifications, params),
+			]);
+
+			let recoveryKey: string | undefined;
+			if (includeRecoveryKey) {
+				try {
+					recoveryKey = await Bun.file(RESTIC_PASS_FILE).text();
+				} catch {
+					logger.warn("Could not read recovery key file");
+				}
+			}
+
+			return c.json({
+				version: 1,
+				exportedAt: new Date().toISOString(),
+				volumes: exportVolumes,
+				repositories: exportRepositories,
+				backupSchedules,
+				notificationDestinations: exportNotifications,
+				admin: admin ? {
+					username: admin.username,
+					...(includePasswordHash ? { passwordHash: admin.passwordHash } : {}),
+					...(recoveryKey ? { recoveryKey } : {}),
+				} : null,
+			});
+		} catch (err) {
+			logger.error(`Config export failed: ${err instanceof Error ? err.message : String(err)}`);
+			return c.json({ error: "Failed to export config" }, 500);
+		}
+	})
+	.get("/export/volumes", async (c) => {
+		try {
+			const params = parseExportParams(c);
+			const result = await fetchVolumes(getFilterOptions(c));
+			if ("error" in result) return c.json({ error: result.error }, result.status);
+			// TODO: Volumes will have encrypted secrets (e.g., SMB/NFS credentials) in a future PR
+			return c.json({ volumes: await exportEntities(result.data, params) });
+		} catch (err) {
+			logger.error(`Volumes export failed: ${err instanceof Error ? err.message : String(err)}`);
+			return c.json({ error: "Failed to export volumes" }, 500);
+		}
+	})
+	.get("/export/repositories", async (c) => {
+		try {
+			const params = parseExportParams(c);
+			const result = await fetchRepositories(getFilterOptions(c));
+			if ("error" in result) return c.json({ error: result.error }, result.status);
+			return c.json({ repositories: await exportEntities(result.data, params) });
+		} catch (err) {
+			logger.error(`Repositories export failed: ${err instanceof Error ? err.message : String(err)}`);
+			return c.json({ error: "Failed to export repositories" }, 500);
+		}
+	})
+	.get("/export/notifications", async (c) => {
+		try {
+			const params = parseExportParams(c);
+			const result = await fetchNotifications(getFilterOptions(c));
+			if ("error" in result) return c.json({ error: result.error }, result.status);
+			return c.json({ notificationDestinations: await exportEntities(result.data, params) });
+		} catch (err) {
+			logger.error(`Notifications export failed: ${err instanceof Error ? err.message : String(err)}`);
+			return c.json({ error: "Failed to export notifications" }, 500);
+		}
+	})
+	.get("/export/backups", async (c) => {
+		try {
+			const params = parseExportParams(c);
+
+			const [volumes, repositories, notifications, scheduleNotifications] = await Promise.all([
+				db.select().from(volumesTable),
+				db.select().from(repositoriesTable),
+				db.select().from(notificationDestinationsTable),
+				db.select().from(backupScheduleNotificationsTable),
+			]);
+
+			const result = await fetchBackupSchedules({ id: c.req.query("id") });
+			if ("error" in result) return c.json({ error: result.error }, result.status);
+
+			const volumeMap = new Map<number, string>(volumes.map((v) => [v.id, v.name]));
+			const repoMap = new Map<string, string>(repositories.map((r) => [r.id, r.name]));
+			const notificationMap = new Map<number, string>(notifications.map((n) => [n.id, n.name]));
+
+			const backupSchedules = transformBackupSchedules(
+				result.data, scheduleNotifications, volumeMap, repoMap, notificationMap, params
+			);
+
+			return c.json({ backupSchedules });
+		} catch (err) {
+			logger.error(`Backups export failed: ${err instanceof Error ? err.message : String(err)}`);
+			return c.json({ error: "Failed to export backups" }, 500);
+		}
+	});
+
+
diff --git a/app/server/utils/crypto.ts b/app/server/utils/crypto.ts
index 651bebe9..1ed05d2a 100644
--- a/app/server/utils/crypto.ts
+++ b/app/server/utils/crypto.ts
@@ -5,6 +5,10 @@ const algorithm = "aes-256-gcm" as const;
 const keyLength = 32;
 const encryptionPrefix = "encv1";
 
+const isEncrypted = (val?: string): boolean => {
+	return typeof val === "string" && val.startsWith(encryptionPrefix);
+};
+
 /**
  * Given a string, encrypts it using a randomly generated salt
  */
@@ -58,4 +62,5 @@ const decrypt = async (encryptedData: string) => {
 export const cryptoUtils = {
 	encrypt,
 	decrypt,
+	isEncrypted,
 };

From 3df892455fc5a0f00c8f65903440544147bc0ff0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= <jakub.travnik@gmail.com>
Date: Mon, 1 Dec 2025 11:29:39 +0100
Subject: [PATCH 02/49] optionaly exclude runtime info

---
 app/client/components/export-dialog.tsx        | 18 ++++++++++++++++++
 .../lifecycle/config-export.controller.ts      | 15 +++++++++++++--
 2 files changed, 31 insertions(+), 2 deletions(-)

diff --git a/app/client/components/export-dialog.tsx b/app/client/components/export-dialog.tsx
index 902e112b..13de35a4 100644
--- a/app/client/components/export-dialog.tsx
+++ b/app/client/components/export-dialog.tsx
@@ -26,6 +26,7 @@ export type SecretsMode = "exclude" | "encrypted" | "cleartext";
 export type ExportOptions = {
 	includeIds?: boolean;
 	includeTimestamps?: boolean;
+	includeRuntimeState?: boolean;
 	includeRecoveryKey?: boolean;
 	includePasswordHash?: boolean;
 	secretsMode?: SecretsMode;
@@ -49,6 +50,7 @@ async function exportFromApi(endpoint: string, filename: string, options: Export
 	const params = new URLSearchParams();
 	if (options.includeIds === false) params.set("includeIds", "false");
 	if (options.includeTimestamps === false) params.set("includeTimestamps", "false");
+	if (options.includeRuntimeState === true) params.set("includeRuntimeState", "true");
 	if (options.includeRecoveryKey === true) params.set("includeRecoveryKey", "true");
 	if (options.includePasswordHash === true) params.set("includePasswordHash", "true");
 	if (options.secretsMode && options.secretsMode !== "exclude") params.set("secretsMode", options.secretsMode);
@@ -150,6 +152,7 @@ export function ExportDialog({
 	const [open, setOpen] = useState(false);
 	const [includeIds, setIncludeIds] = useState(true);
 	const [includeTimestamps, setIncludeTimestamps] = useState(true);
+	const [includeRuntimeState, setIncludeRuntimeState] = useState(false);
 	const [includeRecoveryKey, setIncludeRecoveryKey] = useState(false);
 	const [includePasswordHash, setIncludePasswordHash] = useState(false);
 	const [secretsMode, setSecretsMode] = useState<SecretsMode>("exclude");
@@ -168,6 +171,7 @@ export function ExportDialog({
 			await exportConfig(entityType, {
 				includeIds,
 				includeTimestamps,
+				includeRuntimeState,
 				includeRecoveryKey: isFullExport ? includeRecoveryKey : undefined,
 				includePasswordHash: isFullExport ? includePasswordHash : undefined,
 				secretsMode: hasSecrets ? secretsMode : undefined,
@@ -242,6 +246,20 @@ export function ExportDialog({
 						Include createdAt and updatedAt timestamps. Disable for cleaner exports when timestamps aren't needed.
 					</p>
 
+					<div className="flex items-center space-x-3">
+						<Checkbox
+							id="includeRuntimeState"
+							checked={includeRuntimeState}
+							onCheckedChange={(checked) => setIncludeRuntimeState(checked === true)}
+						/>
+						<Label htmlFor="includeRuntimeState" className="cursor-pointer">
+							Include runtime state
+						</Label>
+					</div>
+					<p className="text-xs text-muted-foreground ml-7">
+						Include current status, health checks, and last backup information. Usually not needed for migration.
+					</p>
+
 					{hasSecrets && (
 						<>
 							<div className="flex items-center justify-between pt-2 border-t">
diff --git a/app/server/modules/lifecycle/config-export.controller.ts b/app/server/modules/lifecycle/config-export.controller.ts
index 006a0327..16163494 100644
--- a/app/server/modules/lifecycle/config-export.controller.ts
+++ b/app/server/modules/lifecycle/config-export.controller.ts
@@ -43,10 +43,20 @@ function omitKeys<T extends Record<string, unknown>>(obj: T, keys: string[]): Pa
 	return result;
 }
 
-function getExcludeKeys(includeIds: boolean, includeTimestamps: boolean): string[] {
+function getExcludeKeys(includeIds: boolean, includeTimestamps: boolean, includeRuntimeState: boolean): string[] {
 	const idKeys = ["id", "volumeId", "repositoryId", "scheduleId", "destinationId"];
 	const timestampKeys = ["createdAt", "updatedAt"];
+	// Runtime state fields (status, health checks, last backup info, etc.)
+	const runtimeStateKeys = [
+		// Volume state
+		"status", "lastError", "lastHealthCheck",
+		// Repository state
+		"lastChecked",
+		// Backup schedule state
+		"lastBackupAt", "lastBackupStatus", "lastBackupError", "nextBackupAt",
+	];
 	return [
+		...(includeRuntimeState ? [] : runtimeStateKeys),
 		...(includeIds ? [] : idKeys),
 		...(includeTimestamps ? [] : timestampKeys),
 	];
@@ -56,8 +66,9 @@ function getExcludeKeys(includeIds: boolean, includeTimestamps: boolean): string
 function parseExportParams(c: Context): ExportParams {
 	const includeIds = c.req.query("includeIds") !== "false";
 	const includeTimestamps = c.req.query("includeTimestamps") !== "false";
+	const includeRuntimeState = c.req.query("includeRuntimeState") === "true";
 	const secretsMode = (c.req.query("secretsMode") as SecretsMode) || "exclude";
-	const excludeKeys = getExcludeKeys(includeIds, includeTimestamps);
+	const excludeKeys = getExcludeKeys(includeIds, includeTimestamps, includeRuntimeState);
 	return { includeIds, includeTimestamps, secretsMode, excludeKeys };
 }
 

From 94342cb48d29bd5d1cf5c61552ef5230271a0d79 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= <jakub.travnik@gmail.com>
Date: Mon, 1 Dec 2025 11:31:19 +0100
Subject: [PATCH 03/49] whole export backups tile clickable

---
 app/client/components/export-dialog.tsx       | 2 +-
 app/client/modules/backups/routes/backups.tsx | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/client/components/export-dialog.tsx b/app/client/components/export-dialog.tsx
index 13de35a4..937eab9b 100644
--- a/app/client/components/export-dialog.tsx
+++ b/app/client/components/export-dialog.tsx
@@ -191,7 +191,7 @@ export function ExportDialog({
 
 	const defaultTrigger =
 		variant === "card" ? (
-			<div className="flex flex-col items-center justify-center gap-2 cursor-pointer">
+			<div className="flex flex-col items-center justify-center gap-2 cursor-pointer h-full w-full">
 				<Download className="h-8 w-8 text-muted-foreground" />
 				<span className="text-sm font-medium text-muted-foreground">
 					{triggerLabel ?? `Export ${isSingleItem ? "config" : "configs"}`}
diff --git a/app/client/modules/backups/routes/backups.tsx b/app/client/modules/backups/routes/backups.tsx
index 01d28852..7f131f04 100644
--- a/app/client/modules/backups/routes/backups.tsx
+++ b/app/client/modules/backups/routes/backups.tsx
@@ -121,7 +121,7 @@ export default function Backups({ loaderData }: Route.ComponentProps) {
 					</Card>
 				</Link>
 				<Card className="flex flex-col items-center justify-center h-full hover:bg-muted/50 transition-colors cursor-pointer">
-					<CardContent className="flex flex-col items-center justify-center gap-2">
+					<CardContent className="flex flex-col items-center justify-center gap-2 h-full w-full">
 						<ExportDialog entityType="backups" variant="card" />
 					</CardContent>
 				</Card>

From 55e8f2e2d3e35620019e14bf9e155802bbbd435f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= <jakub.travnik@gmail.com>
Date: Mon, 1 Dec 2025 11:33:56 +0100
Subject: [PATCH 04/49] runtime state option in README

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index ff7adb60..4d61740a 100644
--- a/README.md
+++ b/README.md
@@ -207,6 +207,7 @@ To export, click the "Export" button on any list page or detail page. A dialog w
 
 - **Include database IDs** - Useful for debugging or when you need to reference internal identifiers
 - **Include timestamps** - Include createdAt/updatedAt fields in the export
+- **Include runtime state** - Include current status, health checks, and last backup information (usually not needed for migration)
 - **Secrets handling** (for repositories and notifications):
   - **Exclude** - Remove sensitive fields like passwords and API keys
   - **Keep encrypted** - Export secrets in encrypted form (requires the same recovery key to decrypt on import)

From 8e7e1694d5e9fdeab07de28fc6ba1f96a6c5878c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= <jakub.travnik@gmail.com>
Date: Mon, 1 Dec 2025 14:42:52 +0100
Subject: [PATCH 05/49] more verbose error handling

---
 app/client/components/export-dialog.tsx | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/client/components/export-dialog.tsx b/app/client/components/export-dialog.tsx
index 937eab9b..f36314cc 100644
--- a/app/client/components/export-dialog.tsx
+++ b/app/client/components/export-dialog.tsx
@@ -61,7 +61,8 @@ async function exportFromApi(endpoint: string, filename: string, options: Export
 	const res = await fetch(url, { credentials: "include" });
 
 	if (!res.ok) {
-		throw new Error(`Export failed: ${res.statusText}`);
+		const errorText = await res.text().catch(() => res.statusText);
+		throw new Error(errorText || `HTTP ${res.status}`);
 	}
 
 	const data = await res.json();

From d72975e9e2f1dcb3a988c49f8d71544216a51cc1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= <jakub.travnik@gmail.com>
Date: Mon, 1 Dec 2025 15:41:33 +0100
Subject: [PATCH 06/49] reauthentication on secrets export

---
 README.md                                  |   2 +
 app/client/components/export-dialog.tsx    | 143 ++++++++++++++++++---
 app/server/modules/auth/auth.controller.ts |  26 ++++
 app/server/modules/auth/auth.dto.ts        |  28 ++++
 app/server/modules/auth/auth.service.ts    |  13 ++
 5 files changed, 192 insertions(+), 20 deletions(-)

diff --git a/README.md b/README.md
index 4d61740a..93f4c129 100644
--- a/README.md
+++ b/README.md
@@ -215,6 +215,8 @@ To export, click the "Export" button on any list page or detail page. A dialog w
 - **Include recovery key** (full export only) - Include the master encryption key for all repositories
 - **Include password hash** (full export only) - Include the hashed admin password for seamless migration
 
+When exporting sensitive data (recovery key or decrypted secrets), you'll be prompted to re-enter your password as an additional security confirmation. This is a UI-level safeguard to prevent accidental exports of sensitive information.
+
 Exports are downloaded as JSON files that can be used for reference or future import functionality.
 
 ## Propagating mounts to host
diff --git a/app/client/components/export-dialog.tsx b/app/client/components/export-dialog.tsx
index f36314cc..db2e7c0f 100644
--- a/app/client/components/export-dialog.tsx
+++ b/app/client/components/export-dialog.tsx
@@ -12,6 +12,7 @@ import {
 	DialogTitle,
 	DialogTrigger,
 } from "~/client/components/ui/dialog";
+import { Input } from "~/client/components/ui/input";
 import { Label } from "~/client/components/ui/label";
 import {
 	Select,
@@ -21,6 +22,15 @@ import {
 	SelectValue,
 } from "~/client/components/ui/select";
 
+async function verifyPassword(password: string): Promise<boolean> {
+	const response = await fetch("/api/v1/auth/verify-password", {
+		method: "POST",
+		headers: { "Content-Type": "application/json" },
+		body: JSON.stringify({ password }),
+	});
+	return response.ok;
+}
+
 export type SecretsMode = "exclude" | "encrypted" | "cleartext";
 
 export type ExportOptions = {
@@ -158,6 +168,9 @@ export function ExportDialog({
 	const [includePasswordHash, setIncludePasswordHash] = useState(false);
 	const [secretsMode, setSecretsMode] = useState<SecretsMode>("exclude");
 	const [isExporting, setIsExporting] = useState(false);
+	const [showPasswordStep, setShowPasswordStep] = useState(false);
+	const [password, setPassword] = useState("");
+	const [isVerifying, setIsVerifying] = useState(false);
 
 	const config = exportConfigs[entityType];
 	const isSingleItem = !!(name || id);
@@ -165,8 +178,9 @@ export function ExportDialog({
 	// TODO: Volumes will have encrypted secrets (e.g., SMB/NFS credentials) in a future PR
 	const hasSecrets = entityType !== "backups" && entityType !== "volumes";
 	const entityLabel = isSingleItem ? config.label : config.labelPlural;
+	const requiresPassword = includeRecoveryKey || secretsMode === "cleartext";
 
-	const handleExport = async () => {
+	const performExport = async () => {
 		setIsExporting(true);
 		try {
 			await exportConfig(entityType, {
@@ -181,6 +195,8 @@ export function ExportDialog({
 			});
 			toast.success(`${entityLabel} exported successfully`);
 			setOpen(false);
+			setShowPasswordStep(false);
+			setPassword("");
 		} catch (err) {
 			toast.error("Export failed", {
 				description: err instanceof Error ? err.message : String(err),
@@ -190,6 +206,45 @@ export function ExportDialog({
 		}
 	};
 
+	const handleExport = () => {
+		if (requiresPassword) {
+			setShowPasswordStep(true);
+		} else {
+			performExport();
+		}
+	};
+
+	const handlePasswordSubmit = async (e: React.FormEvent) => {
+		e.preventDefault();
+		if (!password) {
+			toast.error("Password is required");
+			return;
+		}
+
+		setIsVerifying(true);
+		try {
+			const isValid = await verifyPassword(password);
+			if (!isValid) {
+				toast.error("Incorrect password");
+				return;
+			}
+			// Password verified, proceed with export
+			await performExport();
+		} catch {
+			toast.error("Incorrect password");
+		} finally {
+			setIsVerifying(false);
+		}
+	};
+
+	const handleDialogChange = (isOpen: boolean) => {
+		setOpen(isOpen);
+		if (!isOpen) {
+			setShowPasswordStep(false);
+			setPassword("");
+		}
+	};
+
 	const defaultTrigger =
 		variant === "card" ? (
 			<div className="flex flex-col items-center justify-center gap-2 cursor-pointer h-full w-full">
@@ -206,19 +261,65 @@ export function ExportDialog({
 		);
 
 	return (
-		<Dialog open={open} onOpenChange={setOpen}>
+		<Dialog open={open} onOpenChange={handleDialogChange}>
 			<DialogTrigger asChild>{trigger ?? defaultTrigger}</DialogTrigger>
 			<DialogContent>
-				<DialogHeader>
-					<DialogTitle>Export {entityLabel}</DialogTitle>
-					<DialogDescription>
-						{isSingleItem
-							? `Export the configuration for this ${config.label.toLowerCase()}.`
-							: `Export all ${config.labelPlural.toLowerCase()} configurations.`}
-					</DialogDescription>
-				</DialogHeader>
+				{showPasswordStep ? (
+					<form onSubmit={handlePasswordSubmit}>
+						<DialogHeader>
+							<DialogTitle>Confirm Export</DialogTitle>
+							<DialogDescription>
+								For security reasons, please enter your password to export
+								{includeRecoveryKey && secretsMode === "cleartext"
+									? " the recovery key and decrypted secrets."
+									: includeRecoveryKey
+										? " the recovery key."
+										: " decrypted secrets."}
+							</DialogDescription>
+						</DialogHeader>
+						<div className="space-y-4 py-4">
+							<div className="space-y-2">
+								<Label htmlFor="export-password">Your Password</Label>
+								<Input
+									id="export-password"
+									type="password"
+									value={password}
+									onChange={(e) => setPassword(e.target.value)}
+									placeholder="Enter your password"
+									required
+									autoFocus
+								/>
+							</div>
+						</div>
+						<DialogFooter>
+							<Button
+								type="button"
+								variant="outline"
+								onClick={() => {
+									setShowPasswordStep(false);
+									setPassword("");
+								}}
+							>
+								Back
+							</Button>
+							<Button type="submit" loading={isVerifying || isExporting}>
+								<Download className="h-4 w-4 mr-2" />
+								Export
+							</Button>
+						</DialogFooter>
+					</form>
+				) : (
+					<>
+						<DialogHeader>
+							<DialogTitle>Export {entityLabel}</DialogTitle>
+							<DialogDescription>
+								{isSingleItem
+									? `Export the configuration for this ${config.label.toLowerCase()}.`
+									: `Export all ${config.labelPlural.toLowerCase()} configurations.`}
+							</DialogDescription>
+						</DialogHeader>
 
-				<div className="space-y-4 py-4">
+						<div className="space-y-4 py-4">
 					<div className="flex items-center space-x-3">
 						<Checkbox
 							id="includeIds"
@@ -321,15 +422,17 @@ export function ExportDialog({
 					)}
 				</div>
 
-				<DialogFooter>
-					<Button variant="outline" onClick={() => setOpen(false)}>
-						Cancel
-					</Button>
-					<Button onClick={handleExport} loading={isExporting}>
-						<Download className="h-4 w-4 mr-2" />
-						Export
-					</Button>
-				</DialogFooter>
+						<DialogFooter>
+							<Button variant="outline" onClick={() => setOpen(false)}>
+								Cancel
+							</Button>
+							<Button onClick={handleExport} loading={isExporting}>
+								<Download className="h-4 w-4 mr-2" />
+								Export
+							</Button>
+						</DialogFooter>
+					</>
+				)}
 			</DialogContent>
 		</Dialog>
 	);
diff --git a/app/server/modules/auth/auth.controller.ts b/app/server/modules/auth/auth.controller.ts
index c78d2818..adf9c966 100644
--- a/app/server/modules/auth/auth.controller.ts
+++ b/app/server/modules/auth/auth.controller.ts
@@ -12,12 +12,15 @@ import {
 	logoutDto,
 	registerBodySchema,
 	registerDto,
+	verifyPasswordBodySchema,
+	verifyPasswordDto,
 	type ChangePasswordDto,
 	type GetMeDto,
 	type GetStatusDto,
 	type LoginDto,
 	type LogoutDto,
 	type RegisterDto,
+	type VerifyPasswordDto,
 } from "./auth.dto";
 import { authService } from "./auth.service";
 import { toMessage } from "../../utils/errors";
@@ -138,4 +141,27 @@ export const authController = new Hono()
 		} catch (error) {
 			return c.json<ChangePasswordDto>({ success: false, message: toMessage(error) }, 400);
 		}
+	})
+	.post("/verify-password", verifyPasswordDto, validator("json", verifyPasswordBodySchema), async (c) => {
+		const sessionId = getCookie(c, COOKIE_NAME);
+
+		if (!sessionId) {
+			return c.json<VerifyPasswordDto>({ success: false, message: "Not authenticated" }, 401);
+		}
+
+		const session = await authService.verifySession(sessionId);
+
+		if (!session) {
+			deleteCookie(c, COOKIE_NAME, COOKIE_OPTIONS);
+			return c.json<VerifyPasswordDto>({ success: false, message: "Not authenticated" }, 401);
+		}
+
+		const body = c.req.valid("json");
+		const isValid = await authService.verifyPassword(session.user.id, body.password);
+
+		if (!isValid) {
+			return c.json<VerifyPasswordDto>({ success: false, message: "Incorrect password" }, 401);
+		}
+
+		return c.json<VerifyPasswordDto>({ success: true, message: "Password verified" });
 	});
diff --git a/app/server/modules/auth/auth.dto.ts b/app/server/modules/auth/auth.dto.ts
index f305f9c1..846c204b 100644
--- a/app/server/modules/auth/auth.dto.ts
+++ b/app/server/modules/auth/auth.dto.ts
@@ -148,6 +148,34 @@ export const changePasswordDto = describeRoute({
 
 export type ChangePasswordDto = typeof changePasswordResponseSchema.infer;
 
+export const verifyPasswordBodySchema = type({
+	password: "string>0",
+});
+
+const verifyPasswordResponseSchema = type({
+	success: "boolean",
+	message: "string",
+});
+
+export const verifyPasswordDto = describeRoute({
+	description: "Verify current user password for re-authentication",
+	operationId: "verifyPassword",
+	tags: ["Auth"],
+	responses: {
+		200: {
+			description: "Password verification result",
+			content: {
+				"application/json": {
+					schema: resolver(verifyPasswordResponseSchema),
+				},
+			},
+		},
+	},
+});
+
+export type VerifyPasswordDto = typeof verifyPasswordResponseSchema.infer;
+
 export type LoginBody = typeof loginBodySchema.infer;
 export type RegisterBody = typeof registerBodySchema.infer;
 export type ChangePasswordBody = typeof changePasswordBodySchema.infer;
+export type VerifyPasswordBody = typeof verifyPasswordBodySchema.infer;
diff --git a/app/server/modules/auth/auth.service.ts b/app/server/modules/auth/auth.service.ts
index 4a97c0df..47f91e3d 100644
--- a/app/server/modules/auth/auth.service.ts
+++ b/app/server/modules/auth/auth.service.ts
@@ -174,6 +174,19 @@ export class AuthService {
 
 		logger.info(`Password changed for user: ${user.username}`);
 	}
+
+	/**
+	 * Verify password for a user (for re-authentication purposes)
+	 */
+	async verifyPassword(userId: number, password: string): Promise<boolean> {
+		const [user] = await db.select().from(usersTable).where(eq(usersTable.id, userId));
+
+		if (!user) {
+			return false;
+		}
+
+		return Bun.password.verify(password, user.passwordHash);
+	}
 }
 
 export const authService = new AuthService();

From 0d339d973f20756a352e2306a5a473adaf4f5b83 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= <jakub.travnik@gmail.com>
Date: Mon, 1 Dec 2025 15:47:59 +0100
Subject: [PATCH 07/49] Deleted unrelated change

TODO: Fix trash icon in separate PR

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 app/client/modules/repositories/routes/repository-details.tsx | 1 -
 1 file changed, 1 deletion(-)

diff --git a/app/client/modules/repositories/routes/repository-details.tsx b/app/client/modules/repositories/routes/repository-details.tsx
index 0ddf3e7a..c55960a7 100644
--- a/app/client/modules/repositories/routes/repository-details.tsx
+++ b/app/client/modules/repositories/routes/repository-details.tsx
@@ -160,7 +160,6 @@ export default function RepositoryDetailsPage({ loaderData }: Route.ComponentPro
 					</Button>
 					<ExportDialog entityType="repositories" name={data.name} triggerLabel="Export config" />
 					<Button variant="destructive" onClick={() => setShowDeleteConfirm(true)} disabled={deleteRepo.isPending}>
-						<Trash2 className="h-4 w-4 mr-2" />
 						Delete
 					</Button>
 				</div>

From c5c5da78bd159038d519da832284d692be77a76b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= <jakub.travnik@gmail.com>
Date: Mon, 1 Dec 2025 15:48:45 +0100
Subject: [PATCH 08/49] Delete unrelated change

TODO: Fix Trash icon in different PR

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 app/client/modules/notifications/routes/notification-details.tsx | 1 -
 1 file changed, 1 deletion(-)

diff --git a/app/client/modules/notifications/routes/notification-details.tsx b/app/client/modules/notifications/routes/notification-details.tsx
index 3a1e3c50..7b8b9454 100644
--- a/app/client/modules/notifications/routes/notification-details.tsx
+++ b/app/client/modules/notifications/routes/notification-details.tsx
@@ -149,7 +149,6 @@ export default function NotificationDetailsPage({ loaderData }: Route.ComponentP
 						variant="destructive"
 						loading={deleteDestination.isPending}
 					>
-						<Trash2 className="h-4 w-4 mr-2" />
 						Delete
 					</Button>
 				</div>

From 1b874727e339936b803ff33adbc2b585c6d549b6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= <jakub.travnik@gmail.com>
Date: Mon, 1 Dec 2025 15:53:12 +0100
Subject: [PATCH 09/49] Update
 app/server/modules/lifecycle/config-export.controller.ts

More verbose error handling

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 app/server/modules/lifecycle/config-export.controller.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/server/modules/lifecycle/config-export.controller.ts b/app/server/modules/lifecycle/config-export.controller.ts
index 16163494..ce0465c4 100644
--- a/app/server/modules/lifecycle/config-export.controller.ts
+++ b/app/server/modules/lifecycle/config-export.controller.ts
@@ -288,7 +288,7 @@ export const configExportController = new Hono()
 			});
 		} catch (err) {
 			logger.error(`Config export failed: ${err instanceof Error ? err.message : String(err)}`);
-			return c.json({ error: "Failed to export config" }, 500);
+			return c.json({ error: err instanceof Error ? err.message : "Failed to export config" }, 500);
 		}
 	})
 	.get("/export/volumes", async (c) => {

From 95342f6ec9c36ffca9b6b2477cba0095f49b21f3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= <jakub.travnik@gmail.com>
Date: Mon, 1 Dec 2025 15:55:09 +0100
Subject: [PATCH 10/49] Update
 app/server/modules/lifecycle/config-export.controller.ts

More verbose error handling

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 app/server/modules/lifecycle/config-export.controller.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/server/modules/lifecycle/config-export.controller.ts b/app/server/modules/lifecycle/config-export.controller.ts
index ce0465c4..58c7864f 100644
--- a/app/server/modules/lifecycle/config-export.controller.ts
+++ b/app/server/modules/lifecycle/config-export.controller.ts
@@ -300,7 +300,7 @@ export const configExportController = new Hono()
 			return c.json({ volumes: await exportEntities(result.data, params) });
 		} catch (err) {
 			logger.error(`Volumes export failed: ${err instanceof Error ? err.message : String(err)}`);
-			return c.json({ error: "Failed to export volumes" }, 500);
+			return c.json({ error: `Failed to export volumes: ${err instanceof Error ? err.message : String(err)}` }, 500);
 		}
 	})
 	.get("/export/repositories", async (c) => {

From 82f632f63a0063282142a5afc837cb75bbff8d09 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= <jakub.travnik@gmail.com>
Date: Mon, 1 Dec 2025 15:58:07 +0100
Subject: [PATCH 11/49] Update app/client/components/export-dialog.tsx

remove unused variable

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 app/client/components/export-dialog.tsx | 1 -
 1 file changed, 1 deletion(-)

diff --git a/app/client/components/export-dialog.tsx b/app/client/components/export-dialog.tsx
index db2e7c0f..ae8cfa23 100644
--- a/app/client/components/export-dialog.tsx
+++ b/app/client/components/export-dialog.tsx
@@ -439,7 +439,6 @@ export function ExportDialog({
 }
 
 export function ExportCard({ entityType, ...props }: Omit<ExportDialogProps, "variant" | "trigger">) {
-	const config = exportConfigs[entityType];
 
 	return (
 		<ExportDialog

From f452d72050f21abc8f0fc6f4533a5cacfcae57c7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= <jakub.travnik@gmail.com>
Date: Mon, 1 Dec 2025 16:11:12 +0100
Subject: [PATCH 12/49] Fix keyboard navigation in the export card

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
---
 app/client/components/export-dialog.tsx | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/app/client/components/export-dialog.tsx b/app/client/components/export-dialog.tsx
index ae8cfa23..e732dd0e 100644
--- a/app/client/components/export-dialog.tsx
+++ b/app/client/components/export-dialog.tsx
@@ -247,12 +247,15 @@ export function ExportDialog({
 
 	const defaultTrigger =
 		variant === "card" ? (
-			<div className="flex flex-col items-center justify-center gap-2 cursor-pointer h-full w-full">
+			<button 
+				type="button"
+				className="flex flex-col items-center justify-center gap-2 cursor-pointer h-full w-full border-0 bg-transparent p-0 hover:opacity-80 transition-opacity"
+			>
 				<Download className="h-8 w-8 text-muted-foreground" />
 				<span className="text-sm font-medium text-muted-foreground">
 					{triggerLabel ?? `Export ${isSingleItem ? "config" : "configs"}`}
 				</span>
-			</div>
+			</button>
 		) : (
 			<Button variant={variant} size={size}>
 				{showIcon && <Download className="h-4 w-4 mr-2" />}

From 4536f8a613866379b7e5f74da0414126aed66946 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= <jakub.travnik@gmail.com>
Date: Mon, 1 Dec 2025 16:14:43 +0100
Subject: [PATCH 13/49] input validation in fetchRepositories

---
 app/server/modules/lifecycle/config-export.controller.ts | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/app/server/modules/lifecycle/config-export.controller.ts b/app/server/modules/lifecycle/config-export.controller.ts
index 58c7864f..03cf3015 100644
--- a/app/server/modules/lifecycle/config-export.controller.ts
+++ b/app/server/modules/lifecycle/config-export.controller.ts
@@ -149,6 +149,11 @@ async function fetchVolumes(filter: FilterOptions): Promise<FetchResult<typeof v
 
 async function fetchRepositories(filter: FilterOptions): Promise<FetchResult<typeof repositoriesTable.$inferSelect>> {
 	if (filter.id) {
+		// Validate UUID format
+		const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
+		if (!uuidRegex.test(filter.id)) {
+			return { error: "Invalid repository ID format (expected UUID)", status: 400 };
+		}
 		const result = await db.select().from(repositoriesTable).where(eq(repositoriesTable.id, filter.id));
 		if (result.length === 0) return { error: `Repository with ID '${filter.id}' not found`, status: 404 };
 		return { data: result };

From 2306df316e1836439cbfbf35ab862c847ac26599 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= <jakub.travnik@gmail.com>
Date: Mon, 1 Dec 2025 16:17:05 +0100
Subject: [PATCH 14/49] Error logging on failed to decrypt

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 app/server/modules/lifecycle/config-export.controller.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/server/modules/lifecycle/config-export.controller.ts b/app/server/modules/lifecycle/config-export.controller.ts
index 03cf3015..86e949ec 100644
--- a/app/server/modules/lifecycle/config-export.controller.ts
+++ b/app/server/modules/lifecycle/config-export.controller.ts
@@ -98,7 +98,8 @@ async function processSecrets(
 			} else if (secretsMode === "cleartext") {
 				try {
 					result[key] = await cryptoUtils.decrypt(value);
-				} catch {
+				} catch (err) {
+					logger.warn(`Failed to decrypt field "${key}": ${err instanceof Error ? err.message : String(err)}`);
 					delete result[key];
 				}
 			}

From a9ac6eec202ea37e5052d1d31689647a798457a0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= <jakub.travnik@gmail.com>
Date: Mon, 1 Dec 2025 16:24:15 +0100
Subject: [PATCH 15/49] rename API endpoints for backups and notifications

---
 app/client/components/export-dialog.tsx        | 18 +++++++++---------
 .../backups/components/schedule-summary.tsx    |  2 +-
 app/client/modules/backups/routes/backups.tsx  |  2 +-
 .../routes/notification-details.tsx            |  2 +-
 .../notifications/routes/notifications.tsx     |  2 +-
 .../lifecycle/config-export.controller.ts      | 12 ++++++------
 6 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/app/client/components/export-dialog.tsx b/app/client/components/export-dialog.tsx
index e732dd0e..93e64b21 100644
--- a/app/client/components/export-dialog.tsx
+++ b/app/client/components/export-dialog.tsx
@@ -79,7 +79,7 @@ async function exportFromApi(endpoint: string, filename: string, options: Export
 	downloadAsJson(data, filename);
 }
 
-export type ExportEntityType = "volumes" | "repositories" | "notifications" | "backups" | "full";
+export type ExportEntityType = "volumes" | "repositories" | "notification-destinations" | "backup-schedules" | "full";
 
 type ExportConfig = {
 	endpoint: string;
@@ -107,17 +107,17 @@ const exportConfigs: Record<ExportEntityType, ExportConfig> = {
 			return identifier ? `repository-${identifier}-config` : "repositories-config";
 		},
 	},
-	notifications: {
-		endpoint: "/api/v1/config/export/notifications",
-		label: "Notification",
-		labelPlural: "Notifications",
+	"notification-destinations": {
+		endpoint: "/api/v1/config/export/notification-destinations",
+		label: "Notification Destination",
+		labelPlural: "Notification Destinations",
 		getFilename: (opts) => {
 			const identifier = opts.id ?? opts.name;
-			return identifier ? `notification-${identifier}-config` : "notifications-config";
+			return identifier ? `notification-destination-${identifier}-config` : "notification-destinations-config";
 		},
 	},
-	backups: {
-		endpoint: "/api/v1/config/export/backups",
+	"backup-schedules": {
+		endpoint: "/api/v1/config/export/backup-schedules",
 		label: "Backup Schedule",
 		labelPlural: "Backup Schedules",
 		getFilename: (opts) => (opts.id ? `backup-schedule-${opts.id}-config` : "backup-schedules-config"),
@@ -176,7 +176,7 @@ export function ExportDialog({
 	const isSingleItem = !!(name || id);
 	const isFullExport = entityType === "full";
 	// TODO: Volumes will have encrypted secrets (e.g., SMB/NFS credentials) in a future PR
-	const hasSecrets = entityType !== "backups" && entityType !== "volumes";
+	const hasSecrets = entityType !== "backup-schedules" && entityType !== "volumes";
 	const entityLabel = isSingleItem ? config.label : config.labelPlural;
 	const requiresPassword = includeRecoveryKey || secretsMode === "cleartext";
 
diff --git a/app/client/modules/backups/components/schedule-summary.tsx b/app/client/modules/backups/components/schedule-summary.tsx
index c8b5187b..a9bdbce1 100644
--- a/app/client/modules/backups/components/schedule-summary.tsx
+++ b/app/client/modules/backups/components/schedule-summary.tsx
@@ -126,7 +126,7 @@ export const ScheduleSummary = (props: Props) => {
 							<Pencil className="h-4 w-4 mr-2" />
 							<span className="sm:inline">Edit schedule</span>
 						</Button>
-						<ExportDialog entityType="backups" id={schedule.id} size="sm" triggerLabel="Export config" />
+						<ExportDialog entityType="backup-schedules" id={schedule.id} size="sm" triggerLabel="Export config" />
 						<Button
 							variant="outline"
 							size="sm"
diff --git a/app/client/modules/backups/routes/backups.tsx b/app/client/modules/backups/routes/backups.tsx
index 7f131f04..cff440dc 100644
--- a/app/client/modules/backups/routes/backups.tsx
+++ b/app/client/modules/backups/routes/backups.tsx
@@ -122,7 +122,7 @@ export default function Backups({ loaderData }: Route.ComponentProps) {
 				</Link>
 				<Card className="flex flex-col items-center justify-center h-full hover:bg-muted/50 transition-colors cursor-pointer">
 					<CardContent className="flex flex-col items-center justify-center gap-2 h-full w-full">
-						<ExportDialog entityType="backups" variant="card" />
+						<ExportDialog entityType="backup-schedules" variant="card" />
 					</CardContent>
 				</Card>
 			</div>
diff --git a/app/client/modules/notifications/routes/notification-details.tsx b/app/client/modules/notifications/routes/notification-details.tsx
index 7b8b9454..89e053e9 100644
--- a/app/client/modules/notifications/routes/notification-details.tsx
+++ b/app/client/modules/notifications/routes/notification-details.tsx
@@ -143,7 +143,7 @@ export default function NotificationDetailsPage({ loaderData }: Route.ComponentP
 						<TestTube2 className="h-4 w-4 mr-2" />
 						Test
 					</Button>
-					<ExportDialog entityType="notifications" name={data.name} triggerLabel="Export config" />
+					<ExportDialog entityType="notification-destinations" name={data.name} triggerLabel="Export config" />
 					<Button
 						onClick={() => setShowDeleteConfirm(true)}
 						variant="destructive"
diff --git a/app/client/modules/notifications/routes/notifications.tsx b/app/client/modules/notifications/routes/notifications.tsx
index 8d7b9ea4..f48827fb 100644
--- a/app/client/modules/notifications/routes/notifications.tsx
+++ b/app/client/modules/notifications/routes/notifications.tsx
@@ -124,7 +124,7 @@ export default function Notifications({ loaderData }: Route.ComponentProps) {
 					)}
 				</span>
 				<div className="flex gap-2">
-					<ExportDialog entityType="notifications" />
+					<ExportDialog entityType="notification-destinations" />
 					<Button onClick={() => navigate("/notifications/create")}>
 						<Plus size={16} className="mr-2" />
 						Create Destination
diff --git a/app/server/modules/lifecycle/config-export.controller.ts b/app/server/modules/lifecycle/config-export.controller.ts
index 03cf3015..d5c6ed2e 100644
--- a/app/server/modules/lifecycle/config-export.controller.ts
+++ b/app/server/modules/lifecycle/config-export.controller.ts
@@ -319,18 +319,18 @@ export const configExportController = new Hono()
 			return c.json({ error: "Failed to export repositories" }, 500);
 		}
 	})
-	.get("/export/notifications", async (c) => {
+	.get("/export/notification-destinations", async (c) => {
 		try {
 			const params = parseExportParams(c);
 			const result = await fetchNotifications(getFilterOptions(c));
 			if ("error" in result) return c.json({ error: result.error }, result.status);
 			return c.json({ notificationDestinations: await exportEntities(result.data, params) });
 		} catch (err) {
-			logger.error(`Notifications export failed: ${err instanceof Error ? err.message : String(err)}`);
-			return c.json({ error: "Failed to export notifications" }, 500);
+			logger.error(`Notification destinations export failed: ${err instanceof Error ? err.message : String(err)}`);
+			return c.json({ error: "Failed to export notification destinations" }, 500);
 		}
 	})
-	.get("/export/backups", async (c) => {
+	.get("/export/backup-schedules", async (c) => {
 		try {
 			const params = parseExportParams(c);
 
@@ -354,8 +354,8 @@ export const configExportController = new Hono()
 
 			return c.json({ backupSchedules });
 		} catch (err) {
-			logger.error(`Backups export failed: ${err instanceof Error ? err.message : String(err)}`);
-			return c.json({ error: "Failed to export backups" }, 500);
+			logger.error(`Backup schedules export failed: ${err instanceof Error ? err.message : String(err)}`);
+			return c.json({ error: "Failed to export backup schedules" }, 500);
 		}
 	});
 

From c65d84ee9a50902e476c5fff77d692677164291d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= <jakub.travnik@gmail.com>
Date: Mon, 1 Dec 2025 16:36:17 +0100
Subject: [PATCH 16/49] pass id and name to export dialog

---
 .../modules/notifications/routes/notification-details.tsx       | 2 +-
 app/client/modules/repositories/routes/repository-details.tsx   | 2 +-
 app/client/modules/volumes/routes/volume-details.tsx            | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/client/modules/notifications/routes/notification-details.tsx b/app/client/modules/notifications/routes/notification-details.tsx
index 89e053e9..c3598cf6 100644
--- a/app/client/modules/notifications/routes/notification-details.tsx
+++ b/app/client/modules/notifications/routes/notification-details.tsx
@@ -143,7 +143,7 @@ export default function NotificationDetailsPage({ loaderData }: Route.ComponentP
 						<TestTube2 className="h-4 w-4 mr-2" />
 						Test
 					</Button>
-					<ExportDialog entityType="notification-destinations" name={data.name} triggerLabel="Export config" />
+					<ExportDialog entityType="notification-destinations" id={data.id} name={data.name} triggerLabel="Export config" />
 					<Button
 						onClick={() => setShowDeleteConfirm(true)}
 						variant="destructive"
diff --git a/app/client/modules/repositories/routes/repository-details.tsx b/app/client/modules/repositories/routes/repository-details.tsx
index c55960a7..b2ccc155 100644
--- a/app/client/modules/repositories/routes/repository-details.tsx
+++ b/app/client/modules/repositories/routes/repository-details.tsx
@@ -158,7 +158,7 @@ export default function RepositoryDetailsPage({ loaderData }: Route.ComponentPro
 							"Run Doctor"
 						)}
 					</Button>
-					<ExportDialog entityType="repositories" name={data.name} triggerLabel="Export config" />
+					<ExportDialog entityType="repositories" id={data.id} name={data.name} triggerLabel="Export config" />
 					<Button variant="destructive" onClick={() => setShowDeleteConfirm(true)} disabled={deleteRepo.isPending}>
 						Delete
 					</Button>
diff --git a/app/client/modules/volumes/routes/volume-details.tsx b/app/client/modules/volumes/routes/volume-details.tsx
index b16815f5..1d46f0a3 100644
--- a/app/client/modules/volumes/routes/volume-details.tsx
+++ b/app/client/modules/volumes/routes/volume-details.tsx
@@ -162,7 +162,7 @@ export default function VolumeDetails({ loaderData }: Route.ComponentProps) {
 					>
 						Unmount
 					</Button>
-					<ExportDialog entityType="volumes" name={volume.name} triggerLabel="Export config" />
+					<ExportDialog entityType="volumes" id={volume.id} name={volume.name} triggerLabel="Export config" />
 					<Button variant="destructive" onClick={() => setShowDeleteConfirm(true)} disabled={deleteVol.isPending}>
 						<Trash2 className="h-4 w-4 mr-2" />
 						Delete

From 50936995689208f84e8be50d9c1215d4fb6bfb45 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= <jakub.travnik@gmail.com>
Date: Mon, 1 Dec 2025 16:43:52 +0100
Subject: [PATCH 17/49] remove obsolete ExportCard

---
 app/client/components/export-dialog.tsx | 12 ------------
 1 file changed, 12 deletions(-)

diff --git a/app/client/components/export-dialog.tsx b/app/client/components/export-dialog.tsx
index 93e64b21..80c53bd4 100644
--- a/app/client/components/export-dialog.tsx
+++ b/app/client/components/export-dialog.tsx
@@ -440,15 +440,3 @@ export function ExportDialog({
 		</Dialog>
 	);
 }
-
-export function ExportCard({ entityType, ...props }: Omit<ExportDialogProps, "variant" | "trigger">) {
-
-	return (
-		<ExportDialog
-			entityType={entityType}
-			variant="card"
-			triggerLabel={props.triggerLabel ?? `Export ${props.id || props.name ? "config" : "configs"}`}
-			{...props}
-		/>
-	);
-}

From ced7a086724cba55808e018de6ed67580d017c6e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= <jakub.travnik@gmail.com>
Date: Mon, 1 Dec 2025 16:51:40 +0100
Subject: [PATCH 18/49] fix: add type safety for ExportDialog trigger props

---
 app/client/components/export-dialog.tsx | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/app/client/components/export-dialog.tsx b/app/client/components/export-dialog.tsx
index 80c53bd4..12682b36 100644
--- a/app/client/components/export-dialog.tsx
+++ b/app/client/components/export-dialog.tsx
@@ -139,17 +139,31 @@ export async function exportConfig(
 	await exportFromApi(config.endpoint, filename, options);
 }
 
-type ExportDialogProps = {
+type BaseExportDialogProps = {
 	entityType: ExportEntityType;
 	name?: string;
 	id?: string | number;
-	trigger?: React.ReactNode;
+};
+
+type ExportDialogWithTrigger = BaseExportDialogProps & {
+	/** Custom trigger element. When provided, variant/size/triggerLabel/showIcon are ignored. */
+	trigger: React.ReactNode;
+	variant?: never;
+	size?: never;
+	triggerLabel?: never;
+	showIcon?: never;
+};
+
+type ExportDialogWithDefaultTrigger = BaseExportDialogProps & {
+	trigger?: never;
 	variant?: "default" | "outline" | "ghost" | "card";
 	size?: "default" | "sm" | "lg" | "icon";
 	triggerLabel?: string;
 	showIcon?: boolean;
 };
 
+type ExportDialogProps = ExportDialogWithTrigger | ExportDialogWithDefaultTrigger;
+
 export function ExportDialog({
 	entityType,
 	name,

From 30047cbcf0f655b63acc2578df13f86ce8645594 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= <jakub.travnik@gmail.com>
Date: Mon, 1 Dec 2025 16:56:59 +0100
Subject: [PATCH 19/49] audit logging on recoveryKey export

---
 app/server/modules/lifecycle/config-export.controller.ts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/server/modules/lifecycle/config-export.controller.ts b/app/server/modules/lifecycle/config-export.controller.ts
index bc1e7176..cae50714 100644
--- a/app/server/modules/lifecycle/config-export.controller.ts
+++ b/app/server/modules/lifecycle/config-export.controller.ts
@@ -274,6 +274,7 @@ export const configExportController = new Hono()
 			if (includeRecoveryKey) {
 				try {
 					recoveryKey = await Bun.file(RESTIC_PASS_FILE).text();
+					logger.warn("Recovery key exported - this is a security-sensitive operation");
 				} catch {
 					logger.warn("Could not read recovery key file");
 				}

From c736657ffea633e2b74947bc4d3c07687e0319c4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= <jakub.travnik@gmail.com>
Date: Mon, 1 Dec 2025 16:59:59 +0100
Subject: [PATCH 20/49] Error logging on repositories export failure

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 app/server/modules/lifecycle/config-export.controller.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/server/modules/lifecycle/config-export.controller.ts b/app/server/modules/lifecycle/config-export.controller.ts
index cae50714..23bf7382 100644
--- a/app/server/modules/lifecycle/config-export.controller.ts
+++ b/app/server/modules/lifecycle/config-export.controller.ts
@@ -318,7 +318,7 @@ export const configExportController = new Hono()
 			return c.json({ repositories: await exportEntities(result.data, params) });
 		} catch (err) {
 			logger.error(`Repositories export failed: ${err instanceof Error ? err.message : String(err)}`);
-			return c.json({ error: "Failed to export repositories" }, 500);
+			return c.json({ error: `Failed to export repositories: ${err instanceof Error ? err.message : String(err)}` }, 500);
 		}
 	})
 	.get("/export/notification-destinations", async (c) => {

From 709a08cfe88df0f8cd8071ea6aea71ec1a15cd36 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= <jakub.travnik@gmail.com>
Date: Mon, 1 Dec 2025 17:00:51 +0100
Subject: [PATCH 21/49] Remove unrelated change

TODO: Fix Trash icon in different PR

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 app/client/modules/volumes/routes/volume-details.tsx | 1 -
 1 file changed, 1 deletion(-)

diff --git a/app/client/modules/volumes/routes/volume-details.tsx b/app/client/modules/volumes/routes/volume-details.tsx
index 1d46f0a3..d4cf8fba 100644
--- a/app/client/modules/volumes/routes/volume-details.tsx
+++ b/app/client/modules/volumes/routes/volume-details.tsx
@@ -164,7 +164,6 @@ export default function VolumeDetails({ loaderData }: Route.ComponentProps) {
 					</Button>
 					<ExportDialog entityType="volumes" id={volume.id} name={volume.name} triggerLabel="Export config" />
 					<Button variant="destructive" onClick={() => setShowDeleteConfirm(true)} disabled={deleteVol.isPending}>
-						<Trash2 className="h-4 w-4 mr-2" />
 						Delete
 					</Button>
 				</div>

From 7f966b504b6da4656c7ea93ea1cd91f1d808b86d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= <jakub.travnik@gmail.com>
Date: Mon, 1 Dec 2025 17:02:50 +0100
Subject: [PATCH 22/49] Explicit warning regarding volume secrets

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 app/server/modules/lifecycle/config-export.controller.ts | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/app/server/modules/lifecycle/config-export.controller.ts b/app/server/modules/lifecycle/config-export.controller.ts
index 23bf7382..e91d00cf 100644
--- a/app/server/modules/lifecycle/config-export.controller.ts
+++ b/app/server/modules/lifecycle/config-export.controller.ts
@@ -263,7 +263,9 @@ export const configExportController = new Hono()
 				backupSchedulesRaw, scheduleNotifications, volumeMap, repoMap, notificationMap, params
 			);
 
-			// TODO: Volumes will have encrypted secrets (e.g., SMB/NFS credentials) in a future PR
+			// WARNING: As of now, volume exports may include sensitive data (e.g., SMB/NFS credentials) in cleartext.
+			// This is a known security limitation. Handle exported configuration files with care.
+			// Future PRs will implement encryption for these secrets.
 			const [exportVolumes, exportRepositories, exportNotifications] = await Promise.all([
 				exportEntities(volumes, params),
 				exportEntities(repositories, params),

From eaca5abde5c94871c65b3d81713fb97df1bfae93 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= <jakub.travnik@gmail.com>
Date: Mon, 1 Dec 2025 17:07:24 +0100
Subject: [PATCH 23/49] Input validation and error handling for secretsMode
 param

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 app/server/modules/lifecycle/config-export.controller.ts | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/app/server/modules/lifecycle/config-export.controller.ts b/app/server/modules/lifecycle/config-export.controller.ts
index e91d00cf..5344f0c8 100644
--- a/app/server/modules/lifecycle/config-export.controller.ts
+++ b/app/server/modules/lifecycle/config-export.controller.ts
@@ -67,7 +67,13 @@ function parseExportParams(c: Context): ExportParams {
 	const includeIds = c.req.query("includeIds") !== "false";
 	const includeTimestamps = c.req.query("includeTimestamps") !== "false";
 	const includeRuntimeState = c.req.query("includeRuntimeState") === "true";
-	const secretsMode = (c.req.query("secretsMode") as SecretsMode) || "exclude";
+	const secretsModeRaw = c.req.query("secretsMode");
+	const allowedSecretsModes: SecretsMode[] = ["exclude", "encrypted", "cleartext"];
+	const secretsMode: SecretsMode = secretsModeRaw
+		? (allowedSecretsModes.includes(secretsModeRaw as SecretsMode)
+			? (secretsModeRaw as SecretsMode)
+			: (() => { throw new Error("Invalid secretsMode parameter"); })())
+		: "exclude";
 	const excludeKeys = getExcludeKeys(includeIds, includeTimestamps, includeRuntimeState);
 	return { includeIds, includeTimestamps, secretsMode, excludeKeys };
 }

From 7dab73e9bde3809dd69dbb7cd8fe8c4f76547367 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= <jakub.travnik@gmail.com>
Date: Mon, 1 Dec 2025 17:10:12 +0100
Subject: [PATCH 24/49] More verbose error logging for notification and backups
 export errors

---
 app/server/modules/lifecycle/config-export.controller.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/server/modules/lifecycle/config-export.controller.ts b/app/server/modules/lifecycle/config-export.controller.ts
index 5344f0c8..0b85b890 100644
--- a/app/server/modules/lifecycle/config-export.controller.ts
+++ b/app/server/modules/lifecycle/config-export.controller.ts
@@ -337,7 +337,7 @@ export const configExportController = new Hono()
 			return c.json({ notificationDestinations: await exportEntities(result.data, params) });
 		} catch (err) {
 			logger.error(`Notification destinations export failed: ${err instanceof Error ? err.message : String(err)}`);
-			return c.json({ error: "Failed to export notification destinations" }, 500);
+			return c.json({ error: `Failed to export notification destinations: ${err instanceof Error ? err.message : String(err)}` }, 500);
 		}
 	})
 	.get("/export/backup-schedules", async (c) => {
@@ -365,7 +365,7 @@ export const configExportController = new Hono()
 			return c.json({ backupSchedules });
 		} catch (err) {
 			logger.error(`Backup schedules export failed: ${err instanceof Error ? err.message : String(err)}`);
-			return c.json({ error: "Failed to export backup schedules" }, 500);
+			return c.json({ error: `Failed to export backup schedules: ${err instanceof Error ? err.message : String(err)}` }, 500);
 		}
 	});
 

From 2b6cd7af2c0acc27fbbddb97c213f5319b468aa4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= <jakub.travnik@gmail.com>
Date: Mon, 1 Dec 2025 17:15:18 +0100
Subject: [PATCH 25/49] possibly handle nested secrets in arrrays

---
 .../modules/lifecycle/config-export.controller.ts      | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/app/server/modules/lifecycle/config-export.controller.ts b/app/server/modules/lifecycle/config-export.controller.ts
index 0b85b890..00c77577 100644
--- a/app/server/modules/lifecycle/config-export.controller.ts
+++ b/app/server/modules/lifecycle/config-export.controller.ts
@@ -109,7 +109,15 @@ async function processSecrets(
 					delete result[key];
 				}
 			}
-		} else if (value && typeof value === "object" && !Array.isArray(value)) {
+		} else if (Array.isArray(value)) {
+			result[key] = await Promise.all(
+				value.map(async (item) =>
+					item && typeof item === "object" && !Array.isArray(item)
+						? processSecrets(item as Record<string, unknown>, secretsMode)
+						: item
+				)
+			);
+		} else if (value && typeof value === "object") {
 			result[key] = await processSecrets(value as Record<string, unknown>, secretsMode);
 		}
 	}

From f1e59e593138acc3cd5545c887d355daa81fb94a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= <jakub.travnik@gmail.com>
Date: Mon, 1 Dec 2025 17:44:07 +0100
Subject: [PATCH 26/49] Custom message for Full export

---
 app/client/components/export-dialog.tsx | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/app/client/components/export-dialog.tsx b/app/client/components/export-dialog.tsx
index 12682b36..4d44c023 100644
--- a/app/client/components/export-dialog.tsx
+++ b/app/client/components/export-dialog.tsx
@@ -330,9 +330,11 @@ export function ExportDialog({
 						<DialogHeader>
 							<DialogTitle>Export {entityLabel}</DialogTitle>
 							<DialogDescription>
-								{isSingleItem
-									? `Export the configuration for this ${config.label.toLowerCase()}.`
-									: `Export all ${config.labelPlural.toLowerCase()} configurations.`}
+								{isFullExport
+									? "Export the complete Zerobyte configuration including all volumes, repositories, backup schedules, and notifications."
+									: isSingleItem
+										? `Export the configuration for this ${config.label.toLowerCase()}.`
+										: `Export all ${config.labelPlural.toLowerCase()} configurations.`}
 							</DialogDescription>
 						</DialogHeader>
 

From fd4f031963d0582fae473ea60c1c0e6e9e1f24dc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= <jakub.travnik@gmail.com>
Date: Mon, 1 Dec 2025 17:45:28 +0100
Subject: [PATCH 27/49] Better error logging for password verification failure

---
 app/client/components/export-dialog.tsx | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/app/client/components/export-dialog.tsx b/app/client/components/export-dialog.tsx
index 4d44c023..6d5cf695 100644
--- a/app/client/components/export-dialog.tsx
+++ b/app/client/components/export-dialog.tsx
@@ -244,8 +244,10 @@ export function ExportDialog({
 			}
 			// Password verified, proceed with export
 			await performExport();
-		} catch {
-			toast.error("Incorrect password");
+		} catch (err) {
+			toast.error("Verification failed", {
+				description: err instanceof Error ? err.message : "Unable to verify password. Please check your connection and try again.",
+			});
 		} finally {
 			setIsVerifying(false);
 		}

From 94712bb7b8c290646c666e48e59d35ab40519746 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= <jakub.travnik@gmail.com>
Date: Mon, 1 Dec 2025 23:14:22 +0100
Subject: [PATCH 28/49] fix indentation

---
 app/client/components/export-dialog.tsx | 168 ++++++++++++------------
 1 file changed, 84 insertions(+), 84 deletions(-)

diff --git a/app/client/components/export-dialog.tsx b/app/client/components/export-dialog.tsx
index 6d5cf695..009e42b5 100644
--- a/app/client/components/export-dialog.tsx
+++ b/app/client/components/export-dialog.tsx
@@ -341,107 +341,107 @@ export function ExportDialog({
 						</DialogHeader>
 
 						<div className="space-y-4 py-4">
-					<div className="flex items-center space-x-3">
-						<Checkbox
-							id="includeIds"
-							checked={includeIds}
-							onCheckedChange={(checked) => setIncludeIds(checked === true)}
-						/>
-						<Label htmlFor="includeIds" className="cursor-pointer">
-							Include database IDs
-						</Label>
-					</div>
-					<p className="text-xs text-muted-foreground ml-7">
-						Include internal database identifiers in the export. Useful for debugging or when IDs are needed for reference.
-					</p>
-
-					<div className="flex items-center space-x-3">
-						<Checkbox
-							id="includeTimestamps"
-							checked={includeTimestamps}
-							onCheckedChange={(checked) => setIncludeTimestamps(checked === true)}
-						/>
-						<Label htmlFor="includeTimestamps" className="cursor-pointer">
-							Include timestamps
-						</Label>
-					</div>
-					<p className="text-xs text-muted-foreground ml-7">
-						Include createdAt and updatedAt timestamps. Disable for cleaner exports when timestamps aren't needed.
-					</p>
-
-					<div className="flex items-center space-x-3">
-						<Checkbox
-							id="includeRuntimeState"
-							checked={includeRuntimeState}
-							onCheckedChange={(checked) => setIncludeRuntimeState(checked === true)}
-						/>
-						<Label htmlFor="includeRuntimeState" className="cursor-pointer">
-							Include runtime state
-						</Label>
-					</div>
-					<p className="text-xs text-muted-foreground ml-7">
-						Include current status, health checks, and last backup information. Usually not needed for migration.
-					</p>
-
-					{hasSecrets && (
-						<>
-							<div className="flex items-center justify-between pt-2 border-t">
-								<Label className="cursor-pointer">Secrets handling</Label>
-								<Select value={secretsMode} onValueChange={(v) => setSecretsMode(v as SecretsMode)}>
-									<SelectTrigger className="w-40">
-										<SelectValue />
-									</SelectTrigger>
-									<SelectContent>
-										<SelectItem value="exclude">Exclude</SelectItem>
-										<SelectItem value="encrypted">Keep encrypted</SelectItem>
-										<SelectItem value="cleartext">Decrypt</SelectItem>
-									</SelectContent>
-								</Select>
+							<div className="flex items-center space-x-3">
+								<Checkbox
+									id="includeIds"
+									checked={includeIds}
+									onCheckedChange={(checked) => setIncludeIds(checked === true)}
+								/>
+								<Label htmlFor="includeIds" className="cursor-pointer">
+									Include database IDs
+								</Label>
 							</div>
-							<p className="text-xs text-muted-foreground">
-								{secretsMode === "exclude" && "Sensitive fields (passwords, API keys, webhooks) will be removed from the export."}
-								{secretsMode === "encrypted" && "Secrets will be exported in encrypted form. Requires the same recovery key to decrypt on import."}
-								{secretsMode === "cleartext" && (
-									<span className="text-yellow-600">
-										⚠️ Secrets will be decrypted and exported as plaintext. Keep this export secure!
-									</span>
-								)}
+							<p className="text-xs text-muted-foreground ml-7">
+								Include internal database identifiers in the export. Useful for debugging or when IDs are needed for reference.
 							</p>
-						</>
-					)}
 
-					{isFullExport && (
-						<>
-							<div className="flex items-center space-x-3 pt-2 border-t">
+							<div className="flex items-center space-x-3">
 								<Checkbox
-									id="includeRecoveryKey"
-									checked={includeRecoveryKey}
-									onCheckedChange={(checked) => setIncludeRecoveryKey(checked === true)}
+									id="includeTimestamps"
+									checked={includeTimestamps}
+									onCheckedChange={(checked) => setIncludeTimestamps(checked === true)}
 								/>
-								<Label htmlFor="includeRecoveryKey" className="cursor-pointer">
-									Include recovery key
+								<Label htmlFor="includeTimestamps" className="cursor-pointer">
+									Include timestamps
 								</Label>
 							</div>
 							<p className="text-xs text-muted-foreground ml-7">
-								<span className="text-yellow-600 font-medium">⚠️ Security sensitive:</span> The recovery key is the master encryption key for all repositories. Keep this export secure and never share it.
+								Include createdAt and updatedAt timestamps. Disable for cleaner exports when timestamps aren't needed.
 							</p>
 
 							<div className="flex items-center space-x-3">
 								<Checkbox
-									id="includePasswordHash"
-									checked={includePasswordHash}
-									onCheckedChange={(checked) => setIncludePasswordHash(checked === true)}
+									id="includeRuntimeState"
+									checked={includeRuntimeState}
+									onCheckedChange={(checked) => setIncludeRuntimeState(checked === true)}
 								/>
-								<Label htmlFor="includePasswordHash" className="cursor-pointer">
-									Include password hash
+								<Label htmlFor="includeRuntimeState" className="cursor-pointer">
+									Include runtime state
 								</Label>
 							</div>
 							<p className="text-xs text-muted-foreground ml-7">
-								Include the hashed admin password for seamless migration. The password is already securely hashed (argon2).
+								Include current status, health checks, and last backup information. Usually not needed for migration.
 							</p>
-						</>
-					)}
-				</div>
+
+							{hasSecrets && (
+								<>
+									<div className="flex items-center justify-between pt-2 border-t">
+										<Label className="cursor-pointer">Secrets handling</Label>
+										<Select value={secretsMode} onValueChange={(v) => setSecretsMode(v as SecretsMode)}>
+											<SelectTrigger className="w-40">
+												<SelectValue />
+											</SelectTrigger>
+											<SelectContent>
+												<SelectItem value="exclude">Exclude</SelectItem>
+												<SelectItem value="encrypted">Keep encrypted</SelectItem>
+												<SelectItem value="cleartext">Decrypt</SelectItem>
+											</SelectContent>
+										</Select>
+									</div>
+									<p className="text-xs text-muted-foreground">
+										{secretsMode === "exclude" && "Sensitive fields (passwords, API keys, webhooks) will be removed from the export."}
+										{secretsMode === "encrypted" && "Secrets will be exported in encrypted form. Requires the same recovery key to decrypt on import."}
+										{secretsMode === "cleartext" && (
+											<span className="text-yellow-600">
+												⚠️ Secrets will be decrypted and exported as plaintext. Keep this export secure!
+											</span>
+										)}
+									</p>
+								</>
+							)}
+
+							{isFullExport && (
+								<>
+									<div className="flex items-center space-x-3 pt-2 border-t">
+										<Checkbox
+											id="includeRecoveryKey"
+											checked={includeRecoveryKey}
+											onCheckedChange={(checked) => setIncludeRecoveryKey(checked === true)}
+										/>
+										<Label htmlFor="includeRecoveryKey" className="cursor-pointer">
+											Include recovery key
+										</Label>
+									</div>
+									<p className="text-xs text-muted-foreground ml-7">
+										<span className="text-yellow-600 font-medium">⚠️ Security sensitive:</span> The recovery key is the master encryption key for all repositories. Keep this export secure and never share it.
+									</p>
+
+									<div className="flex items-center space-x-3">
+										<Checkbox
+											id="includePasswordHash"
+											checked={includePasswordHash}
+											onCheckedChange={(checked) => setIncludePasswordHash(checked === true)}
+										/>
+										<Label htmlFor="includePasswordHash" className="cursor-pointer">
+											Include password hash
+										</Label>
+									</div>
+									<p className="text-xs text-muted-foreground ml-7">
+										Include the hashed admin password for seamless migration. The password is already securely hashed (argon2).
+									</p>
+								</>
+							)}
+						</div>
 
 						<DialogFooter>
 							<Button variant="outline" onClick={() => setOpen(false)}>

From 13883f3053f3677170eb88010da2c335ef5f90c2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= <jakub.travnik@gmail.com>
Date: Tue, 2 Dec 2025 09:35:24 +0100
Subject: [PATCH 29/49] Simplify UI message for secrets export

Co-authored-by: Nico <47644445+nicotsx@users.noreply.github.com>
---
 app/client/components/export-dialog.tsx | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/app/client/components/export-dialog.tsx b/app/client/components/export-dialog.tsx
index 009e42b5..b7faa489 100644
--- a/app/client/components/export-dialog.tsx
+++ b/app/client/components/export-dialog.tsx
@@ -288,12 +288,7 @@ export function ExportDialog({
 						<DialogHeader>
 							<DialogTitle>Confirm Export</DialogTitle>
 							<DialogDescription>
-								For security reasons, please enter your password to export
-								{includeRecoveryKey && secretsMode === "cleartext"
-									? " the recovery key and decrypted secrets."
-									: includeRecoveryKey
-										? " the recovery key."
-										: " decrypted secrets."}
+								For security reasons, please enter your password to export sensitive information
 							</DialogDescription>
 						</DialogHeader>
 						<div className="space-y-4 py-4">

From 2dfa15a83a9abb7c43f0ecf6e96c4eb7112fff81 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= <jakub.travnik@gmail.com>
Date: Tue, 2 Dec 2025 11:47:26 +0100
Subject: [PATCH 30/49] remove redundant type key from exported objects

---
 app/server/modules/lifecycle/config-export.controller.ts | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/app/server/modules/lifecycle/config-export.controller.ts b/app/server/modules/lifecycle/config-export.controller.ts
index 00c77577..cd8e8c95 100644
--- a/app/server/modules/lifecycle/config-export.controller.ts
+++ b/app/server/modules/lifecycle/config-export.controller.ts
@@ -55,7 +55,11 @@ function getExcludeKeys(includeIds: boolean, includeTimestamps: boolean, include
 		// Backup schedule state
 		"lastBackupAt", "lastBackupStatus", "lastBackupError", "nextBackupAt",
 	];
+	// Redundant fields that are already present inside the config object
+	// (e.g., type is duplicated as config.backend or config.type)
+	const redundantKeys = ["type"];
 	return [
+		...redundantKeys,
 		...(includeRuntimeState ? [] : runtimeStateKeys),
 		...(includeIds ? [] : idKeys),
 		...(includeTimestamps ? [] : timestampKeys),

From 9f1a7694a39b40769cb569a5d602f031b7f378af Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= <jakub.travnik@gmail.com>
Date: Wed, 3 Dec 2025 00:12:34 +0100
Subject: [PATCH 31/49] fix: Entity lookup and frontend mutation patterns for
 config export

- Fix volumes/repositories export to prefer name lookup over ID
- Fallback to list+filter when only ID provided (services expect name)
- Refactor ExportDialog to use generated mutations instead of manual fetch
- Remove standalone /auth/verify-password endpoint (integrated into exports)
---
 README.md                                     |   2 +-
 .../api-client/@tanstack/react-query.gen.ts   |  89 ++-
 app/client/api-client/sdk.gen.ts              |  72 ++-
 app/client/api-client/types.gen.ts            | 260 +++++++++
 app/client/components/export-dialog.tsx       | 547 +++++++++---------
 app/server/modules/auth/auth.controller.ts    |  26 -
 app/server/modules/auth/auth.dto.ts           |  28 -
 .../lifecycle/config-export.controller.ts     | 366 +++++++-----
 .../modules/lifecycle/config-export.dto.ts    | 289 +++++++++
 9 files changed, 1191 insertions(+), 488 deletions(-)
 create mode 100644 app/server/modules/lifecycle/config-export.dto.ts

diff --git a/README.md b/README.md
index 93f4c129..b9732a9c 100644
--- a/README.md
+++ b/README.md
@@ -215,7 +215,7 @@ To export, click the "Export" button on any list page or detail page. A dialog w
 - **Include recovery key** (full export only) - Include the master encryption key for all repositories
 - **Include password hash** (full export only) - Include the hashed admin password for seamless migration
 
-When exporting sensitive data (recovery key or decrypted secrets), you'll be prompted to re-enter your password as an additional security confirmation. This is a UI-level safeguard to prevent accidental exports of sensitive information.
+All exports require password verification for security. You must enter your password to confirm your identity before any configuration can be exported.
 
 Exports are downloaded as JSON files that can be used for reference or future import functionality.
 
diff --git a/app/client/api-client/@tanstack/react-query.gen.ts b/app/client/api-client/@tanstack/react-query.gen.ts
index 5beda44b..4114ad91 100644
--- a/app/client/api-client/@tanstack/react-query.gen.ts
+++ b/app/client/api-client/@tanstack/react-query.gen.ts
@@ -3,8 +3,8 @@
 import { type DefaultError, queryOptions, type UseMutationOptions } from '@tanstack/react-query';
 
 import { client } from '../client.gen';
-import { browseFilesystem, changePassword, createBackupSchedule, createNotificationDestination, createRepository, createVolume, deleteBackupSchedule, deleteNotificationDestination, deleteRepository, deleteSnapshot, deleteVolume, doctorRepository, downloadResticPassword, getBackupSchedule, getBackupScheduleForVolume, getContainersUsingVolume, getMe, getNotificationDestination, getRepository, getScheduleNotifications, getSnapshotDetails, getStatus, getSystemInfo, getVolume, healthCheckVolume, listBackupSchedules, listFiles, listNotificationDestinations, listRcloneRemotes, listRepositories, listSnapshotFiles, listSnapshots, listVolumes, login, logout, mountVolume, type Options, register, restoreSnapshot, runBackupNow, runForget, stopBackup, testConnection, testNotificationDestination, unmountVolume, updateBackupSchedule, updateNotificationDestination, updateRepository, updateScheduleNotifications, updateVolume } from '../sdk.gen';
-import type { BrowseFilesystemData, BrowseFilesystemResponse, ChangePasswordData, ChangePasswordResponse, CreateBackupScheduleData, CreateBackupScheduleResponse, CreateNotificationDestinationData, CreateNotificationDestinationResponse, CreateRepositoryData, CreateRepositoryResponse, CreateVolumeData, CreateVolumeResponse, DeleteBackupScheduleData, DeleteBackupScheduleResponse, DeleteNotificationDestinationData, DeleteNotificationDestinationResponse, DeleteRepositoryData, DeleteRepositoryResponse, DeleteSnapshotData, DeleteSnapshotResponse, DeleteVolumeData, DeleteVolumeResponse, DoctorRepositoryData, DoctorRepositoryResponse, DownloadResticPasswordData, DownloadResticPasswordResponse, GetBackupScheduleData, GetBackupScheduleForVolumeData, GetBackupScheduleForVolumeResponse, GetBackupScheduleResponse, GetContainersUsingVolumeData, GetContainersUsingVolumeResponse, GetMeData, GetMeResponse, GetNotificationDestinationData, GetNotificationDestinationResponse, GetRepositoryData, GetRepositoryResponse, GetScheduleNotificationsData, GetScheduleNotificationsResponse, GetSnapshotDetailsData, GetSnapshotDetailsResponse, GetStatusData, GetStatusResponse, GetSystemInfoData, GetSystemInfoResponse, GetVolumeData, GetVolumeResponse, HealthCheckVolumeData, HealthCheckVolumeResponse, ListBackupSchedulesData, ListBackupSchedulesResponse, ListFilesData, ListFilesResponse, ListNotificationDestinationsData, ListNotificationDestinationsResponse, ListRcloneRemotesData, ListRcloneRemotesResponse, ListRepositoriesData, ListRepositoriesResponse, ListSnapshotFilesData, ListSnapshotFilesResponse, ListSnapshotsData, ListSnapshotsResponse, ListVolumesData, ListVolumesResponse, LoginData, LoginResponse, LogoutData, LogoutResponse, MountVolumeData, MountVolumeResponse, RegisterData, RegisterResponse, RestoreSnapshotData, RestoreSnapshotResponse, RunBackupNowData, RunBackupNowResponse, RunForgetData, RunForgetResponse, StopBackupData, StopBackupResponse, TestConnectionData, TestConnectionResponse, TestNotificationDestinationData, TestNotificationDestinationResponse, UnmountVolumeData, UnmountVolumeResponse, UpdateBackupScheduleData, UpdateBackupScheduleResponse, UpdateNotificationDestinationData, UpdateNotificationDestinationResponse, UpdateRepositoryData, UpdateRepositoryResponse, UpdateScheduleNotificationsData, UpdateScheduleNotificationsResponse, UpdateVolumeData, UpdateVolumeResponse } from '../types.gen';
+import { browseFilesystem, changePassword, createBackupSchedule, createNotificationDestination, createRepository, createVolume, deleteBackupSchedule, deleteNotificationDestination, deleteRepository, deleteSnapshot, deleteVolume, doctorRepository, downloadResticPassword, exportBackupSchedules, exportFullConfig, exportNotificationDestinations, exportRepositories, exportVolumes, getBackupSchedule, getBackupScheduleForVolume, getContainersUsingVolume, getMe, getNotificationDestination, getRepository, getScheduleNotifications, getSnapshotDetails, getStatus, getSystemInfo, getVolume, healthCheckVolume, listBackupSchedules, listFiles, listNotificationDestinations, listRcloneRemotes, listRepositories, listSnapshotFiles, listSnapshots, listVolumes, login, logout, mountVolume, type Options, register, restoreSnapshot, runBackupNow, runForget, stopBackup, testConnection, testNotificationDestination, unmountVolume, updateBackupSchedule, updateNotificationDestination, updateRepository, updateScheduleNotifications, updateVolume } from '../sdk.gen';
+import type { BrowseFilesystemData, BrowseFilesystemResponse, ChangePasswordData, ChangePasswordResponse, CreateBackupScheduleData, CreateBackupScheduleResponse, CreateNotificationDestinationData, CreateNotificationDestinationResponse, CreateRepositoryData, CreateRepositoryResponse, CreateVolumeData, CreateVolumeResponse, DeleteBackupScheduleData, DeleteBackupScheduleResponse, DeleteNotificationDestinationData, DeleteNotificationDestinationResponse, DeleteRepositoryData, DeleteRepositoryResponse, DeleteSnapshotData, DeleteSnapshotResponse, DeleteVolumeData, DeleteVolumeResponse, DoctorRepositoryData, DoctorRepositoryResponse, DownloadResticPasswordData, DownloadResticPasswordResponse, ExportBackupSchedulesData, ExportBackupSchedulesError, ExportBackupSchedulesResponse, ExportFullConfigData, ExportFullConfigError, ExportFullConfigResponse, ExportNotificationDestinationsData, ExportNotificationDestinationsError, ExportNotificationDestinationsResponse, ExportRepositoriesData, ExportRepositoriesError, ExportRepositoriesResponse, ExportVolumesData, ExportVolumesError, ExportVolumesResponse, GetBackupScheduleData, GetBackupScheduleForVolumeData, GetBackupScheduleForVolumeResponse, GetBackupScheduleResponse, GetContainersUsingVolumeData, GetContainersUsingVolumeResponse, GetMeData, GetMeResponse, GetNotificationDestinationData, GetNotificationDestinationResponse, GetRepositoryData, GetRepositoryResponse, GetScheduleNotificationsData, GetScheduleNotificationsResponse, GetSnapshotDetailsData, GetSnapshotDetailsResponse, GetStatusData, GetStatusResponse, GetSystemInfoData, GetSystemInfoResponse, GetVolumeData, GetVolumeResponse, HealthCheckVolumeData, HealthCheckVolumeResponse, ListBackupSchedulesData, ListBackupSchedulesResponse, ListFilesData, ListFilesResponse, ListNotificationDestinationsData, ListNotificationDestinationsResponse, ListRcloneRemotesData, ListRcloneRemotesResponse, ListRepositoriesData, ListRepositoriesResponse, ListSnapshotFilesData, ListSnapshotFilesResponse, ListSnapshotsData, ListSnapshotsResponse, ListVolumesData, ListVolumesResponse, LoginData, LoginResponse, LogoutData, LogoutResponse, MountVolumeData, MountVolumeResponse, RegisterData, RegisterResponse, RestoreSnapshotData, RestoreSnapshotResponse, RunBackupNowData, RunBackupNowResponse, RunForgetData, RunForgetResponse, StopBackupData, StopBackupResponse, TestConnectionData, TestConnectionResponse, TestNotificationDestinationData, TestNotificationDestinationResponse, UnmountVolumeData, UnmountVolumeResponse, UpdateBackupScheduleData, UpdateBackupScheduleResponse, UpdateNotificationDestinationData, UpdateNotificationDestinationResponse, UpdateRepositoryData, UpdateRepositoryResponse, UpdateScheduleNotificationsData, UpdateScheduleNotificationsResponse, UpdateVolumeData, UpdateVolumeResponse } from '../types.gen';
 
 /**
  * Register a new user
@@ -893,3 +893,88 @@ export const downloadResticPasswordMutation = (options?: Partial<Options<Downloa
     };
     return mutationOptions;
 };
+
+/**
+ * Export full configuration including all volumes, repositories, backup schedules, and notifications
+ */
+export const exportFullConfigMutation = (options?: Partial<Options<ExportFullConfigData>>): UseMutationOptions<ExportFullConfigResponse, ExportFullConfigError, Options<ExportFullConfigData>> => {
+    const mutationOptions: UseMutationOptions<ExportFullConfigResponse, ExportFullConfigError, Options<ExportFullConfigData>> = {
+        mutationFn: async (fnOptions) => {
+            const { data } = await exportFullConfig({
+                ...options,
+                ...fnOptions,
+                throwOnError: true
+            });
+            return data;
+        }
+    };
+    return mutationOptions;
+};
+
+/**
+ * Export volumes configuration
+ */
+export const exportVolumesMutation = (options?: Partial<Options<ExportVolumesData>>): UseMutationOptions<ExportVolumesResponse, ExportVolumesError, Options<ExportVolumesData>> => {
+    const mutationOptions: UseMutationOptions<ExportVolumesResponse, ExportVolumesError, Options<ExportVolumesData>> = {
+        mutationFn: async (fnOptions) => {
+            const { data } = await exportVolumes({
+                ...options,
+                ...fnOptions,
+                throwOnError: true
+            });
+            return data;
+        }
+    };
+    return mutationOptions;
+};
+
+/**
+ * Export repositories configuration
+ */
+export const exportRepositoriesMutation = (options?: Partial<Options<ExportRepositoriesData>>): UseMutationOptions<ExportRepositoriesResponse, ExportRepositoriesError, Options<ExportRepositoriesData>> => {
+    const mutationOptions: UseMutationOptions<ExportRepositoriesResponse, ExportRepositoriesError, Options<ExportRepositoriesData>> = {
+        mutationFn: async (fnOptions) => {
+            const { data } = await exportRepositories({
+                ...options,
+                ...fnOptions,
+                throwOnError: true
+            });
+            return data;
+        }
+    };
+    return mutationOptions;
+};
+
+/**
+ * Export notification destinations configuration
+ */
+export const exportNotificationDestinationsMutation = (options?: Partial<Options<ExportNotificationDestinationsData>>): UseMutationOptions<ExportNotificationDestinationsResponse, ExportNotificationDestinationsError, Options<ExportNotificationDestinationsData>> => {
+    const mutationOptions: UseMutationOptions<ExportNotificationDestinationsResponse, ExportNotificationDestinationsError, Options<ExportNotificationDestinationsData>> = {
+        mutationFn: async (fnOptions) => {
+            const { data } = await exportNotificationDestinations({
+                ...options,
+                ...fnOptions,
+                throwOnError: true
+            });
+            return data;
+        }
+    };
+    return mutationOptions;
+};
+
+/**
+ * Export backup schedules configuration
+ */
+export const exportBackupSchedulesMutation = (options?: Partial<Options<ExportBackupSchedulesData>>): UseMutationOptions<ExportBackupSchedulesResponse, ExportBackupSchedulesError, Options<ExportBackupSchedulesData>> => {
+    const mutationOptions: UseMutationOptions<ExportBackupSchedulesResponse, ExportBackupSchedulesError, Options<ExportBackupSchedulesData>> = {
+        mutationFn: async (fnOptions) => {
+            const { data } = await exportBackupSchedules({
+                ...options,
+                ...fnOptions,
+                throwOnError: true
+            });
+            return data;
+        }
+    };
+    return mutationOptions;
+};
diff --git a/app/client/api-client/sdk.gen.ts b/app/client/api-client/sdk.gen.ts
index 9f5afe46..ea0d832f 100644
--- a/app/client/api-client/sdk.gen.ts
+++ b/app/client/api-client/sdk.gen.ts
@@ -2,7 +2,7 @@
 
 import type { Client, Options as Options2, TDataShape } from './client';
 import { client } from './client.gen';
-import type { BrowseFilesystemData, BrowseFilesystemResponses, ChangePasswordData, ChangePasswordResponses, CreateBackupScheduleData, CreateBackupScheduleResponses, CreateNotificationDestinationData, CreateNotificationDestinationResponses, CreateRepositoryData, CreateRepositoryResponses, CreateVolumeData, CreateVolumeResponses, DeleteBackupScheduleData, DeleteBackupScheduleResponses, DeleteNotificationDestinationData, DeleteNotificationDestinationErrors, DeleteNotificationDestinationResponses, DeleteRepositoryData, DeleteRepositoryResponses, DeleteSnapshotData, DeleteSnapshotResponses, DeleteVolumeData, DeleteVolumeResponses, DoctorRepositoryData, DoctorRepositoryResponses, DownloadResticPasswordData, DownloadResticPasswordResponses, GetBackupScheduleData, GetBackupScheduleForVolumeData, GetBackupScheduleForVolumeResponses, GetBackupScheduleResponses, GetContainersUsingVolumeData, GetContainersUsingVolumeErrors, GetContainersUsingVolumeResponses, GetMeData, GetMeResponses, GetNotificationDestinationData, GetNotificationDestinationErrors, GetNotificationDestinationResponses, GetRepositoryData, GetRepositoryResponses, GetScheduleNotificationsData, GetScheduleNotificationsResponses, GetSnapshotDetailsData, GetSnapshotDetailsResponses, GetStatusData, GetStatusResponses, GetSystemInfoData, GetSystemInfoResponses, GetVolumeData, GetVolumeErrors, GetVolumeResponses, HealthCheckVolumeData, HealthCheckVolumeErrors, HealthCheckVolumeResponses, ListBackupSchedulesData, ListBackupSchedulesResponses, ListFilesData, ListFilesResponses, ListNotificationDestinationsData, ListNotificationDestinationsResponses, ListRcloneRemotesData, ListRcloneRemotesResponses, ListRepositoriesData, ListRepositoriesResponses, ListSnapshotFilesData, ListSnapshotFilesResponses, ListSnapshotsData, ListSnapshotsResponses, ListVolumesData, ListVolumesResponses, LoginData, LoginResponses, LogoutData, LogoutResponses, MountVolumeData, MountVolumeResponses, RegisterData, RegisterResponses, RestoreSnapshotData, RestoreSnapshotResponses, RunBackupNowData, RunBackupNowResponses, RunForgetData, RunForgetResponses, StopBackupData, StopBackupErrors, StopBackupResponses, TestConnectionData, TestConnectionResponses, TestNotificationDestinationData, TestNotificationDestinationErrors, TestNotificationDestinationResponses, UnmountVolumeData, UnmountVolumeResponses, UpdateBackupScheduleData, UpdateBackupScheduleResponses, UpdateNotificationDestinationData, UpdateNotificationDestinationErrors, UpdateNotificationDestinationResponses, UpdateRepositoryData, UpdateRepositoryErrors, UpdateRepositoryResponses, UpdateScheduleNotificationsData, UpdateScheduleNotificationsResponses, UpdateVolumeData, UpdateVolumeErrors, UpdateVolumeResponses } from './types.gen';
+import type { BrowseFilesystemData, BrowseFilesystemResponses, ChangePasswordData, ChangePasswordResponses, CreateBackupScheduleData, CreateBackupScheduleResponses, CreateNotificationDestinationData, CreateNotificationDestinationResponses, CreateRepositoryData, CreateRepositoryResponses, CreateVolumeData, CreateVolumeResponses, DeleteBackupScheduleData, DeleteBackupScheduleResponses, DeleteNotificationDestinationData, DeleteNotificationDestinationErrors, DeleteNotificationDestinationResponses, DeleteRepositoryData, DeleteRepositoryResponses, DeleteSnapshotData, DeleteSnapshotResponses, DeleteVolumeData, DeleteVolumeResponses, DoctorRepositoryData, DoctorRepositoryResponses, DownloadResticPasswordData, DownloadResticPasswordResponses, ExportBackupSchedulesData, ExportBackupSchedulesErrors, ExportBackupSchedulesResponses, ExportFullConfigData, ExportFullConfigErrors, ExportFullConfigResponses, ExportNotificationDestinationsData, ExportNotificationDestinationsErrors, ExportNotificationDestinationsResponses, ExportRepositoriesData, ExportRepositoriesErrors, ExportRepositoriesResponses, ExportVolumesData, ExportVolumesErrors, ExportVolumesResponses, GetBackupScheduleData, GetBackupScheduleForVolumeData, GetBackupScheduleForVolumeResponses, GetBackupScheduleResponses, GetContainersUsingVolumeData, GetContainersUsingVolumeErrors, GetContainersUsingVolumeResponses, GetMeData, GetMeResponses, GetNotificationDestinationData, GetNotificationDestinationErrors, GetNotificationDestinationResponses, GetRepositoryData, GetRepositoryResponses, GetScheduleNotificationsData, GetScheduleNotificationsResponses, GetSnapshotDetailsData, GetSnapshotDetailsResponses, GetStatusData, GetStatusResponses, GetSystemInfoData, GetSystemInfoResponses, GetVolumeData, GetVolumeErrors, GetVolumeResponses, HealthCheckVolumeData, HealthCheckVolumeErrors, HealthCheckVolumeResponses, ListBackupSchedulesData, ListBackupSchedulesResponses, ListFilesData, ListFilesResponses, ListNotificationDestinationsData, ListNotificationDestinationsResponses, ListRcloneRemotesData, ListRcloneRemotesResponses, ListRepositoriesData, ListRepositoriesResponses, ListSnapshotFilesData, ListSnapshotFilesResponses, ListSnapshotsData, ListSnapshotsResponses, ListVolumesData, ListVolumesResponses, LoginData, LoginResponses, LogoutData, LogoutResponses, MountVolumeData, MountVolumeResponses, RegisterData, RegisterResponses, RestoreSnapshotData, RestoreSnapshotResponses, RunBackupNowData, RunBackupNowResponses, RunForgetData, RunForgetResponses, StopBackupData, StopBackupErrors, StopBackupResponses, TestConnectionData, TestConnectionResponses, TestNotificationDestinationData, TestNotificationDestinationErrors, TestNotificationDestinationResponses, UnmountVolumeData, UnmountVolumeResponses, UpdateBackupScheduleData, UpdateBackupScheduleResponses, UpdateNotificationDestinationData, UpdateNotificationDestinationErrors, UpdateNotificationDestinationResponses, UpdateRepositoryData, UpdateRepositoryErrors, UpdateRepositoryResponses, UpdateScheduleNotificationsData, UpdateScheduleNotificationsResponses, UpdateVolumeData, UpdateVolumeErrors, UpdateVolumeResponses } from './types.gen';
 
 export type Options<TData extends TDataShape = TDataShape, ThrowOnError extends boolean = boolean> = Options2<TData, ThrowOnError> & {
     /**
@@ -567,3 +567,73 @@ export const downloadResticPassword = <ThrowOnError extends boolean = false>(opt
         }
     });
 };
+
+/**
+ * Export full configuration including all volumes, repositories, backup schedules, and notifications
+ */
+export const exportFullConfig = <ThrowOnError extends boolean = false>(options?: Options<ExportFullConfigData, ThrowOnError>) => {
+    return (options?.client ?? client).post<ExportFullConfigResponses, ExportFullConfigErrors, ThrowOnError>({
+        url: '/api/v1/config/export',
+        ...options,
+        headers: {
+            'Content-Type': 'application/json',
+            ...options?.headers
+        }
+    });
+};
+
+/**
+ * Export volumes configuration
+ */
+export const exportVolumes = <ThrowOnError extends boolean = false>(options?: Options<ExportVolumesData, ThrowOnError>) => {
+    return (options?.client ?? client).post<ExportVolumesResponses, ExportVolumesErrors, ThrowOnError>({
+        url: '/api/v1/config/export/volumes',
+        ...options,
+        headers: {
+            'Content-Type': 'application/json',
+            ...options?.headers
+        }
+    });
+};
+
+/**
+ * Export repositories configuration
+ */
+export const exportRepositories = <ThrowOnError extends boolean = false>(options?: Options<ExportRepositoriesData, ThrowOnError>) => {
+    return (options?.client ?? client).post<ExportRepositoriesResponses, ExportRepositoriesErrors, ThrowOnError>({
+        url: '/api/v1/config/export/repositories',
+        ...options,
+        headers: {
+            'Content-Type': 'application/json',
+            ...options?.headers
+        }
+    });
+};
+
+/**
+ * Export notification destinations configuration
+ */
+export const exportNotificationDestinations = <ThrowOnError extends boolean = false>(options?: Options<ExportNotificationDestinationsData, ThrowOnError>) => {
+    return (options?.client ?? client).post<ExportNotificationDestinationsResponses, ExportNotificationDestinationsErrors, ThrowOnError>({
+        url: '/api/v1/config/export/notification-destinations',
+        ...options,
+        headers: {
+            'Content-Type': 'application/json',
+            ...options?.headers
+        }
+    });
+};
+
+/**
+ * Export backup schedules configuration
+ */
+export const exportBackupSchedules = <ThrowOnError extends boolean = false>(options?: Options<ExportBackupSchedulesData, ThrowOnError>) => {
+    return (options?.client ?? client).post<ExportBackupSchedulesResponses, ExportBackupSchedulesErrors, ThrowOnError>({
+        url: '/api/v1/config/export/backup-schedules',
+        ...options,
+        headers: {
+            'Content-Type': 'application/json',
+            ...options?.headers
+        }
+    });
+};
diff --git a/app/client/api-client/types.gen.ts b/app/client/api-client/types.gen.ts
index 7e82ed3f..d025a2fe 100644
--- a/app/client/api-client/types.gen.ts
+++ b/app/client/api-client/types.gen.ts
@@ -2615,3 +2615,263 @@ export type DownloadResticPasswordResponses = {
 };
 
 export type DownloadResticPasswordResponse = DownloadResticPasswordResponses[keyof DownloadResticPasswordResponses];
+
+export type ExportFullConfigData = {
+    body?: {
+        password: string;
+        includeIds?: boolean;
+        includePasswordHash?: boolean;
+        includeRecoveryKey?: boolean;
+        includeRuntimeState?: boolean;
+        includeTimestamps?: boolean;
+        secretsMode?: 'cleartext' | 'encrypted' | 'exclude';
+    };
+    path?: never;
+    query?: never;
+    url: '/api/v1/config/export';
+};
+
+export type ExportFullConfigErrors = {
+    /**
+     * Password required for sensitive export options
+     */
+    401: {
+        error: string;
+    };
+    /**
+     * Export failed
+     */
+    500: {
+        error: string;
+    };
+};
+
+export type ExportFullConfigError = ExportFullConfigErrors[keyof ExportFullConfigErrors];
+
+export type ExportFullConfigResponses = {
+    /**
+     * Full configuration export
+     */
+    200: {
+        admin?: {
+            username: string;
+            passwordHash?: string;
+            recoveryKey?: string;
+        } | null;
+        backupSchedules?: Array<unknown>;
+        exportedAt?: string;
+        notificationDestinations?: Array<unknown>;
+        repositories?: Array<unknown>;
+        version?: number;
+        volumes?: Array<unknown>;
+    };
+};
+
+export type ExportFullConfigResponse = ExportFullConfigResponses[keyof ExportFullConfigResponses];
+
+export type ExportVolumesData = {
+    body?: {
+        password: string;
+        id?: number | string;
+        includeIds?: boolean;
+        includeRuntimeState?: boolean;
+        includeTimestamps?: boolean;
+        name?: string;
+        secretsMode?: 'cleartext' | 'encrypted' | 'exclude';
+    };
+    path?: never;
+    query?: never;
+    url: '/api/v1/config/export/volumes';
+};
+
+export type ExportVolumesErrors = {
+    /**
+     * Invalid request
+     */
+    400: {
+        error: string;
+    };
+    /**
+     * Volume not found
+     */
+    404: {
+        error: string;
+    };
+    /**
+     * Export failed
+     */
+    500: {
+        error: string;
+    };
+};
+
+export type ExportVolumesError = ExportVolumesErrors[keyof ExportVolumesErrors];
+
+export type ExportVolumesResponses = {
+    /**
+     * Volumes configuration export
+     */
+    200: {
+        volumes: Array<unknown>;
+    };
+};
+
+export type ExportVolumesResponse = ExportVolumesResponses[keyof ExportVolumesResponses];
+
+export type ExportRepositoriesData = {
+    body?: {
+        password: string;
+        id?: number | string;
+        includeIds?: boolean;
+        includeRuntimeState?: boolean;
+        includeTimestamps?: boolean;
+        name?: string;
+        secretsMode?: 'cleartext' | 'encrypted' | 'exclude';
+    };
+    path?: never;
+    query?: never;
+    url: '/api/v1/config/export/repositories';
+};
+
+export type ExportRepositoriesErrors = {
+    /**
+     * Invalid request
+     */
+    400: {
+        error: string;
+    };
+    /**
+     * Password required for sensitive export options
+     */
+    401: {
+        error: string;
+    };
+    /**
+     * Repository not found
+     */
+    404: {
+        error: string;
+    };
+    /**
+     * Export failed
+     */
+    500: {
+        error: string;
+    };
+};
+
+export type ExportRepositoriesError = ExportRepositoriesErrors[keyof ExportRepositoriesErrors];
+
+export type ExportRepositoriesResponses = {
+    /**
+     * Repositories configuration export
+     */
+    200: {
+        repositories: Array<unknown>;
+    };
+};
+
+export type ExportRepositoriesResponse = ExportRepositoriesResponses[keyof ExportRepositoriesResponses];
+
+export type ExportNotificationDestinationsData = {
+    body?: {
+        password: string;
+        id?: number | string;
+        includeIds?: boolean;
+        includeRuntimeState?: boolean;
+        includeTimestamps?: boolean;
+        name?: string;
+        secretsMode?: 'cleartext' | 'encrypted' | 'exclude';
+    };
+    path?: never;
+    query?: never;
+    url: '/api/v1/config/export/notification-destinations';
+};
+
+export type ExportNotificationDestinationsErrors = {
+    /**
+     * Invalid request
+     */
+    400: {
+        error: string;
+    };
+    /**
+     * Password required for sensitive export options
+     */
+    401: {
+        error: string;
+    };
+    /**
+     * Notification destination not found
+     */
+    404: {
+        error: string;
+    };
+    /**
+     * Export failed
+     */
+    500: {
+        error: string;
+    };
+};
+
+export type ExportNotificationDestinationsError = ExportNotificationDestinationsErrors[keyof ExportNotificationDestinationsErrors];
+
+export type ExportNotificationDestinationsResponses = {
+    /**
+     * Notification destinations configuration export
+     */
+    200: {
+        notificationDestinations: Array<unknown>;
+    };
+};
+
+export type ExportNotificationDestinationsResponse = ExportNotificationDestinationsResponses[keyof ExportNotificationDestinationsResponses];
+
+export type ExportBackupSchedulesData = {
+    body?: {
+        password: string;
+        id?: number;
+        includeIds?: boolean;
+        includeRuntimeState?: boolean;
+        includeTimestamps?: boolean;
+        secretsMode?: 'cleartext' | 'encrypted' | 'exclude';
+    };
+    path?: never;
+    query?: never;
+    url: '/api/v1/config/export/backup-schedules';
+};
+
+export type ExportBackupSchedulesErrors = {
+    /**
+     * Invalid request
+     */
+    400: {
+        error: string;
+    };
+    /**
+     * Backup schedule not found
+     */
+    404: {
+        error: string;
+    };
+    /**
+     * Export failed
+     */
+    500: {
+        error: string;
+    };
+};
+
+export type ExportBackupSchedulesError = ExportBackupSchedulesErrors[keyof ExportBackupSchedulesErrors];
+
+export type ExportBackupSchedulesResponses = {
+    /**
+     * Backup schedules configuration export
+     */
+    200: {
+        backupSchedules: Array<unknown>;
+    };
+};
+
+export type ExportBackupSchedulesResponse = ExportBackupSchedulesResponses[keyof ExportBackupSchedulesResponses];
diff --git a/app/client/components/export-dialog.tsx b/app/client/components/export-dialog.tsx
index b7faa489..3d3a208d 100644
--- a/app/client/components/export-dialog.tsx
+++ b/app/client/components/export-dialog.tsx
@@ -1,6 +1,14 @@
+import { useMutation } from "@tanstack/react-query";
 import { Download } from "lucide-react";
 import { useState } from "react";
 import { toast } from "sonner";
+import {
+	exportBackupSchedulesMutation,
+	exportFullConfigMutation,
+	exportNotificationDestinationsMutation,
+	exportRepositoriesMutation,
+	exportVolumesMutation,
+} from "~/client/api-client/@tanstack/react-query.gen";
 import { Button } from "~/client/components/ui/button";
 import { Checkbox } from "~/client/components/ui/checkbox";
 import {
@@ -22,28 +30,8 @@ import {
 	SelectValue,
 } from "~/client/components/ui/select";
 
-async function verifyPassword(password: string): Promise<boolean> {
-	const response = await fetch("/api/v1/auth/verify-password", {
-		method: "POST",
-		headers: { "Content-Type": "application/json" },
-		body: JSON.stringify({ password }),
-	});
-	return response.ok;
-}
-
 export type SecretsMode = "exclude" | "encrypted" | "cleartext";
 
-export type ExportOptions = {
-	includeIds?: boolean;
-	includeTimestamps?: boolean;
-	includeRuntimeState?: boolean;
-	includeRecoveryKey?: boolean;
-	includePasswordHash?: boolean;
-	secretsMode?: SecretsMode;
-	name?: string;
-	id?: string | number;
-};
-
 function downloadAsJson(data: unknown, filename: string): void {
 	const blob = new Blob([JSON.stringify(data, null, 2)], { type: "application/json" });
 	const url = URL.createObjectURL(blob);
@@ -56,89 +44,51 @@ function downloadAsJson(data: unknown, filename: string): void {
 	URL.revokeObjectURL(url);
 }
 
-async function exportFromApi(endpoint: string, filename: string, options: ExportOptions = {}): Promise<void> {
-	const params = new URLSearchParams();
-	if (options.includeIds === false) params.set("includeIds", "false");
-	if (options.includeTimestamps === false) params.set("includeTimestamps", "false");
-	if (options.includeRuntimeState === true) params.set("includeRuntimeState", "true");
-	if (options.includeRecoveryKey === true) params.set("includeRecoveryKey", "true");
-	if (options.includePasswordHash === true) params.set("includePasswordHash", "true");
-	if (options.secretsMode && options.secretsMode !== "exclude") params.set("secretsMode", options.secretsMode);
-	if (options.id !== undefined) params.set("id", String(options.id));
-	if (options.name) params.set("name", options.name);
-
-	const url = params.toString() ? `${endpoint}?${params}` : endpoint;
-	const res = await fetch(url, { credentials: "include" });
-
-	if (!res.ok) {
-		const errorText = await res.text().catch(() => res.statusText);
-		throw new Error(errorText || `HTTP ${res.status}`);
-	}
-
-	const data = await res.json();
-	downloadAsJson(data, filename);
-}
-
 export type ExportEntityType = "volumes" | "repositories" | "notification-destinations" | "backup-schedules" | "full";
 
 type ExportConfig = {
-	endpoint: string;
 	label: string;
 	labelPlural: string;
-	getFilename: (options: ExportOptions) => string;
+	getFilename: (id?: string | number, name?: string) => string;
 };
 
 const exportConfigs: Record<ExportEntityType, ExportConfig> = {
 	volumes: {
-		endpoint: "/api/v1/config/export/volumes",
 		label: "Volume",
 		labelPlural: "Volumes",
-		getFilename: (opts) => {
-			const identifier = opts.id ?? opts.name;
+		getFilename: (id, name) => {
+			const identifier = id ?? name;
 			return identifier ? `volume-${identifier}-config` : "volumes-config";
 		},
 	},
 	repositories: {
-		endpoint: "/api/v1/config/export/repositories",
 		label: "Repository",
 		labelPlural: "Repositories",
-		getFilename: (opts) => {
-			const identifier = opts.id ?? opts.name;
+		getFilename: (id, name) => {
+			const identifier = id ?? name;
 			return identifier ? `repository-${identifier}-config` : "repositories-config";
 		},
 	},
 	"notification-destinations": {
-		endpoint: "/api/v1/config/export/notification-destinations",
 		label: "Notification Destination",
 		labelPlural: "Notification Destinations",
-		getFilename: (opts) => {
-			const identifier = opts.id ?? opts.name;
+		getFilename: (id, name) => {
+			const identifier = id ?? name;
 			return identifier ? `notification-destination-${identifier}-config` : "notification-destinations-config";
 		},
 	},
 	"backup-schedules": {
-		endpoint: "/api/v1/config/export/backup-schedules",
 		label: "Backup Schedule",
 		labelPlural: "Backup Schedules",
-		getFilename: (opts) => (opts.id ? `backup-schedule-${opts.id}-config` : "backup-schedules-config"),
+		getFilename: (id) => (id ? `backup-schedule-${id}-config` : "backup-schedules-config"),
 	},
 	full: {
-		endpoint: "/api/v1/config/export",
 		label: "Full Config",
 		labelPlural: "Full Config",
 		getFilename: () => "zerobyte-full-config",
 	},
 };
 
-export async function exportConfig(
-	entityType: ExportEntityType,
-	options: ExportOptions = {}
-): Promise<void> {
-	const config = exportConfigs[entityType];
-	const filename = config.getFilename(options);
-	await exportFromApi(config.endpoint, filename, options);
-}
-
 type BaseExportDialogProps = {
 	entityType: ExportEntityType;
 	name?: string;
@@ -181,10 +131,7 @@ export function ExportDialog({
 	const [includeRecoveryKey, setIncludeRecoveryKey] = useState(false);
 	const [includePasswordHash, setIncludePasswordHash] = useState(false);
 	const [secretsMode, setSecretsMode] = useState<SecretsMode>("exclude");
-	const [isExporting, setIsExporting] = useState(false);
-	const [showPasswordStep, setShowPasswordStep] = useState(false);
 	const [password, setPassword] = useState("");
-	const [isVerifying, setIsVerifying] = useState(false);
 
 	const config = exportConfigs[entityType];
 	const isSingleItem = !!(name || id);
@@ -192,71 +139,137 @@ export function ExportDialog({
 	// TODO: Volumes will have encrypted secrets (e.g., SMB/NFS credentials) in a future PR
 	const hasSecrets = entityType !== "backup-schedules" && entityType !== "volumes";
 	const entityLabel = isSingleItem ? config.label : config.labelPlural;
-	const requiresPassword = includeRecoveryKey || secretsMode === "cleartext";
-
-	const performExport = async () => {
-		setIsExporting(true);
-		try {
-			await exportConfig(entityType, {
-				includeIds,
-				includeTimestamps,
-				includeRuntimeState,
-				includeRecoveryKey: isFullExport ? includeRecoveryKey : undefined,
-				includePasswordHash: isFullExport ? includePasswordHash : undefined,
-				secretsMode: hasSecrets ? secretsMode : undefined,
-				name,
-				id,
-			});
-			toast.success(`${entityLabel} exported successfully`);
-			setOpen(false);
-			setShowPasswordStep(false);
-			setPassword("");
-		} catch (err) {
-			toast.error("Export failed", {
-				description: err instanceof Error ? err.message : String(err),
-			});
-		} finally {
-			setIsExporting(false);
-		}
+	const filename = config.getFilename(id, name);
+
+	const handleExportSuccess = (data: unknown) => {
+		downloadAsJson(data, filename);
+		toast.success(`${entityLabel} exported successfully`);
+		setOpen(false);
+		setPassword("");
+	};
+
+	const handleExportError = (error: unknown) => {
+		const message = error && typeof error === "object" && "error" in error
+			? (error as { error: string }).error
+			: "Unknown error";
+		toast.error("Export failed", {
+			description: message,
+		});
 	};
 
-	const handleExport = () => {
-		if (requiresPassword) {
-			setShowPasswordStep(true);
-		} else {
-			performExport();
+	const fullExport = useMutation({
+		...exportFullConfigMutation(),
+		onSuccess: handleExportSuccess,
+		onError: handleExportError,
+	});
+
+	const volumesExport = useMutation({
+		...exportVolumesMutation(),
+		onSuccess: handleExportSuccess,
+		onError: handleExportError,
+	});
+
+	const repositoriesExport = useMutation({
+		...exportRepositoriesMutation(),
+		onSuccess: handleExportSuccess,
+		onError: handleExportError,
+	});
+
+	const notificationsExport = useMutation({
+		...exportNotificationDestinationsMutation(),
+		onSuccess: handleExportSuccess,
+		onError: handleExportError,
+	});
+
+	const backupSchedulesExport = useMutation({
+		...exportBackupSchedulesMutation(),
+		onSuccess: handleExportSuccess,
+		onError: handleExportError,
+	});
+
+	const getMutation = () => {
+		switch (entityType) {
+			case "full":
+				return fullExport;
+			case "volumes":
+				return volumesExport;
+			case "repositories":
+				return repositoriesExport;
+			case "notification-destinations":
+				return notificationsExport;
+			case "backup-schedules":
+				return backupSchedulesExport;
 		}
 	};
 
-	const handlePasswordSubmit = async (e: React.FormEvent) => {
+	const exportMutation = getMutation();
+
+	const handleExport = (e: React.FormEvent) => {
 		e.preventDefault();
 		if (!password) {
 			toast.error("Password is required");
 			return;
 		}
 
-		setIsVerifying(true);
-		try {
-			const isValid = await verifyPassword(password);
-			if (!isValid) {
-				toast.error("Incorrect password");
-				return;
-			}
-			// Password verified, proceed with export
-			await performExport();
-		} catch (err) {
-			toast.error("Verification failed", {
-				description: err instanceof Error ? err.message : "Unable to verify password. Please check your connection and try again.",
-			});
-		} finally {
-			setIsVerifying(false);
+		const baseBody = {
+			password,
+			includeIds,
+			includeTimestamps,
+			includeRuntimeState,
+			secretsMode: hasSecrets ? secretsMode : undefined,
+		};
+
+		switch (entityType) {
+			case "full":
+				fullExport.mutate({
+					body: {
+						...baseBody,
+						includeRecoveryKey,
+						includePasswordHash,
+					},
+				});
+				break;
+			case "volumes":
+				volumesExport.mutate({
+					body: {
+						...baseBody,
+						id: id as number | string | undefined,
+						name,
+					},
+				});
+				break;
+			case "repositories":
+				repositoriesExport.mutate({
+					body: {
+						...baseBody,
+						id: id as number | string | undefined,
+						name,
+					},
+				});
+				break;
+			case "notification-destinations":
+				notificationsExport.mutate({
+					body: {
+						...baseBody,
+						id: id as number | string | undefined,
+						name,
+					},
+				});
+				break;
+			case "backup-schedules":
+				backupSchedulesExport.mutate({
+					body: {
+						...baseBody,
+						id: typeof id === "number" ? id : undefined,
+					},
+				});
+				break;
 		}
 	};
 
 	const handleDialogChange = (isOpen: boolean) => {
 		setOpen(isOpen);
 		if (!isOpen) {
-			setShowPasswordStep(false);
 			setPassword("");
 		}
 	};
@@ -283,172 +296,146 @@ export function ExportDialog({
 		<Dialog open={open} onOpenChange={handleDialogChange}>
 			<DialogTrigger asChild>{trigger ?? defaultTrigger}</DialogTrigger>
 			<DialogContent>
-				{showPasswordStep ? (
-					<form onSubmit={handlePasswordSubmit}>
-						<DialogHeader>
-							<DialogTitle>Confirm Export</DialogTitle>
-							<DialogDescription>
-								For security reasons, please enter your password to export sensitive information
-							</DialogDescription>
-						</DialogHeader>
-						<div className="space-y-4 py-4">
-							<div className="space-y-2">
-								<Label htmlFor="export-password">Your Password</Label>
-								<Input
-									id="export-password"
-									type="password"
-									value={password}
-									onChange={(e) => setPassword(e.target.value)}
-									placeholder="Enter your password"
-									required
-									autoFocus
-								/>
-							</div>
+				<form onSubmit={handleExport}>
+					<DialogHeader>
+						<DialogTitle>Export {entityLabel}</DialogTitle>
+						<DialogDescription>
+							{isFullExport
+								? "Export the complete Zerobyte configuration including all volumes, repositories, backup schedules, and notifications."
+								: isSingleItem
+									? `Export the configuration for this ${config.label.toLowerCase()}.`
+									: `Export all ${config.labelPlural.toLowerCase()} configurations.`}
+						</DialogDescription>
+					</DialogHeader>
+
+					<div className="space-y-4 py-4">
+						<div className="flex items-center space-x-3">
+							<Checkbox
+								id="includeIds"
+								checked={includeIds}
+								onCheckedChange={(checked) => setIncludeIds(checked === true)}
+							/>
+							<Label htmlFor="includeIds" className="cursor-pointer">
+								Include database IDs
+							</Label>
 						</div>
-						<DialogFooter>
-							<Button
-								type="button"
-								variant="outline"
-								onClick={() => {
-									setShowPasswordStep(false);
-									setPassword("");
-								}}
-							>
-								Back
-							</Button>
-							<Button type="submit" loading={isVerifying || isExporting}>
-								<Download className="h-4 w-4 mr-2" />
-								Export
-							</Button>
-						</DialogFooter>
-					</form>
-				) : (
-					<>
-						<DialogHeader>
-							<DialogTitle>Export {entityLabel}</DialogTitle>
-							<DialogDescription>
-								{isFullExport
-									? "Export the complete Zerobyte configuration including all volumes, repositories, backup schedules, and notifications."
-									: isSingleItem
-										? `Export the configuration for this ${config.label.toLowerCase()}.`
-										: `Export all ${config.labelPlural.toLowerCase()} configurations.`}
-							</DialogDescription>
-						</DialogHeader>
-
-						<div className="space-y-4 py-4">
-							<div className="flex items-center space-x-3">
-								<Checkbox
-									id="includeIds"
-									checked={includeIds}
-									onCheckedChange={(checked) => setIncludeIds(checked === true)}
-								/>
-								<Label htmlFor="includeIds" className="cursor-pointer">
-									Include database IDs
-								</Label>
-							</div>
-							<p className="text-xs text-muted-foreground ml-7">
-								Include internal database identifiers in the export. Useful for debugging or when IDs are needed for reference.
-							</p>
-
-							<div className="flex items-center space-x-3">
-								<Checkbox
-									id="includeTimestamps"
-									checked={includeTimestamps}
-									onCheckedChange={(checked) => setIncludeTimestamps(checked === true)}
-								/>
-								<Label htmlFor="includeTimestamps" className="cursor-pointer">
-									Include timestamps
-								</Label>
-							</div>
-							<p className="text-xs text-muted-foreground ml-7">
-								Include createdAt and updatedAt timestamps. Disable for cleaner exports when timestamps aren't needed.
-							</p>
-
-							<div className="flex items-center space-x-3">
-								<Checkbox
-									id="includeRuntimeState"
-									checked={includeRuntimeState}
-									onCheckedChange={(checked) => setIncludeRuntimeState(checked === true)}
-								/>
-								<Label htmlFor="includeRuntimeState" className="cursor-pointer">
-									Include runtime state
-								</Label>
-							</div>
-							<p className="text-xs text-muted-foreground ml-7">
-								Include current status, health checks, and last backup information. Usually not needed for migration.
+						<p className="text-xs text-muted-foreground ml-7">
+							Include internal database identifiers in the export. Useful for debugging or when IDs are needed for reference.
+						</p>
+
+						<div className="flex items-center space-x-3">
+							<Checkbox
+								id="includeTimestamps"
+								checked={includeTimestamps}
+								onCheckedChange={(checked) => setIncludeTimestamps(checked === true)}
+							/>
+							<Label htmlFor="includeTimestamps" className="cursor-pointer">
+								Include timestamps
+							</Label>
+						</div>
+						<p className="text-xs text-muted-foreground ml-7">
+							Include createdAt and updatedAt timestamps. Disable for cleaner exports when timestamps aren't needed.
+						</p>
+
+						<div className="flex items-center space-x-3">
+							<Checkbox
+								id="includeRuntimeState"
+								checked={includeRuntimeState}
+								onCheckedChange={(checked) => setIncludeRuntimeState(checked === true)}
+							/>
+							<Label htmlFor="includeRuntimeState" className="cursor-pointer">
+								Include runtime state
+							</Label>
+						</div>
+						<p className="text-xs text-muted-foreground ml-7">
+							Include current status, health checks, and last backup information. Usually not needed for migration.
+						</p>
+
+						{hasSecrets && (
+							<>
+								<div className="flex items-center justify-between pt-2 border-t">
+									<Label className="cursor-pointer">Secrets handling</Label>
+									<Select value={secretsMode} onValueChange={(v) => setSecretsMode(v as SecretsMode)}>
+										<SelectTrigger className="w-40">
+											<SelectValue />
+										</SelectTrigger>
+										<SelectContent>
+											<SelectItem value="exclude">Exclude</SelectItem>
+											<SelectItem value="encrypted">Keep encrypted</SelectItem>
+											<SelectItem value="cleartext">Decrypt</SelectItem>
+										</SelectContent>
+									</Select>
+								</div>
+								<p className="text-xs text-muted-foreground">
+									{secretsMode === "exclude" && "Sensitive fields (passwords, API keys, webhooks) will be removed from the export."}
+									{secretsMode === "encrypted" && "Secrets will be exported in encrypted form. Requires the same recovery key to decrypt on import."}
+									{secretsMode === "cleartext" && (
+										<span className="text-yellow-600">
+											⚠️ Secrets will be decrypted and exported as plaintext. Keep this export secure!
+										</span>
+									)}
+								</p>
+							</>
+						)}
+
+						{isFullExport && (
+							<>
+								<div className="flex items-center space-x-3 pt-2 border-t">
+									<Checkbox
+										id="includeRecoveryKey"
+										checked={includeRecoveryKey}
+										onCheckedChange={(checked) => setIncludeRecoveryKey(checked === true)}
+									/>
+									<Label htmlFor="includeRecoveryKey" className="cursor-pointer">
+										Include recovery key
+									</Label>
+								</div>
+								<p className="text-xs text-muted-foreground ml-7">
+									<span className="text-yellow-600 font-medium">⚠️ Security sensitive:</span> The recovery key is the master encryption key for all repositories. Keep this export secure and never share it.
+								</p>
+
+								<div className="flex items-center space-x-3">
+									<Checkbox
+										id="includePasswordHash"
+										checked={includePasswordHash}
+										onCheckedChange={(checked) => setIncludePasswordHash(checked === true)}
+									/>
+									<Label htmlFor="includePasswordHash" className="cursor-pointer">
+										Include password hash
+									</Label>
+								</div>
+								<p className="text-xs text-muted-foreground ml-7">
+									Include the hashed admin password for seamless migration. The password is already securely hashed (argon2).
+								</p>
+							</>
+						)}
+
+						<div className="space-y-2 pt-2 border-t">
+							<Label htmlFor="export-password">Your Password</Label>
+							<Input
+								id="export-password"
+								type="password"
+								value={password}
+								onChange={(e) => setPassword(e.target.value)}
+								placeholder="Enter your password to export"
+								required
+							/>
+							<p className="text-xs text-muted-foreground">
+								Password is required to verify your identity before exporting configuration.
 							</p>
-
-							{hasSecrets && (
-								<>
-									<div className="flex items-center justify-between pt-2 border-t">
-										<Label className="cursor-pointer">Secrets handling</Label>
-										<Select value={secretsMode} onValueChange={(v) => setSecretsMode(v as SecretsMode)}>
-											<SelectTrigger className="w-40">
-												<SelectValue />
-											</SelectTrigger>
-											<SelectContent>
-												<SelectItem value="exclude">Exclude</SelectItem>
-												<SelectItem value="encrypted">Keep encrypted</SelectItem>
-												<SelectItem value="cleartext">Decrypt</SelectItem>
-											</SelectContent>
-										</Select>
-									</div>
-									<p className="text-xs text-muted-foreground">
-										{secretsMode === "exclude" && "Sensitive fields (passwords, API keys, webhooks) will be removed from the export."}
-										{secretsMode === "encrypted" && "Secrets will be exported in encrypted form. Requires the same recovery key to decrypt on import."}
-										{secretsMode === "cleartext" && (
-											<span className="text-yellow-600">
-												⚠️ Secrets will be decrypted and exported as plaintext. Keep this export secure!
-											</span>
-										)}
-									</p>
-								</>
-							)}
-
-							{isFullExport && (
-								<>
-									<div className="flex items-center space-x-3 pt-2 border-t">
-										<Checkbox
-											id="includeRecoveryKey"
-											checked={includeRecoveryKey}
-											onCheckedChange={(checked) => setIncludeRecoveryKey(checked === true)}
-										/>
-										<Label htmlFor="includeRecoveryKey" className="cursor-pointer">
-											Include recovery key
-										</Label>
-									</div>
-									<p className="text-xs text-muted-foreground ml-7">
-										<span className="text-yellow-600 font-medium">⚠️ Security sensitive:</span> The recovery key is the master encryption key for all repositories. Keep this export secure and never share it.
-									</p>
-
-									<div className="flex items-center space-x-3">
-										<Checkbox
-											id="includePasswordHash"
-											checked={includePasswordHash}
-											onCheckedChange={(checked) => setIncludePasswordHash(checked === true)}
-										/>
-										<Label htmlFor="includePasswordHash" className="cursor-pointer">
-											Include password hash
-										</Label>
-									</div>
-									<p className="text-xs text-muted-foreground ml-7">
-										Include the hashed admin password for seamless migration. The password is already securely hashed (argon2).
-									</p>
-								</>
-							)}
 						</div>
-
-						<DialogFooter>
-							<Button variant="outline" onClick={() => setOpen(false)}>
-								Cancel
-							</Button>
-							<Button onClick={handleExport} loading={isExporting}>
-								<Download className="h-4 w-4 mr-2" />
-								Export
-							</Button>
-						</DialogFooter>
-					</>
-				)}
+					</div>
+
+					<DialogFooter>
+						<Button type="button" variant="outline" onClick={() => setOpen(false)}>
+							Cancel
+						</Button>
+						<Button type="submit" loading={exportMutation.isPending}>
+							<Download className="h-4 w-4 mr-2" />
+							Export
+						</Button>
+					</DialogFooter>
+				</form>
 			</DialogContent>
 		</Dialog>
 	);
diff --git a/app/server/modules/auth/auth.controller.ts b/app/server/modules/auth/auth.controller.ts
index adf9c966..c78d2818 100644
--- a/app/server/modules/auth/auth.controller.ts
+++ b/app/server/modules/auth/auth.controller.ts
@@ -12,15 +12,12 @@ import {
 	logoutDto,
 	registerBodySchema,
 	registerDto,
-	verifyPasswordBodySchema,
-	verifyPasswordDto,
 	type ChangePasswordDto,
 	type GetMeDto,
 	type GetStatusDto,
 	type LoginDto,
 	type LogoutDto,
 	type RegisterDto,
-	type VerifyPasswordDto,
 } from "./auth.dto";
 import { authService } from "./auth.service";
 import { toMessage } from "../../utils/errors";
@@ -141,27 +138,4 @@ export const authController = new Hono()
 		} catch (error) {
 			return c.json<ChangePasswordDto>({ success: false, message: toMessage(error) }, 400);
 		}
-	})
-	.post("/verify-password", verifyPasswordDto, validator("json", verifyPasswordBodySchema), async (c) => {
-		const sessionId = getCookie(c, COOKIE_NAME);
-
-		if (!sessionId) {
-			return c.json<VerifyPasswordDto>({ success: false, message: "Not authenticated" }, 401);
-		}
-
-		const session = await authService.verifySession(sessionId);
-
-		if (!session) {
-			deleteCookie(c, COOKIE_NAME, COOKIE_OPTIONS);
-			return c.json<VerifyPasswordDto>({ success: false, message: "Not authenticated" }, 401);
-		}
-
-		const body = c.req.valid("json");
-		const isValid = await authService.verifyPassword(session.user.id, body.password);
-
-		if (!isValid) {
-			return c.json<VerifyPasswordDto>({ success: false, message: "Incorrect password" }, 401);
-		}
-
-		return c.json<VerifyPasswordDto>({ success: true, message: "Password verified" });
 	});
diff --git a/app/server/modules/auth/auth.dto.ts b/app/server/modules/auth/auth.dto.ts
index 846c204b..f305f9c1 100644
--- a/app/server/modules/auth/auth.dto.ts
+++ b/app/server/modules/auth/auth.dto.ts
@@ -148,34 +148,6 @@ export const changePasswordDto = describeRoute({
 
 export type ChangePasswordDto = typeof changePasswordResponseSchema.infer;
 
-export const verifyPasswordBodySchema = type({
-	password: "string>0",
-});
-
-const verifyPasswordResponseSchema = type({
-	success: "boolean",
-	message: "string",
-});
-
-export const verifyPasswordDto = describeRoute({
-	description: "Verify current user password for re-authentication",
-	operationId: "verifyPassword",
-	tags: ["Auth"],
-	responses: {
-		200: {
-			description: "Password verification result",
-			content: {
-				"application/json": {
-					schema: resolver(verifyPasswordResponseSchema),
-				},
-			},
-		},
-	},
-});
-
-export type VerifyPasswordDto = typeof verifyPasswordResponseSchema.infer;
-
 export type LoginBody = typeof loginBodySchema.infer;
 export type RegisterBody = typeof registerBodySchema.infer;
 export type ChangePasswordBody = typeof changePasswordBodySchema.infer;
-export type VerifyPasswordBody = typeof verifyPasswordBodySchema.infer;
diff --git a/app/server/modules/lifecycle/config-export.controller.ts b/app/server/modules/lifecycle/config-export.controller.ts
index cd8e8c95..774b9206 100644
--- a/app/server/modules/lifecycle/config-export.controller.ts
+++ b/app/server/modules/lifecycle/config-export.controller.ts
@@ -1,24 +1,44 @@
+import { validator } from "hono-openapi";
+
 import { Hono } from "hono";
 import type { Context } from "hono";
-import { eq } from "drizzle-orm";
+import { deleteCookie, getCookie } from "hono/cookie";
 import {
 	backupSchedulesTable,
-	notificationDestinationsTable,
-	repositoriesTable,
 	backupScheduleNotificationsTable,
 	usersTable,
-	volumesTable,
 } from "../../db/schema";
 import { db } from "../../db/db";
 import { logger } from "../../utils/logger";
 import { RESTIC_PASS_FILE } from "../../core/constants";
 import { cryptoUtils } from "../../utils/crypto";
-
-// ============================================================================
-// Types
-// ============================================================================
-
-type SecretsMode = "exclude" | "encrypted" | "cleartext";
+import { authService } from "../auth/auth.service";
+import { volumeService } from "../volumes/volume.service";
+import { repositoriesService } from "../repositories/repositories.service";
+import { notificationsService } from "../notifications/notifications.service";
+import { backupsService } from "../backups/backups.service";
+import {
+	fullExportBodySchema,
+	entityExportBodySchema,
+	backupScheduleExportBodySchema,
+	fullExportDto,
+	volumesExportDto,
+	repositoriesExportDto,
+	notificationsExportDto,
+	backupSchedulesExportDto,
+	type SecretsMode,
+	type FullExportBody,
+	type EntityExportBody,
+	type BackupScheduleExportBody,
+} from "./config-export.dto";
+
+const COOKIE_NAME = "session_id";
+const COOKIE_OPTIONS = {
+	httpOnly: true,
+	secure: false,
+	sameSite: "lax" as const,
+	path: "/",
+};
 
 type ExportParams = {
 	includeIds: boolean;
@@ -27,14 +47,6 @@ type ExportParams = {
 	excludeKeys: string[];
 };
 
-type FilterOptions = { id?: string; name?: string };
-
-type FetchResult<T> = { data: T[] } | { error: string; status: 400 | 404 };
-
-// ============================================================================
-// Helper Functions
-// ============================================================================
-
 function omitKeys<T extends Record<string, unknown>>(obj: T, keys: string[]): Partial<T> {
 	const result = { ...obj };
 	for (const key of keys) {
@@ -66,25 +78,46 @@ function getExcludeKeys(includeIds: boolean, includeTimestamps: boolean, include
 	];
 }
 
-/** Parse common export query parameters from request */
-function parseExportParams(c: Context): ExportParams {
-	const includeIds = c.req.query("includeIds") !== "false";
-	const includeTimestamps = c.req.query("includeTimestamps") !== "false";
-	const includeRuntimeState = c.req.query("includeRuntimeState") === "true";
-	const secretsModeRaw = c.req.query("secretsMode");
-	const allowedSecretsModes: SecretsMode[] = ["exclude", "encrypted", "cleartext"];
-	const secretsMode: SecretsMode = secretsModeRaw
-		? (allowedSecretsModes.includes(secretsModeRaw as SecretsMode)
-			? (secretsModeRaw as SecretsMode)
-			: (() => { throw new Error("Invalid secretsMode parameter"); })())
-		: "exclude";
+/** Parse export params from request body */
+function parseExportParamsFromBody(body: {
+	includeIds?: boolean;
+	includeTimestamps?: boolean;
+	includeRuntimeState?: boolean;
+	secretsMode?: SecretsMode;
+}): ExportParams {
+	const includeIds = body.includeIds !== false;
+	const includeTimestamps = body.includeTimestamps !== false;
+	const includeRuntimeState = body.includeRuntimeState === true;
+	const secretsMode: SecretsMode = body.secretsMode ?? "exclude";
 	const excludeKeys = getExcludeKeys(includeIds, includeTimestamps, includeRuntimeState);
 	return { includeIds, includeTimestamps, secretsMode, excludeKeys };
 }
 
-/** Get filter options from request query params */
-function getFilterOptions(c: Context): FilterOptions {
-	return { id: c.req.query("id"), name: c.req.query("name") };
+/**
+ * Verify password for export operation.
+ * All exports require password verification for security.
+ */
+async function verifyExportPassword(
+	c: Context,
+	password: string
+): Promise<{ valid: true; userId: number } | { valid: false; error: string }> {
+	const sessionId = getCookie(c, COOKIE_NAME);
+	if (!sessionId) {
+		return { valid: false, error: "Not authenticated" };
+	}
+
+	const session = await authService.verifySession(sessionId);
+	if (!session) {
+		deleteCookie(c, COOKIE_NAME, COOKIE_OPTIONS);
+		return { valid: false, error: "Session expired" };
+	}
+
+	const isValid = await authService.verifyPassword(session.user.id, password);
+	if (!isValid) {
+		return { valid: false, error: "Incorrect password" };
+	}
+
+	return { valid: true, userId: session.user.id };
 }
 
 /**
@@ -146,72 +179,6 @@ async function exportEntities<T extends Record<string, unknown>>(
 	return Promise.all(entities.map((e) => exportEntity(e as Record<string, unknown>, params)));
 }
 
-// ============================================================================
-// Data Fetchers with Filtering
-// ============================================================================
-
-async function fetchVolumes(filter: FilterOptions): Promise<FetchResult<typeof volumesTable.$inferSelect>> {
-	if (filter.id) {
-		const id = Number.parseInt(filter.id, 10);
-		if (Number.isNaN(id)) return { error: "Invalid volume ID", status: 400 };
-		const result = await db.select().from(volumesTable).where(eq(volumesTable.id, id));
-		if (result.length === 0) return { error: `Volume with ID '${filter.id}' not found`, status: 404 };
-		return { data: result };
-	}
-	if (filter.name) {
-		const result = await db.select().from(volumesTable).where(eq(volumesTable.name, filter.name));
-		if (result.length === 0) return { error: `Volume '${filter.name}' not found`, status: 404 };
-		return { data: result };
-	}
-	return { data: await db.select().from(volumesTable) };
-}
-
-async function fetchRepositories(filter: FilterOptions): Promise<FetchResult<typeof repositoriesTable.$inferSelect>> {
-	if (filter.id) {
-		// Validate UUID format
-		const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
-		if (!uuidRegex.test(filter.id)) {
-			return { error: "Invalid repository ID format (expected UUID)", status: 400 };
-		}
-		const result = await db.select().from(repositoriesTable).where(eq(repositoriesTable.id, filter.id));
-		if (result.length === 0) return { error: `Repository with ID '${filter.id}' not found`, status: 404 };
-		return { data: result };
-	}
-	if (filter.name) {
-		const result = await db.select().from(repositoriesTable).where(eq(repositoriesTable.name, filter.name));
-		if (result.length === 0) return { error: `Repository '${filter.name}' not found`, status: 404 };
-		return { data: result };
-	}
-	return { data: await db.select().from(repositoriesTable) };
-}
-
-async function fetchNotifications(filter: FilterOptions): Promise<FetchResult<typeof notificationDestinationsTable.$inferSelect>> {
-	if (filter.id) {
-		const id = Number.parseInt(filter.id, 10);
-		if (Number.isNaN(id)) return { error: "Invalid notification destination ID", status: 400 };
-		const result = await db.select().from(notificationDestinationsTable).where(eq(notificationDestinationsTable.id, id));
-		if (result.length === 0) return { error: `Notification destination with ID '${filter.id}' not found`, status: 404 };
-		return { data: result };
-	}
-	if (filter.name) {
-		const result = await db.select().from(notificationDestinationsTable).where(eq(notificationDestinationsTable.name, filter.name));
-		if (result.length === 0) return { error: `Notification destination '${filter.name}' not found`, status: 404 };
-		return { data: result };
-	}
-	return { data: await db.select().from(notificationDestinationsTable) };
-}
-
-async function fetchBackupSchedules(filter: { id?: string }): Promise<FetchResult<typeof backupSchedulesTable.$inferSelect>> {
-	if (filter.id) {
-		const id = Number.parseInt(filter.id, 10);
-		if (Number.isNaN(id)) return { error: "Invalid backup schedule ID", status: 400 };
-		const result = await db.select().from(backupSchedulesTable).where(eq(backupSchedulesTable.id, id));
-		if (result.length === 0) return { error: `Backup schedule with ID '${filter.id}' not found`, status: 404 };
-		return { data: result };
-	}
-	return { data: await db.select().from(backupSchedulesTable) };
-}
-
 /** Transform backup schedules with resolved names and notifications */
 function transformBackupSchedules(
 	schedules: typeof backupSchedulesTable.$inferSelect[],
@@ -241,34 +208,27 @@ function transformBackupSchedules(
 	});
 }
 
-// ============================================================================
-// Controller
-// ============================================================================
-
-/**
- * Config Export API
- * 
- * Query parameters:
- * - includeIds: "true" | "false" (default: "true") - Include database IDs
- * - includeTimestamps: "true" | "false" (default: "true") - Include createdAt/updatedAt
- * - includeRecoveryKey: "true" | "false" (default: "false") - Include recovery key (full export only)
- * - includePasswordHash: "true" | "false" (default: "false") - Include admin password hash (full export only)
- * - secretsMode: "exclude" | "encrypted" | "cleartext" (default: "exclude") - How to handle secrets
- * - id: string (optional) - Filter by ID
- * - name: string (optional) - Filter by name (not for backups)
- */
 export const configExportController = new Hono()
-	.get("/export", async (c) => {
+	.post("/export", fullExportDto, validator("json", fullExportBodySchema), async (c) => {
 		try {
-			const params = parseExportParams(c);
-			const includeRecoveryKey = c.req.query("includeRecoveryKey") === "true";
-			const includePasswordHash = c.req.query("includePasswordHash") === "true";
+			const body = c.req.valid("json") as FullExportBody;
 
+			// Verify password - required for all exports
+			const verification = await verifyExportPassword(c, body.password);
+			if (!verification.valid) {
+				return c.json({ error: verification.error }, 401);
+			}
+
+			const params = parseExportParamsFromBody(body);
+			const includeRecoveryKey = body.includeRecoveryKey === true;
+			const includePasswordHash = body.includePasswordHash === true;
+
+			// Use services to fetch data
 			const [volumes, repositories, backupSchedulesRaw, notifications, scheduleNotifications, [admin]] = await Promise.all([
-				db.select().from(volumesTable),
-				db.select().from(repositoriesTable),
-				db.select().from(backupSchedulesTable),
-				db.select().from(notificationDestinationsTable),
+				volumeService.listVolumes(),
+				repositoriesService.listRepositories(),
+				backupsService.listSchedules(),
+				notificationsService.listDestinations(),
 				db.select().from(backupScheduleNotificationsTable),
 				db.select().from(usersTable).limit(1),
 			]);
@@ -281,9 +241,6 @@ export const configExportController = new Hono()
 				backupSchedulesRaw, scheduleNotifications, volumeMap, repoMap, notificationMap, params
 			);
 
-			// WARNING: As of now, volume exports may include sensitive data (e.g., SMB/NFS credentials) in cleartext.
-			// This is a known security limitation. Handle exported configuration files with care.
-			// Future PRs will implement encryption for these secrets.
 			const [exportVolumes, exportRepositories, exportNotifications] = await Promise.all([
 				exportEntities(volumes, params),
 				exportEntities(repositories, params),
@@ -318,60 +275,169 @@ export const configExportController = new Hono()
 			return c.json({ error: err instanceof Error ? err.message : "Failed to export config" }, 500);
 		}
 	})
-	.get("/export/volumes", async (c) => {
+	.post("/export/volumes", volumesExportDto, validator("json", entityExportBodySchema), async (c) => {
 		try {
-			const params = parseExportParams(c);
-			const result = await fetchVolumes(getFilterOptions(c));
-			if ("error" in result) return c.json({ error: result.error }, result.status);
-			// TODO: Volumes will have encrypted secrets (e.g., SMB/NFS credentials) in a future PR
-			return c.json({ volumes: await exportEntities(result.data, params) });
+			const body = c.req.valid("json") as EntityExportBody;
+
+			// Verify password - required for all exports
+			const verification = await verifyExportPassword(c, body.password);
+			if (!verification.valid) {
+				return c.json({ error: verification.error }, 401);
+			}
+
+			const params = parseExportParamsFromBody(body);
+
+			let volumes;
+			// Prefer name over id since volumeService.getVolume expects name (slug)
+			if (body.name) {
+				try {
+					const result = await volumeService.getVolume(body.name);
+					volumes = [result.volume];
+				} catch {
+					return c.json({ error: `Volume '${body.name}' not found` }, 404);
+				}
+			} else if (body.id !== undefined) {
+				// If only ID provided, find volume by numeric ID from list
+				const id = typeof body.id === "string" ? Number.parseInt(body.id, 10) : body.id;
+				if (Number.isNaN(id)) {
+					return c.json({ error: "Invalid volume ID" }, 400);
+				}
+				const allVolumes = await volumeService.listVolumes();
+				const volume = allVolumes.find((v) => v.id === id);
+				if (!volume) {
+					return c.json({ error: `Volume with ID '${body.id}' not found` }, 404);
+				}
+				volumes = [volume];
+			} else {
+				volumes = await volumeService.listVolumes();
+			}
+
+			return c.json({ volumes: await exportEntities(volumes, params) });
 		} catch (err) {
 			logger.error(`Volumes export failed: ${err instanceof Error ? err.message : String(err)}`);
 			return c.json({ error: `Failed to export volumes: ${err instanceof Error ? err.message : String(err)}` }, 500);
 		}
 	})
-	.get("/export/repositories", async (c) => {
+	.post("/export/repositories", repositoriesExportDto, validator("json", entityExportBodySchema), async (c) => {
 		try {
-			const params = parseExportParams(c);
-			const result = await fetchRepositories(getFilterOptions(c));
-			if ("error" in result) return c.json({ error: result.error }, result.status);
-			return c.json({ repositories: await exportEntities(result.data, params) });
+			const body = c.req.valid("json") as EntityExportBody;
+
+			// Verify password - required for all exports
+			const verification = await verifyExportPassword(c, body.password);
+			if (!verification.valid) {
+				return c.json({ error: verification.error }, 401);
+			}
+
+			const params = parseExportParamsFromBody(body);
+
+			let repositories;
+			// Prefer name over id since repositoriesService.getRepository expects name (slug)
+			if (body.name) {
+				try {
+					const result = await repositoriesService.getRepository(body.name);
+					repositories = [result.repository];
+				} catch {
+					return c.json({ error: `Repository '${body.name}' not found` }, 404);
+				}
+			} else if (body.id !== undefined) {
+				// If only ID provided, find repository by ID from list
+				// Repository IDs are strings (UUIDs), not numeric
+				const allRepositories = await repositoriesService.listRepositories();
+				const repository = allRepositories.find((r) => r.id === String(body.id));
+				if (!repository) {
+					return c.json({ error: `Repository with ID '${body.id}' not found` }, 404);
+				}
+				repositories = [repository];
+			} else {
+				repositories = await repositoriesService.listRepositories();
+			}
+
+			return c.json({ repositories: await exportEntities(repositories, params) });
 		} catch (err) {
 			logger.error(`Repositories export failed: ${err instanceof Error ? err.message : String(err)}`);
 			return c.json({ error: `Failed to export repositories: ${err instanceof Error ? err.message : String(err)}` }, 500);
 		}
 	})
-	.get("/export/notification-destinations", async (c) => {
+	.post("/export/notification-destinations", notificationsExportDto, validator("json", entityExportBodySchema), async (c) => {
 		try {
-			const params = parseExportParams(c);
-			const result = await fetchNotifications(getFilterOptions(c));
-			if ("error" in result) return c.json({ error: result.error }, result.status);
-			return c.json({ notificationDestinations: await exportEntities(result.data, params) });
+			const body = c.req.valid("json") as EntityExportBody;
+
+			// Verify password - required for all exports
+			const verification = await verifyExportPassword(c, body.password);
+			if (!verification.valid) {
+				return c.json({ error: verification.error }, 401);
+			}
+
+			const params = parseExportParamsFromBody(body);
+
+			let notifications;
+			if (body.id !== undefined) {
+				const id = typeof body.id === "string" ? Number.parseInt(body.id, 10) : body.id;
+				if (Number.isNaN(id)) {
+					return c.json({ error: "Invalid notification destination ID" }, 400);
+				}
+				try {
+					const destination = await notificationsService.getDestination(id);
+					notifications = [destination];
+				} catch {
+					return c.json({ error: `Notification destination with ID '${body.id}' not found` }, 404);
+				}
+			} else if (body.name) {
+				// notificationsService doesn't have getByName, so we list and filter
+				const allDestinations = await notificationsService.listDestinations();
+				const destination = allDestinations.find((d) => d.name === body.name);
+				if (!destination) {
+					return c.json({ error: `Notification destination '${body.name}' not found` }, 404);
+				}
+				notifications = [destination];
+			} else {
+				notifications = await notificationsService.listDestinations();
+			}
+
+			return c.json({ notificationDestinations: await exportEntities(notifications, params) });
 		} catch (err) {
 			logger.error(`Notification destinations export failed: ${err instanceof Error ? err.message : String(err)}`);
 			return c.json({ error: `Failed to export notification destinations: ${err instanceof Error ? err.message : String(err)}` }, 500);
 		}
 	})
-	.get("/export/backup-schedules", async (c) => {
+	.post("/export/backup-schedules", backupSchedulesExportDto, validator("json", backupScheduleExportBodySchema), async (c) => {
 		try {
-			const params = parseExportParams(c);
+			const body = c.req.valid("json") as BackupScheduleExportBody;
+
+			// Verify password - required for all exports
+			const verification = await verifyExportPassword(c, body.password);
+			if (!verification.valid) {
+				return c.json({ error: verification.error }, 401);
+			}
+
+			const params = parseExportParamsFromBody(body);
 
+			// Get all related data for name resolution
 			const [volumes, repositories, notifications, scheduleNotifications] = await Promise.all([
-				db.select().from(volumesTable),
-				db.select().from(repositoriesTable),
-				db.select().from(notificationDestinationsTable),
+				volumeService.listVolumes(),
+				repositoriesService.listRepositories(),
+				notificationsService.listDestinations(),
 				db.select().from(backupScheduleNotificationsTable),
 			]);
 
-			const result = await fetchBackupSchedules({ id: c.req.query("id") });
-			if ("error" in result) return c.json({ error: result.error }, result.status);
+			let schedules;
+			if (body.id !== undefined) {
+				try {
+					const schedule = await backupsService.getSchedule(body.id);
+					schedules = [schedule];
+				} catch {
+					return c.json({ error: `Backup schedule with ID '${body.id}' not found` }, 404);
+				}
+			} else {
+				schedules = await backupsService.listSchedules();
+			}
 
 			const volumeMap = new Map<number, string>(volumes.map((v) => [v.id, v.name]));
 			const repoMap = new Map<string, string>(repositories.map((r) => [r.id, r.name]));
 			const notificationMap = new Map<number, string>(notifications.map((n) => [n.id, n.name]));
 
 			const backupSchedules = transformBackupSchedules(
-				result.data, scheduleNotifications, volumeMap, repoMap, notificationMap, params
+				schedules, scheduleNotifications, volumeMap, repoMap, notificationMap, params
 			);
 
 			return c.json({ backupSchedules });
diff --git a/app/server/modules/lifecycle/config-export.dto.ts b/app/server/modules/lifecycle/config-export.dto.ts
new file mode 100644
index 00000000..f0e66859
--- /dev/null
+++ b/app/server/modules/lifecycle/config-export.dto.ts
@@ -0,0 +1,289 @@
+import { type } from "arktype";
+import { describeRoute, resolver } from "hono-openapi";
+
+const secretsModeSchema = type("'exclude' | 'encrypted' | 'cleartext'");
+
+const baseExportBodySchema = type({
+	/** Include database IDs in export (default: true) */
+	"includeIds?": "boolean",
+	/** Include createdAt/updatedAt timestamps (default: true) */
+	"includeTimestamps?": "boolean",
+	/** Include runtime state like status, health checks (default: false) */
+	"includeRuntimeState?": "boolean",
+	/** How to handle secrets: exclude, encrypted, or cleartext (default: exclude) */
+	"secretsMode?": secretsModeSchema,
+	/** Password required for authentication */
+	password: "string",
+});
+
+export const fullExportBodySchema = baseExportBodySchema.and(
+	type({
+		/** Include the recovery key (requires password) */
+		"includeRecoveryKey?": "boolean",
+		/** Include the admin password hash */
+		"includePasswordHash?": "boolean",
+	})
+);
+
+export const entityExportBodySchema = baseExportBodySchema.and(
+	type({
+		/** Filter by ID */
+		"id?": "string | number",
+		/** Filter by name */
+		"name?": "string",
+	})
+);
+
+export const backupScheduleExportBodySchema = baseExportBodySchema.and(
+	type({
+		/** Filter by ID */
+		"id?": "number",
+	})
+);
+
+export type FullExportBody = typeof fullExportBodySchema.infer;
+export type EntityExportBody = typeof entityExportBodySchema.infer;
+export type BackupScheduleExportBody = typeof backupScheduleExportBodySchema.infer;
+export type SecretsMode = typeof secretsModeSchema.infer;
+
+const exportResponseSchema = type({
+	"version?": "number",
+	"exportedAt?": "string",
+	"volumes?": "unknown[]",
+	"repositories?": "unknown[]",
+	"backupSchedules?": "unknown[]",
+	"notificationDestinations?": "unknown[]",
+	"admin?": type({
+		username: "string",
+		"passwordHash?": "string",
+		"recoveryKey?": "string",
+	}).or("null"),
+});
+
+const volumesExportResponseSchema = type({
+	volumes: "unknown[]",
+});
+
+const repositoriesExportResponseSchema = type({
+	repositories: "unknown[]",
+});
+
+const notificationsExportResponseSchema = type({
+	notificationDestinations: "unknown[]",
+});
+
+const backupSchedulesExportResponseSchema = type({
+	backupSchedules: "unknown[]",
+});
+
+const errorResponseSchema = type({
+	error: "string",
+});
+
+export const fullExportDto = describeRoute({
+	description: "Export full configuration including all volumes, repositories, backup schedules, and notifications",
+	operationId: "exportFullConfig",
+	tags: ["Config Export"],
+	responses: {
+		200: {
+			description: "Full configuration export",
+			content: {
+				"application/json": {
+					schema: resolver(exportResponseSchema),
+				},
+			},
+		},
+		401: {
+			description: "Password required for sensitive export options",
+			content: {
+				"application/json": {
+					schema: resolver(errorResponseSchema),
+				},
+			},
+		},
+		500: {
+			description: "Export failed",
+			content: {
+				"application/json": {
+					schema: resolver(errorResponseSchema),
+				},
+			},
+		},
+	},
+});
+
+export const volumesExportDto = describeRoute({
+	description: "Export volumes configuration",
+	operationId: "exportVolumes",
+	tags: ["Config Export"],
+	responses: {
+		200: {
+			description: "Volumes configuration export",
+			content: {
+				"application/json": {
+					schema: resolver(volumesExportResponseSchema),
+				},
+			},
+		},
+		400: {
+			description: "Invalid request",
+			content: {
+				"application/json": {
+					schema: resolver(errorResponseSchema),
+				},
+			},
+		},
+		404: {
+			description: "Volume not found",
+			content: {
+				"application/json": {
+					schema: resolver(errorResponseSchema),
+				},
+			},
+		},
+		500: {
+			description: "Export failed",
+			content: {
+				"application/json": {
+					schema: resolver(errorResponseSchema),
+				},
+			},
+		},
+	},
+});
+
+export const repositoriesExportDto = describeRoute({
+	description: "Export repositories configuration",
+	operationId: "exportRepositories",
+	tags: ["Config Export"],
+	responses: {
+		200: {
+			description: "Repositories configuration export",
+			content: {
+				"application/json": {
+					schema: resolver(repositoriesExportResponseSchema),
+				},
+			},
+		},
+		400: {
+			description: "Invalid request",
+			content: {
+				"application/json": {
+					schema: resolver(errorResponseSchema),
+				},
+			},
+		},
+		401: {
+			description: "Password required for sensitive export options",
+			content: {
+				"application/json": {
+					schema: resolver(errorResponseSchema),
+				},
+			},
+		},
+		404: {
+			description: "Repository not found",
+			content: {
+				"application/json": {
+					schema: resolver(errorResponseSchema),
+				},
+			},
+		},
+		500: {
+			description: "Export failed",
+			content: {
+				"application/json": {
+					schema: resolver(errorResponseSchema),
+				},
+			},
+		},
+	},
+});
+
+export const notificationsExportDto = describeRoute({
+	description: "Export notification destinations configuration",
+	operationId: "exportNotificationDestinations",
+	tags: ["Config Export"],
+	responses: {
+		200: {
+			description: "Notification destinations configuration export",
+			content: {
+				"application/json": {
+					schema: resolver(notificationsExportResponseSchema),
+				},
+			},
+		},
+		400: {
+			description: "Invalid request",
+			content: {
+				"application/json": {
+					schema: resolver(errorResponseSchema),
+				},
+			},
+		},
+		401: {
+			description: "Password required for sensitive export options",
+			content: {
+				"application/json": {
+					schema: resolver(errorResponseSchema),
+				},
+			},
+		},
+		404: {
+			description: "Notification destination not found",
+			content: {
+				"application/json": {
+					schema: resolver(errorResponseSchema),
+				},
+			},
+		},
+		500: {
+			description: "Export failed",
+			content: {
+				"application/json": {
+					schema: resolver(errorResponseSchema),
+				},
+			},
+		},
+	},
+});
+
+export const backupSchedulesExportDto = describeRoute({
+	description: "Export backup schedules configuration",
+	operationId: "exportBackupSchedules",
+	tags: ["Config Export"],
+	responses: {
+		200: {
+			description: "Backup schedules configuration export",
+			content: {
+				"application/json": {
+					schema: resolver(backupSchedulesExportResponseSchema),
+				},
+			},
+		},
+		400: {
+			description: "Invalid request",
+			content: {
+				"application/json": {
+					schema: resolver(errorResponseSchema),
+				},
+			},
+		},
+		404: {
+			description: "Backup schedule not found",
+			content: {
+				"application/json": {
+					schema: resolver(errorResponseSchema),
+				},
+			},
+		},
+		500: {
+			description: "Export failed",
+			content: {
+				"application/json": {
+					schema: resolver(errorResponseSchema),
+				},
+			},
+		},
+	},
+});

From a7e36e98d7e4fe79809a6f2b1c636377f33236aa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= <jakub.travnik@gmail.com>
Date: Wed, 3 Dec 2025 08:33:50 +0100
Subject: [PATCH 32/49] Add 401 error response for password requirement in
 export endpoints

---
 app/client/api-client/types.gen.ts               | 12 ++++++++++++
 .../modules/lifecycle/config-export.dto.ts       | 16 ++++++++++++++++
 2 files changed, 28 insertions(+)

diff --git a/app/client/api-client/types.gen.ts b/app/client/api-client/types.gen.ts
index d025a2fe..33078a5d 100644
--- a/app/client/api-client/types.gen.ts
+++ b/app/client/api-client/types.gen.ts
@@ -2691,6 +2691,12 @@ export type ExportVolumesErrors = {
     400: {
         error: string;
     };
+    /**
+     * Password required for export
+     */
+    401: {
+        error: string;
+    };
     /**
      * Volume not found
      */
@@ -2849,6 +2855,12 @@ export type ExportBackupSchedulesErrors = {
     400: {
         error: string;
     };
+    /**
+     * Password required for export
+     */
+    401: {
+        error: string;
+    };
     /**
      * Backup schedule not found
      */
diff --git a/app/server/modules/lifecycle/config-export.dto.ts b/app/server/modules/lifecycle/config-export.dto.ts
index f0e66859..ce5d53ab 100644
--- a/app/server/modules/lifecycle/config-export.dto.ts
+++ b/app/server/modules/lifecycle/config-export.dto.ts
@@ -133,6 +133,14 @@ export const volumesExportDto = describeRoute({
 				},
 			},
 		},
+		401: {
+			description: "Password required for export",
+			content: {
+				"application/json": {
+					schema: resolver(errorResponseSchema),
+				},
+			},
+		},
 		404: {
 			description: "Volume not found",
 			content: {
@@ -269,6 +277,14 @@ export const backupSchedulesExportDto = describeRoute({
 				},
 			},
 		},
+		401: {
+			description: "Password required for export",
+			content: {
+				"application/json": {
+					schema: resolver(errorResponseSchema),
+				},
+			},
+		},
 		404: {
 			description: "Backup schedule not found",
 			content: {

From 692dd5aa2172a70c50c94f37c864ef399999e944 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= <jakub.travnik@gmail.com>
Date: Wed, 3 Dec 2025 23:50:51 +0100
Subject: [PATCH 33/49] add isEncrypted check to decrypt as a safeguard

---
 app/server/utils/crypto.ts | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/app/server/utils/crypto.ts b/app/server/utils/crypto.ts
index 1ed05d2a..5394cefd 100644
--- a/app/server/utils/crypto.ts
+++ b/app/server/utils/crypto.ts
@@ -17,7 +17,7 @@ const encrypt = async (data: string) => {
 		return data;
 	}
 
-	if (data.startsWith(encryptionPrefix)) {
+	if (isEncrypted(data)) {
 		return data;
 	}
 
@@ -38,6 +38,10 @@ const encrypt = async (data: string) => {
  * Given an encrypted string, decrypts it using the salt stored in the string
  */
 const decrypt = async (encryptedData: string) => {
+	if (!isEncrypted(encryptedData)) {
+		return encryptedData;
+	}
+
 	const secret = await Bun.file(RESTIC_PASS_FILE).text();
 
 	const parts = encryptedData.split(":").slice(1); // Remove prefix

From bf36f9aa56c1ab3fda51bd405c858b2620e06fb9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= <jakub.travnik@gmail.com>
Date: Tue, 16 Dec 2025 11:39:35 +0100
Subject: [PATCH 34/49] reduced the scope of PR to MVP - exportAll only

---
 README.md                                     |  19 +-
 .../api-client/@tanstack/react-query.gen.ts   |  72 +---
 app/client/api-client/sdk.gen.ts              |  58 +--
 app/client/api-client/types.gen.ts            | 223 +-----------
 app/client/components/export-dialog.tsx       | 336 ++++--------------
 .../backups/components/schedule-summary.tsx   |   2 -
 app/client/modules/backups/routes/backups.tsx |   6 -
 .../routes/notification-details.tsx           |   4 +-
 .../notifications/routes/notifications.tsx    |  12 +-
 .../repositories/routes/repositories.tsx      |  12 +-
 .../routes/repository-details.tsx             |   4 +-
 .../modules/settings/routes/settings.tsx      |  18 +-
 .../modules/volumes/routes/volume-details.tsx |   3 -
 app/client/modules/volumes/routes/volumes.tsx |  12 +-
 .../lifecycle/config-export.controller.ts     | 307 +++-------------
 .../modules/lifecycle/config-export.dto.ts    | 249 +------------
 16 files changed, 182 insertions(+), 1155 deletions(-)

diff --git a/README.md b/README.md
index b9732a9c..f9838551 100644
--- a/README.md
+++ b/README.md
@@ -198,26 +198,21 @@ Zerobyte allows you to easily restore your data from backups. To restore data, n
 
 ## Exporting configuration
 
-Zerobyte allows you to export your configuration for backup, migration, or documentation purposes. You can export:
-
-- **Full configuration** - All volumes, repositories, backup schedules, and notification destinations
-- **Individual entities** - Export specific volumes, repositories, notifications, or backup schedules
+Zerobyte allows you to export your configuration for backup, migration, or documentation purposes.
 
 To export, click the "Export" button on any list page or detail page. A dialog will appear with options to:
 
-- **Include database IDs** - Useful for debugging or when you need to reference internal identifiers
-- **Include timestamps** - Include createdAt/updatedAt fields in the export
-- **Include runtime state** - Include current status, health checks, and last backup information (usually not needed for migration)
-- **Secrets handling** (for repositories and notifications):
+- **Include metadata** - Include IDs, timestamps, and runtime state of entities
+- **Secrets handling**:
   - **Exclude** - Remove sensitive fields like passwords and API keys
   - **Keep encrypted** - Export secrets in encrypted form (requires the same recovery key to decrypt on import)
   - **Decrypt** - Export secrets as plaintext (use with caution)
-- **Include recovery key** (full export only) - Include the master encryption key for all repositories
-- **Include password hash** (full export only) - Include the hashed admin password for seamless migration
+- **Include recovery key** - Include the master encryption key for all repositories
+- **Include password hash** - Include the hashed user passwords for seamless migration
 
-All exports require password verification for security. You must enter your password to confirm your identity before any configuration can be exported.
+Export requires password verification for security. You must enter your password to confirm your identity before any configuration can be exported.
 
-Exports are downloaded as JSON files that can be used for reference or future import functionality.
+Export is downloaded as JSON file that can be used for reference or future import functionality.
 
 ## Propagating mounts to host
 
diff --git a/app/client/api-client/@tanstack/react-query.gen.ts b/app/client/api-client/@tanstack/react-query.gen.ts
index 4114ad91..fab5ce72 100644
--- a/app/client/api-client/@tanstack/react-query.gen.ts
+++ b/app/client/api-client/@tanstack/react-query.gen.ts
@@ -3,8 +3,8 @@
 import { type DefaultError, queryOptions, type UseMutationOptions } from '@tanstack/react-query';
 
 import { client } from '../client.gen';
-import { browseFilesystem, changePassword, createBackupSchedule, createNotificationDestination, createRepository, createVolume, deleteBackupSchedule, deleteNotificationDestination, deleteRepository, deleteSnapshot, deleteVolume, doctorRepository, downloadResticPassword, exportBackupSchedules, exportFullConfig, exportNotificationDestinations, exportRepositories, exportVolumes, getBackupSchedule, getBackupScheduleForVolume, getContainersUsingVolume, getMe, getNotificationDestination, getRepository, getScheduleNotifications, getSnapshotDetails, getStatus, getSystemInfo, getVolume, healthCheckVolume, listBackupSchedules, listFiles, listNotificationDestinations, listRcloneRemotes, listRepositories, listSnapshotFiles, listSnapshots, listVolumes, login, logout, mountVolume, type Options, register, restoreSnapshot, runBackupNow, runForget, stopBackup, testConnection, testNotificationDestination, unmountVolume, updateBackupSchedule, updateNotificationDestination, updateRepository, updateScheduleNotifications, updateVolume } from '../sdk.gen';
-import type { BrowseFilesystemData, BrowseFilesystemResponse, ChangePasswordData, ChangePasswordResponse, CreateBackupScheduleData, CreateBackupScheduleResponse, CreateNotificationDestinationData, CreateNotificationDestinationResponse, CreateRepositoryData, CreateRepositoryResponse, CreateVolumeData, CreateVolumeResponse, DeleteBackupScheduleData, DeleteBackupScheduleResponse, DeleteNotificationDestinationData, DeleteNotificationDestinationResponse, DeleteRepositoryData, DeleteRepositoryResponse, DeleteSnapshotData, DeleteSnapshotResponse, DeleteVolumeData, DeleteVolumeResponse, DoctorRepositoryData, DoctorRepositoryResponse, DownloadResticPasswordData, DownloadResticPasswordResponse, ExportBackupSchedulesData, ExportBackupSchedulesError, ExportBackupSchedulesResponse, ExportFullConfigData, ExportFullConfigError, ExportFullConfigResponse, ExportNotificationDestinationsData, ExportNotificationDestinationsError, ExportNotificationDestinationsResponse, ExportRepositoriesData, ExportRepositoriesError, ExportRepositoriesResponse, ExportVolumesData, ExportVolumesError, ExportVolumesResponse, GetBackupScheduleData, GetBackupScheduleForVolumeData, GetBackupScheduleForVolumeResponse, GetBackupScheduleResponse, GetContainersUsingVolumeData, GetContainersUsingVolumeResponse, GetMeData, GetMeResponse, GetNotificationDestinationData, GetNotificationDestinationResponse, GetRepositoryData, GetRepositoryResponse, GetScheduleNotificationsData, GetScheduleNotificationsResponse, GetSnapshotDetailsData, GetSnapshotDetailsResponse, GetStatusData, GetStatusResponse, GetSystemInfoData, GetSystemInfoResponse, GetVolumeData, GetVolumeResponse, HealthCheckVolumeData, HealthCheckVolumeResponse, ListBackupSchedulesData, ListBackupSchedulesResponse, ListFilesData, ListFilesResponse, ListNotificationDestinationsData, ListNotificationDestinationsResponse, ListRcloneRemotesData, ListRcloneRemotesResponse, ListRepositoriesData, ListRepositoriesResponse, ListSnapshotFilesData, ListSnapshotFilesResponse, ListSnapshotsData, ListSnapshotsResponse, ListVolumesData, ListVolumesResponse, LoginData, LoginResponse, LogoutData, LogoutResponse, MountVolumeData, MountVolumeResponse, RegisterData, RegisterResponse, RestoreSnapshotData, RestoreSnapshotResponse, RunBackupNowData, RunBackupNowResponse, RunForgetData, RunForgetResponse, StopBackupData, StopBackupResponse, TestConnectionData, TestConnectionResponse, TestNotificationDestinationData, TestNotificationDestinationResponse, UnmountVolumeData, UnmountVolumeResponse, UpdateBackupScheduleData, UpdateBackupScheduleResponse, UpdateNotificationDestinationData, UpdateNotificationDestinationResponse, UpdateRepositoryData, UpdateRepositoryResponse, UpdateScheduleNotificationsData, UpdateScheduleNotificationsResponse, UpdateVolumeData, UpdateVolumeResponse } from '../types.gen';
+import { browseFilesystem, changePassword, createBackupSchedule, createNotificationDestination, createRepository, createVolume, deleteBackupSchedule, deleteNotificationDestination, deleteRepository, deleteSnapshot, deleteVolume, doctorRepository, downloadResticPassword, exportFullConfig, getBackupSchedule, getBackupScheduleForVolume, getContainersUsingVolume, getMe, getNotificationDestination, getRepository, getScheduleNotifications, getSnapshotDetails, getStatus, getSystemInfo, getVolume, healthCheckVolume, listBackupSchedules, listFiles, listNotificationDestinations, listRcloneRemotes, listRepositories, listSnapshotFiles, listSnapshots, listVolumes, login, logout, mountVolume, type Options, register, restoreSnapshot, runBackupNow, runForget, stopBackup, testConnection, testNotificationDestination, unmountVolume, updateBackupSchedule, updateNotificationDestination, updateRepository, updateScheduleNotifications, updateVolume } from '../sdk.gen';
+import type { BrowseFilesystemData, BrowseFilesystemResponse, ChangePasswordData, ChangePasswordResponse, CreateBackupScheduleData, CreateBackupScheduleResponse, CreateNotificationDestinationData, CreateNotificationDestinationResponse, CreateRepositoryData, CreateRepositoryResponse, CreateVolumeData, CreateVolumeResponse, DeleteBackupScheduleData, DeleteBackupScheduleResponse, DeleteNotificationDestinationData, DeleteNotificationDestinationResponse, DeleteRepositoryData, DeleteRepositoryResponse, DeleteSnapshotData, DeleteSnapshotResponse, DeleteVolumeData, DeleteVolumeResponse, DoctorRepositoryData, DoctorRepositoryResponse, DownloadResticPasswordData, DownloadResticPasswordResponse, ExportFullConfigData, ExportFullConfigError, ExportFullConfigResponse, GetBackupScheduleData, GetBackupScheduleForVolumeData, GetBackupScheduleForVolumeResponse, GetBackupScheduleResponse, GetContainersUsingVolumeData, GetContainersUsingVolumeResponse, GetMeData, GetMeResponse, GetNotificationDestinationData, GetNotificationDestinationResponse, GetRepositoryData, GetRepositoryResponse, GetScheduleNotificationsData, GetScheduleNotificationsResponse, GetSnapshotDetailsData, GetSnapshotDetailsResponse, GetStatusData, GetStatusResponse, GetSystemInfoData, GetSystemInfoResponse, GetVolumeData, GetVolumeResponse, HealthCheckVolumeData, HealthCheckVolumeResponse, ListBackupSchedulesData, ListBackupSchedulesResponse, ListFilesData, ListFilesResponse, ListNotificationDestinationsData, ListNotificationDestinationsResponse, ListRcloneRemotesData, ListRcloneRemotesResponse, ListRepositoriesData, ListRepositoriesResponse, ListSnapshotFilesData, ListSnapshotFilesResponse, ListSnapshotsData, ListSnapshotsResponse, ListVolumesData, ListVolumesResponse, LoginData, LoginResponse, LogoutData, LogoutResponse, MountVolumeData, MountVolumeResponse, RegisterData, RegisterResponse, RestoreSnapshotData, RestoreSnapshotResponse, RunBackupNowData, RunBackupNowResponse, RunForgetData, RunForgetResponse, StopBackupData, StopBackupResponse, TestConnectionData, TestConnectionResponse, TestNotificationDestinationData, TestNotificationDestinationResponse, UnmountVolumeData, UnmountVolumeResponse, UpdateBackupScheduleData, UpdateBackupScheduleResponse, UpdateNotificationDestinationData, UpdateNotificationDestinationResponse, UpdateRepositoryData, UpdateRepositoryResponse, UpdateScheduleNotificationsData, UpdateScheduleNotificationsResponse, UpdateVolumeData, UpdateVolumeResponse } from '../types.gen';
 
 /**
  * Register a new user
@@ -910,71 +910,3 @@ export const exportFullConfigMutation = (options?: Partial<Options<ExportFullCon
     };
     return mutationOptions;
 };
-
-/**
- * Export volumes configuration
- */
-export const exportVolumesMutation = (options?: Partial<Options<ExportVolumesData>>): UseMutationOptions<ExportVolumesResponse, ExportVolumesError, Options<ExportVolumesData>> => {
-    const mutationOptions: UseMutationOptions<ExportVolumesResponse, ExportVolumesError, Options<ExportVolumesData>> = {
-        mutationFn: async (fnOptions) => {
-            const { data } = await exportVolumes({
-                ...options,
-                ...fnOptions,
-                throwOnError: true
-            });
-            return data;
-        }
-    };
-    return mutationOptions;
-};
-
-/**
- * Export repositories configuration
- */
-export const exportRepositoriesMutation = (options?: Partial<Options<ExportRepositoriesData>>): UseMutationOptions<ExportRepositoriesResponse, ExportRepositoriesError, Options<ExportRepositoriesData>> => {
-    const mutationOptions: UseMutationOptions<ExportRepositoriesResponse, ExportRepositoriesError, Options<ExportRepositoriesData>> = {
-        mutationFn: async (fnOptions) => {
-            const { data } = await exportRepositories({
-                ...options,
-                ...fnOptions,
-                throwOnError: true
-            });
-            return data;
-        }
-    };
-    return mutationOptions;
-};
-
-/**
- * Export notification destinations configuration
- */
-export const exportNotificationDestinationsMutation = (options?: Partial<Options<ExportNotificationDestinationsData>>): UseMutationOptions<ExportNotificationDestinationsResponse, ExportNotificationDestinationsError, Options<ExportNotificationDestinationsData>> => {
-    const mutationOptions: UseMutationOptions<ExportNotificationDestinationsResponse, ExportNotificationDestinationsError, Options<ExportNotificationDestinationsData>> = {
-        mutationFn: async (fnOptions) => {
-            const { data } = await exportNotificationDestinations({
-                ...options,
-                ...fnOptions,
-                throwOnError: true
-            });
-            return data;
-        }
-    };
-    return mutationOptions;
-};
-
-/**
- * Export backup schedules configuration
- */
-export const exportBackupSchedulesMutation = (options?: Partial<Options<ExportBackupSchedulesData>>): UseMutationOptions<ExportBackupSchedulesResponse, ExportBackupSchedulesError, Options<ExportBackupSchedulesData>> => {
-    const mutationOptions: UseMutationOptions<ExportBackupSchedulesResponse, ExportBackupSchedulesError, Options<ExportBackupSchedulesData>> = {
-        mutationFn: async (fnOptions) => {
-            const { data } = await exportBackupSchedules({
-                ...options,
-                ...fnOptions,
-                throwOnError: true
-            });
-            return data;
-        }
-    };
-    return mutationOptions;
-};
diff --git a/app/client/api-client/sdk.gen.ts b/app/client/api-client/sdk.gen.ts
index ea0d832f..7778eb87 100644
--- a/app/client/api-client/sdk.gen.ts
+++ b/app/client/api-client/sdk.gen.ts
@@ -2,7 +2,7 @@
 
 import type { Client, Options as Options2, TDataShape } from './client';
 import { client } from './client.gen';
-import type { BrowseFilesystemData, BrowseFilesystemResponses, ChangePasswordData, ChangePasswordResponses, CreateBackupScheduleData, CreateBackupScheduleResponses, CreateNotificationDestinationData, CreateNotificationDestinationResponses, CreateRepositoryData, CreateRepositoryResponses, CreateVolumeData, CreateVolumeResponses, DeleteBackupScheduleData, DeleteBackupScheduleResponses, DeleteNotificationDestinationData, DeleteNotificationDestinationErrors, DeleteNotificationDestinationResponses, DeleteRepositoryData, DeleteRepositoryResponses, DeleteSnapshotData, DeleteSnapshotResponses, DeleteVolumeData, DeleteVolumeResponses, DoctorRepositoryData, DoctorRepositoryResponses, DownloadResticPasswordData, DownloadResticPasswordResponses, ExportBackupSchedulesData, ExportBackupSchedulesErrors, ExportBackupSchedulesResponses, ExportFullConfigData, ExportFullConfigErrors, ExportFullConfigResponses, ExportNotificationDestinationsData, ExportNotificationDestinationsErrors, ExportNotificationDestinationsResponses, ExportRepositoriesData, ExportRepositoriesErrors, ExportRepositoriesResponses, ExportVolumesData, ExportVolumesErrors, ExportVolumesResponses, GetBackupScheduleData, GetBackupScheduleForVolumeData, GetBackupScheduleForVolumeResponses, GetBackupScheduleResponses, GetContainersUsingVolumeData, GetContainersUsingVolumeErrors, GetContainersUsingVolumeResponses, GetMeData, GetMeResponses, GetNotificationDestinationData, GetNotificationDestinationErrors, GetNotificationDestinationResponses, GetRepositoryData, GetRepositoryResponses, GetScheduleNotificationsData, GetScheduleNotificationsResponses, GetSnapshotDetailsData, GetSnapshotDetailsResponses, GetStatusData, GetStatusResponses, GetSystemInfoData, GetSystemInfoResponses, GetVolumeData, GetVolumeErrors, GetVolumeResponses, HealthCheckVolumeData, HealthCheckVolumeErrors, HealthCheckVolumeResponses, ListBackupSchedulesData, ListBackupSchedulesResponses, ListFilesData, ListFilesResponses, ListNotificationDestinationsData, ListNotificationDestinationsResponses, ListRcloneRemotesData, ListRcloneRemotesResponses, ListRepositoriesData, ListRepositoriesResponses, ListSnapshotFilesData, ListSnapshotFilesResponses, ListSnapshotsData, ListSnapshotsResponses, ListVolumesData, ListVolumesResponses, LoginData, LoginResponses, LogoutData, LogoutResponses, MountVolumeData, MountVolumeResponses, RegisterData, RegisterResponses, RestoreSnapshotData, RestoreSnapshotResponses, RunBackupNowData, RunBackupNowResponses, RunForgetData, RunForgetResponses, StopBackupData, StopBackupErrors, StopBackupResponses, TestConnectionData, TestConnectionResponses, TestNotificationDestinationData, TestNotificationDestinationErrors, TestNotificationDestinationResponses, UnmountVolumeData, UnmountVolumeResponses, UpdateBackupScheduleData, UpdateBackupScheduleResponses, UpdateNotificationDestinationData, UpdateNotificationDestinationErrors, UpdateNotificationDestinationResponses, UpdateRepositoryData, UpdateRepositoryErrors, UpdateRepositoryResponses, UpdateScheduleNotificationsData, UpdateScheduleNotificationsResponses, UpdateVolumeData, UpdateVolumeErrors, UpdateVolumeResponses } from './types.gen';
+import type { BrowseFilesystemData, BrowseFilesystemResponses, ChangePasswordData, ChangePasswordResponses, CreateBackupScheduleData, CreateBackupScheduleResponses, CreateNotificationDestinationData, CreateNotificationDestinationResponses, CreateRepositoryData, CreateRepositoryResponses, CreateVolumeData, CreateVolumeResponses, DeleteBackupScheduleData, DeleteBackupScheduleResponses, DeleteNotificationDestinationData, DeleteNotificationDestinationErrors, DeleteNotificationDestinationResponses, DeleteRepositoryData, DeleteRepositoryResponses, DeleteSnapshotData, DeleteSnapshotResponses, DeleteVolumeData, DeleteVolumeResponses, DoctorRepositoryData, DoctorRepositoryResponses, DownloadResticPasswordData, DownloadResticPasswordResponses, ExportFullConfigData, ExportFullConfigErrors, ExportFullConfigResponses, GetBackupScheduleData, GetBackupScheduleForVolumeData, GetBackupScheduleForVolumeResponses, GetBackupScheduleResponses, GetContainersUsingVolumeData, GetContainersUsingVolumeErrors, GetContainersUsingVolumeResponses, GetMeData, GetMeResponses, GetNotificationDestinationData, GetNotificationDestinationErrors, GetNotificationDestinationResponses, GetRepositoryData, GetRepositoryResponses, GetScheduleNotificationsData, GetScheduleNotificationsResponses, GetSnapshotDetailsData, GetSnapshotDetailsResponses, GetStatusData, GetStatusResponses, GetSystemInfoData, GetSystemInfoResponses, GetVolumeData, GetVolumeErrors, GetVolumeResponses, HealthCheckVolumeData, HealthCheckVolumeErrors, HealthCheckVolumeResponses, ListBackupSchedulesData, ListBackupSchedulesResponses, ListFilesData, ListFilesResponses, ListNotificationDestinationsData, ListNotificationDestinationsResponses, ListRcloneRemotesData, ListRcloneRemotesResponses, ListRepositoriesData, ListRepositoriesResponses, ListSnapshotFilesData, ListSnapshotFilesResponses, ListSnapshotsData, ListSnapshotsResponses, ListVolumesData, ListVolumesResponses, LoginData, LoginResponses, LogoutData, LogoutResponses, MountVolumeData, MountVolumeResponses, RegisterData, RegisterResponses, RestoreSnapshotData, RestoreSnapshotResponses, RunBackupNowData, RunBackupNowResponses, RunForgetData, RunForgetResponses, StopBackupData, StopBackupErrors, StopBackupResponses, TestConnectionData, TestConnectionResponses, TestNotificationDestinationData, TestNotificationDestinationErrors, TestNotificationDestinationResponses, UnmountVolumeData, UnmountVolumeResponses, UpdateBackupScheduleData, UpdateBackupScheduleResponses, UpdateNotificationDestinationData, UpdateNotificationDestinationErrors, UpdateNotificationDestinationResponses, UpdateRepositoryData, UpdateRepositoryErrors, UpdateRepositoryResponses, UpdateScheduleNotificationsData, UpdateScheduleNotificationsResponses, UpdateVolumeData, UpdateVolumeErrors, UpdateVolumeResponses } from './types.gen';
 
 export type Options<TData extends TDataShape = TDataShape, ThrowOnError extends boolean = boolean> = Options2<TData, ThrowOnError> & {
     /**
@@ -581,59 +581,3 @@ export const exportFullConfig = <ThrowOnError extends boolean = false>(options?:
         }
     });
 };
-
-/**
- * Export volumes configuration
- */
-export const exportVolumes = <ThrowOnError extends boolean = false>(options?: Options<ExportVolumesData, ThrowOnError>) => {
-    return (options?.client ?? client).post<ExportVolumesResponses, ExportVolumesErrors, ThrowOnError>({
-        url: '/api/v1/config/export/volumes',
-        ...options,
-        headers: {
-            'Content-Type': 'application/json',
-            ...options?.headers
-        }
-    });
-};
-
-/**
- * Export repositories configuration
- */
-export const exportRepositories = <ThrowOnError extends boolean = false>(options?: Options<ExportRepositoriesData, ThrowOnError>) => {
-    return (options?.client ?? client).post<ExportRepositoriesResponses, ExportRepositoriesErrors, ThrowOnError>({
-        url: '/api/v1/config/export/repositories',
-        ...options,
-        headers: {
-            'Content-Type': 'application/json',
-            ...options?.headers
-        }
-    });
-};
-
-/**
- * Export notification destinations configuration
- */
-export const exportNotificationDestinations = <ThrowOnError extends boolean = false>(options?: Options<ExportNotificationDestinationsData, ThrowOnError>) => {
-    return (options?.client ?? client).post<ExportNotificationDestinationsResponses, ExportNotificationDestinationsErrors, ThrowOnError>({
-        url: '/api/v1/config/export/notification-destinations',
-        ...options,
-        headers: {
-            'Content-Type': 'application/json',
-            ...options?.headers
-        }
-    });
-};
-
-/**
- * Export backup schedules configuration
- */
-export const exportBackupSchedules = <ThrowOnError extends boolean = false>(options?: Options<ExportBackupSchedulesData, ThrowOnError>) => {
-    return (options?.client ?? client).post<ExportBackupSchedulesResponses, ExportBackupSchedulesErrors, ThrowOnError>({
-        url: '/api/v1/config/export/backup-schedules',
-        ...options,
-        headers: {
-            'Content-Type': 'application/json',
-            ...options?.headers
-        }
-    });
-};
diff --git a/app/client/api-client/types.gen.ts b/app/client/api-client/types.gen.ts
index 33078a5d..efb9bb73 100644
--- a/app/client/api-client/types.gen.ts
+++ b/app/client/api-client/types.gen.ts
@@ -2619,11 +2619,9 @@ export type DownloadResticPasswordResponse = DownloadResticPasswordResponses[key
 export type ExportFullConfigData = {
     body?: {
         password: string;
-        includeIds?: boolean;
+        includeMetadata?: boolean;
         includePasswordHash?: boolean;
         includeRecoveryKey?: boolean;
-        includeRuntimeState?: boolean;
-        includeTimestamps?: boolean;
         secretsMode?: 'cleartext' | 'encrypted' | 'exclude';
     };
     path?: never;
@@ -2668,222 +2666,3 @@ export type ExportFullConfigResponses = {
 };
 
 export type ExportFullConfigResponse = ExportFullConfigResponses[keyof ExportFullConfigResponses];
-
-export type ExportVolumesData = {
-    body?: {
-        password: string;
-        id?: number | string;
-        includeIds?: boolean;
-        includeRuntimeState?: boolean;
-        includeTimestamps?: boolean;
-        name?: string;
-        secretsMode?: 'cleartext' | 'encrypted' | 'exclude';
-    };
-    path?: never;
-    query?: never;
-    url: '/api/v1/config/export/volumes';
-};
-
-export type ExportVolumesErrors = {
-    /**
-     * Invalid request
-     */
-    400: {
-        error: string;
-    };
-    /**
-     * Password required for export
-     */
-    401: {
-        error: string;
-    };
-    /**
-     * Volume not found
-     */
-    404: {
-        error: string;
-    };
-    /**
-     * Export failed
-     */
-    500: {
-        error: string;
-    };
-};
-
-export type ExportVolumesError = ExportVolumesErrors[keyof ExportVolumesErrors];
-
-export type ExportVolumesResponses = {
-    /**
-     * Volumes configuration export
-     */
-    200: {
-        volumes: Array<unknown>;
-    };
-};
-
-export type ExportVolumesResponse = ExportVolumesResponses[keyof ExportVolumesResponses];
-
-export type ExportRepositoriesData = {
-    body?: {
-        password: string;
-        id?: number | string;
-        includeIds?: boolean;
-        includeRuntimeState?: boolean;
-        includeTimestamps?: boolean;
-        name?: string;
-        secretsMode?: 'cleartext' | 'encrypted' | 'exclude';
-    };
-    path?: never;
-    query?: never;
-    url: '/api/v1/config/export/repositories';
-};
-
-export type ExportRepositoriesErrors = {
-    /**
-     * Invalid request
-     */
-    400: {
-        error: string;
-    };
-    /**
-     * Password required for sensitive export options
-     */
-    401: {
-        error: string;
-    };
-    /**
-     * Repository not found
-     */
-    404: {
-        error: string;
-    };
-    /**
-     * Export failed
-     */
-    500: {
-        error: string;
-    };
-};
-
-export type ExportRepositoriesError = ExportRepositoriesErrors[keyof ExportRepositoriesErrors];
-
-export type ExportRepositoriesResponses = {
-    /**
-     * Repositories configuration export
-     */
-    200: {
-        repositories: Array<unknown>;
-    };
-};
-
-export type ExportRepositoriesResponse = ExportRepositoriesResponses[keyof ExportRepositoriesResponses];
-
-export type ExportNotificationDestinationsData = {
-    body?: {
-        password: string;
-        id?: number | string;
-        includeIds?: boolean;
-        includeRuntimeState?: boolean;
-        includeTimestamps?: boolean;
-        name?: string;
-        secretsMode?: 'cleartext' | 'encrypted' | 'exclude';
-    };
-    path?: never;
-    query?: never;
-    url: '/api/v1/config/export/notification-destinations';
-};
-
-export type ExportNotificationDestinationsErrors = {
-    /**
-     * Invalid request
-     */
-    400: {
-        error: string;
-    };
-    /**
-     * Password required for sensitive export options
-     */
-    401: {
-        error: string;
-    };
-    /**
-     * Notification destination not found
-     */
-    404: {
-        error: string;
-    };
-    /**
-     * Export failed
-     */
-    500: {
-        error: string;
-    };
-};
-
-export type ExportNotificationDestinationsError = ExportNotificationDestinationsErrors[keyof ExportNotificationDestinationsErrors];
-
-export type ExportNotificationDestinationsResponses = {
-    /**
-     * Notification destinations configuration export
-     */
-    200: {
-        notificationDestinations: Array<unknown>;
-    };
-};
-
-export type ExportNotificationDestinationsResponse = ExportNotificationDestinationsResponses[keyof ExportNotificationDestinationsResponses];
-
-export type ExportBackupSchedulesData = {
-    body?: {
-        password: string;
-        id?: number;
-        includeIds?: boolean;
-        includeRuntimeState?: boolean;
-        includeTimestamps?: boolean;
-        secretsMode?: 'cleartext' | 'encrypted' | 'exclude';
-    };
-    path?: never;
-    query?: never;
-    url: '/api/v1/config/export/backup-schedules';
-};
-
-export type ExportBackupSchedulesErrors = {
-    /**
-     * Invalid request
-     */
-    400: {
-        error: string;
-    };
-    /**
-     * Password required for export
-     */
-    401: {
-        error: string;
-    };
-    /**
-     * Backup schedule not found
-     */
-    404: {
-        error: string;
-    };
-    /**
-     * Export failed
-     */
-    500: {
-        error: string;
-    };
-};
-
-export type ExportBackupSchedulesError = ExportBackupSchedulesErrors[keyof ExportBackupSchedulesErrors];
-
-export type ExportBackupSchedulesResponses = {
-    /**
-     * Backup schedules configuration export
-     */
-    200: {
-        backupSchedules: Array<unknown>;
-    };
-};
-
-export type ExportBackupSchedulesResponse = ExportBackupSchedulesResponses[keyof ExportBackupSchedulesResponses];
diff --git a/app/client/components/export-dialog.tsx b/app/client/components/export-dialog.tsx
index 3d3a208d..36c5cdd8 100644
--- a/app/client/components/export-dialog.tsx
+++ b/app/client/components/export-dialog.tsx
@@ -1,14 +1,8 @@
 import { useMutation } from "@tanstack/react-query";
 import { Download } from "lucide-react";
-import { useState } from "react";
+import { type ReactNode, useState } from "react";
 import { toast } from "sonner";
-import {
-	exportBackupSchedulesMutation,
-	exportFullConfigMutation,
-	exportNotificationDestinationsMutation,
-	exportRepositoriesMutation,
-	exportVolumesMutation,
-} from "~/client/api-client/@tanstack/react-query.gen";
+import { exportFullConfigMutation } from "~/client/api-client/@tanstack/react-query.gen";
 import { Button } from "~/client/components/ui/button";
 import { Checkbox } from "~/client/components/ui/checkbox";
 import {
@@ -30,7 +24,9 @@ import {
 	SelectValue,
 } from "~/client/components/ui/select";
 
-export type SecretsMode = "exclude" | "encrypted" | "cleartext";
+type SecretsMode = "exclude" | "encrypted" | "cleartext";
+
+const DEFAULT_EXPORT_FILENAME = "zerobyte-full-config";
 
 function downloadAsJson(data: unknown, filename: string): void {
 	const blob = new Blob([JSON.stringify(data, null, 2)], { type: "application/json" });
@@ -44,60 +40,14 @@ function downloadAsJson(data: unknown, filename: string): void {
 	URL.revokeObjectURL(url);
 }
 
-export type ExportEntityType = "volumes" | "repositories" | "notification-destinations" | "backup-schedules" | "full";
-
-type ExportConfig = {
-	label: string;
-	labelPlural: string;
-	getFilename: (id?: string | number, name?: string) => string;
-};
-
-const exportConfigs: Record<ExportEntityType, ExportConfig> = {
-	volumes: {
-		label: "Volume",
-		labelPlural: "Volumes",
-		getFilename: (id, name) => {
-			const identifier = id ?? name;
-			return identifier ? `volume-${identifier}-config` : "volumes-config";
-		},
-	},
-	repositories: {
-		label: "Repository",
-		labelPlural: "Repositories",
-		getFilename: (id, name) => {
-			const identifier = id ?? name;
-			return identifier ? `repository-${identifier}-config` : "repositories-config";
-		},
-	},
-	"notification-destinations": {
-		label: "Notification Destination",
-		labelPlural: "Notification Destinations",
-		getFilename: (id, name) => {
-			const identifier = id ?? name;
-			return identifier ? `notification-destination-${identifier}-config` : "notification-destinations-config";
-		},
-	},
-	"backup-schedules": {
-		label: "Backup Schedule",
-		labelPlural: "Backup Schedules",
-		getFilename: (id) => (id ? `backup-schedule-${id}-config` : "backup-schedules-config"),
-	},
-	full: {
-		label: "Full Config",
-		labelPlural: "Full Config",
-		getFilename: () => "zerobyte-full-config",
-	},
-};
-
 type BaseExportDialogProps = {
-	entityType: ExportEntityType;
-	name?: string;
-	id?: string | number;
+	/** Optional custom filename (without extension). Defaults to `zerobyte-full-config`. */
+	filename?: string;
 };
 
 type ExportDialogWithTrigger = BaseExportDialogProps & {
 	/** Custom trigger element. When provided, variant/size/triggerLabel/showIcon are ignored. */
-	trigger: React.ReactNode;
+	trigger: ReactNode;
 	variant?: never;
 	size?: never;
 	triggerLabel?: never;
@@ -115,9 +65,7 @@ type ExportDialogWithDefaultTrigger = BaseExportDialogProps & {
 type ExportDialogProps = ExportDialogWithTrigger | ExportDialogWithDefaultTrigger;
 
 export function ExportDialog({
-	entityType,
-	name,
-	id,
+	filename = DEFAULT_EXPORT_FILENAME,
 	trigger,
 	variant = "outline",
 	size = "default",
@@ -125,85 +73,35 @@ export function ExportDialog({
 	showIcon = true,
 }: ExportDialogProps) {
 	const [open, setOpen] = useState(false);
-	const [includeIds, setIncludeIds] = useState(true);
-	const [includeTimestamps, setIncludeTimestamps] = useState(true);
-	const [includeRuntimeState, setIncludeRuntimeState] = useState(false);
+	const [includeMetadata, setIncludeMetadata] = useState(false);
 	const [includeRecoveryKey, setIncludeRecoveryKey] = useState(false);
 	const [includePasswordHash, setIncludePasswordHash] = useState(false);
 	const [secretsMode, setSecretsMode] = useState<SecretsMode>("exclude");
 	const [password, setPassword] = useState("");
 
-	const config = exportConfigs[entityType];
-	const isSingleItem = !!(name || id);
-	const isFullExport = entityType === "full";
-	// TODO: Volumes will have encrypted secrets (e.g., SMB/NFS credentials) in a future PR
-	const hasSecrets = entityType !== "backup-schedules" && entityType !== "volumes";
-	const entityLabel = isSingleItem ? config.label : config.labelPlural;
-	const filename = config.getFilename(id, name);
-
 	const handleExportSuccess = (data: unknown) => {
 		downloadAsJson(data, filename);
-		toast.success(`${entityLabel} exported successfully`);
+		toast.success("Configuration exported successfully");
 		setOpen(false);
 		setPassword("");
 	};
 
 	const handleExportError = (error: unknown) => {
-		const message = error && typeof error === "object" && "error" in error
-			? (error as { error: string }).error
-			: "Unknown error";
+		const message =
+			error && typeof error === "object" && "error" in error
+				? (error as { error: string }).error
+				: "Unknown error";
 		toast.error("Export failed", {
 			description: message,
 		});
 	};
 
-	const fullExport = useMutation({
+	const exportMutation = useMutation({
 		...exportFullConfigMutation(),
 		onSuccess: handleExportSuccess,
 		onError: handleExportError,
 	});
 
-	const volumesExport = useMutation({
-		...exportVolumesMutation(),
-		onSuccess: handleExportSuccess,
-		onError: handleExportError,
-	});
-
-	const repositoriesExport = useMutation({
-		...exportRepositoriesMutation(),
-		onSuccess: handleExportSuccess,
-		onError: handleExportError,
-	});
-
-	const notificationsExport = useMutation({
-		...exportNotificationDestinationsMutation(),
-		onSuccess: handleExportSuccess,
-		onError: handleExportError,
-	});
-
-	const backupSchedulesExport = useMutation({
-		...exportBackupSchedulesMutation(),
-		onSuccess: handleExportSuccess,
-		onError: handleExportError,
-	});
-
-	const getMutation = () => {
-		switch (entityType) {
-			case "full":
-				return fullExport;
-			case "volumes":
-				return volumesExport;
-			case "repositories":
-				return repositoriesExport;
-			case "notification-destinations":
-				return notificationsExport;
-			case "backup-schedules":
-				return backupSchedulesExport;
-		}
-	};
-
-	const exportMutation = getMutation();
-
 	const handleExport = (e: React.FormEvent) => {
 		e.preventDefault();
 		if (!password) {
@@ -211,60 +109,15 @@ export function ExportDialog({
 			return;
 		}
 
-		const baseBody = {
-			password,
-			includeIds,
-			includeTimestamps,
-			includeRuntimeState,
-			secretsMode: hasSecrets ? secretsMode : undefined,
-		};
-
-		switch (entityType) {
-			case "full":
-				fullExport.mutate({
-					body: {
-						...baseBody,
-						includeRecoveryKey,
-						includePasswordHash,
-					},
-				});
-				break;
-			case "volumes":
-				volumesExport.mutate({
-					body: {
-						...baseBody,
-						id: id as number | string | undefined,
-						name,
-					},
-				});
-				break;
-			case "repositories":
-				repositoriesExport.mutate({
-					body: {
-						...baseBody,
-						id: id as number | string | undefined,
-						name,
-					},
-				});
-				break;
-			case "notification-destinations":
-				notificationsExport.mutate({
-					body: {
-						...baseBody,
-						id: id as number | string | undefined,
-						name,
-					},
-				});
-				break;
-			case "backup-schedules":
-				backupSchedulesExport.mutate({
-					body: {
-						...baseBody,
-						id: typeof id === "number" ? id : undefined,
-					},
-				});
-				break;
-		}
+		exportMutation.mutate({
+			body: {
+				password,
+				includeMetadata,
+				secretsMode,
+				includeRecoveryKey,
+				includePasswordHash,
+			},
+		});
 	};
 
 	const handleDialogChange = (isOpen: boolean) => {
@@ -276,19 +129,19 @@ export function ExportDialog({
 
 	const defaultTrigger =
 		variant === "card" ? (
-			<button 
+			<button
 				type="button"
 				className="flex flex-col items-center justify-center gap-2 cursor-pointer h-full w-full border-0 bg-transparent p-0 hover:opacity-80 transition-opacity"
 			>
 				<Download className="h-8 w-8 text-muted-foreground" />
 				<span className="text-sm font-medium text-muted-foreground">
-					{triggerLabel ?? `Export ${isSingleItem ? "config" : "configs"}`}
+					{triggerLabel ?? "Export Config"}
 				</span>
 			</button>
 		) : (
 			<Button variant={variant} size={size}>
 				{showIcon && <Download className="h-4 w-4 mr-2" />}
-				{triggerLabel ?? `Export ${isSingleItem ? "config" : "configs"}`}
+				{triggerLabel ?? "Export Config"}
 			</Button>
 		);
 
@@ -298,118 +151,83 @@ export function ExportDialog({
 			<DialogContent>
 				<form onSubmit={handleExport}>
 					<DialogHeader>
-						<DialogTitle>Export {entityLabel}</DialogTitle>
+						<DialogTitle>Export Full Configuration</DialogTitle>
 						<DialogDescription>
-							{isFullExport
-								? "Export the complete Zerobyte configuration including all volumes, repositories, backup schedules, and notifications."
-								: isSingleItem
-									? `Export the configuration for this ${config.label.toLowerCase()}.`
-									: `Export all ${config.labelPlural.toLowerCase()} configurations.`}
+							Export the complete Zerobyte configuration.
 						</DialogDescription>
 					</DialogHeader>
 
 					<div className="space-y-4 py-4">
 						<div className="flex items-center space-x-3">
 							<Checkbox
-								id="includeIds"
-								checked={includeIds}
-								onCheckedChange={(checked) => setIncludeIds(checked === true)}
+								id="includeMetadata"
+								checked={includeMetadata}
+								onCheckedChange={(checked) => setIncludeMetadata(checked === true)}
 							/>
-							<Label htmlFor="includeIds" className="cursor-pointer">
-								Include database IDs
+							<Label htmlFor="includeMetadata" className="cursor-pointer">
+								Include metadata
 							</Label>
 						</div>
 						<p className="text-xs text-muted-foreground ml-7">
-							Include internal database identifiers in the export. Useful for debugging or when IDs are needed for reference.
+							Include database IDs, timestamps, and runtime state (status, health checks, last backup	info).
 						</p>
 
-						<div className="flex items-center space-x-3">
+						<div className="flex items-center justify-between pt-2 border-t">
+							<Label className="cursor-pointer">Secrets handling</Label>
+							<Select value={secretsMode} onValueChange={(v) => setSecretsMode(v as SecretsMode)}>
+								<SelectTrigger className="w-40">
+									<SelectValue />
+								</SelectTrigger>
+								<SelectContent>
+									<SelectItem value="exclude">Exclude</SelectItem>
+									<SelectItem value="encrypted">Keep encrypted</SelectItem>
+									<SelectItem value="cleartext">Decrypt</SelectItem>
+								</SelectContent>
+							</Select>
+						</div>
+						<p className="text-xs text-muted-foreground">
+							{secretsMode === "exclude" &&
+								"Sensitive fields (passwords, API keys, webhooks) will be removed from the export."}
+							{secretsMode === "encrypted" &&
+								"Secrets will be exported in encrypted form. Requires the same recovery key to decrypt on import."}
+							{secretsMode === "cleartext" && (
+								<span className="text-yellow-600">
+									⚠️ Secrets will be decrypted and exported as plaintext. Keep this export secure!
+								</span>
+							)}
+						</p>
+
+						<div className="flex items-center space-x-3 pt-2 border-t">
 							<Checkbox
-								id="includeTimestamps"
-								checked={includeTimestamps}
-								onCheckedChange={(checked) => setIncludeTimestamps(checked === true)}
+								id="includeRecoveryKey"
+								checked={includeRecoveryKey}
+								onCheckedChange={(checked) => setIncludeRecoveryKey(checked === true)}
 							/>
-							<Label htmlFor="includeTimestamps" className="cursor-pointer">
-								Include timestamps
+							<Label htmlFor="includeRecoveryKey" className="cursor-pointer">
+								Include recovery key
 							</Label>
 						</div>
 						<p className="text-xs text-muted-foreground ml-7">
-							Include createdAt and updatedAt timestamps. Disable for cleaner exports when timestamps aren't needed.
+							<span className="text-yellow-600 font-medium">⚠️ Security sensitive:</span> The recovery
+							key is the master encryption key for all repositories. Keep this export secure and never
+							share it.
 						</p>
 
 						<div className="flex items-center space-x-3">
 							<Checkbox
-								id="includeRuntimeState"
-								checked={includeRuntimeState}
-								onCheckedChange={(checked) => setIncludeRuntimeState(checked === true)}
+								id="includePasswordHash"
+								checked={includePasswordHash}
+								onCheckedChange={(checked) => setIncludePasswordHash(checked === true)}
 							/>
-							<Label htmlFor="includeRuntimeState" className="cursor-pointer">
-								Include runtime state
+							<Label htmlFor="includePasswordHash" className="cursor-pointer">
+								Include password hash
 							</Label>
 						</div>
 						<p className="text-xs text-muted-foreground ml-7">
-							Include current status, health checks, and last backup information. Usually not needed for migration.
+							Include the hashed admin password for seamless migration. The password is already securely
+							hashed (argon2).
 						</p>
 
-						{hasSecrets && (
-							<>
-								<div className="flex items-center justify-between pt-2 border-t">
-									<Label className="cursor-pointer">Secrets handling</Label>
-									<Select value={secretsMode} onValueChange={(v) => setSecretsMode(v as SecretsMode)}>
-										<SelectTrigger className="w-40">
-											<SelectValue />
-										</SelectTrigger>
-										<SelectContent>
-											<SelectItem value="exclude">Exclude</SelectItem>
-											<SelectItem value="encrypted">Keep encrypted</SelectItem>
-											<SelectItem value="cleartext">Decrypt</SelectItem>
-										</SelectContent>
-									</Select>
-								</div>
-								<p className="text-xs text-muted-foreground">
-									{secretsMode === "exclude" && "Sensitive fields (passwords, API keys, webhooks) will be removed from the export."}
-									{secretsMode === "encrypted" && "Secrets will be exported in encrypted form. Requires the same recovery key to decrypt on import."}
-									{secretsMode === "cleartext" && (
-										<span className="text-yellow-600">
-											⚠️ Secrets will be decrypted and exported as plaintext. Keep this export secure!
-										</span>
-									)}
-								</p>
-							</>
-						)}
-
-						{isFullExport && (
-							<>
-								<div className="flex items-center space-x-3 pt-2 border-t">
-									<Checkbox
-										id="includeRecoveryKey"
-										checked={includeRecoveryKey}
-										onCheckedChange={(checked) => setIncludeRecoveryKey(checked === true)}
-									/>
-									<Label htmlFor="includeRecoveryKey" className="cursor-pointer">
-										Include recovery key
-									</Label>
-								</div>
-								<p className="text-xs text-muted-foreground ml-7">
-									<span className="text-yellow-600 font-medium">⚠️ Security sensitive:</span> The recovery key is the master encryption key for all repositories. Keep this export secure and never share it.
-								</p>
-
-								<div className="flex items-center space-x-3">
-									<Checkbox
-										id="includePasswordHash"
-										checked={includePasswordHash}
-										onCheckedChange={(checked) => setIncludePasswordHash(checked === true)}
-									/>
-									<Label htmlFor="includePasswordHash" className="cursor-pointer">
-										Include password hash
-									</Label>
-								</div>
-								<p className="text-xs text-muted-foreground ml-7">
-									Include the hashed admin password for seamless migration. The password is already securely hashed (argon2).
-								</p>
-							</>
-						)}
-
 						<div className="space-y-2 pt-2 border-t">
 							<Label htmlFor="export-password">Your Password</Label>
 							<Input
diff --git a/app/client/modules/backups/components/schedule-summary.tsx b/app/client/modules/backups/components/schedule-summary.tsx
index a9bdbce1..4422c775 100644
--- a/app/client/modules/backups/components/schedule-summary.tsx
+++ b/app/client/modules/backups/components/schedule-summary.tsx
@@ -1,5 +1,4 @@
 import { Eraser, Pencil, Play, Square, Trash2 } from "lucide-react";
-import { ExportDialog } from "~/client/components/export-dialog";
 import { useMemo, useState } from "react";
 import { OnOff } from "~/client/components/onoff";
 import { Button } from "~/client/components/ui/button";
@@ -126,7 +125,6 @@ export const ScheduleSummary = (props: Props) => {
 							<Pencil className="h-4 w-4 mr-2" />
 							<span className="sm:inline">Edit schedule</span>
 						</Button>
-						<ExportDialog entityType="backup-schedules" id={schedule.id} size="sm" triggerLabel="Export config" />
 						<Button
 							variant="outline"
 							size="sm"
diff --git a/app/client/modules/backups/routes/backups.tsx b/app/client/modules/backups/routes/backups.tsx
index cff440dc..505d124b 100644
--- a/app/client/modules/backups/routes/backups.tsx
+++ b/app/client/modules/backups/routes/backups.tsx
@@ -1,6 +1,5 @@
 import { useQuery } from "@tanstack/react-query";
 import { CalendarClock, Database, HardDrive, Plus } from "lucide-react";
-import { ExportDialog } from "~/client/components/export-dialog";
 import { Link } from "react-router";
 import { BackupStatusDot } from "../components/backup-status-dot";
 import { EmptyState } from "~/client/components/empty-state";
@@ -120,11 +119,6 @@ export default function Backups({ loaderData }: Route.ComponentProps) {
 						</CardContent>
 					</Card>
 				</Link>
-				<Card className="flex flex-col items-center justify-center h-full hover:bg-muted/50 transition-colors cursor-pointer">
-					<CardContent className="flex flex-col items-center justify-center gap-2 h-full w-full">
-						<ExportDialog entityType="backup-schedules" variant="card" />
-					</CardContent>
-				</Card>
 			</div>
 		</div>
 	);
diff --git a/app/client/modules/notifications/routes/notification-details.tsx b/app/client/modules/notifications/routes/notification-details.tsx
index c3598cf6..082f475d 100644
--- a/app/client/modules/notifications/routes/notification-details.tsx
+++ b/app/client/modules/notifications/routes/notification-details.tsx
@@ -24,8 +24,7 @@ import { getNotificationDestination } from "~/client/api-client/sdk.gen";
 import type { Route } from "./+types/notification-details";
 import { cn } from "~/client/lib/utils";
 import { Card, CardContent, CardHeader, CardTitle } from "~/client/components/ui/card";
-import { Bell, TestTube2, Trash2 } from "lucide-react";
-import { ExportDialog } from "~/client/components/export-dialog";
+import { Bell, TestTube2 } from "lucide-react";
 import { Alert, AlertDescription } from "~/client/components/ui/alert";
 import { CreateNotificationForm, type NotificationFormValues } from "../components/create-notification-form";
 
@@ -143,7 +142,6 @@ export default function NotificationDetailsPage({ loaderData }: Route.ComponentP
 						<TestTube2 className="h-4 w-4 mr-2" />
 						Test
 					</Button>
-					<ExportDialog entityType="notification-destinations" id={data.id} name={data.name} triggerLabel="Export config" />
 					<Button
 						onClick={() => setShowDeleteConfirm(true)}
 						variant="destructive"
diff --git a/app/client/modules/notifications/routes/notifications.tsx b/app/client/modules/notifications/routes/notifications.tsx
index f48827fb..4c3d4f97 100644
--- a/app/client/modules/notifications/routes/notifications.tsx
+++ b/app/client/modules/notifications/routes/notifications.tsx
@@ -1,6 +1,5 @@
 import { useQuery } from "@tanstack/react-query";
 import { Bell, Plus, RotateCcw } from "lucide-react";
-import { ExportDialog } from "~/client/components/export-dialog";
 import { useState } from "react";
 import { useNavigate } from "react-router";
 import { EmptyState } from "~/client/components/empty-state";
@@ -123,13 +122,10 @@ export default function Notifications({ loaderData }: Route.ComponentProps) {
 						</Button>
 					)}
 				</span>
-				<div className="flex gap-2">
-					<ExportDialog entityType="notification-destinations" />
-					<Button onClick={() => navigate("/notifications/create")}>
-						<Plus size={16} className="mr-2" />
-						Create Destination
-					</Button>
-				</div>
+				<Button onClick={() => navigate("/notifications/create")}>
+					<Plus size={16} className="mr-2" />
+					Create Destination
+				</Button>
 			</div>
 			<div className="overflow-x-auto">
 				<Table className="border-t">
diff --git a/app/client/modules/repositories/routes/repositories.tsx b/app/client/modules/repositories/routes/repositories.tsx
index 40fc4d93..4e65bacd 100644
--- a/app/client/modules/repositories/routes/repositories.tsx
+++ b/app/client/modules/repositories/routes/repositories.tsx
@@ -1,6 +1,5 @@
 import { useQuery } from "@tanstack/react-query";
 import { Database, Plus, RotateCcw } from "lucide-react";
-import { ExportDialog } from "~/client/components/export-dialog";
 import { useState } from "react";
 import { useNavigate } from "react-router";
 import { listRepositories } from "~/client/api-client/sdk.gen";
@@ -120,13 +119,10 @@ export default function Repositories({ loaderData }: Route.ComponentProps) {
 						</Button>
 					)}
 				</span>
-				<div className="flex gap-2">
-					<ExportDialog entityType="repositories" />
-					<Button onClick={() => navigate("/repositories/create")}>
-						<Plus size={16} className="mr-2" />
-						Create Repository
-					</Button>
-				</div>
+				<Button onClick={() => navigate("/repositories/create")}>
+					<Plus size={16} className="mr-2" />
+					Create Repository
+				</Button>
 			</div>
 			<div className="overflow-x-auto">
 				<Table className="border-t">
diff --git a/app/client/modules/repositories/routes/repository-details.tsx b/app/client/modules/repositories/routes/repository-details.tsx
index b2ccc155..394b7d7b 100644
--- a/app/client/modules/repositories/routes/repository-details.tsx
+++ b/app/client/modules/repositories/routes/repository-details.tsx
@@ -25,8 +25,7 @@ import { cn } from "~/client/lib/utils";
 import { Tabs, TabsContent, TabsList, TabsTrigger } from "~/client/components/ui/tabs";
 import { RepositoryInfoTabContent } from "../tabs/info";
 import { RepositorySnapshotsTabContent } from "../tabs/snapshots";
-import { Loader2, Trash2 } from "lucide-react";
-import { ExportDialog } from "~/client/components/export-dialog";
+import { Loader2 } from "lucide-react";
 
 export const handle = {
 	breadcrumb: (match: Route.MetaArgs) => [
@@ -158,7 +157,6 @@ export default function RepositoryDetailsPage({ loaderData }: Route.ComponentPro
 							"Run Doctor"
 						)}
 					</Button>
-					<ExportDialog entityType="repositories" id={data.id} name={data.name} triggerLabel="Export config" />
 					<Button variant="destructive" onClick={() => setShowDeleteConfirm(true)} disabled={deleteRepo.isPending}>
 						Delete
 					</Button>
diff --git a/app/client/modules/settings/routes/settings.tsx b/app/client/modules/settings/routes/settings.tsx
index 511793d9..cd107e24 100644
--- a/app/client/modules/settings/routes/settings.tsx
+++ b/app/client/modules/settings/routes/settings.tsx
@@ -144,9 +144,6 @@ export default function Settings({ loaderData }: Route.ComponentProps) {
 				<CardDescription className="mt-1.5">Your account details</CardDescription>
 			</div>
 			<CardContent className="p-6 space-y-4">
-				<div className="flex justify-end">
-					<ExportDialog entityType="full" triggerLabel="Export All Config (JSON)" />
-				</div>
 				<div className="space-y-2">
 					<Label>Username</Label>
 					<Input value={loaderData.user?.username || ""} disabled className="max-w-md" />
@@ -266,6 +263,21 @@ export default function Settings({ loaderData }: Route.ComponentProps) {
 					</DialogContent>
 				</Dialog>
 			</CardContent>
+
+			<div className="border-t border-border/50 bg-card-header p-6">
+				<CardTitle className="flex items-center gap-2">
+					<Download className="size-5" />
+					Export Configuration
+				</CardTitle>
+				<CardDescription className="mt-1.5">Export your Zerobyte configuration for backup or migration</CardDescription>
+			</div>
+			<CardContent className="p-6 space-y-4">
+				<p className="text-sm text-muted-foreground max-w-2xl">
+					Export all your volumes, repositories, backup schedules, and notification settings to a JSON file.
+					This can be used to restore your configuration on a new instance or as a backup of your settings.
+				</p>
+				<ExportDialog triggerLabel="Export Configuration" />
+			</CardContent>
 		</Card>
 	);
 }
diff --git a/app/client/modules/volumes/routes/volume-details.tsx b/app/client/modules/volumes/routes/volume-details.tsx
index d4cf8fba..3ee690a3 100644
--- a/app/client/modules/volumes/routes/volume-details.tsx
+++ b/app/client/modules/volumes/routes/volume-details.tsx
@@ -25,8 +25,6 @@ import { Tooltip, TooltipContent, TooltipTrigger } from "~/client/components/ui/
 import { useSystemInfo } from "~/client/hooks/use-system-info";
 import { getVolume } from "~/client/api-client";
 import type { VolumeStatus } from "~/client/lib/types";
-import { Trash2 } from "lucide-react";
-import { ExportDialog } from "~/client/components/export-dialog";
 import {
 	deleteVolumeMutation,
 	getVolumeOptions,
@@ -162,7 +160,6 @@ export default function VolumeDetails({ loaderData }: Route.ComponentProps) {
 					>
 						Unmount
 					</Button>
-					<ExportDialog entityType="volumes" id={volume.id} name={volume.name} triggerLabel="Export config" />
 					<Button variant="destructive" onClick={() => setShowDeleteConfirm(true)} disabled={deleteVol.isPending}>
 						Delete
 					</Button>
diff --git a/app/client/modules/volumes/routes/volumes.tsx b/app/client/modules/volumes/routes/volumes.tsx
index 14da0b13..fc8bbda4 100644
--- a/app/client/modules/volumes/routes/volumes.tsx
+++ b/app/client/modules/volumes/routes/volumes.tsx
@@ -1,6 +1,5 @@
 import { useQuery } from "@tanstack/react-query";
 import { HardDrive, Plus, RotateCcw } from "lucide-react";
-import { ExportDialog } from "~/client/components/export-dialog";
 import { useState } from "react";
 import { useNavigate } from "react-router";
 import { EmptyState } from "~/client/components/empty-state";
@@ -130,13 +129,10 @@ export default function Volumes({ loaderData }: Route.ComponentProps) {
 						</Button>
 					)}
 				</span>
-				<div className="flex gap-2">
-					<ExportDialog entityType="volumes" />
-					<Button onClick={() => navigate("/volumes/create")}>
-						<Plus size={16} className="mr-2" />
-						Create Volume
-					</Button>
-				</div>
+				<Button onClick={() => navigate("/volumes/create")}>
+					<Plus size={16} className="mr-2" />
+					Create Volume
+				</Button>
 			</div>
 			<div className="overflow-x-auto">
 				<Table className="border-t">
diff --git a/app/server/modules/lifecycle/config-export.controller.ts b/app/server/modules/lifecycle/config-export.controller.ts
index 774b9206..cb2547c6 100644
--- a/app/server/modules/lifecycle/config-export.controller.ts
+++ b/app/server/modules/lifecycle/config-export.controller.ts
@@ -1,13 +1,8 @@
 import { validator } from "hono-openapi";
-
 import { Hono } from "hono";
 import type { Context } from "hono";
 import { deleteCookie, getCookie } from "hono/cookie";
-import {
-	backupSchedulesTable,
-	backupScheduleNotificationsTable,
-	usersTable,
-} from "../../db/schema";
+import { backupSchedulesTable, backupScheduleNotificationsTable, usersTable } from "../../db/schema";
 import { db } from "../../db/db";
 import { logger } from "../../utils/logger";
 import { RESTIC_PASS_FILE } from "../../core/constants";
@@ -19,17 +14,9 @@ import { notificationsService } from "../notifications/notifications.service";
 import { backupsService } from "../backups/backups.service";
 import {
 	fullExportBodySchema,
-	entityExportBodySchema,
-	backupScheduleExportBodySchema,
 	fullExportDto,
-	volumesExportDto,
-	repositoriesExportDto,
-	notificationsExportDto,
-	backupSchedulesExportDto,
 	type SecretsMode,
 	type FullExportBody,
-	type EntityExportBody,
-	type BackupScheduleExportBody,
 } from "./config-export.dto";
 
 const COOKIE_NAME = "session_id";
@@ -41,56 +28,39 @@ const COOKIE_OPTIONS = {
 };
 
 type ExportParams = {
-	includeIds: boolean;
-	includeTimestamps: boolean;
+	includeMetadata: boolean;
 	secretsMode: SecretsMode;
-	excludeKeys: string[];
 };
 
-function omitKeys<T extends Record<string, unknown>>(obj: T, keys: string[]): Partial<T> {
+// Keys to exclude when metadata is not included
+const METADATA_KEYS = {
+	ids: ["id", "volumeId", "repositoryId", "scheduleId", "destinationId"],
+	timestamps: ["createdAt", "updatedAt", "lastBackupAt", "nextBackupAt", "lastHealthCheck", "lastChecked"],
+	runtimeState: ["status", "lastError", "lastBackupStatus", "lastBackupError", "hasDownloadedResticPassword"],
+};
+
+const ALL_METADATA_KEYS = [...METADATA_KEYS.ids, ...METADATA_KEYS.timestamps, ...METADATA_KEYS.runtimeState];
+
+/** Filter out metadata keys from an object when includeMetadata is false */
+function filterMetadataOut<T extends Record<string, unknown>>(obj: T, includeMetadata: boolean): Partial<T> {
+	if (includeMetadata) {
+		return obj;
+	}
 	const result = { ...obj };
-	for (const key of keys) {
+	for (const key of ALL_METADATA_KEYS) {
 		delete result[key as keyof T];
 	}
 	return result;
 }
 
-function getExcludeKeys(includeIds: boolean, includeTimestamps: boolean, includeRuntimeState: boolean): string[] {
-	const idKeys = ["id", "volumeId", "repositoryId", "scheduleId", "destinationId"];
-	const timestampKeys = ["createdAt", "updatedAt"];
-	// Runtime state fields (status, health checks, last backup info, etc.)
-	const runtimeStateKeys = [
-		// Volume state
-		"status", "lastError", "lastHealthCheck",
-		// Repository state
-		"lastChecked",
-		// Backup schedule state
-		"lastBackupAt", "lastBackupStatus", "lastBackupError", "nextBackupAt",
-	];
-	// Redundant fields that are already present inside the config object
-	// (e.g., type is duplicated as config.backend or config.type)
-	const redundantKeys = ["type"];
-	return [
-		...redundantKeys,
-		...(includeRuntimeState ? [] : runtimeStateKeys),
-		...(includeIds ? [] : idKeys),
-		...(includeTimestamps ? [] : timestampKeys),
-	];
-}
-
 /** Parse export params from request body */
 function parseExportParamsFromBody(body: {
-	includeIds?: boolean;
-	includeTimestamps?: boolean;
-	includeRuntimeState?: boolean;
+	includeMetadata?: boolean;
 	secretsMode?: SecretsMode;
 }): ExportParams {
-	const includeIds = body.includeIds !== false;
-	const includeTimestamps = body.includeTimestamps !== false;
-	const includeRuntimeState = body.includeRuntimeState === true;
+	const includeMetadata = body.includeMetadata === true;
 	const secretsMode: SecretsMode = body.secretsMode ?? "exclude";
-	const excludeKeys = getExcludeKeys(includeIds, includeTimestamps, includeRuntimeState);
-	return { includeIds, includeTimestamps, secretsMode, excludeKeys };
+	return { includeMetadata, secretsMode };
 }
 
 /**
@@ -167,7 +137,7 @@ async function exportEntity(
 	entity: Record<string, unknown>,
 	params: ExportParams
 ): Promise<Record<string, unknown>> {
-	const cleaned = omitKeys(entity, params.excludeKeys);
+	const cleaned = filterMetadataOut(entity, params.includeMetadata);
 	return processSecrets(cleaned, params.secretsMode);
 }
 
@@ -181,8 +151,8 @@ async function exportEntities<T extends Record<string, unknown>>(
 
 /** Transform backup schedules with resolved names and notifications */
 function transformBackupSchedules(
-	schedules: typeof backupSchedulesTable.$inferSelect[],
-	scheduleNotifications: typeof backupScheduleNotificationsTable.$inferSelect[],
+	schedules: (typeof backupSchedulesTable.$inferSelect)[],
+	scheduleNotifications: (typeof backupScheduleNotificationsTable.$inferSelect)[],
 	volumeMap: Map<number, string>,
 	repoMap: Map<string, string>,
 	notificationMap: Map<number, string>,
@@ -192,15 +162,12 @@ function transformBackupSchedules(
 		const assignments = scheduleNotifications
 			.filter((sn) => sn.scheduleId === schedule.id)
 			.map((sn) => ({
-				...(params.includeIds ? { destinationId: sn.destinationId } : {}),
+				...filterMetadataOut(sn as unknown as Record<string, unknown>, params.includeMetadata),
 				name: notificationMap.get(sn.destinationId) ?? null,
-				notifyOnStart: sn.notifyOnStart,
-				notifyOnSuccess: sn.notifyOnSuccess,
-				notifyOnFailure: sn.notifyOnFailure,
 			}));
 
 		return {
-			...omitKeys(schedule as Record<string, unknown>, params.excludeKeys),
+			...filterMetadataOut(schedule as Record<string, unknown>, params.includeMetadata),
 			volume: volumeMap.get(schedule.volumeId) ?? null,
 			repository: repoMap.get(schedule.repositoryId) ?? null,
 			notifications: assignments,
@@ -208,8 +175,11 @@ function transformBackupSchedules(
 	});
 }
 
-export const configExportController = new Hono()
-	.post("/export", fullExportDto, validator("json", fullExportBodySchema), async (c) => {
+export const configExportController = new Hono().post(
+	"/export",
+	fullExportDto,
+	validator("json", fullExportBodySchema),
+	async (c) => {
 		try {
 			const body = c.req.valid("json") as FullExportBody;
 
@@ -224,21 +194,27 @@ export const configExportController = new Hono()
 			const includePasswordHash = body.includePasswordHash === true;
 
 			// Use services to fetch data
-			const [volumes, repositories, backupSchedulesRaw, notifications, scheduleNotifications, [admin]] = await Promise.all([
-				volumeService.listVolumes(),
-				repositoriesService.listRepositories(),
-				backupsService.listSchedules(),
-				notificationsService.listDestinations(),
-				db.select().from(backupScheduleNotificationsTable),
-				db.select().from(usersTable).limit(1),
-			]);
+			const [volumes, repositories, backupSchedulesRaw, notifications, scheduleNotifications, users] =
+				await Promise.all([
+					volumeService.listVolumes(),
+					repositoriesService.listRepositories(),
+					backupsService.listSchedules(),
+					notificationsService.listDestinations(),
+					db.select().from(backupScheduleNotificationsTable),
+					db.select().from(usersTable),
+				]);
 
 			const volumeMap = new Map<number, string>(volumes.map((v) => [v.id, v.name]));
 			const repoMap = new Map<string, string>(repositories.map((r) => [r.id, r.name]));
 			const notificationMap = new Map<number, string>(notifications.map((n) => [n.id, n.name]));
 
 			const backupSchedules = transformBackupSchedules(
-				backupSchedulesRaw, scheduleNotifications, volumeMap, repoMap, notificationMap, params
+				backupSchedulesRaw,
+				scheduleNotifications,
+				volumeMap,
+				repoMap,
+				notificationMap,
+				params
 			);
 
 			const [exportVolumes, exportRepositories, exportNotifications] = await Promise.all([
@@ -257,194 +233,27 @@ export const configExportController = new Hono()
 				}
 			}
 
+			// Users need special handling for passwordHash (controlled by separate flag)
+			const exportUsers = (await exportEntities(users, params)).map((user) => {
+				if (!includePasswordHash) {
+					delete user.passwordHash;
+				}
+				return user;
+			});
+
 			return c.json({
 				version: 1,
-				exportedAt: new Date().toISOString(),
+				...(params.includeMetadata ? { exportedAt: new Date().toISOString() } : {}),
+				...(recoveryKey ? { recoveryKey } : {}),
 				volumes: exportVolumes,
 				repositories: exportRepositories,
 				backupSchedules,
 				notificationDestinations: exportNotifications,
-				admin: admin ? {
-					username: admin.username,
-					...(includePasswordHash ? { passwordHash: admin.passwordHash } : {}),
-					...(recoveryKey ? { recoveryKey } : {}),
-				} : null,
+				users: exportUsers,
 			});
 		} catch (err) {
 			logger.error(`Config export failed: ${err instanceof Error ? err.message : String(err)}`);
 			return c.json({ error: err instanceof Error ? err.message : "Failed to export config" }, 500);
 		}
-	})
-	.post("/export/volumes", volumesExportDto, validator("json", entityExportBodySchema), async (c) => {
-		try {
-			const body = c.req.valid("json") as EntityExportBody;
-
-			// Verify password - required for all exports
-			const verification = await verifyExportPassword(c, body.password);
-			if (!verification.valid) {
-				return c.json({ error: verification.error }, 401);
-			}
-
-			const params = parseExportParamsFromBody(body);
-
-			let volumes;
-			// Prefer name over id since volumeService.getVolume expects name (slug)
-			if (body.name) {
-				try {
-					const result = await volumeService.getVolume(body.name);
-					volumes = [result.volume];
-				} catch {
-					return c.json({ error: `Volume '${body.name}' not found` }, 404);
-				}
-			} else if (body.id !== undefined) {
-				// If only ID provided, find volume by numeric ID from list
-				const id = typeof body.id === "string" ? Number.parseInt(body.id, 10) : body.id;
-				if (Number.isNaN(id)) {
-					return c.json({ error: "Invalid volume ID" }, 400);
-				}
-				const allVolumes = await volumeService.listVolumes();
-				const volume = allVolumes.find((v) => v.id === id);
-				if (!volume) {
-					return c.json({ error: `Volume with ID '${body.id}' not found` }, 404);
-				}
-				volumes = [volume];
-			} else {
-				volumes = await volumeService.listVolumes();
-			}
-
-			return c.json({ volumes: await exportEntities(volumes, params) });
-		} catch (err) {
-			logger.error(`Volumes export failed: ${err instanceof Error ? err.message : String(err)}`);
-			return c.json({ error: `Failed to export volumes: ${err instanceof Error ? err.message : String(err)}` }, 500);
-		}
-	})
-	.post("/export/repositories", repositoriesExportDto, validator("json", entityExportBodySchema), async (c) => {
-		try {
-			const body = c.req.valid("json") as EntityExportBody;
-
-			// Verify password - required for all exports
-			const verification = await verifyExportPassword(c, body.password);
-			if (!verification.valid) {
-				return c.json({ error: verification.error }, 401);
-			}
-
-			const params = parseExportParamsFromBody(body);
-
-			let repositories;
-			// Prefer name over id since repositoriesService.getRepository expects name (slug)
-			if (body.name) {
-				try {
-					const result = await repositoriesService.getRepository(body.name);
-					repositories = [result.repository];
-				} catch {
-					return c.json({ error: `Repository '${body.name}' not found` }, 404);
-				}
-			} else if (body.id !== undefined) {
-				// If only ID provided, find repository by ID from list
-				// Repository IDs are strings (UUIDs), not numeric
-				const allRepositories = await repositoriesService.listRepositories();
-				const repository = allRepositories.find((r) => r.id === String(body.id));
-				if (!repository) {
-					return c.json({ error: `Repository with ID '${body.id}' not found` }, 404);
-				}
-				repositories = [repository];
-			} else {
-				repositories = await repositoriesService.listRepositories();
-			}
-
-			return c.json({ repositories: await exportEntities(repositories, params) });
-		} catch (err) {
-			logger.error(`Repositories export failed: ${err instanceof Error ? err.message : String(err)}`);
-			return c.json({ error: `Failed to export repositories: ${err instanceof Error ? err.message : String(err)}` }, 500);
-		}
-	})
-	.post("/export/notification-destinations", notificationsExportDto, validator("json", entityExportBodySchema), async (c) => {
-		try {
-			const body = c.req.valid("json") as EntityExportBody;
-
-			// Verify password - required for all exports
-			const verification = await verifyExportPassword(c, body.password);
-			if (!verification.valid) {
-				return c.json({ error: verification.error }, 401);
-			}
-
-			const params = parseExportParamsFromBody(body);
-
-			let notifications;
-			if (body.id !== undefined) {
-				const id = typeof body.id === "string" ? Number.parseInt(body.id, 10) : body.id;
-				if (Number.isNaN(id)) {
-					return c.json({ error: "Invalid notification destination ID" }, 400);
-				}
-				try {
-					const destination = await notificationsService.getDestination(id);
-					notifications = [destination];
-				} catch {
-					return c.json({ error: `Notification destination with ID '${body.id}' not found` }, 404);
-				}
-			} else if (body.name) {
-				// notificationsService doesn't have getByName, so we list and filter
-				const allDestinations = await notificationsService.listDestinations();
-				const destination = allDestinations.find((d) => d.name === body.name);
-				if (!destination) {
-					return c.json({ error: `Notification destination '${body.name}' not found` }, 404);
-				}
-				notifications = [destination];
-			} else {
-				notifications = await notificationsService.listDestinations();
-			}
-
-			return c.json({ notificationDestinations: await exportEntities(notifications, params) });
-		} catch (err) {
-			logger.error(`Notification destinations export failed: ${err instanceof Error ? err.message : String(err)}`);
-			return c.json({ error: `Failed to export notification destinations: ${err instanceof Error ? err.message : String(err)}` }, 500);
-		}
-	})
-	.post("/export/backup-schedules", backupSchedulesExportDto, validator("json", backupScheduleExportBodySchema), async (c) => {
-		try {
-			const body = c.req.valid("json") as BackupScheduleExportBody;
-
-			// Verify password - required for all exports
-			const verification = await verifyExportPassword(c, body.password);
-			if (!verification.valid) {
-				return c.json({ error: verification.error }, 401);
-			}
-
-			const params = parseExportParamsFromBody(body);
-
-			// Get all related data for name resolution
-			const [volumes, repositories, notifications, scheduleNotifications] = await Promise.all([
-				volumeService.listVolumes(),
-				repositoriesService.listRepositories(),
-				notificationsService.listDestinations(),
-				db.select().from(backupScheduleNotificationsTable),
-			]);
-
-			let schedules;
-			if (body.id !== undefined) {
-				try {
-					const schedule = await backupsService.getSchedule(body.id);
-					schedules = [schedule];
-				} catch {
-					return c.json({ error: `Backup schedule with ID '${body.id}' not found` }, 404);
-				}
-			} else {
-				schedules = await backupsService.listSchedules();
-			}
-
-			const volumeMap = new Map<number, string>(volumes.map((v) => [v.id, v.name]));
-			const repoMap = new Map<string, string>(repositories.map((r) => [r.id, r.name]));
-			const notificationMap = new Map<number, string>(notifications.map((n) => [n.id, n.name]));
-
-			const backupSchedules = transformBackupSchedules(
-				schedules, scheduleNotifications, volumeMap, repoMap, notificationMap, params
-			);
-
-			return c.json({ backupSchedules });
-		} catch (err) {
-			logger.error(`Backup schedules export failed: ${err instanceof Error ? err.message : String(err)}`);
-			return c.json({ error: `Failed to export backup schedules: ${err instanceof Error ? err.message : String(err)}` }, 500);
-		}
-	});
-
-
+	}
+);
diff --git a/app/server/modules/lifecycle/config-export.dto.ts b/app/server/modules/lifecycle/config-export.dto.ts
index ce5d53ab..e4da4b48 100644
--- a/app/server/modules/lifecycle/config-export.dto.ts
+++ b/app/server/modules/lifecycle/config-export.dto.ts
@@ -3,47 +3,20 @@ import { describeRoute, resolver } from "hono-openapi";
 
 const secretsModeSchema = type("'exclude' | 'encrypted' | 'cleartext'");
 
-const baseExportBodySchema = type({
-	/** Include database IDs in export (default: true) */
-	"includeIds?": "boolean",
-	/** Include createdAt/updatedAt timestamps (default: true) */
-	"includeTimestamps?": "boolean",
-	/** Include runtime state like status, health checks (default: false) */
-	"includeRuntimeState?": "boolean",
+export const fullExportBodySchema = type({
+	/** Include metadata (IDs, timestamps, runtime state) in export (default: false) */
+	"includeMetadata?": "boolean",
 	/** How to handle secrets: exclude, encrypted, or cleartext (default: exclude) */
 	"secretsMode?": secretsModeSchema,
 	/** Password required for authentication */
 	password: "string",
+	/** Include the recovery key (requires password) */
+	"includeRecoveryKey?": "boolean",
+	/** Include the admin password hash */
+	"includePasswordHash?": "boolean",
 });
 
-export const fullExportBodySchema = baseExportBodySchema.and(
-	type({
-		/** Include the recovery key (requires password) */
-		"includeRecoveryKey?": "boolean",
-		/** Include the admin password hash */
-		"includePasswordHash?": "boolean",
-	})
-);
-
-export const entityExportBodySchema = baseExportBodySchema.and(
-	type({
-		/** Filter by ID */
-		"id?": "string | number",
-		/** Filter by name */
-		"name?": "string",
-	})
-);
-
-export const backupScheduleExportBodySchema = baseExportBodySchema.and(
-	type({
-		/** Filter by ID */
-		"id?": "number",
-	})
-);
-
 export type FullExportBody = typeof fullExportBodySchema.infer;
-export type EntityExportBody = typeof entityExportBodySchema.infer;
-export type BackupScheduleExportBody = typeof backupScheduleExportBodySchema.infer;
 export type SecretsMode = typeof secretsModeSchema.infer;
 
 const exportResponseSchema = type({
@@ -60,22 +33,6 @@ const exportResponseSchema = type({
 	}).or("null"),
 });
 
-const volumesExportResponseSchema = type({
-	volumes: "unknown[]",
-});
-
-const repositoriesExportResponseSchema = type({
-	repositories: "unknown[]",
-});
-
-const notificationsExportResponseSchema = type({
-	notificationDestinations: "unknown[]",
-});
-
-const backupSchedulesExportResponseSchema = type({
-	backupSchedules: "unknown[]",
-});
-
 const errorResponseSchema = type({
 	error: "string",
 });
@@ -111,195 +68,3 @@ export const fullExportDto = describeRoute({
 		},
 	},
 });
-
-export const volumesExportDto = describeRoute({
-	description: "Export volumes configuration",
-	operationId: "exportVolumes",
-	tags: ["Config Export"],
-	responses: {
-		200: {
-			description: "Volumes configuration export",
-			content: {
-				"application/json": {
-					schema: resolver(volumesExportResponseSchema),
-				},
-			},
-		},
-		400: {
-			description: "Invalid request",
-			content: {
-				"application/json": {
-					schema: resolver(errorResponseSchema),
-				},
-			},
-		},
-		401: {
-			description: "Password required for export",
-			content: {
-				"application/json": {
-					schema: resolver(errorResponseSchema),
-				},
-			},
-		},
-		404: {
-			description: "Volume not found",
-			content: {
-				"application/json": {
-					schema: resolver(errorResponseSchema),
-				},
-			},
-		},
-		500: {
-			description: "Export failed",
-			content: {
-				"application/json": {
-					schema: resolver(errorResponseSchema),
-				},
-			},
-		},
-	},
-});
-
-export const repositoriesExportDto = describeRoute({
-	description: "Export repositories configuration",
-	operationId: "exportRepositories",
-	tags: ["Config Export"],
-	responses: {
-		200: {
-			description: "Repositories configuration export",
-			content: {
-				"application/json": {
-					schema: resolver(repositoriesExportResponseSchema),
-				},
-			},
-		},
-		400: {
-			description: "Invalid request",
-			content: {
-				"application/json": {
-					schema: resolver(errorResponseSchema),
-				},
-			},
-		},
-		401: {
-			description: "Password required for sensitive export options",
-			content: {
-				"application/json": {
-					schema: resolver(errorResponseSchema),
-				},
-			},
-		},
-		404: {
-			description: "Repository not found",
-			content: {
-				"application/json": {
-					schema: resolver(errorResponseSchema),
-				},
-			},
-		},
-		500: {
-			description: "Export failed",
-			content: {
-				"application/json": {
-					schema: resolver(errorResponseSchema),
-				},
-			},
-		},
-	},
-});
-
-export const notificationsExportDto = describeRoute({
-	description: "Export notification destinations configuration",
-	operationId: "exportNotificationDestinations",
-	tags: ["Config Export"],
-	responses: {
-		200: {
-			description: "Notification destinations configuration export",
-			content: {
-				"application/json": {
-					schema: resolver(notificationsExportResponseSchema),
-				},
-			},
-		},
-		400: {
-			description: "Invalid request",
-			content: {
-				"application/json": {
-					schema: resolver(errorResponseSchema),
-				},
-			},
-		},
-		401: {
-			description: "Password required for sensitive export options",
-			content: {
-				"application/json": {
-					schema: resolver(errorResponseSchema),
-				},
-			},
-		},
-		404: {
-			description: "Notification destination not found",
-			content: {
-				"application/json": {
-					schema: resolver(errorResponseSchema),
-				},
-			},
-		},
-		500: {
-			description: "Export failed",
-			content: {
-				"application/json": {
-					schema: resolver(errorResponseSchema),
-				},
-			},
-		},
-	},
-});
-
-export const backupSchedulesExportDto = describeRoute({
-	description: "Export backup schedules configuration",
-	operationId: "exportBackupSchedules",
-	tags: ["Config Export"],
-	responses: {
-		200: {
-			description: "Backup schedules configuration export",
-			content: {
-				"application/json": {
-					schema: resolver(backupSchedulesExportResponseSchema),
-				},
-			},
-		},
-		400: {
-			description: "Invalid request",
-			content: {
-				"application/json": {
-					schema: resolver(errorResponseSchema),
-				},
-			},
-		},
-		401: {
-			description: "Password required for export",
-			content: {
-				"application/json": {
-					schema: resolver(errorResponseSchema),
-				},
-			},
-		},
-		404: {
-			description: "Backup schedule not found",
-			content: {
-				"application/json": {
-					schema: resolver(errorResponseSchema),
-				},
-			},
-		},
-		500: {
-			description: "Export failed",
-			content: {
-				"application/json": {
-					schema: resolver(errorResponseSchema),
-				},
-			},
-		},
-	},
-});

From 63f67b3b302a67c0c938b9fa67a5d12115088a52 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= <jakub.travnik@gmail.com>
Date: Tue, 16 Dec 2025 11:48:55 +0100
Subject: [PATCH 35/49] corrected schema for export after changes

---
 app/server/modules/lifecycle/config-export.dto.ts | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/app/server/modules/lifecycle/config-export.dto.ts b/app/server/modules/lifecycle/config-export.dto.ts
index e4da4b48..0d4399d1 100644
--- a/app/server/modules/lifecycle/config-export.dto.ts
+++ b/app/server/modules/lifecycle/config-export.dto.ts
@@ -20,17 +20,21 @@ export type FullExportBody = typeof fullExportBodySchema.infer;
 export type SecretsMode = typeof secretsModeSchema.infer;
 
 const exportResponseSchema = type({
-	"version?": "number",
+	version: "number",
 	"exportedAt?": "string",
+	"recoveryKey?": "string",
 	"volumes?": "unknown[]",
 	"repositories?": "unknown[]",
 	"backupSchedules?": "unknown[]",
 	"notificationDestinations?": "unknown[]",
-	"admin?": type({
+	"users?": type({
+		"id?": "number",
 		username: "string",
 		"passwordHash?": "string",
-		"recoveryKey?": "string",
-	}).or("null"),
+		"createdAt?": "number",
+		"updatedAt?": "number",
+		"hasDownloadedResticPassword?": "boolean",
+	}).array(),
 });
 
 const errorResponseSchema = type({

From 66f8ff0e509245c2c92781de5a20f2a54aec494b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= <jakub.travnik@gmail.com>
Date: Tue, 16 Dec 2025 12:47:20 +0100
Subject: [PATCH 36/49] few missing corrections related to all users export
 instead of just admin

---
 app/client/api-client/types.gen.ts             | 18 +++++++++++-------
 app/client/components/export-dialog.tsx        |  2 +-
 .../modules/lifecycle/config-export.dto.ts     |  6 +++---
 3 files changed, 15 insertions(+), 11 deletions(-)

diff --git a/app/client/api-client/types.gen.ts b/app/client/api-client/types.gen.ts
index efb9bb73..d196feef 100644
--- a/app/client/api-client/types.gen.ts
+++ b/app/client/api-client/types.gen.ts
@@ -2631,7 +2631,7 @@ export type ExportFullConfigData = {
 
 export type ExportFullConfigErrors = {
     /**
-     * Password required for sensitive export options
+     * Password required for export or authentication failed
      */
     401: {
         error: string;
@@ -2651,16 +2651,20 @@ export type ExportFullConfigResponses = {
      * Full configuration export
      */
     200: {
-        admin?: {
-            username: string;
-            passwordHash?: string;
-            recoveryKey?: string;
-        } | null;
+        version: number;
         backupSchedules?: Array<unknown>;
         exportedAt?: string;
         notificationDestinations?: Array<unknown>;
+        recoveryKey?: string;
         repositories?: Array<unknown>;
-        version?: number;
+        users?: Array<{
+            username: string;
+            createdAt?: number;
+            hasDownloadedResticPassword?: boolean;
+            id?: number;
+            passwordHash?: string;
+            updatedAt?: number;
+        }>;
         volumes?: Array<unknown>;
     };
 };
diff --git a/app/client/components/export-dialog.tsx b/app/client/components/export-dialog.tsx
index 36c5cdd8..00db200b 100644
--- a/app/client/components/export-dialog.tsx
+++ b/app/client/components/export-dialog.tsx
@@ -224,7 +224,7 @@ export function ExportDialog({
 							</Label>
 						</div>
 						<p className="text-xs text-muted-foreground ml-7">
-							Include the hashed admin password for seamless migration. The password is already securely
+							Include the hashed user passwords for seamless migration. The passwords are already securely
 							hashed (argon2).
 						</p>
 
diff --git a/app/server/modules/lifecycle/config-export.dto.ts b/app/server/modules/lifecycle/config-export.dto.ts
index 0d4399d1..f7a57561 100644
--- a/app/server/modules/lifecycle/config-export.dto.ts
+++ b/app/server/modules/lifecycle/config-export.dto.ts
@@ -10,9 +10,9 @@ export const fullExportBodySchema = type({
 	"secretsMode?": secretsModeSchema,
 	/** Password required for authentication */
 	password: "string",
-	/** Include the recovery key (requires password) */
+	/** Include the recovery key */
 	"includeRecoveryKey?": "boolean",
-	/** Include the admin password hash */
+	/** Include the user password hash */
 	"includePasswordHash?": "boolean",
 });
 
@@ -55,7 +55,7 @@ export const fullExportDto = describeRoute({
 			},
 		},
 		401: {
-			description: "Password required for sensitive export options",
+			description: "Password required for export or authentication failed",
 			content: {
 				"application/json": {
 					schema: resolver(errorResponseSchema),

From ded9d935ce5b22ce18dd0a9885da9056f80af5cf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= <jakub.travnik@gmail.com>
Date: Tue, 16 Dec 2025 13:07:00 +0100
Subject: [PATCH 37/49] Merge main into config-export-feature

---
 .github/copilot-instructions.md               |   1 +
 .github/workflows/release.yml                 |   4 +-
 AGENTS.md                                     | 267 ++++++
 Dockerfile                                    |   6 +-
 README.md                                     |  10 +-
 .../api-client/@tanstack/react-query.gen.ts   |  57 +-
 app/client/api-client/sdk.gen.ts              |  36 +-
 app/client/api-client/types.gen.ts            | 340 +++++++-
 .../components/create-repository-form.tsx     | 784 -----------------
 app/client/components/create-volume-form.tsx  | 593 -------------
 app/client/components/restore-form.tsx        |   1 +
 app/client/components/snapshots-table.tsx     | 160 ++--
 app/client/components/volume-icon.tsx         |   6 +
 app/client/hooks/use-server-events.ts         |  33 +-
 .../components/create-schedule-form.tsx       | 138 ++-
 .../components/schedule-mirrors-config.tsx    | 352 ++++++++
 .../schedule-notifications-config.tsx         |  19 +-
 .../backups/components/schedule-summary.tsx   |  28 +-
 .../components/snapshot-file-browser.tsx      |   4 +-
 .../modules/backups/routes/backup-details.tsx |  33 +-
 app/client/modules/backups/routes/backups.tsx |  23 +-
 .../modules/backups/routes/create-backup.tsx  |   5 +-
 .../components/create-notification-form.tsx   |   4 +-
 .../routes/create-notification.tsx            |   3 +-
 .../routes/notification-details.tsx           |  14 +-
 .../notifications/routes/notifications.tsx    |   2 -
 .../components/create-repository-form.tsx     | 275 ++++++
 .../azure-repository-form.tsx                 |  78 ++
 .../repository-forms/gcs-repository-form.tsx  |  65 ++
 .../components/repository-forms/index.ts      |   8 +
 .../local-repository-form.tsx                 | 103 +++
 .../repository-forms/r2-repository-form.tsx   |  80 ++
 .../rclone-repository-form.tsx                |  96 ++
 .../repository-forms/rest-repository-form.tsx |  78 ++
 .../repository-forms/s3-repository-form.tsx   |  78 ++
 .../repository-forms/sftp-repository-form.tsx | 101 +++
 .../repositories/routes/create-repository.tsx |  10 +-
 .../repositories/routes/repositories.tsx      |   4 +-
 .../routes/repository-details.tsx             |  20 +-
 app/client/modules/repositories/tabs/info.tsx |   9 +-
 .../modules/repositories/tabs/snapshots.tsx   |  13 +-
 .../modules/settings/routes/settings.tsx      |   5 +-
 .../volumes/components/create-volume-form.tsx | 218 +++++
 .../volumes/components/healthchecks-card.tsx  |   3 +-
 .../volume-forms/directory-form.tsx           |  51 ++
 .../volumes/components/volume-forms/index.ts  |   5 +
 .../components/volume-forms/nfs-form.tsx      | 120 +++
 .../components/volume-forms/rclone-form.tsx   | 127 +++
 .../components/volume-forms/smb-form.tsx      | 163 ++++
 .../components/volume-forms/webdav-form.tsx   | 146 ++++
 .../modules/volumes/routes/create-volume.tsx  |   5 +-
 .../modules/volumes/routes/volume-details.tsx |   5 +-
 app/client/modules/volumes/routes/volumes.tsx |   2 -
 app/client/modules/volumes/tabs/info.tsx      |   8 +-
 app/drizzle/0018_breezy_invaders.sql          | 139 +++
 app/drizzle/0019_secret_nomad.sql             |  24 +
 app/drizzle/0020_even_dexter_bennett.sql      |   1 +
 app/drizzle/0021_steady_viper.sql             |   1 +
 app/drizzle/meta/0018_snapshot.json           | 792 +++++++++++++++++
 app/drizzle/meta/0019_snapshot.json           | 807 +++++++++++++++++
 app/drizzle/meta/0020_snapshot.json           | 815 +++++++++++++++++
 app/drizzle/meta/0021_snapshot.json           | 823 ++++++++++++++++++
 app/drizzle/meta/_journal.json                | 290 +++---
 app/schemas/notifications.ts                  |   4 +-
 app/schemas/volumes.ts                        |  10 +-
 app/server/core/capabilities.ts               |  16 +-
 app/server/core/config.ts                     |   4 +-
 app/server/core/events.ts                     |   8 +
 app/server/core/repository-mutex.ts           | 180 ++++
 app/server/db/db.ts                           |   4 +-
 app/server/db/schema.ts                       |  42 +-
 app/server/jobs/repository-healthchecks.ts    |   6 +
 app/server/modules/backends/backend.ts        |   4 +
 .../modules/backends/rclone/rclone-backend.ts | 128 +++
 .../modules/backends/smb/smb-backend.ts       |   5 +-
 .../modules/backends/webdav/webdav-backend.ts |   4 +-
 .../modules/backups/backups.controller.ts     |  28 +-
 app/server/modules/backups/backups.dto.ts     |  91 ++
 app/server/modules/backups/backups.service.ts | 280 +++++-
 .../modules/events/events.controller.ts       |  24 +
 app/server/modules/lifecycle/startup.ts       |   2 +-
 .../modules/notifications/builders/email.ts   |   7 +-
 .../notifications/notifications.dto.ts        |   2 +
 .../notifications/notifications.service.ts    |   8 +-
 .../repositories/repositories.controller.ts   |   2 +
 .../modules/repositories/repositories.dto.ts  |   1 +
 .../repositories/repositories.service.ts      | 192 ++--
 app/server/modules/volumes/volume.service.ts  |  30 +-
 app/server/utils/backend-compatibility.ts     | 148 ++++
 app/server/utils/crypto.ts                    |  10 +-
 app/server/utils/logger.ts                    |   6 +-
 app/server/utils/restic.ts                    | 112 ++-
 biome.json                                    |   3 +-
 bun.lock                                      | 285 ++----
 docker-compose.yml                            |   1 +
 package.json                                  |  72 +-
 96 files changed, 8126 insertions(+), 2084 deletions(-)
 create mode 100644 .github/copilot-instructions.md
 create mode 100644 AGENTS.md
 delete mode 100644 app/client/components/create-repository-form.tsx
 delete mode 100644 app/client/components/create-volume-form.tsx
 create mode 100644 app/client/modules/backups/components/schedule-mirrors-config.tsx
 create mode 100644 app/client/modules/repositories/components/create-repository-form.tsx
 create mode 100644 app/client/modules/repositories/components/repository-forms/azure-repository-form.tsx
 create mode 100644 app/client/modules/repositories/components/repository-forms/gcs-repository-form.tsx
 create mode 100644 app/client/modules/repositories/components/repository-forms/index.ts
 create mode 100644 app/client/modules/repositories/components/repository-forms/local-repository-form.tsx
 create mode 100644 app/client/modules/repositories/components/repository-forms/r2-repository-form.tsx
 create mode 100644 app/client/modules/repositories/components/repository-forms/rclone-repository-form.tsx
 create mode 100644 app/client/modules/repositories/components/repository-forms/rest-repository-form.tsx
 create mode 100644 app/client/modules/repositories/components/repository-forms/s3-repository-form.tsx
 create mode 100644 app/client/modules/repositories/components/repository-forms/sftp-repository-form.tsx
 create mode 100644 app/client/modules/volumes/components/create-volume-form.tsx
 create mode 100644 app/client/modules/volumes/components/volume-forms/directory-form.tsx
 create mode 100644 app/client/modules/volumes/components/volume-forms/index.ts
 create mode 100644 app/client/modules/volumes/components/volume-forms/nfs-form.tsx
 create mode 100644 app/client/modules/volumes/components/volume-forms/rclone-form.tsx
 create mode 100644 app/client/modules/volumes/components/volume-forms/smb-form.tsx
 create mode 100644 app/client/modules/volumes/components/volume-forms/webdav-form.tsx
 create mode 100644 app/drizzle/0018_breezy_invaders.sql
 create mode 100644 app/drizzle/0019_secret_nomad.sql
 create mode 100644 app/drizzle/0020_even_dexter_bennett.sql
 create mode 100644 app/drizzle/0021_steady_viper.sql
 create mode 100644 app/drizzle/meta/0018_snapshot.json
 create mode 100644 app/drizzle/meta/0019_snapshot.json
 create mode 100644 app/drizzle/meta/0020_snapshot.json
 create mode 100644 app/drizzle/meta/0021_snapshot.json
 create mode 100644 app/server/core/repository-mutex.ts
 create mode 100644 app/server/modules/backends/rclone/rclone-backend.ts
 create mode 100644 app/server/utils/backend-compatibility.ts

diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md
new file mode 100644
index 00000000..11d4b9cf
--- /dev/null
+++ b/.github/copilot-instructions.md
@@ -0,0 +1 @@
+- This project uses the AGENTS.md file to give detailed information about the repository structure and development commands. Make sure to read this file before starting development.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 16e8d9a0..dadfa1b3 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -62,8 +62,6 @@ jobs:
             type=semver,pattern={{major}}.{{minor}}.{{patch}},prefix=v,enable=${{ needs.determine-release-type.outputs.release_type == 'release' }}
           flavor: |
             latest=${{ needs.determine-release-type.outputs.release_type == 'release' }}
-          cache-from: type=registry,ref=ghcr.io/nicotsx/zerobyte:buildcache
-          cache-to: type=registry,ref=ghcr.io/nicotsx/zerobyte:buildcache,mode=max
 
       - name: Build and push images
         uses: docker/build-push-action@v6
@@ -76,6 +74,8 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
           build-args: |
             APP_VERSION=${{ needs.determine-release-type.outputs.tagname }}
+          cache-from: type=registry,ref=ghcr.io/nicotsx/zerobyte:buildcache
+          cache-to: type=registry,ref=ghcr.io/nicotsx/zerobyte:buildcache,mode=max
 
   publish-release:
     runs-on: ubuntu-latest
diff --git a/AGENTS.md b/AGENTS.md
new file mode 100644
index 00000000..136692d0
--- /dev/null
+++ b/AGENTS.md
@@ -0,0 +1,267 @@
+# AGENTS.md
+
+## Important instructions
+
+- Never create migration files manually. Always use the provided command to generate migrations
+- If you realize an automated migration is incorrect, make sure to remove all the associated entries from the `_journal.json` and the newly created files located in `app/drizzle/` before re-generating the migration
+
+## Project Overview
+
+Zerobyte is a backup automation tool built on top of Restic that provides a web interface for scheduling, managing, and monitoring encrypted backups. It supports multiple volume backends (NFS, SMB, WebDAV, local directories) and repository backends (S3, Azure, GCS, local, and rclone-based storage).
+
+## Technology Stack
+
+- **Runtime**: Bun 1.3.1
+- **Server**: Hono (web framework) with Bun runtime
+- **Client**: React Router v7 (SSR) with React 19
+- **Database**: SQLite with Drizzle ORM
+- **Validation**: ArkType for runtime schema validation
+- **Styling**: Tailwind CSS v4 + Radix UI components
+- **Architecture**: Unified application structure (not a monorepo)
+- **Code Quality**: Biome (formatter & linter)
+- **Containerization**: Docker with multi-stage builds
+
+## Repository Structure
+
+This is a unified application with the following structure:
+
+- `app/server` - Bun-based API server with Hono
+- `app/client` - React Router SSR frontend components and modules
+- `app/schemas` - Shared ArkType schemas for validation
+- `app/drizzle` - Database migrations
+
+### Type Checking
+
+```bash
+# Run type checking and generate React Router types
+bun run tsc
+```
+
+### Building
+
+```bash
+# Build for production
+bun run build
+```
+
+### Database Migrations
+
+```bash
+# Generate new migration from schema changes
+bun gen:migrations
+
+# Generate a custom empty migration
+bunx drizzle-kit generate --custom --name=fix-timestamps-to-ms
+
+```
+
+### API Client Generation
+
+```bash
+# Generate TypeScript API client from OpenAPI spec
+# Note: Server is always running don't need to start it separately
+bun run gen:api-client
+```
+
+### Code Quality
+
+```bash
+# Format and lint (Biome)
+bunx biome check --write .
+
+# Format only
+bunx biome format --write .
+
+# Lint only
+bunx biome lint .
+```
+
+## Architecture
+
+### Server Architecture
+
+The server follows a modular service-oriented architecture:
+
+**Entry Point**: `app/server/index.ts`
+
+- Initializes servers using `react-router-hono-server`:
+  1. Main API server on port 4096 (REST API + serves static frontend)
+  2. Docker volume plugin server on Unix socket `/run/docker/plugins/zerobyte.sock` (optional, if Docker is available)
+
+**Modules** (`app/server/modules/`):
+Each module follows a controller � service � database pattern:
+
+- `auth/` - User authentication and session management
+- `volumes/` - Volume mounting/unmounting (NFS, SMB, WebDAV, directories)
+- `repositories/` - Restic repository management (S3, Azure, GCS, local, rclone)
+- `backups/` - Backup schedule management and execution
+- `notifications/` - Notification system with multiple providers (Discord, email, Gotify, Ntfy, Slack, Pushover)
+- `driver/` - Docker volume plugin implementation
+- `events/` - Server-Sent Events for real-time updates
+- `system/` - System information and capabilities
+- `lifecycle/` - Application startup/shutdown hooks
+
+**Backends** (`app/server/modules/backends/`):
+Each volume backend (NFS, SMB, WebDAV, directory) implements mounting logic using system tools (mount.nfs, mount.cifs, davfs2).
+
+**Jobs** (`app/server/jobs/`):
+Cron-based background jobs managed by the Scheduler:
+
+- `backup-execution.ts` - Runs scheduled backups (every minute)
+- `cleanup-dangling.ts` - Removes stale mounts (hourly)
+- `healthchecks.ts` - Checks volume health (every 5 minutes)
+- `repository-healthchecks.ts` - Validates repositories (every 10 minutes)
+- `cleanup-sessions.ts` - Expires old sessions (daily)
+
+**Core** (`app/server/core/`):
+
+- `scheduler.ts` - Job scheduling system using node-cron
+- `capabilities.ts` - Detects available system features (Docker support, etc.)
+- `constants.ts` - Application-wide constants
+
+**Utils** (`app/server/utils/`):
+
+- `restic.ts` - Restic CLI wrapper with type-safe output parsing
+- `spawn.ts` - Safe subprocess execution helpers
+- `logger.ts` - Winston-based logging
+- `crypto.ts` - Encryption utilities
+- `errors.ts` - Error handling middleware
+
+**Database** (`app/server/db/`):
+
+- Uses Drizzle ORM with SQLite
+- Schema in `schema.ts` defines: volumes, repositories, backup schedules, notifications, users, sessions
+- Migrations: `app/drizzle/`
+
+### Client Architecture
+
+**Framework**: React Router v7 with SSR
+**Entry Point**: `app/root.tsx`
+
+The client uses:
+
+- TanStack Query for server state management
+- Auto-generated API client from OpenAPI spec (in `app/client/api-client/`)
+- Radix UI primitives with custom Tailwind styling
+- Server-Sent Events hook (`use-server-events.ts`) for real-time updates
+
+Routes are organized in feature modules at `app/client/modules/*/routes/`.
+
+### Shared Schemas
+
+`app/schemas/` contains ArkType schemas used by both client and server:
+
+- Volume configurations (NFS, SMB, WebDAV, directory)
+- Repository configurations (S3, Azure, GCS, local, rclone)
+- Restic command output parsing types
+- Backend status types
+
+These schemas provide runtime validation and TypeScript types.
+
+## Restic Integration
+
+Zerobyte is a wrapper around Restic for backup operations. Key integration points:
+
+**Repository Management**:
+
+- Creates/initializes Restic repositories via `restic init`
+- Supports multiple backends: local, S3, Azure Blob Storage, Google Cloud Storage, or any rclone-supported backend
+- Stores single encryption password in `/var/lib/zerobyte/restic/password` (auto-generated on first run)
+
+**Backup Operations**:
+
+- Executes `restic backup` with user-defined schedules (cron expressions)
+- Supports include/exclude patterns for selective backups
+- Parses JSON output for progress tracking and statistics
+- Implements retention policies via `restic forget --prune`
+
+**Repository Utilities** (`utils/restic.ts`):
+
+- `buildRepoUrl()` - Constructs repository URLs for different backends
+- `buildEnv()` - Sets environment variables (credentials, cache dir)
+- `ensurePassfile()` - Manages encryption password file
+- Type-safe parsing of Restic JSON output using ArkType schemas
+
+**Rclone Integration** (`app/server/modules/repositories/`):
+
+- Allows using any rclone backend as a Restic repository
+- Dynamically generates rclone config and passes via environment variables
+- Supports backends like Dropbox, Google Drive, OneDrive, Backblaze B2, etc.
+
+## Docker Volume Plugin
+
+When Docker socket is available (`/var/run/docker.sock`), Zerobyte registers as a Docker volume plugin:
+
+**Plugin Location**: `/run/docker/plugins/zerobyte.sock`
+**Implementation**: `app/server/modules/driver/driver.controller.ts`
+
+This allows other containers to mount Zerobyte volumes using Docker.
+
+The plugin implements the Docker Volume Plugin API v1.
+
+## Environment & Configuration
+
+**Runtime Environment Variables**:
+
+- Database path: `./data/zerobyte.db` (configurable via `drizzle.config.ts`)
+- Restic cache: `/var/lib/zerobyte/restic/cache`
+- Restic password: `/var/lib/zerobyte/restic/password`
+- Volume mounts: `/var/lib/zerobyte/mounts/<volume-name>`
+- Local repositories: `/var/lib/zerobyte/repositories/<repo-name>`
+
+**Capabilities Detection**:
+On startup, the server detects available capabilities (see `core/capabilities.ts`):
+
+- **Docker**: Requires `/var/run/docker.sock` access
+- System will gracefully degrade if capabilities are unavailable
+
+## Common Workflows
+
+### Adding a New Volume Backend
+
+1. Create backend implementation in `app/server/modules/backends/<backend>/`
+2. Implement `mount()` and `unmount()` methods
+3. Add schema to `app/schemas/volumes.ts`
+4. Update `volumeConfigSchema` discriminated union
+5. Update backend factory in `app/server/modules/backends/backend.ts`
+
+### Adding a New Repository Backend
+
+1. Add backend type to `app/schemas/restic.ts`
+2. Update `buildRepoUrl()` in `app/server/utils/restic.ts`
+3. Update `buildEnv()` to handle credentials/configuration
+4. Add DTO schemas in `app/server/modules/repositories/repositories.dto.ts`
+5. Update repository service to handle new backend
+
+### Adding a New Scheduled Job
+
+1. Create job class in `app/server/jobs/<job-name>.ts` extending `Job`
+2. Implement `run()` method
+3. Register in `app/server/modules/lifecycle/startup.ts` with cron expression:
+   ```typescript
+   Scheduler.build(YourJob).schedule("* * * * *");
+   ```
+
+## Important Notes
+
+- **Code Style**: Uses Biome with tabs (not spaces), 120 char line width, double quotes
+- **Imports**: Organize imports is disabled in Biome - do not auto-organize
+- **TypeScript**: Uses `"type": "module"` - all imports must include extensions when targeting Node/Bun
+- **Validation**: Prefer ArkType over Zod - it's used throughout the codebase
+- **Database**: Timestamps are stored as Unix epoch integers, not ISO strings
+- **Security**: Restic password file has 0600 permissions - never expose it
+- **Mounting**: Requires privileged container or CAP_SYS_ADMIN for FUSE mounts
+- **API Documentation**: OpenAPI spec auto-generated at `/api/v1/openapi.json`, docs at `/api/v1/docs`
+
+## Docker Development Setup
+
+The `docker-compose.yml` defines two services:
+
+- `zerobyte-dev` - Development with hot reload (uses `development` stage)
+- `zerobyte-prod` - Production build (uses `production` stage)
+
+Both mount:
+
+- `/var/lib/zerobyte` for persistent data
+- `/dev/fuse` device for FUSE mounting
+- Optionally `/var/run/docker.sock` for Docker plugin functionality
diff --git a/Dockerfile b/Dockerfile
index 52676669..206d294b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,8 +1,8 @@
-ARG BUN_VERSION="1.3.1"
+ARG BUN_VERSION="1.3.3"
 
 FROM oven/bun:${BUN_VERSION}-alpine AS base
 
-RUN apk add --no-cache davfs2=1.6.1-r2 openssh-client
+RUN apk add --no-cache davfs2=1.6.1-r2 openssh-client fuse3
 
 
 # ------------------------------
@@ -14,7 +14,7 @@ WORKDIR /deps
 
 ARG TARGETARCH
 ARG RESTIC_VERSION="0.18.1"
-ARG SHOUTRRR_VERSION="0.12.0"
+ARG SHOUTRRR_VERSION="0.12.1"
 ENV TARGETARCH=${TARGETARCH}
 
 RUN apk add --no-cache curl bzip2 unzip tar
diff --git a/README.md b/README.md
index f9838551..226a38f9 100644
--- a/README.md
+++ b/README.md
@@ -40,7 +40,7 @@ In order to run Zerobyte, you need to have Docker and Docker Compose installed o
 ```yaml
 services:
   zerobyte:
-    image: ghcr.io/nicotsx/zerobyte:v0.13
+    image: ghcr.io/nicotsx/zerobyte:v0.18
     container_name: zerobyte
     restart: unless-stopped
     cap_add:
@@ -78,7 +78,7 @@ If you want to track a local directory on the same server where Zerobyte is runn
 ```diff
 services:
   zerobyte:
-    image: ghcr.io/nicotsx/zerobyte:v0.13
+    image: ghcr.io/nicotsx/zerobyte:v0.18
     container_name: zerobyte
     restart: unless-stopped
     cap_add:
@@ -146,7 +146,7 @@ Zerobyte can use [rclone](https://rclone.org/) to support 40+ cloud storage prov
    ```diff
    services:
      zerobyte:
-       image: ghcr.io/nicotsx/zerobyte:v0.13
+       image: ghcr.io/nicotsx/zerobyte:v0.18
        container_name: zerobyte
        restart: unless-stopped
        cap_add:
@@ -223,7 +223,7 @@ In order to enable this feature, you need to change your bind mount `/var/lib/ze
 ```diff
 services:
   zerobyte:
-    image: ghcr.io/nicotsx/zerobyte:v0.13
+    image: ghcr.io/nicotsx/zerobyte:v0.18
     container_name: zerobyte
     restart: unless-stopped
     ports:
@@ -254,7 +254,7 @@ In order to enable this feature, you need to run Zerobyte with several items sha
 ```diff
 services:
   zerobyte:
-    image: ghcr.io/nicotsx/zerobyte:v0.13
+    image: ghcr.io/nicotsx/zerobyte:v0.18
     container_name: zerobyte
     restart: unless-stopped
     cap_add:
diff --git a/app/client/api-client/@tanstack/react-query.gen.ts b/app/client/api-client/@tanstack/react-query.gen.ts
index fab5ce72..83ae179c 100644
--- a/app/client/api-client/@tanstack/react-query.gen.ts
+++ b/app/client/api-client/@tanstack/react-query.gen.ts
@@ -3,8 +3,8 @@
 import { type DefaultError, queryOptions, type UseMutationOptions } from '@tanstack/react-query';
 
 import { client } from '../client.gen';
-import { browseFilesystem, changePassword, createBackupSchedule, createNotificationDestination, createRepository, createVolume, deleteBackupSchedule, deleteNotificationDestination, deleteRepository, deleteSnapshot, deleteVolume, doctorRepository, downloadResticPassword, exportFullConfig, getBackupSchedule, getBackupScheduleForVolume, getContainersUsingVolume, getMe, getNotificationDestination, getRepository, getScheduleNotifications, getSnapshotDetails, getStatus, getSystemInfo, getVolume, healthCheckVolume, listBackupSchedules, listFiles, listNotificationDestinations, listRcloneRemotes, listRepositories, listSnapshotFiles, listSnapshots, listVolumes, login, logout, mountVolume, type Options, register, restoreSnapshot, runBackupNow, runForget, stopBackup, testConnection, testNotificationDestination, unmountVolume, updateBackupSchedule, updateNotificationDestination, updateRepository, updateScheduleNotifications, updateVolume } from '../sdk.gen';
-import type { BrowseFilesystemData, BrowseFilesystemResponse, ChangePasswordData, ChangePasswordResponse, CreateBackupScheduleData, CreateBackupScheduleResponse, CreateNotificationDestinationData, CreateNotificationDestinationResponse, CreateRepositoryData, CreateRepositoryResponse, CreateVolumeData, CreateVolumeResponse, DeleteBackupScheduleData, DeleteBackupScheduleResponse, DeleteNotificationDestinationData, DeleteNotificationDestinationResponse, DeleteRepositoryData, DeleteRepositoryResponse, DeleteSnapshotData, DeleteSnapshotResponse, DeleteVolumeData, DeleteVolumeResponse, DoctorRepositoryData, DoctorRepositoryResponse, DownloadResticPasswordData, DownloadResticPasswordResponse, ExportFullConfigData, ExportFullConfigError, ExportFullConfigResponse, GetBackupScheduleData, GetBackupScheduleForVolumeData, GetBackupScheduleForVolumeResponse, GetBackupScheduleResponse, GetContainersUsingVolumeData, GetContainersUsingVolumeResponse, GetMeData, GetMeResponse, GetNotificationDestinationData, GetNotificationDestinationResponse, GetRepositoryData, GetRepositoryResponse, GetScheduleNotificationsData, GetScheduleNotificationsResponse, GetSnapshotDetailsData, GetSnapshotDetailsResponse, GetStatusData, GetStatusResponse, GetSystemInfoData, GetSystemInfoResponse, GetVolumeData, GetVolumeResponse, HealthCheckVolumeData, HealthCheckVolumeResponse, ListBackupSchedulesData, ListBackupSchedulesResponse, ListFilesData, ListFilesResponse, ListNotificationDestinationsData, ListNotificationDestinationsResponse, ListRcloneRemotesData, ListRcloneRemotesResponse, ListRepositoriesData, ListRepositoriesResponse, ListSnapshotFilesData, ListSnapshotFilesResponse, ListSnapshotsData, ListSnapshotsResponse, ListVolumesData, ListVolumesResponse, LoginData, LoginResponse, LogoutData, LogoutResponse, MountVolumeData, MountVolumeResponse, RegisterData, RegisterResponse, RestoreSnapshotData, RestoreSnapshotResponse, RunBackupNowData, RunBackupNowResponse, RunForgetData, RunForgetResponse, StopBackupData, StopBackupResponse, TestConnectionData, TestConnectionResponse, TestNotificationDestinationData, TestNotificationDestinationResponse, UnmountVolumeData, UnmountVolumeResponse, UpdateBackupScheduleData, UpdateBackupScheduleResponse, UpdateNotificationDestinationData, UpdateNotificationDestinationResponse, UpdateRepositoryData, UpdateRepositoryResponse, UpdateScheduleNotificationsData, UpdateScheduleNotificationsResponse, UpdateVolumeData, UpdateVolumeResponse } from '../types.gen';
+import { browseFilesystem, changePassword, createBackupSchedule, createNotificationDestination, createRepository, createVolume, deleteBackupSchedule, deleteNotificationDestination, deleteRepository, deleteSnapshot, deleteVolume, doctorRepository, downloadResticPassword, exportFullConfig, getBackupSchedule, getBackupScheduleForVolume, getContainersUsingVolume, getMe, getMirrorCompatibility, getNotificationDestination, getRepository, getScheduleMirrors, getScheduleNotifications, getSnapshotDetails, getStatus, getSystemInfo, getVolume, healthCheckVolume, listBackupSchedules, listFiles, listNotificationDestinations, listRcloneRemotes, listRepositories, listSnapshotFiles, listSnapshots, listVolumes, login, logout, mountVolume, type Options, register, restoreSnapshot, runBackupNow, runForget, stopBackup, testConnection, testNotificationDestination, unmountVolume, updateBackupSchedule, updateNotificationDestination, updateRepository, updateScheduleMirrors, updateScheduleNotifications, updateVolume } from '../sdk.gen';
+import type { BrowseFilesystemData, BrowseFilesystemResponse, ChangePasswordData, ChangePasswordResponse, CreateBackupScheduleData, CreateBackupScheduleResponse, CreateNotificationDestinationData, CreateNotificationDestinationResponse, CreateRepositoryData, CreateRepositoryResponse, CreateVolumeData, CreateVolumeResponse, DeleteBackupScheduleData, DeleteBackupScheduleResponse, DeleteNotificationDestinationData, DeleteNotificationDestinationResponse, DeleteRepositoryData, DeleteRepositoryResponse, DeleteSnapshotData, DeleteSnapshotResponse, DeleteVolumeData, DeleteVolumeResponse, DoctorRepositoryData, DoctorRepositoryResponse, DownloadResticPasswordData, DownloadResticPasswordResponse, ExportFullConfigData, ExportFullConfigError, ExportFullConfigResponse, GetBackupScheduleData, GetBackupScheduleForVolumeData, GetBackupScheduleForVolumeResponse, GetBackupScheduleResponse, GetContainersUsingVolumeData, GetContainersUsingVolumeResponse, GetMeData, GetMeResponse, GetMirrorCompatibilityData, GetMirrorCompatibilityResponse, GetNotificationDestinationData, GetNotificationDestinationResponse, GetRepositoryData, GetRepositoryResponse, GetScheduleMirrorsData, GetScheduleMirrorsResponse, GetScheduleNotificationsData, GetScheduleNotificationsResponse, GetSnapshotDetailsData, GetSnapshotDetailsResponse, GetStatusData, GetStatusResponse, GetSystemInfoData, GetSystemInfoResponse, GetVolumeData, GetVolumeResponse, HealthCheckVolumeData, HealthCheckVolumeResponse, ListBackupSchedulesData, ListBackupSchedulesResponse, ListFilesData, ListFilesResponse, ListNotificationDestinationsData, ListNotificationDestinationsResponse, ListRcloneRemotesData, ListRcloneRemotesResponse, ListRepositoriesData, ListRepositoriesResponse, ListSnapshotFilesData, ListSnapshotFilesResponse, ListSnapshotsData, ListSnapshotsResponse, ListVolumesData, ListVolumesResponse, LoginData, LoginResponse, LogoutData, LogoutResponse, MountVolumeData, MountVolumeResponse, RegisterData, RegisterResponse, RestoreSnapshotData, RestoreSnapshotResponse, RunBackupNowData, RunBackupNowResponse, RunForgetData, RunForgetResponse, StopBackupData, StopBackupResponse, TestConnectionData, TestConnectionResponse, TestNotificationDestinationData, TestNotificationDestinationResponse, UnmountVolumeData, UnmountVolumeResponse, UpdateBackupScheduleData, UpdateBackupScheduleResponse, UpdateNotificationDestinationData, UpdateNotificationDestinationResponse, UpdateRepositoryData, UpdateRepositoryResponse, UpdateScheduleMirrorsData, UpdateScheduleMirrorsResponse, UpdateScheduleNotificationsData, UpdateScheduleNotificationsResponse, UpdateVolumeData, UpdateVolumeResponse } from '../types.gen';
 
 /**
  * Register a new user
@@ -755,6 +755,59 @@ export const updateScheduleNotificationsMutation = (options?: Partial<Options<Up
     return mutationOptions;
 };
 
+export const getScheduleMirrorsQueryKey = (options: Options<GetScheduleMirrorsData>) => createQueryKey("getScheduleMirrors", options);
+
+/**
+ * Get mirror repository assignments for a backup schedule
+ */
+export const getScheduleMirrorsOptions = (options: Options<GetScheduleMirrorsData>) => queryOptions<GetScheduleMirrorsResponse, DefaultError, GetScheduleMirrorsResponse, ReturnType<typeof getScheduleMirrorsQueryKey>>({
+    queryFn: async ({ queryKey, signal }) => {
+        const { data } = await getScheduleMirrors({
+            ...options,
+            ...queryKey[0],
+            signal,
+            throwOnError: true
+        });
+        return data;
+    },
+    queryKey: getScheduleMirrorsQueryKey(options)
+});
+
+/**
+ * Update mirror repository assignments for a backup schedule
+ */
+export const updateScheduleMirrorsMutation = (options?: Partial<Options<UpdateScheduleMirrorsData>>): UseMutationOptions<UpdateScheduleMirrorsResponse, DefaultError, Options<UpdateScheduleMirrorsData>> => {
+    const mutationOptions: UseMutationOptions<UpdateScheduleMirrorsResponse, DefaultError, Options<UpdateScheduleMirrorsData>> = {
+        mutationFn: async (fnOptions) => {
+            const { data } = await updateScheduleMirrors({
+                ...options,
+                ...fnOptions,
+                throwOnError: true
+            });
+            return data;
+        }
+    };
+    return mutationOptions;
+};
+
+export const getMirrorCompatibilityQueryKey = (options: Options<GetMirrorCompatibilityData>) => createQueryKey("getMirrorCompatibility", options);
+
+/**
+ * Get mirror compatibility info for all repositories relative to a backup schedule's primary repository
+ */
+export const getMirrorCompatibilityOptions = (options: Options<GetMirrorCompatibilityData>) => queryOptions<GetMirrorCompatibilityResponse, DefaultError, GetMirrorCompatibilityResponse, ReturnType<typeof getMirrorCompatibilityQueryKey>>({
+    queryFn: async ({ queryKey, signal }) => {
+        const { data } = await getMirrorCompatibility({
+            ...options,
+            ...queryKey[0],
+            signal,
+            throwOnError: true
+        });
+        return data;
+    },
+    queryKey: getMirrorCompatibilityQueryKey(options)
+});
+
 export const listNotificationDestinationsQueryKey = (options?: Options<ListNotificationDestinationsData>) => createQueryKey("listNotificationDestinations", options);
 
 /**
diff --git a/app/client/api-client/sdk.gen.ts b/app/client/api-client/sdk.gen.ts
index 7778eb87..6d83b761 100644
--- a/app/client/api-client/sdk.gen.ts
+++ b/app/client/api-client/sdk.gen.ts
@@ -2,7 +2,7 @@
 
 import type { Client, Options as Options2, TDataShape } from './client';
 import { client } from './client.gen';
-import type { BrowseFilesystemData, BrowseFilesystemResponses, ChangePasswordData, ChangePasswordResponses, CreateBackupScheduleData, CreateBackupScheduleResponses, CreateNotificationDestinationData, CreateNotificationDestinationResponses, CreateRepositoryData, CreateRepositoryResponses, CreateVolumeData, CreateVolumeResponses, DeleteBackupScheduleData, DeleteBackupScheduleResponses, DeleteNotificationDestinationData, DeleteNotificationDestinationErrors, DeleteNotificationDestinationResponses, DeleteRepositoryData, DeleteRepositoryResponses, DeleteSnapshotData, DeleteSnapshotResponses, DeleteVolumeData, DeleteVolumeResponses, DoctorRepositoryData, DoctorRepositoryResponses, DownloadResticPasswordData, DownloadResticPasswordResponses, ExportFullConfigData, ExportFullConfigErrors, ExportFullConfigResponses, GetBackupScheduleData, GetBackupScheduleForVolumeData, GetBackupScheduleForVolumeResponses, GetBackupScheduleResponses, GetContainersUsingVolumeData, GetContainersUsingVolumeErrors, GetContainersUsingVolumeResponses, GetMeData, GetMeResponses, GetNotificationDestinationData, GetNotificationDestinationErrors, GetNotificationDestinationResponses, GetRepositoryData, GetRepositoryResponses, GetScheduleNotificationsData, GetScheduleNotificationsResponses, GetSnapshotDetailsData, GetSnapshotDetailsResponses, GetStatusData, GetStatusResponses, GetSystemInfoData, GetSystemInfoResponses, GetVolumeData, GetVolumeErrors, GetVolumeResponses, HealthCheckVolumeData, HealthCheckVolumeErrors, HealthCheckVolumeResponses, ListBackupSchedulesData, ListBackupSchedulesResponses, ListFilesData, ListFilesResponses, ListNotificationDestinationsData, ListNotificationDestinationsResponses, ListRcloneRemotesData, ListRcloneRemotesResponses, ListRepositoriesData, ListRepositoriesResponses, ListSnapshotFilesData, ListSnapshotFilesResponses, ListSnapshotsData, ListSnapshotsResponses, ListVolumesData, ListVolumesResponses, LoginData, LoginResponses, LogoutData, LogoutResponses, MountVolumeData, MountVolumeResponses, RegisterData, RegisterResponses, RestoreSnapshotData, RestoreSnapshotResponses, RunBackupNowData, RunBackupNowResponses, RunForgetData, RunForgetResponses, StopBackupData, StopBackupErrors, StopBackupResponses, TestConnectionData, TestConnectionResponses, TestNotificationDestinationData, TestNotificationDestinationErrors, TestNotificationDestinationResponses, UnmountVolumeData, UnmountVolumeResponses, UpdateBackupScheduleData, UpdateBackupScheduleResponses, UpdateNotificationDestinationData, UpdateNotificationDestinationErrors, UpdateNotificationDestinationResponses, UpdateRepositoryData, UpdateRepositoryErrors, UpdateRepositoryResponses, UpdateScheduleNotificationsData, UpdateScheduleNotificationsResponses, UpdateVolumeData, UpdateVolumeErrors, UpdateVolumeResponses } from './types.gen';
+import type { BrowseFilesystemData, BrowseFilesystemResponses, ChangePasswordData, ChangePasswordResponses, CreateBackupScheduleData, CreateBackupScheduleResponses, CreateNotificationDestinationData, CreateNotificationDestinationResponses, CreateRepositoryData, CreateRepositoryResponses, CreateVolumeData, CreateVolumeResponses, DeleteBackupScheduleData, DeleteBackupScheduleResponses, DeleteNotificationDestinationData, DeleteNotificationDestinationErrors, DeleteNotificationDestinationResponses, DeleteRepositoryData, DeleteRepositoryResponses, DeleteSnapshotData, DeleteSnapshotResponses, DeleteVolumeData, DeleteVolumeResponses, DoctorRepositoryData, DoctorRepositoryResponses, DownloadResticPasswordData, DownloadResticPasswordResponses, ExportFullConfigData, ExportFullConfigErrors, ExportFullConfigResponses, GetBackupScheduleData, GetBackupScheduleForVolumeData, GetBackupScheduleForVolumeResponses, GetBackupScheduleResponses, GetContainersUsingVolumeData, GetContainersUsingVolumeErrors, GetContainersUsingVolumeResponses, GetMeData, GetMeResponses, GetMirrorCompatibilityData, GetMirrorCompatibilityResponses, GetNotificationDestinationData, GetNotificationDestinationErrors, GetNotificationDestinationResponses, GetRepositoryData, GetRepositoryResponses, GetScheduleMirrorsData, GetScheduleMirrorsResponses, GetScheduleNotificationsData, GetScheduleNotificationsResponses, GetSnapshotDetailsData, GetSnapshotDetailsResponses, GetStatusData, GetStatusResponses, GetSystemInfoData, GetSystemInfoResponses, GetVolumeData, GetVolumeErrors, GetVolumeResponses, HealthCheckVolumeData, HealthCheckVolumeErrors, HealthCheckVolumeResponses, ListBackupSchedulesData, ListBackupSchedulesResponses, ListFilesData, ListFilesResponses, ListNotificationDestinationsData, ListNotificationDestinationsResponses, ListRcloneRemotesData, ListRcloneRemotesResponses, ListRepositoriesData, ListRepositoriesResponses, ListSnapshotFilesData, ListSnapshotFilesResponses, ListSnapshotsData, ListSnapshotsResponses, ListVolumesData, ListVolumesResponses, LoginData, LoginResponses, LogoutData, LogoutResponses, MountVolumeData, MountVolumeResponses, RegisterData, RegisterResponses, RestoreSnapshotData, RestoreSnapshotResponses, RunBackupNowData, RunBackupNowResponses, RunForgetData, RunForgetResponses, StopBackupData, StopBackupErrors, StopBackupResponses, TestConnectionData, TestConnectionResponses, TestNotificationDestinationData, TestNotificationDestinationErrors, TestNotificationDestinationResponses, UnmountVolumeData, UnmountVolumeResponses, UpdateBackupScheduleData, UpdateBackupScheduleResponses, UpdateNotificationDestinationData, UpdateNotificationDestinationErrors, UpdateNotificationDestinationResponses, UpdateRepositoryData, UpdateRepositoryErrors, UpdateRepositoryResponses, UpdateScheduleMirrorsData, UpdateScheduleMirrorsResponses, UpdateScheduleNotificationsData, UpdateScheduleNotificationsResponses, UpdateVolumeData, UpdateVolumeErrors, UpdateVolumeResponses } from './types.gen';
 
 export type Options<TData extends TDataShape = TDataShape, ThrowOnError extends boolean = boolean> = Options2<TData, ThrowOnError> & {
     /**
@@ -476,6 +476,40 @@ export const updateScheduleNotifications = <ThrowOnError extends boolean = false
     });
 };
 
+/**
+ * Get mirror repository assignments for a backup schedule
+ */
+export const getScheduleMirrors = <ThrowOnError extends boolean = false>(options: Options<GetScheduleMirrorsData, ThrowOnError>) => {
+    return (options.client ?? client).get<GetScheduleMirrorsResponses, unknown, ThrowOnError>({
+        url: '/api/v1/backups/{scheduleId}/mirrors',
+        ...options
+    });
+};
+
+/**
+ * Update mirror repository assignments for a backup schedule
+ */
+export const updateScheduleMirrors = <ThrowOnError extends boolean = false>(options: Options<UpdateScheduleMirrorsData, ThrowOnError>) => {
+    return (options.client ?? client).put<UpdateScheduleMirrorsResponses, unknown, ThrowOnError>({
+        url: '/api/v1/backups/{scheduleId}/mirrors',
+        ...options,
+        headers: {
+            'Content-Type': 'application/json',
+            ...options.headers
+        }
+    });
+};
+
+/**
+ * Get mirror compatibility info for all repositories relative to a backup schedule's primary repository
+ */
+export const getMirrorCompatibility = <ThrowOnError extends boolean = false>(options: Options<GetMirrorCompatibilityData, ThrowOnError>) => {
+    return (options.client ?? client).get<GetMirrorCompatibilityResponses, unknown, ThrowOnError>({
+        url: '/api/v1/backups/{scheduleId}/mirrors/compatibility',
+        ...options
+    });
+};
+
 /**
  * List all notification destinations
  */
diff --git a/app/client/api-client/types.gen.ts b/app/client/api-client/types.gen.ts
index d196feef..3b0fb9bb 100644
--- a/app/client/api-client/types.gen.ts
+++ b/app/client/api-client/types.gen.ts
@@ -164,6 +164,11 @@ export type ListVolumesResponses = {
             version: '3' | '4' | '4.1';
             port?: number;
             readOnly?: boolean;
+        } | {
+            backend: 'rclone';
+            path: string;
+            remote: string;
+            readOnly?: boolean;
         } | {
             backend: 'smb';
             password: string;
@@ -191,7 +196,7 @@ export type ListVolumesResponses = {
         name: string;
         shortId: string;
         status: 'error' | 'mounted' | 'unmounted';
-        type: 'directory' | 'nfs' | 'smb' | 'webdav';
+        type: 'directory' | 'nfs' | 'rclone' | 'smb' | 'webdav';
         updatedAt: number;
     }>;
 };
@@ -211,6 +216,11 @@ export type CreateVolumeData = {
             version: '3' | '4' | '4.1';
             port?: number;
             readOnly?: boolean;
+        } | {
+            backend: 'rclone';
+            path: string;
+            remote: string;
+            readOnly?: boolean;
         } | {
             backend: 'smb';
             password: string;
@@ -255,6 +265,11 @@ export type CreateVolumeResponses = {
             version: '3' | '4' | '4.1';
             port?: number;
             readOnly?: boolean;
+        } | {
+            backend: 'rclone';
+            path: string;
+            remote: string;
+            readOnly?: boolean;
         } | {
             backend: 'smb';
             password: string;
@@ -282,7 +297,7 @@ export type CreateVolumeResponses = {
         name: string;
         shortId: string;
         status: 'error' | 'mounted' | 'unmounted';
-        type: 'directory' | 'nfs' | 'smb' | 'webdav';
+        type: 'directory' | 'nfs' | 'rclone' | 'smb' | 'webdav';
         updatedAt: number;
     };
 };
@@ -302,6 +317,11 @@ export type TestConnectionData = {
             version: '3' | '4' | '4.1';
             port?: number;
             readOnly?: boolean;
+        } | {
+            backend: 'rclone';
+            path: string;
+            remote: string;
+            readOnly?: boolean;
         } | {
             backend: 'smb';
             password: string;
@@ -399,6 +419,11 @@ export type GetVolumeResponses = {
                 version: '3' | '4' | '4.1';
                 port?: number;
                 readOnly?: boolean;
+            } | {
+                backend: 'rclone';
+                path: string;
+                remote: string;
+                readOnly?: boolean;
             } | {
                 backend: 'smb';
                 password: string;
@@ -426,7 +451,7 @@ export type GetVolumeResponses = {
             name: string;
             shortId: string;
             status: 'error' | 'mounted' | 'unmounted';
-            type: 'directory' | 'nfs' | 'smb' | 'webdav';
+            type: 'directory' | 'nfs' | 'rclone' | 'smb' | 'webdav';
             updatedAt: number;
         };
     };
@@ -448,6 +473,11 @@ export type UpdateVolumeData = {
             version: '3' | '4' | '4.1';
             port?: number;
             readOnly?: boolean;
+        } | {
+            backend: 'rclone';
+            path: string;
+            remote: string;
+            readOnly?: boolean;
         } | {
             backend: 'smb';
             password: string;
@@ -501,6 +531,11 @@ export type UpdateVolumeResponses = {
             version: '3' | '4' | '4.1';
             port?: number;
             readOnly?: boolean;
+        } | {
+            backend: 'rclone';
+            path: string;
+            remote: string;
+            readOnly?: boolean;
         } | {
             backend: 'smb';
             password: string;
@@ -528,7 +563,7 @@ export type UpdateVolumeResponses = {
         name: string;
         shortId: string;
         status: 'error' | 'mounted' | 'unmounted';
-        type: 'directory' | 'nfs' | 'smb' | 'webdav';
+        type: 'directory' | 'nfs' | 'rclone' | 'smb' | 'webdav';
         updatedAt: number;
     };
 };
@@ -1124,6 +1159,7 @@ export type ListSnapshotsResponses = {
         paths: Array<string>;
         short_id: string;
         size: number;
+        tags: Array<string>;
         time: number;
     }>;
 };
@@ -1170,6 +1206,7 @@ export type GetSnapshotDetailsResponses = {
         paths: Array<string>;
         short_id: string;
         size: number;
+        tags: Array<string>;
         time: number;
     };
 };
@@ -1289,12 +1326,14 @@ export type ListBackupSchedulesResponses = {
         createdAt: number;
         cronExpression: string;
         enabled: boolean;
+        excludeIfPresent: Array<string> | null;
         excludePatterns: Array<string> | null;
         id: number;
         includePatterns: Array<string> | null;
         lastBackupAt: number | null;
         lastBackupError: string | null;
         lastBackupStatus: 'error' | 'in_progress' | 'success' | 'warning' | null;
+        name: string;
         nextBackupAt: number | null;
         repository: {
             compressionMode: 'auto' | 'max' | 'off' | null;
@@ -1393,6 +1432,11 @@ export type ListBackupSchedulesResponses = {
                 version: '3' | '4' | '4.1';
                 port?: number;
                 readOnly?: boolean;
+            } | {
+                backend: 'rclone';
+                path: string;
+                remote: string;
+                readOnly?: boolean;
             } | {
                 backend: 'smb';
                 password: string;
@@ -1420,7 +1464,7 @@ export type ListBackupSchedulesResponses = {
             name: string;
             shortId: string;
             status: 'error' | 'mounted' | 'unmounted';
-            type: 'directory' | 'nfs' | 'smb' | 'webdav';
+            type: 'directory' | 'nfs' | 'rclone' | 'smb' | 'webdav';
             updatedAt: number;
         };
         volumeId: number;
@@ -1433,8 +1477,10 @@ export type CreateBackupScheduleData = {
     body?: {
         cronExpression: string;
         enabled: boolean;
+        name: string;
         repositoryId: string;
         volumeId: number;
+        excludeIfPresent?: Array<string>;
         excludePatterns?: Array<string>;
         includePatterns?: Array<string>;
         retentionPolicy?: {
@@ -1461,12 +1507,14 @@ export type CreateBackupScheduleResponses = {
         createdAt: number;
         cronExpression: string;
         enabled: boolean;
+        excludeIfPresent: Array<string> | null;
         excludePatterns: Array<string> | null;
         id: number;
         includePatterns: Array<string> | null;
         lastBackupAt: number | null;
         lastBackupError: string | null;
         lastBackupStatus: 'error' | 'in_progress' | 'success' | 'warning' | null;
+        name: string;
         nextBackupAt: number | null;
         repositoryId: string;
         retentionPolicy: {
@@ -1522,12 +1570,14 @@ export type GetBackupScheduleResponses = {
         createdAt: number;
         cronExpression: string;
         enabled: boolean;
+        excludeIfPresent: Array<string> | null;
         excludePatterns: Array<string> | null;
         id: number;
         includePatterns: Array<string> | null;
         lastBackupAt: number | null;
         lastBackupError: string | null;
         lastBackupStatus: 'error' | 'in_progress' | 'success' | 'warning' | null;
+        name: string;
         nextBackupAt: number | null;
         repository: {
             compressionMode: 'auto' | 'max' | 'off' | null;
@@ -1626,6 +1676,11 @@ export type GetBackupScheduleResponses = {
                 version: '3' | '4' | '4.1';
                 port?: number;
                 readOnly?: boolean;
+            } | {
+                backend: 'rclone';
+                path: string;
+                remote: string;
+                readOnly?: boolean;
             } | {
                 backend: 'smb';
                 password: string;
@@ -1653,7 +1708,7 @@ export type GetBackupScheduleResponses = {
             name: string;
             shortId: string;
             status: 'error' | 'mounted' | 'unmounted';
-            type: 'directory' | 'nfs' | 'smb' | 'webdav';
+            type: 'directory' | 'nfs' | 'rclone' | 'smb' | 'webdav';
             updatedAt: number;
         };
         volumeId: number;
@@ -1667,8 +1722,10 @@ export type UpdateBackupScheduleData = {
         cronExpression: string;
         repositoryId: string;
         enabled?: boolean;
+        excludeIfPresent?: Array<string>;
         excludePatterns?: Array<string>;
         includePatterns?: Array<string>;
+        name?: string;
         retentionPolicy?: {
             keepDaily?: number;
             keepHourly?: number;
@@ -1695,12 +1752,14 @@ export type UpdateBackupScheduleResponses = {
         createdAt: number;
         cronExpression: string;
         enabled: boolean;
+        excludeIfPresent: Array<string> | null;
         excludePatterns: Array<string> | null;
         id: number;
         includePatterns: Array<string> | null;
         lastBackupAt: number | null;
         lastBackupError: string | null;
         lastBackupStatus: 'error' | 'in_progress' | 'success' | 'warning' | null;
+        name: string;
         nextBackupAt: number | null;
         repositoryId: string;
         retentionPolicy: {
@@ -1736,12 +1795,14 @@ export type GetBackupScheduleForVolumeResponses = {
         createdAt: number;
         cronExpression: string;
         enabled: boolean;
+        excludeIfPresent: Array<string> | null;
         excludePatterns: Array<string> | null;
         id: number;
         includePatterns: Array<string> | null;
         lastBackupAt: number | null;
         lastBackupError: string | null;
         lastBackupStatus: 'error' | 'in_progress' | 'success' | 'warning' | null;
+        name: string;
         nextBackupAt: number | null;
         repository: {
             compressionMode: 'auto' | 'max' | 'off' | null;
@@ -1840,6 +1901,11 @@ export type GetBackupScheduleForVolumeResponses = {
                 version: '3' | '4' | '4.1';
                 port?: number;
                 readOnly?: boolean;
+            } | {
+                backend: 'rclone';
+                path: string;
+                remote: string;
+                readOnly?: boolean;
             } | {
                 backend: 'smb';
                 password: string;
@@ -1867,7 +1933,7 @@ export type GetBackupScheduleForVolumeResponses = {
             name: string;
             shortId: string;
             status: 'error' | 'mounted' | 'unmounted';
-            type: 'directory' | 'nfs' | 'smb' | 'webdav';
+            type: 'directory' | 'nfs' | 'rclone' | 'smb' | 'webdav';
             updatedAt: number;
         };
         volumeId: number;
@@ -1971,13 +2037,13 @@ export type GetScheduleNotificationsResponses = {
                 type: 'telegram';
             } | {
                 from: string;
-                password: string;
                 smtpHost: string;
                 smtpPort: number;
                 to: Array<string>;
                 type: 'email';
                 useTLS: boolean;
-                username: string;
+                password?: string;
+                username?: string;
             } | {
                 priority: 'default' | 'high' | 'low' | 'max' | 'min';
                 topic: string;
@@ -2018,6 +2084,7 @@ export type GetScheduleNotificationsResponses = {
         notifyOnFailure: boolean;
         notifyOnStart: boolean;
         notifyOnSuccess: boolean;
+        notifyOnWarning: boolean;
         scheduleId: number;
     }>;
 };
@@ -2031,6 +2098,7 @@ export type UpdateScheduleNotificationsData = {
             notifyOnFailure: boolean;
             notifyOnStart: boolean;
             notifyOnSuccess: boolean;
+            notifyOnWarning: boolean;
         }>;
     };
     path: {
@@ -2059,13 +2127,13 @@ export type UpdateScheduleNotificationsResponses = {
                 type: 'telegram';
             } | {
                 from: string;
-                password: string;
                 smtpHost: string;
                 smtpPort: number;
                 to: Array<string>;
                 type: 'email';
                 useTLS: boolean;
-                username: string;
+                password?: string;
+                username?: string;
             } | {
                 priority: 'default' | 'high' | 'low' | 'max' | 'min';
                 topic: string;
@@ -2106,12 +2174,238 @@ export type UpdateScheduleNotificationsResponses = {
         notifyOnFailure: boolean;
         notifyOnStart: boolean;
         notifyOnSuccess: boolean;
+        notifyOnWarning: boolean;
         scheduleId: number;
     }>;
 };
 
 export type UpdateScheduleNotificationsResponse = UpdateScheduleNotificationsResponses[keyof UpdateScheduleNotificationsResponses];
 
+export type GetScheduleMirrorsData = {
+    body?: never;
+    path: {
+        scheduleId: string;
+    };
+    query?: never;
+    url: '/api/v1/backups/{scheduleId}/mirrors';
+};
+
+export type GetScheduleMirrorsResponses = {
+    /**
+     * List of mirror repository assignments for the schedule
+     */
+    200: Array<{
+        createdAt: number;
+        enabled: boolean;
+        lastCopyAt: number | null;
+        lastCopyError: string | null;
+        lastCopyStatus: 'error' | 'success' | null;
+        repository: {
+            compressionMode: 'auto' | 'max' | 'off' | null;
+            config: {
+                accessKeyId: string;
+                backend: 'r2';
+                bucket: string;
+                endpoint: string;
+                secretAccessKey: string;
+                customPassword?: string;
+                isExistingRepository?: boolean;
+            } | {
+                accessKeyId: string;
+                backend: 's3';
+                bucket: string;
+                endpoint: string;
+                secretAccessKey: string;
+                customPassword?: string;
+                isExistingRepository?: boolean;
+            } | {
+                accountKey: string;
+                accountName: string;
+                backend: 'azure';
+                container: string;
+                customPassword?: string;
+                endpointSuffix?: string;
+                isExistingRepository?: boolean;
+            } | {
+                backend: 'gcs';
+                bucket: string;
+                credentialsJson: string;
+                projectId: string;
+                customPassword?: string;
+                isExistingRepository?: boolean;
+            } | {
+                backend: 'local';
+                name: string;
+                customPassword?: string;
+                isExistingRepository?: boolean;
+                path?: string;
+            } | {
+                backend: 'rclone';
+                path: string;
+                remote: string;
+                customPassword?: string;
+                isExistingRepository?: boolean;
+            } | {
+                backend: 'rest';
+                url: string;
+                customPassword?: string;
+                isExistingRepository?: boolean;
+                password?: string;
+                path?: string;
+                username?: string;
+            } | {
+                backend: 'sftp';
+                host: string;
+                path: string;
+                privateKey: string;
+                user: string;
+                port?: number;
+                customPassword?: string;
+                isExistingRepository?: boolean;
+            };
+            createdAt: number;
+            id: string;
+            lastChecked: number | null;
+            lastError: string | null;
+            name: string;
+            shortId: string;
+            status: 'error' | 'healthy' | 'unknown' | null;
+            type: 'azure' | 'gcs' | 'local' | 'r2' | 'rclone' | 'rest' | 's3' | 'sftp';
+            updatedAt: number;
+        };
+        repositoryId: string;
+        scheduleId: number;
+    }>;
+};
+
+export type GetScheduleMirrorsResponse = GetScheduleMirrorsResponses[keyof GetScheduleMirrorsResponses];
+
+export type UpdateScheduleMirrorsData = {
+    body?: {
+        mirrors: Array<{
+            enabled: boolean;
+            repositoryId: string;
+        }>;
+    };
+    path: {
+        scheduleId: string;
+    };
+    query?: never;
+    url: '/api/v1/backups/{scheduleId}/mirrors';
+};
+
+export type UpdateScheduleMirrorsResponses = {
+    /**
+     * Mirror assignments updated successfully
+     */
+    200: Array<{
+        createdAt: number;
+        enabled: boolean;
+        lastCopyAt: number | null;
+        lastCopyError: string | null;
+        lastCopyStatus: 'error' | 'success' | null;
+        repository: {
+            compressionMode: 'auto' | 'max' | 'off' | null;
+            config: {
+                accessKeyId: string;
+                backend: 'r2';
+                bucket: string;
+                endpoint: string;
+                secretAccessKey: string;
+                customPassword?: string;
+                isExistingRepository?: boolean;
+            } | {
+                accessKeyId: string;
+                backend: 's3';
+                bucket: string;
+                endpoint: string;
+                secretAccessKey: string;
+                customPassword?: string;
+                isExistingRepository?: boolean;
+            } | {
+                accountKey: string;
+                accountName: string;
+                backend: 'azure';
+                container: string;
+                customPassword?: string;
+                endpointSuffix?: string;
+                isExistingRepository?: boolean;
+            } | {
+                backend: 'gcs';
+                bucket: string;
+                credentialsJson: string;
+                projectId: string;
+                customPassword?: string;
+                isExistingRepository?: boolean;
+            } | {
+                backend: 'local';
+                name: string;
+                customPassword?: string;
+                isExistingRepository?: boolean;
+                path?: string;
+            } | {
+                backend: 'rclone';
+                path: string;
+                remote: string;
+                customPassword?: string;
+                isExistingRepository?: boolean;
+            } | {
+                backend: 'rest';
+                url: string;
+                customPassword?: string;
+                isExistingRepository?: boolean;
+                password?: string;
+                path?: string;
+                username?: string;
+            } | {
+                backend: 'sftp';
+                host: string;
+                path: string;
+                privateKey: string;
+                user: string;
+                port?: number;
+                customPassword?: string;
+                isExistingRepository?: boolean;
+            };
+            createdAt: number;
+            id: string;
+            lastChecked: number | null;
+            lastError: string | null;
+            name: string;
+            shortId: string;
+            status: 'error' | 'healthy' | 'unknown' | null;
+            type: 'azure' | 'gcs' | 'local' | 'r2' | 'rclone' | 'rest' | 's3' | 'sftp';
+            updatedAt: number;
+        };
+        repositoryId: string;
+        scheduleId: number;
+    }>;
+};
+
+export type UpdateScheduleMirrorsResponse = UpdateScheduleMirrorsResponses[keyof UpdateScheduleMirrorsResponses];
+
+export type GetMirrorCompatibilityData = {
+    body?: never;
+    path: {
+        scheduleId: string;
+    };
+    query?: never;
+    url: '/api/v1/backups/{scheduleId}/mirrors/compatibility';
+};
+
+export type GetMirrorCompatibilityResponses = {
+    /**
+     * List of repositories with their mirror compatibility status
+     */
+    200: Array<{
+        compatible: boolean;
+        reason: string | null;
+        repositoryId: string;
+    }>;
+};
+
+export type GetMirrorCompatibilityResponse = GetMirrorCompatibilityResponses[keyof GetMirrorCompatibilityResponses];
+
 export type ListNotificationDestinationsData = {
     body?: never;
     path?: never;
@@ -2136,13 +2430,13 @@ export type ListNotificationDestinationsResponses = {
             type: 'telegram';
         } | {
             from: string;
-            password: string;
             smtpHost: string;
             smtpPort: number;
             to: Array<string>;
             type: 'email';
             useTLS: boolean;
-            username: string;
+            password?: string;
+            username?: string;
         } | {
             priority: 'default' | 'high' | 'low' | 'max' | 'min';
             topic: string;
@@ -2197,13 +2491,13 @@ export type CreateNotificationDestinationData = {
             type: 'telegram';
         } | {
             from: string;
-            password: string;
             smtpHost: string;
             smtpPort: number;
             to: Array<string>;
             type: 'email';
             useTLS: boolean;
-            username: string;
+            password?: string;
+            username?: string;
         } | {
             priority: 'default' | 'high' | 'low' | 'max' | 'min';
             topic: string;
@@ -2257,13 +2551,13 @@ export type CreateNotificationDestinationResponses = {
             type: 'telegram';
         } | {
             from: string;
-            password: string;
             smtpHost: string;
             smtpPort: number;
             to: Array<string>;
             type: 'email';
             useTLS: boolean;
-            username: string;
+            password?: string;
+            username?: string;
         } | {
             priority: 'default' | 'high' | 'low' | 'max' | 'min';
             topic: string;
@@ -2364,13 +2658,13 @@ export type GetNotificationDestinationResponses = {
             type: 'telegram';
         } | {
             from: string;
-            password: string;
             smtpHost: string;
             smtpPort: number;
             to: Array<string>;
             type: 'email';
             useTLS: boolean;
-            username: string;
+            password?: string;
+            username?: string;
         } | {
             priority: 'default' | 'high' | 'low' | 'max' | 'min';
             topic: string;
@@ -2425,13 +2719,13 @@ export type UpdateNotificationDestinationData = {
             type: 'telegram';
         } | {
             from: string;
-            password: string;
             smtpHost: string;
             smtpPort: number;
             to: Array<string>;
             type: 'email';
             useTLS: boolean;
-            username: string;
+            password?: string;
+            username?: string;
         } | {
             priority: 'default' | 'high' | 'low' | 'max' | 'min';
             topic: string;
@@ -2495,13 +2789,13 @@ export type UpdateNotificationDestinationResponses = {
             type: 'telegram';
         } | {
             from: string;
-            password: string;
             smtpHost: string;
             smtpPort: number;
             to: Array<string>;
             type: 'email';
             useTLS: boolean;
-            username: string;
+            password?: string;
+            username?: string;
         } | {
             priority: 'default' | 'high' | 'low' | 'max' | 'min';
             topic: string;
diff --git a/app/client/components/create-repository-form.tsx b/app/client/components/create-repository-form.tsx
deleted file mode 100644
index 255dd7a1..00000000
--- a/app/client/components/create-repository-form.tsx
+++ /dev/null
@@ -1,784 +0,0 @@
-import { arktypeResolver } from "@hookform/resolvers/arktype";
-import { type } from "arktype";
-import { useEffect, useState } from "react";
-import { useForm } from "react-hook-form";
-import { cn, slugify } from "~/client/lib/utils";
-import { deepClean } from "~/utils/object";
-import { Button } from "./ui/button";
-import { Form, FormControl, FormDescription, FormField, FormItem, FormLabel, FormMessage } from "./ui/form";
-import { Input } from "./ui/input";
-import { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from "./ui/select";
-import { useQuery } from "@tanstack/react-query";
-import { Alert, AlertDescription } from "./ui/alert";
-import { ExternalLink, AlertTriangle } from "lucide-react";
-import { Tooltip, TooltipContent, TooltipTrigger } from "./ui/tooltip";
-import { useSystemInfo } from "~/client/hooks/use-system-info";
-import { COMPRESSION_MODES, repositoryConfigSchema } from "~/schemas/restic";
-import { listRcloneRemotesOptions } from "../api-client/@tanstack/react-query.gen";
-import { Checkbox } from "./ui/checkbox";
-import { DirectoryBrowser } from "./directory-browser";
-import {
-	AlertDialog,
-	AlertDialogAction,
-	AlertDialogCancel,
-	AlertDialogContent,
-	AlertDialogDescription,
-	AlertDialogFooter,
-	AlertDialogHeader,
-	AlertDialogTitle,
-} from "./ui/alert-dialog";
-import { Textarea } from "./ui/textarea";
-
-export const formSchema = type({
-	name: "2<=string<=32",
-	compressionMode: type.valueOf(COMPRESSION_MODES).optional(),
-}).and(repositoryConfigSchema);
-const cleanSchema = type.pipe((d) => formSchema(deepClean(d)));
-
-export type RepositoryFormValues = typeof formSchema.inferIn;
-
-type Props = {
-	onSubmit: (values: RepositoryFormValues) => void;
-	mode?: "create" | "update";
-	initialValues?: Partial<RepositoryFormValues>;
-	formId?: string;
-	loading?: boolean;
-	className?: string;
-};
-
-const defaultValuesForType = {
-	local: { backend: "local" as const, compressionMode: "auto" as const },
-	s3: { backend: "s3" as const, compressionMode: "auto" as const },
-	r2: { backend: "r2" as const, compressionMode: "auto" as const },
-	gcs: { backend: "gcs" as const, compressionMode: "auto" as const },
-	azure: { backend: "azure" as const, compressionMode: "auto" as const },
-	rclone: { backend: "rclone" as const, compressionMode: "auto" as const },
-	rest: { backend: "rest" as const, compressionMode: "auto" as const },
-	sftp: { backend: "sftp" as const, compressionMode: "auto" as const, port: 22 },
-};
-
-export const CreateRepositoryForm = ({
-	onSubmit,
-	mode = "create",
-	initialValues,
-	formId,
-	loading,
-	className,
-}: Props) => {
-	const form = useForm<RepositoryFormValues>({
-		resolver: arktypeResolver(cleanSchema as unknown as typeof formSchema),
-		defaultValues: initialValues,
-		resetOptions: {
-			keepDefaultValues: true,
-			keepDirtyValues: false,
-		},
-	});
-
-	const { watch, setValue } = form;
-
-	const watchedBackend = watch("backend");
-	const watchedIsExistingRepository = watch("isExistingRepository");
-
-	const [passwordMode, setPasswordMode] = useState<"default" | "custom">("default");
-	const [showPathBrowser, setShowPathBrowser] = useState(false);
-	const [showPathWarning, setShowPathWarning] = useState(false);
-
-	const { capabilities } = useSystemInfo();
-
-	const { data: rcloneRemotes, isLoading: isLoadingRemotes } = useQuery({
-		...listRcloneRemotesOptions(),
-		enabled: capabilities.rclone,
-	});
-
-	useEffect(() => {
-		form.reset({
-			name: form.getValues().name,
-			isExistingRepository: form.getValues().isExistingRepository,
-			customPassword: form.getValues().customPassword,
-			...defaultValuesForType[watchedBackend as keyof typeof defaultValuesForType],
-		});
-	}, [watchedBackend, form]);
-
-	return (
-		<Form {...form}>
-			<form id={formId} onSubmit={form.handleSubmit(onSubmit)} className={cn("space-y-4", className)}>
-				<FormField
-					control={form.control}
-					name="name"
-					render={({ field }) => (
-						<FormItem>
-							<FormLabel>Name</FormLabel>
-							<FormControl>
-								<Input
-									{...field}
-									placeholder="Repository name"
-									onChange={(e) => field.onChange(slugify(e.target.value))}
-									max={32}
-									min={2}
-								/>
-							</FormControl>
-							<FormDescription>Unique identifier for the repository.</FormDescription>
-							<FormMessage />
-						</FormItem>
-					)}
-				/>
-				<FormField
-					control={form.control}
-					name="backend"
-					render={({ field }) => (
-						<FormItem>
-							<FormLabel>Backend</FormLabel>
-							<Select onValueChange={field.onChange} defaultValue={field.value} value={field.value}>
-								<FormControl>
-									<SelectTrigger>
-										<SelectValue placeholder="Select a backend" />
-									</SelectTrigger>
-								</FormControl>
-								<SelectContent>
-									<SelectItem value="local">Local</SelectItem>
-									<SelectItem value="s3">S3</SelectItem>
-									<SelectItem value="r2">Cloudflare R2</SelectItem>
-									<SelectItem value="gcs">Google Cloud Storage</SelectItem>
-									<SelectItem value="azure">Azure Blob Storage</SelectItem>
-									<SelectItem value="rest">REST Server</SelectItem>
-									<SelectItem value="sftp">SFTP</SelectItem>
-									<Tooltip>
-										<TooltipTrigger>
-											<SelectItem disabled={!capabilities.rclone} value="rclone">
-												rclone (40+ cloud providers)
-											</SelectItem>
-										</TooltipTrigger>
-										<TooltipContent className={cn({ hidden: capabilities.rclone })}>
-											<p>Setup rclone to use this backend</p>
-										</TooltipContent>
-									</Tooltip>
-								</SelectContent>
-							</Select>
-							<FormDescription>Choose the storage backend for this repository.</FormDescription>
-							<FormMessage />
-						</FormItem>
-					)}
-				/>
-
-				<FormField
-					control={form.control}
-					name="compressionMode"
-					render={({ field }) => (
-						<FormItem>
-							<FormLabel>Compression Mode</FormLabel>
-							<Select onValueChange={field.onChange} defaultValue={field.value} value={field.value}>
-								<FormControl>
-									<SelectTrigger>
-										<SelectValue placeholder="Select compression mode" />
-									</SelectTrigger>
-								</FormControl>
-								<SelectContent>
-									<SelectItem value="off">Off</SelectItem>
-									<SelectItem value="auto">Auto (fast)</SelectItem>
-									<SelectItem value="max">Max (slower, better compression)</SelectItem>
-								</SelectContent>
-							</Select>
-							<FormDescription>Compression mode for backups stored in this repository.</FormDescription>
-							<FormMessage />
-						</FormItem>
-					)}
-				/>
-
-				<FormField
-					control={form.control}
-					name="isExistingRepository"
-					render={({ field }) => (
-						<FormItem className="flex flex-row items-center space-x-3">
-							<FormControl>
-								<Checkbox
-									checked={field.value}
-									onCheckedChange={(checked) => {
-										field.onChange(checked);
-										if (!checked) {
-											setPasswordMode("default");
-											setValue("customPassword", undefined);
-										}
-									}}
-								/>
-							</FormControl>
-							<div className="space-y-1">
-								<FormLabel>Import existing repository</FormLabel>
-								<FormDescription>Check this if the repository already exists at the specified location</FormDescription>
-							</div>
-						</FormItem>
-					)}
-				/>
-				{watchedIsExistingRepository && (
-					<>
-						<FormItem>
-							<FormLabel>Repository Password</FormLabel>
-							<Select
-								onValueChange={(value) => {
-									setPasswordMode(value as "default" | "custom");
-									if (value === "default") {
-										setValue("customPassword", undefined);
-									}
-								}}
-								defaultValue={passwordMode}
-								value={passwordMode}
-							>
-								<FormControl>
-									<SelectTrigger>
-										<SelectValue placeholder="Select password option" />
-									</SelectTrigger>
-								</FormControl>
-								<SelectContent>
-									<SelectItem value="default">Use Zerobyte's password</SelectItem>
-									<SelectItem value="custom">Enter password manually</SelectItem>
-								</SelectContent>
-							</Select>
-							<FormDescription>
-								Choose whether to use Zerobyte's master password or enter a custom password for the existing repository.
-							</FormDescription>
-						</FormItem>
-
-						{passwordMode === "custom" && (
-							<FormField
-								control={form.control}
-								name="customPassword"
-								render={({ field }) => (
-									<FormItem>
-										<FormLabel>Repository Password</FormLabel>
-										<FormControl>
-											<Input type="password" placeholder="Enter repository password" {...field} />
-										</FormControl>
-										<FormDescription>
-											The password used to encrypt this repository. It will be stored securely.
-										</FormDescription>
-										<FormMessage />
-									</FormItem>
-								)}
-							/>
-						)}
-					</>
-				)}
-
-				{watchedBackend === "local" && (
-					<>
-						<FormItem>
-							<FormLabel>Repository Directory</FormLabel>
-							<div className="flex items-center gap-2">
-								<div className="flex-1 text-sm font-mono bg-muted px-3 py-2 rounded-md border">
-									{form.watch("path") || "/var/lib/zerobyte/repositories"}
-								</div>
-								<Button type="button" variant="outline" onClick={() => setShowPathWarning(true)} size="sm">
-									Change
-								</Button>
-							</div>
-							<FormDescription>The directory where the repository will be stored.</FormDescription>
-						</FormItem>
-
-						<AlertDialog open={showPathWarning} onOpenChange={setShowPathWarning}>
-							<AlertDialogContent>
-								<AlertDialogHeader>
-									<AlertDialogTitle className="flex items-center gap-2">
-										<AlertTriangle className="h-5 w-5 text-yellow-500" />
-										Important: Host Mount Required
-									</AlertDialogTitle>
-									<AlertDialogDescription className="space-y-3">
-										<p>When selecting a custom path, ensure it is mounted from the host machine into the container.</p>
-										<p className="font-medium">
-											If the path is not a host mount, you will lose your repository data when the container restarts.
-										</p>
-										<p className="text-sm text-muted-foreground">
-											The default path <code className="bg-muted px-1 rounded">/var/lib/zerobyte/repositories</code> is
-											already mounted from the host and is safe to use.
-										</p>
-									</AlertDialogDescription>
-								</AlertDialogHeader>
-								<AlertDialogFooter>
-									<AlertDialogCancel>Cancel</AlertDialogCancel>
-									<AlertDialogAction
-										onClick={() => {
-											setShowPathBrowser(true);
-											setShowPathWarning(false);
-										}}
-									>
-										I Understand, Continue
-									</AlertDialogAction>
-								</AlertDialogFooter>
-							</AlertDialogContent>
-						</AlertDialog>
-
-						<AlertDialog open={showPathBrowser} onOpenChange={setShowPathBrowser}>
-							<AlertDialogContent className="max-w-2xl">
-								<AlertDialogHeader>
-									<AlertDialogTitle>Select Repository Directory</AlertDialogTitle>
-									<AlertDialogDescription>
-										Choose a directory from the filesystem to store the repository.
-									</AlertDialogDescription>
-								</AlertDialogHeader>
-								<div className="py-4">
-									<DirectoryBrowser
-										onSelectPath={(path) => form.setValue("path", path)}
-										selectedPath={form.watch("path") || "/var/lib/zerobyte/repositories"}
-									/>
-								</div>
-								<AlertDialogFooter>
-									<AlertDialogCancel>Cancel</AlertDialogCancel>
-									<AlertDialogAction onClick={() => setShowPathBrowser(false)}>Done</AlertDialogAction>
-								</AlertDialogFooter>
-							</AlertDialogContent>
-						</AlertDialog>
-					</>
-				)}
-
-				{watchedBackend === "s3" && (
-					<>
-						<FormField
-							control={form.control}
-							name="endpoint"
-							render={({ field }) => (
-								<FormItem>
-									<FormLabel>Endpoint</FormLabel>
-									<FormControl>
-										<Input placeholder="s3.amazonaws.com" {...field} />
-									</FormControl>
-									<FormDescription>S3-compatible endpoint URL.</FormDescription>
-									<FormMessage />
-								</FormItem>
-							)}
-						/>
-						<FormField
-							control={form.control}
-							name="bucket"
-							render={({ field }) => (
-								<FormItem>
-									<FormLabel>Bucket</FormLabel>
-									<FormControl>
-										<Input placeholder="my-backup-bucket" {...field} />
-									</FormControl>
-									<FormDescription>S3 bucket name for storing backups.</FormDescription>
-									<FormMessage />
-								</FormItem>
-							)}
-						/>
-						<FormField
-							control={form.control}
-							name="accessKeyId"
-							render={({ field }) => (
-								<FormItem>
-									<FormLabel>Access Key ID</FormLabel>
-									<FormControl>
-										<Input placeholder="AKIAIOSFODNN7EXAMPLE" {...field} />
-									</FormControl>
-									<FormDescription>S3 access key ID for authentication.</FormDescription>
-									<FormMessage />
-								</FormItem>
-							)}
-						/>
-						<FormField
-							control={form.control}
-							name="secretAccessKey"
-							render={({ field }) => (
-								<FormItem>
-									<FormLabel>Secret Access Key</FormLabel>
-									<FormControl>
-										<Input type="password" placeholder="••••••••" {...field} />
-									</FormControl>
-									<FormDescription>S3 secret access key for authentication.</FormDescription>
-									<FormMessage />
-								</FormItem>
-							)}
-						/>
-					</>
-				)}
-
-				{watchedBackend === "r2" && (
-					<>
-						<FormField
-							control={form.control}
-							name="endpoint"
-							render={({ field }) => (
-								<FormItem>
-									<FormLabel>Endpoint</FormLabel>
-									<FormControl>
-										<Input placeholder="<account-id>.r2.cloudflarestorage.com" {...field} />
-									</FormControl>
-									<FormDescription>
-										R2 endpoint (without https://). Find in R2 dashboard under bucket settings.
-									</FormDescription>
-									<FormMessage />
-								</FormItem>
-							)}
-						/>
-						<FormField
-							control={form.control}
-							name="bucket"
-							render={({ field }) => (
-								<FormItem>
-									<FormLabel>Bucket</FormLabel>
-									<FormControl>
-										<Input placeholder="my-backup-bucket" {...field} />
-									</FormControl>
-									<FormDescription>R2 bucket name for storing backups.</FormDescription>
-									<FormMessage />
-								</FormItem>
-							)}
-						/>
-						<FormField
-							control={form.control}
-							name="accessKeyId"
-							render={({ field }) => (
-								<FormItem>
-									<FormLabel>Access Key ID</FormLabel>
-									<FormControl>
-										<Input placeholder="Access Key ID from R2 API tokens" {...field} />
-									</FormControl>
-									<FormDescription>R2 API token Access Key ID (create in Cloudflare R2 dashboard).</FormDescription>
-									<FormMessage />
-								</FormItem>
-							)}
-						/>
-						<FormField
-							control={form.control}
-							name="secretAccessKey"
-							render={({ field }) => (
-								<FormItem>
-									<FormLabel>Secret Access Key</FormLabel>
-									<FormControl>
-										<Input type="password" placeholder="••••••••" {...field} />
-									</FormControl>
-									<FormDescription>R2 API token Secret Access Key (shown once when creating token).</FormDescription>
-									<FormMessage />
-								</FormItem>
-							)}
-						/>
-					</>
-				)}
-
-				{watchedBackend === "gcs" && (
-					<>
-						<FormField
-							control={form.control}
-							name="bucket"
-							render={({ field }) => (
-								<FormItem>
-									<FormLabel>Bucket</FormLabel>
-									<FormControl>
-										<Input placeholder="my-backup-bucket" {...field} />
-									</FormControl>
-									<FormDescription>GCS bucket name for storing backups.</FormDescription>
-									<FormMessage />
-								</FormItem>
-							)}
-						/>
-						<FormField
-							control={form.control}
-							name="projectId"
-							render={({ field }) => (
-								<FormItem>
-									<FormLabel>Project ID</FormLabel>
-									<FormControl>
-										<Input placeholder="my-gcp-project-123" {...field} />
-									</FormControl>
-									<FormDescription>Google Cloud project ID.</FormDescription>
-									<FormMessage />
-								</FormItem>
-							)}
-						/>
-						<FormField
-							control={form.control}
-							name="credentialsJson"
-							render={({ field }) => (
-								<FormItem>
-									<FormLabel>Service Account JSON</FormLabel>
-									<FormControl>
-										<Input type="password" placeholder="Paste service account JSON key..." {...field} />
-									</FormControl>
-									<FormDescription>Service account JSON credentials for authentication.</FormDescription>
-									<FormMessage />
-								</FormItem>
-							)}
-						/>
-					</>
-				)}
-
-				{watchedBackend === "azure" && (
-					<>
-						<FormField
-							control={form.control}
-							name="container"
-							render={({ field }) => (
-								<FormItem>
-									<FormLabel>Container</FormLabel>
-									<FormControl>
-										<Input placeholder="my-backup-container" {...field} />
-									</FormControl>
-									<FormDescription>Azure Blob Storage container name for storing backups.</FormDescription>
-									<FormMessage />
-								</FormItem>
-							)}
-						/>
-						<FormField
-							control={form.control}
-							name="accountName"
-							render={({ field }) => (
-								<FormItem>
-									<FormLabel>Account Name</FormLabel>
-									<FormControl>
-										<Input placeholder="mystorageaccount" {...field} />
-									</FormControl>
-									<FormDescription>Azure Storage account name.</FormDescription>
-									<FormMessage />
-								</FormItem>
-							)}
-						/>
-						<FormField
-							control={form.control}
-							name="accountKey"
-							render={({ field }) => (
-								<FormItem>
-									<FormLabel>Account Key</FormLabel>
-									<FormControl>
-										<Input type="password" placeholder="••••••••" {...field} />
-									</FormControl>
-									<FormDescription>Azure Storage account key for authentication.</FormDescription>
-									<FormMessage />
-								</FormItem>
-							)}
-						/>
-						<FormField
-							control={form.control}
-							name="endpointSuffix"
-							render={({ field }) => (
-								<FormItem>
-									<FormLabel>Endpoint Suffix (Optional)</FormLabel>
-									<FormControl>
-										<Input placeholder="core.windows.net" {...field} />
-									</FormControl>
-									<FormDescription>Custom Azure endpoint suffix (defaults to core.windows.net).</FormDescription>
-									<FormMessage />
-								</FormItem>
-							)}
-						/>
-					</>
-				)}
-
-				{watchedBackend === "rclone" &&
-					(!rcloneRemotes || rcloneRemotes.length === 0 ? (
-						<Alert>
-							<AlertDescription className="space-y-2">
-								<p className="font-medium">No rclone remotes configured</p>
-								<p className="text-sm text-muted-foreground">
-									To use rclone, you need to configure remotes on your host system
-								</p>
-								<a
-									href="https://rclone.org/docs/"
-									target="_blank"
-									rel="noopener noreferrer"
-									className="text-sm text-strong-accent inline-flex items-center gap-1"
-								>
-									View rclone documentation
-									<ExternalLink className="w-3 h-3" />
-								</a>
-							</AlertDescription>
-						</Alert>
-					) : (
-						<>
-							<FormField
-								control={form.control}
-								name="remote"
-								render={({ field }) => (
-									<FormItem>
-										<FormLabel>Remote</FormLabel>
-										<Select onValueChange={(v) => field.onChange(v)} defaultValue={field.value} value={field.value}>
-											<FormControl>
-												<SelectTrigger>
-													<SelectValue placeholder="Select an rclone remote" />
-												</SelectTrigger>
-											</FormControl>
-											<SelectContent>
-												{isLoadingRemotes ? (
-													<SelectItem value="loading" disabled>
-														Loading remotes...
-													</SelectItem>
-												) : (
-													rcloneRemotes.map((remote: { name: string; type: string }) => (
-														<SelectItem key={remote.name} value={remote.name}>
-															{remote.name} ({remote.type})
-														</SelectItem>
-													))
-												)}
-											</SelectContent>
-										</Select>
-										<FormDescription>Select the rclone remote configured on your host system.</FormDescription>
-										<FormMessage />
-									</FormItem>
-								)}
-							/>
-							<FormField
-								control={form.control}
-								name="path"
-								render={({ field }) => (
-									<FormItem>
-										<FormLabel>Path</FormLabel>
-										<FormControl>
-											<Input placeholder="backups/zerobyte" {...field} />
-										</FormControl>
-										<FormDescription>Path within the remote where backups will be stored.</FormDescription>
-										<FormMessage />
-									</FormItem>
-								)}
-							/>
-						</>
-					))}
-
-				{watchedBackend === "rest" && (
-					<>
-						<FormField
-							control={form.control}
-							name="url"
-							render={({ field }) => (
-								<FormItem>
-									<FormLabel>REST Server URL</FormLabel>
-									<FormControl>
-										<Input placeholder="http://192.168.1.30:8000" {...field} />
-									</FormControl>
-									<FormDescription>URL of the REST server.</FormDescription>
-									<FormMessage />
-								</FormItem>
-							)}
-						/>
-						<FormField
-							control={form.control}
-							name="path"
-							render={({ field }) => (
-								<FormItem>
-									<FormLabel>Repository Path (Optional)</FormLabel>
-									<FormControl>
-										<Input placeholder="my-backup-repo" {...field} />
-									</FormControl>
-									<FormDescription>Path to the repository on the REST server (leave empty for root).</FormDescription>
-									<FormMessage />
-								</FormItem>
-							)}
-						/>
-						<FormField
-							control={form.control}
-							name="username"
-							render={({ field }) => (
-								<FormItem>
-									<FormLabel>Username (Optional)</FormLabel>
-									<FormControl>
-										<Input placeholder="username" {...field} />
-									</FormControl>
-									<FormDescription>Username for REST server authentication.</FormDescription>
-									<FormMessage />
-								</FormItem>
-							)}
-						/>
-						<FormField
-							control={form.control}
-							name="password"
-							render={({ field }) => (
-								<FormItem>
-									<FormLabel>Password (Optional)</FormLabel>
-									<FormControl>
-										<Input type="password" placeholder="••••••••" {...field} />
-									</FormControl>
-									<FormDescription>Password for REST server authentication.</FormDescription>
-									<FormMessage />
-								</FormItem>
-							)}
-						/>
-					</>
-				)}
-
-				{watchedBackend === "sftp" && (
-					<>
-						<FormField
-							control={form.control}
-							name="host"
-							render={({ field }) => (
-								<FormItem>
-									<FormLabel>Host</FormLabel>
-									<FormControl>
-										<Input placeholder="192.168.1.100" {...field} />
-									</FormControl>
-									<FormDescription>SFTP server hostname or IP address.</FormDescription>
-									<FormMessage />
-								</FormItem>
-							)}
-						/>
-						<FormField
-							control={form.control}
-							name="port"
-							render={({ field }) => (
-								<FormItem>
-									<FormLabel>Port</FormLabel>
-									<FormControl>
-										<Input
-											type="number"
-											placeholder="22"
-											{...field}
-											onChange={(e) => field.onChange(parseInt(e.target.value, 10))}
-										/>
-									</FormControl>
-									<FormDescription>SSH port (default: 22).</FormDescription>
-									<FormMessage />
-								</FormItem>
-							)}
-						/>
-						<FormField
-							control={form.control}
-							name="user"
-							render={({ field }) => (
-								<FormItem>
-									<FormLabel>User</FormLabel>
-									<FormControl>
-										<Input placeholder="backup-user" {...field} />
-									</FormControl>
-									<FormDescription>SSH username for authentication.</FormDescription>
-									<FormMessage />
-								</FormItem>
-							)}
-						/>
-						<FormField
-							control={form.control}
-							name="path"
-							render={({ field }) => (
-								<FormItem>
-									<FormLabel>Path</FormLabel>
-									<FormControl>
-										<Input placeholder="backups/ironmount" {...field} />
-									</FormControl>
-									<FormDescription>Repository path on the SFTP server. </FormDescription>
-									<FormMessage />
-								</FormItem>
-							)}
-						/>
-						<FormField
-							control={form.control}
-							name="privateKey"
-							render={({ field }) => (
-								<FormItem>
-									<FormLabel>SSH Private Key</FormLabel>
-									<FormControl>
-										<Textarea
-											{...field}
-											placeholder="-----BEGIN OPENSSH PRIVATE KEY-----&#10;...&#10;-----END OPENSSH PRIVATE KEY-----"
-										/>
-									</FormControl>
-									<FormDescription>Paste the contents of your SSH private key.</FormDescription>
-									<FormMessage />
-								</FormItem>
-							)}
-						/>
-					</>
-				)}
-
-				{mode === "update" && (
-					<Button type="submit" className="w-full" loading={loading}>
-						Save Changes
-					</Button>
-				)}
-			</form>
-		</Form>
-	);
-};
diff --git a/app/client/components/create-volume-form.tsx b/app/client/components/create-volume-form.tsx
deleted file mode 100644
index a4fa6920..00000000
--- a/app/client/components/create-volume-form.tsx
+++ /dev/null
@@ -1,593 +0,0 @@
-import { arktypeResolver } from "@hookform/resolvers/arktype";
-import { useMutation } from "@tanstack/react-query";
-import { type } from "arktype";
-import { CheckCircle, Loader2, XCircle } from "lucide-react";
-import { useEffect, useState } from "react";
-import { useForm } from "react-hook-form";
-import { cn, slugify } from "~/client/lib/utils";
-import { deepClean } from "~/utils/object";
-import { DirectoryBrowser } from "./directory-browser";
-import { Button } from "./ui/button";
-import { Form, FormControl, FormDescription, FormField, FormItem, FormLabel, FormMessage } from "./ui/form";
-import { Input } from "./ui/input";
-import { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from "./ui/select";
-import { volumeConfigSchema } from "~/schemas/volumes";
-import { testConnectionMutation } from "../api-client/@tanstack/react-query.gen";
-
-export const formSchema = type({
-	name: "2<=string<=32",
-}).and(volumeConfigSchema);
-const cleanSchema = type.pipe((d) => formSchema(deepClean(d)));
-
-export type FormValues = typeof formSchema.inferIn;
-
-type Props = {
-	onSubmit: (values: FormValues) => void;
-	mode?: "create" | "update";
-	initialValues?: Partial<FormValues>;
-	formId?: string;
-	loading?: boolean;
-	className?: string;
-};
-
-const defaultValuesForType = {
-	directory: { backend: "directory" as const, path: "/" },
-	nfs: { backend: "nfs" as const, port: 2049, version: "4.1" as const },
-	smb: { backend: "smb" as const, port: 445, vers: "3.0" as const },
-	webdav: { backend: "webdav" as const, port: 80, ssl: false },
-};
-
-export const CreateVolumeForm = ({ onSubmit, mode = "create", initialValues, formId, loading, className }: Props) => {
-	const form = useForm<FormValues>({
-		resolver: arktypeResolver(cleanSchema as unknown as typeof formSchema),
-		defaultValues: initialValues,
-		resetOptions: {
-			keepDefaultValues: true,
-			keepDirtyValues: false,
-		},
-	});
-
-	const { watch, getValues } = form;
-
-	const watchedBackend = watch("backend");
-
-	useEffect(() => {
-		if (mode === "create") {
-			form.reset({
-				name: form.getValues().name,
-				...defaultValuesForType[watchedBackend as keyof typeof defaultValuesForType],
-			});
-		}
-	}, [watchedBackend, form, mode]);
-
-	const [testMessage, setTestMessage] = useState<{ success: boolean; message: string } | null>(null);
-
-	const testBackendConnection = useMutation({
-		...testConnectionMutation(),
-		onMutate: () => {
-			setTestMessage(null);
-		},
-		onError: (error) => {
-			setTestMessage({
-				success: false,
-				message: error?.message || "Failed to test connection. Please try again.",
-			});
-		},
-		onSuccess: (data) => {
-			setTestMessage(data);
-		},
-	});
-
-	const handleTestConnection = async () => {
-		const formValues = getValues();
-
-		if (formValues.backend === "nfs" || formValues.backend === "smb" || formValues.backend === "webdav") {
-			testBackendConnection.mutate({
-				body: { config: formValues },
-			});
-		}
-	};
-
-	return (
-		<Form {...form}>
-			<form id={formId} onSubmit={form.handleSubmit(onSubmit)} className={cn("space-y-4", className)}>
-				<FormField
-					control={form.control}
-					name="name"
-					render={({ field }) => (
-						<FormItem>
-							<FormLabel>Name</FormLabel>
-							<FormControl>
-								<Input
-									{...field}
-									placeholder="Volume name"
-									onChange={(e) => field.onChange(slugify(e.target.value))}
-									max={32}
-									min={1}
-								/>
-							</FormControl>
-							<FormDescription>Unique identifier for the volume.</FormDescription>
-							<FormMessage />
-						</FormItem>
-					)}
-				/>
-				<FormField
-					control={form.control}
-					name="backend"
-					render={({ field }) => (
-						<FormItem>
-							<FormLabel>Backend</FormLabel>
-							<Select onValueChange={field.onChange} defaultValue={field.value} value={field.value}>
-								<FormControl>
-									<SelectTrigger>
-										<SelectValue placeholder="Select a backend" />
-									</SelectTrigger>
-								</FormControl>
-								<SelectContent>
-									<SelectItem value="directory">Directory</SelectItem>
-									<SelectItem value="nfs">NFS</SelectItem>
-									<SelectItem value="smb">SMB</SelectItem>
-									<SelectItem value="webdav">WebDAV</SelectItem>
-								</SelectContent>
-							</Select>
-							<FormDescription>Choose the storage backend for this volume.</FormDescription>
-							<FormMessage />
-						</FormItem>
-					)}
-				/>
-
-				{watchedBackend === "directory" && (
-					<FormField
-						control={form.control}
-						name="path"
-						render={({ field }) => {
-							return (
-								<FormItem>
-									<FormLabel>Directory Path</FormLabel>
-									<FormControl>
-										{field.value ? (
-											<div className="flex items-center gap-2">
-												<div className="flex-1 border rounded-md p-3 bg-muted/50">
-													<div className="text-xs font-medium text-muted-foreground mb-1">Selected path:</div>
-													<div className="text-sm font-mono break-all">{field.value}</div>
-												</div>
-												<Button type="button" variant="outline" size="sm" onClick={() => field.onChange("")}>
-													Change
-												</Button>
-											</div>
-										) : (
-											<DirectoryBrowser onSelectPath={(path) => field.onChange(path)} selectedPath={field.value} />
-										)}
-									</FormControl>
-									<FormDescription>Browse and select a directory on the host filesystem to track.</FormDescription>
-									<FormMessage />
-								</FormItem>
-							);
-						}}
-					/>
-				)}
-
-				{watchedBackend === "nfs" && (
-					<>
-						<FormField
-							control={form.control}
-							name="server"
-							render={({ field }) => (
-								<FormItem>
-									<FormLabel>Server</FormLabel>
-									<FormControl>
-										<Input placeholder="192.168.1.100" {...field} />
-									</FormControl>
-									<FormDescription>NFS server IP address or hostname.</FormDescription>
-									<FormMessage />
-								</FormItem>
-							)}
-						/>
-						<FormField
-							control={form.control}
-							name="exportPath"
-							render={({ field }) => (
-								<FormItem>
-									<FormLabel>Export Path</FormLabel>
-									<FormControl>
-										<Input placeholder="/export/data" {...field} />
-									</FormControl>
-									<FormDescription>Path to the NFS export on the server.</FormDescription>
-									<FormMessage />
-								</FormItem>
-							)}
-						/>
-						<FormField
-							control={form.control}
-							name="port"
-							defaultValue={2049}
-							render={({ field }) => (
-								<FormItem>
-									<FormLabel>Port</FormLabel>
-									<FormControl>
-										<Input
-											type="number"
-											placeholder="2049"
-											{...field}
-											onChange={(e) => field.onChange(parseInt(e.target.value, 10) || undefined)}
-										/>
-									</FormControl>
-									<FormDescription>NFS server port (default: 2049).</FormDescription>
-									<FormMessage />
-								</FormItem>
-							)}
-						/>
-						<FormField
-							control={form.control}
-							name="version"
-							defaultValue="4.1"
-							render={({ field }) => (
-								<FormItem>
-									<FormLabel>Version</FormLabel>
-									<Select onValueChange={field.onChange} defaultValue="4.1">
-										<FormControl>
-											<SelectTrigger>
-												<SelectValue placeholder="Select NFS version" />
-											</SelectTrigger>
-										</FormControl>
-										<SelectContent>
-											<SelectItem value="3">NFS v3</SelectItem>
-											<SelectItem value="4">NFS v4</SelectItem>
-											<SelectItem value="4.1">NFS v4.1</SelectItem>
-										</SelectContent>
-									</Select>
-									<FormDescription>NFS protocol version to use.</FormDescription>
-									<FormMessage />
-								</FormItem>
-							)}
-						/>
-						<FormField
-							control={form.control}
-							name="readOnly"
-							defaultValue={false}
-							render={({ field }) => (
-								<FormItem>
-									<FormLabel>Read-only Mode</FormLabel>
-									<FormControl>
-										<div className="flex items-center space-x-2">
-											<input
-												type="checkbox"
-												checked={field.value ?? false}
-												onChange={(e) => field.onChange(e.target.checked)}
-												className="rounded border-gray-300"
-											/>
-											<span className="text-sm">Mount volume as read-only</span>
-										</div>
-									</FormControl>
-									<FormDescription>
-										Prevent any modifications to the volume. Recommended for backup sources and sensitive data.
-									</FormDescription>
-									<FormMessage />
-								</FormItem>
-							)}
-						/>
-					</>
-				)}
-
-				{watchedBackend === "webdav" && (
-					<>
-						<FormField
-							control={form.control}
-							name="server"
-							render={({ field }) => (
-								<FormItem>
-									<FormLabel>Server</FormLabel>
-									<FormControl>
-										<Input placeholder="example.com" {...field} />
-									</FormControl>
-									<FormDescription>WebDAV server hostname or IP address.</FormDescription>
-									<FormMessage />
-								</FormItem>
-							)}
-						/>
-						<FormField
-							control={form.control}
-							name="path"
-							render={({ field }) => (
-								<FormItem>
-									<FormLabel>Path</FormLabel>
-									<FormControl>
-										<Input placeholder="/webdav" {...field} />
-									</FormControl>
-									<FormDescription>Path to the WebDAV directory on the server.</FormDescription>
-									<FormMessage />
-								</FormItem>
-							)}
-						/>
-						<FormField
-							control={form.control}
-							name="username"
-							render={({ field }) => (
-								<FormItem>
-									<FormLabel>Username (Optional)</FormLabel>
-									<FormControl>
-										<Input placeholder="admin" {...field} />
-									</FormControl>
-									<FormDescription>Username for WebDAV authentication (optional).</FormDescription>
-									<FormMessage />
-								</FormItem>
-							)}
-						/>
-						<FormField
-							control={form.control}
-							name="password"
-							render={({ field }) => (
-								<FormItem>
-									<FormLabel>Password (Optional)</FormLabel>
-									<FormControl>
-										<Input type="password" placeholder="••••••••" {...field} />
-									</FormControl>
-									<FormDescription>Password for WebDAV authentication (optional).</FormDescription>
-									<FormMessage />
-								</FormItem>
-							)}
-						/>
-						<FormField
-							control={form.control}
-							name="port"
-							defaultValue={80}
-							render={({ field }) => (
-								<FormItem>
-									<FormLabel>Port</FormLabel>
-									<FormControl>
-										<Input
-											type="number"
-											placeholder="80"
-											{...field}
-											onChange={(e) => field.onChange(parseInt(e.target.value, 10) || undefined)}
-										/>
-									</FormControl>
-									<FormDescription>WebDAV server port (default: 80 for HTTP, 443 for HTTPS).</FormDescription>
-									<FormMessage />
-								</FormItem>
-							)}
-						/>
-						<FormField
-							control={form.control}
-							name="ssl"
-							defaultValue={false}
-							render={({ field }) => (
-								<FormItem>
-									<FormLabel>Use SSL/HTTPS</FormLabel>
-									<FormControl>
-										<div className="flex items-center space-x-2">
-											<input
-												type="checkbox"
-												checked={field.value ?? false}
-												onChange={(e) => field.onChange(e.target.checked)}
-												className="rounded border-gray-300"
-											/>
-											<span className="text-sm">Enable HTTPS for secure connections</span>
-										</div>
-									</FormControl>
-									<FormDescription>Use HTTPS instead of HTTP for secure connections.</FormDescription>
-									<FormMessage />
-								</FormItem>
-							)}
-						/>
-						<FormField
-							control={form.control}
-							name="readOnly"
-							defaultValue={false}
-							render={({ field }) => (
-								<FormItem>
-									<FormLabel>Read-only Mode</FormLabel>
-									<FormControl>
-										<div className="flex items-center space-x-2">
-											<input
-												type="checkbox"
-												checked={field.value ?? false}
-												onChange={(e) => field.onChange(e.target.checked)}
-												className="rounded border-gray-300"
-											/>
-											<span className="text-sm">Mount volume as read-only</span>
-										</div>
-									</FormControl>
-									<FormDescription>
-										Prevent any modifications to the volume. Recommended for backup sources and sensitive data.
-									</FormDescription>
-									<FormMessage />
-								</FormItem>
-							)}
-						/>
-					</>
-				)}
-
-				{watchedBackend === "smb" && (
-					<>
-						<FormField
-							control={form.control}
-							name="server"
-							render={({ field }) => (
-								<FormItem>
-									<FormLabel>Server</FormLabel>
-									<FormControl>
-										<Input placeholder="192.168.1.100" value={field.value} onChange={field.onChange} />
-									</FormControl>
-									<FormDescription>SMB server IP address or hostname.</FormDescription>
-									<FormMessage />
-								</FormItem>
-							)}
-						/>
-						<FormField
-							control={form.control}
-							name="share"
-							render={({ field }) => (
-								<FormItem>
-									<FormLabel>Share</FormLabel>
-									<FormControl>
-										<Input placeholder="myshare" value={field.value} onChange={field.onChange} />
-									</FormControl>
-									<FormDescription>SMB share name on the server.</FormDescription>
-									<FormMessage />
-								</FormItem>
-							)}
-						/>
-						<FormField
-							control={form.control}
-							name="username"
-							render={({ field }) => (
-								<FormItem>
-									<FormLabel>Username</FormLabel>
-									<FormControl>
-										<Input placeholder="admin" value={field.value} onChange={field.onChange} />
-									</FormControl>
-									<FormDescription>Username for SMB authentication.</FormDescription>
-									<FormMessage />
-								</FormItem>
-							)}
-						/>
-						<FormField
-							control={form.control}
-							name="password"
-							render={({ field }) => (
-								<FormItem>
-									<FormLabel>Password</FormLabel>
-									<FormControl>
-										<Input type="password" placeholder="••••••••" value={field.value} onChange={field.onChange} />
-									</FormControl>
-									<FormDescription>Password for SMB authentication.</FormDescription>
-									<FormMessage />
-								</FormItem>
-							)}
-						/>
-						<FormField
-							control={form.control}
-							name="vers"
-							defaultValue="3.0"
-							render={({ field }) => (
-								<FormItem>
-									<FormLabel>SMB Version</FormLabel>
-									<Select onValueChange={field.onChange} defaultValue={field.value || "3.0"}>
-										<FormControl>
-											<SelectTrigger>
-												<SelectValue placeholder="Select SMB version" />
-											</SelectTrigger>
-										</FormControl>
-										<SelectContent>
-											<SelectItem value="1.0">SMB v1.0</SelectItem>
-											<SelectItem value="2.0">SMB v2.0</SelectItem>
-											<SelectItem value="2.1">SMB v2.1</SelectItem>
-											<SelectItem value="3.0">SMB v3.0</SelectItem>
-										</SelectContent>
-									</Select>
-									<FormDescription>SMB protocol version to use (default: 3.0).</FormDescription>
-									<FormMessage />
-								</FormItem>
-							)}
-						/>
-						<FormField
-							control={form.control}
-							name="domain"
-							render={({ field }) => (
-								<FormItem>
-									<FormLabel>Domain (Optional)</FormLabel>
-									<FormControl>
-										<Input placeholder="WORKGROUP" value={field.value} onChange={field.onChange} />
-									</FormControl>
-									<FormDescription>Domain or workgroup for authentication (optional).</FormDescription>
-									<FormMessage />
-								</FormItem>
-							)}
-						/>
-						<FormField
-							control={form.control}
-							name="port"
-							defaultValue={445}
-							render={({ field }) => (
-								<FormItem>
-									<FormLabel>Port</FormLabel>
-									<FormControl>
-										<Input
-											type="number"
-											placeholder="445"
-											value={field.value}
-											defaultValue={445}
-											onChange={(e) => field.onChange(parseInt(e.target.value, 10) || undefined)}
-										/>
-									</FormControl>
-									<FormDescription>SMB server port (default: 445).</FormDescription>
-									<FormMessage />
-								</FormItem>
-							)}
-						/>
-						<FormField
-							control={form.control}
-							name="readOnly"
-							defaultValue={false}
-							render={({ field }) => (
-								<FormItem>
-									<FormLabel>Read-only Mode</FormLabel>
-									<FormControl>
-										<div className="flex items-center space-x-2">
-											<input
-												type="checkbox"
-												checked={field.value ?? false}
-												onChange={(e) => field.onChange(e.target.checked)}
-												className="rounded border-gray-300"
-											/>
-											<span className="text-sm">Mount volume as read-only</span>
-										</div>
-									</FormControl>
-									<FormDescription>
-										Prevent any modifications to the volume. Recommended for backup sources and sensitive data.
-									</FormDescription>
-									<FormMessage />
-								</FormItem>
-							)}
-						/>
-					</>
-				)}
-
-				{watchedBackend && watchedBackend !== "directory" && (
-					<div className="space-y-3">
-						<div className="flex items-center gap-2">
-							<Button
-								type="button"
-								variant="outline"
-								onClick={handleTestConnection}
-								disabled={testBackendConnection.isPending}
-								className="flex-1"
-							>
-								{testBackendConnection.isPending && <Loader2 className="mr-2 h-4 w-4 animate-spin" />}
-								{!testBackendConnection.isPending && testMessage?.success && (
-									<CheckCircle className="mr-2 h-4 w-4 text-green-500" />
-								)}
-								{!testBackendConnection.isPending && testMessage && !testMessage.success && (
-									<XCircle className="mr-2 h-4 w-4 text-red-500" />
-								)}
-								{testBackendConnection.isPending
-									? "Testing..."
-									: testMessage
-										? testMessage.success
-											? "Connection Successful"
-											: "Test Failed"
-										: "Test Connection"}
-							</Button>
-						</div>
-						{testMessage && (
-							<div
-								className={cn("text-xs p-2 rounded-md text-wrap wrap-anywhere", {
-									"bg-green-50 text-green-700 border border-green-200": testMessage.success,
-									"bg-red-50 text-red-700 border border-red-200": !testMessage.success,
-								})}
-							>
-								{testMessage.message}
-							</div>
-						)}
-					</div>
-				)}
-				{mode === "update" && (
-					<Button type="submit" className="w-full" loading={loading}>
-						Save Changes
-					</Button>
-				)}
-			</form>
-		</Form>
-	);
-};
diff --git a/app/client/components/restore-form.tsx b/app/client/components/restore-form.tsx
index 4e4f7790..1891da87 100644
--- a/app/client/components/restore-form.tsx
+++ b/app/client/components/restore-form.tsx
@@ -164,6 +164,7 @@ export function RestoreForm({ snapshot, repositoryName, snapshotId, returnPath }
 						Cancel
 					</Button>
 					<Button variant="primary" onClick={handleRestore} disabled={isRestoring || !canRestore}>
+						<RotateCcw className="h-4 w-4 mr-2" />
 						{isRestoring
 							? "Restoring..."
 							: selectedPaths.size > 0
diff --git a/app/client/components/snapshots-table.tsx b/app/client/components/snapshots-table.tsx
index c03059d2..ebd80fb4 100644
--- a/app/client/components/snapshots-table.tsx
+++ b/app/client/components/snapshots-table.tsx
@@ -1,7 +1,7 @@
 import { useState } from "react";
 import { useMutation, useQueryClient } from "@tanstack/react-query";
 import { Calendar, Clock, Database, FolderTree, HardDrive, Trash2 } from "lucide-react";
-import { useNavigate } from "react-router";
+import { Link, useNavigate } from "react-router";
 import { toast } from "sonner";
 import { ByteSize } from "~/client/components/bytes-size";
 import { Table, TableBody, TableCell, TableHead, TableHeader, TableRow } from "~/client/components/ui/table";
@@ -18,18 +18,17 @@ import {
 	AlertDialogTitle,
 } from "~/client/components/ui/alert-dialog";
 import { formatDuration } from "~/utils/utils";
-import type { ListSnapshotsResponse } from "../api-client";
 import { deleteSnapshotMutation } from "~/client/api-client/@tanstack/react-query.gen";
 import { parseError } from "~/client/lib/errors";
-
-type Snapshot = ListSnapshotsResponse[number];
+import type { BackupSchedule, Snapshot } from "../lib/types";
 
 type Props = {
 	snapshots: Snapshot[];
+	backups: BackupSchedule[];
 	repositoryName: string;
 };
 
-export const SnapshotsTable = ({ snapshots, repositoryName }: Props) => {
+export const SnapshotsTable = ({ snapshots, repositoryName, backups }: Props) => {
 	const navigate = useNavigate();
 	const queryClient = useQueryClient();
 	const [showDeleteConfirm, setShowDeleteConfirm] = useState(false);
@@ -76,6 +75,7 @@ export const SnapshotsTable = ({ snapshots, repositoryName }: Props) => {
 					<TableHeader className="bg-card-header">
 						<TableRow>
 							<TableHead className="uppercase">Snapshot ID</TableHead>
+							<TableHead className="uppercase">Schedule</TableHead>
 							<TableHead className="uppercase">Date & Time</TableHead>
 							<TableHead className="uppercase">Size</TableHead>
 							<TableHead className="uppercase hidden md:table-cell text-right">Duration</TableHead>
@@ -84,71 +84,91 @@ export const SnapshotsTable = ({ snapshots, repositoryName }: Props) => {
 						</TableRow>
 					</TableHeader>
 					<TableBody>
-						{snapshots.map((snapshot) => (
-							<TableRow
-								key={snapshot.short_id}
-								className="hover:bg-accent/50 cursor-pointer"
-								onClick={() => handleRowClick(snapshot.short_id)}
-							>
-								<TableCell className="font-mono text-sm">
-									<div className="flex items-center gap-2">
-										<HardDrive className="h-4 w-4 text-muted-foreground" />
-										<span className="text-strong-accent">{snapshot.short_id}</span>
-									</div>
-								</TableCell>
-								<TableCell>
-									<div className="flex items-center gap-2">
-										<Calendar className="h-4 w-4 text-muted-foreground" />
-										<span className="text-sm">{new Date(snapshot.time).toLocaleString()}</span>
-									</div>
-								</TableCell>
-								<TableCell>
-									<div className="flex items-center gap-2">
-										<Database className="h-4 w-4 text-muted-foreground" />
-										<span className="font-medium">
-											<ByteSize bytes={snapshot.size} base={1024} />
-										</span>
-									</div>
-								</TableCell>
-								<TableCell className="hidden md:table-cell">
-									<div className="flex items-center justify-end gap-2">
-										<Clock className="h-4 w-4 text-muted-foreground" />
-										<span className="text-sm text-muted-foreground">{formatDuration(snapshot.duration / 1000)}</span>
-									</div>
-								</TableCell>
-								<TableCell className="hidden lg:table-cell">
-									<div className="flex items-center justify-end gap-2">
-										<FolderTree className="h-4 w-4 text-muted-foreground" />
-										<Tooltip>
-											<TooltipTrigger asChild>
-												<span className="text-xs bg-primary/10 text-primary rounded-md px-2 py-1 cursor-help">
-													{snapshot.paths.length} {snapshot.paths.length === 1 ? "path" : "paths"}
-												</span>
-											</TooltipTrigger>
-											<TooltipContent side="top" className="max-w-md">
-												<div className="flex flex-col gap-1">
-													{snapshot.paths.map((path) => (
-														<div key={`${snapshot.short_id}-${path}`} className="text-xs font-mono">
-															{path}
-														</div>
-													))}
-												</div>
-											</TooltipContent>
-										</Tooltip>
-									</div>
-								</TableCell>
-								<TableCell className="text-right">
-									<Button
-										variant="ghost"
-										size="sm"
-										onClick={(e) => handleDeleteClick(e, snapshot.short_id)}
-										disabled={deleteSnapshot.isPending}
-									>
-										<Trash2 className="h-4 w-4 text-destructive" />
-									</Button>
-								</TableCell>
-							</TableRow>
-						))}
+						{snapshots.map((snapshot) => {
+							const backupIds = snapshot.tags.map(Number).filter((tag) => !Number.isNaN(tag));
+							const backup = backups.find((b) => backupIds.includes(b.id));
+
+							return (
+								<TableRow
+									key={snapshot.short_id}
+									className="hover:bg-accent/50 cursor-pointer"
+									onClick={() => handleRowClick(snapshot.short_id)}
+								>
+									<TableCell className="font-mono text-sm">
+										<div className="flex items-center gap-2">
+											<HardDrive className="h-4 w-4 text-muted-foreground" />
+											<span className="text-strong-accent">{snapshot.short_id}</span>
+										</div>
+									</TableCell>
+									<TableCell>
+										<div className="flex items-center gap-2">
+											<Link
+												hidden={!backup}
+												to={backup ? `/backups/${backup.id}` : "#"}
+												onClick={(e) => e.stopPropagation()}
+												className="hover:underline"
+											>
+												<span className="text-sm">{backup ? backup.id : "-"}</span>
+											</Link>
+											<span hidden={!!backup} className="text-sm text-muted-foreground">
+												-
+											</span>
+										</div>
+									</TableCell>
+									<TableCell>
+										<div className="flex items-center gap-2">
+											<Calendar className="h-4 w-4 text-muted-foreground" />
+											<span className="text-sm">{new Date(snapshot.time).toLocaleString()}</span>
+										</div>
+									</TableCell>
+									<TableCell>
+										<div className="flex items-center gap-2">
+											<Database className="h-4 w-4 text-muted-foreground" />
+											<span className="font-medium">
+												<ByteSize bytes={snapshot.size} base={1024} />
+											</span>
+										</div>
+									</TableCell>
+									<TableCell className="hidden md:table-cell">
+										<div className="flex items-center justify-end gap-2">
+											<Clock className="h-4 w-4 text-muted-foreground" />
+											<span className="text-sm text-muted-foreground">{formatDuration(snapshot.duration / 1000)}</span>
+										</div>
+									</TableCell>
+									<TableCell className="hidden lg:table-cell">
+										<div className="flex items-center justify-end gap-2">
+											<FolderTree className="h-4 w-4 text-muted-foreground" />
+											<Tooltip>
+												<TooltipTrigger asChild>
+													<span className="text-xs bg-primary/10 text-primary rounded-md px-2 py-1 cursor-help">
+														{snapshot.paths.length} {snapshot.paths.length === 1 ? "path" : "paths"}
+													</span>
+												</TooltipTrigger>
+												<TooltipContent side="top" className="max-w-md">
+													<div className="flex flex-col gap-1">
+														{snapshot.paths.map((path) => (
+															<div key={`${snapshot.short_id}-${path}`} className="text-xs font-mono">
+																{path}
+															</div>
+														))}
+													</div>
+												</TooltipContent>
+											</Tooltip>
+										</div>
+									</TableCell>
+									<TableCell className="text-right">
+										<Button
+											variant="ghost"
+											size="sm"
+											onClick={(e) => handleDeleteClick(e, snapshot.short_id)}
+											disabled={deleteSnapshot.isPending}
+										>
+											<Trash2 className="h-4 w-4 text-destructive" />
+										</Button>
+									</TableCell>
+								</TableRow>
+							);
+						})}
 					</TableBody>
 				</Table>
 			</div>
diff --git a/app/client/components/volume-icon.tsx b/app/client/components/volume-icon.tsx
index 0d3e00ea..3094d86a 100644
--- a/app/client/components/volume-icon.tsx
+++ b/app/client/components/volume-icon.tsx
@@ -31,6 +31,12 @@ const getIconAndColor = (backend: BackendType) => {
 				color: "text-green-600 dark:text-green-400",
 				label: "WebDAV",
 			};
+		case "rclone":
+			return {
+				icon: Cloud,
+				color: "text-cyan-600 dark:text-cyan-400",
+				label: "Rclone",
+			};
 		default:
 			return {
 				icon: Folder,
diff --git a/app/client/hooks/use-server-events.ts b/app/client/hooks/use-server-events.ts
index 43c72051..d7c03777 100644
--- a/app/client/hooks/use-server-events.ts
+++ b/app/client/hooks/use-server-events.ts
@@ -9,7 +9,9 @@ type ServerEventType =
 	| "backup:completed"
 	| "volume:mounted"
 	| "volume:unmounted"
-	| "volume:updated";
+	| "volume:updated"
+	| "mirror:started"
+	| "mirror:completed";
 
 export interface BackupEvent {
 	scheduleId: number;
@@ -35,6 +37,14 @@ export interface VolumeEvent {
 	volumeName: string;
 }
 
+export interface MirrorEvent {
+	scheduleId: number;
+	repositoryId: string;
+	repositoryName: string;
+	status?: "success" | "error";
+	error?: string;
+}
+
 type EventHandler = (data: unknown) => void;
 
 /**
@@ -125,6 +135,27 @@ export function useServerEvents() {
 			});
 		});
 
+		eventSource.addEventListener("mirror:started", (e) => {
+			const data = JSON.parse(e.data) as MirrorEvent;
+			console.log("[SSE] Mirror copy started:", data);
+
+			handlersRef.current.get("mirror:started")?.forEach((handler) => {
+				handler(data);
+			});
+		});
+
+		eventSource.addEventListener("mirror:completed", (e) => {
+			const data = JSON.parse(e.data) as MirrorEvent;
+			console.log("[SSE] Mirror copy completed:", data);
+
+			// Invalidate queries to refresh mirror status in the UI
+			queryClient.invalidateQueries();
+
+			handlersRef.current.get("mirror:completed")?.forEach((handler) => {
+				handler(data);
+			});
+		});
+
 		eventSource.onerror = (error) => {
 			console.error("[SSE] Connection error:", error);
 		};
diff --git a/app/client/modules/backups/components/create-schedule-form.tsx b/app/client/modules/backups/components/create-schedule-form.tsx
index ee4d1d87..8f6de25c 100644
--- a/app/client/modules/backups/components/create-schedule-form.tsx
+++ b/app/client/modules/backups/components/create-schedule-form.tsx
@@ -23,8 +23,11 @@ import type { BackupSchedule, Volume } from "~/client/lib/types";
 import { deepClean } from "~/utils/object";
 
 const internalFormSchema = type({
+	name: "1 <= string <= 32",
 	repositoryId: "string",
 	excludePatternsText: "string?",
+	excludeIfPresentText: "string?",
+	includePatternsText: "string?",
 	includePatterns: "string[]?",
 	frequency: "string",
 	dailyTime: "string?",
@@ -50,8 +53,12 @@ export const weeklyDays = [
 
 type InternalFormValues = typeof internalFormSchema.infer;
 
-export type BackupScheduleFormValues = Omit<InternalFormValues, "excludePatternsText"> & {
+export type BackupScheduleFormValues = Omit<
+	InternalFormValues,
+	"excludePatternsText" | "excludeIfPresentText" | "includePatternsText"
+> & {
 	excludePatterns?: string[];
+	excludeIfPresent?: string[];
 };
 
 type Props = {
@@ -79,13 +86,21 @@ const backupScheduleToFormValues = (schedule?: BackupSchedule): InternalFormValu
 
 	const weeklyDay = frequency === "weekly" ? dayOfWeekPart : undefined;
 
+	const patterns = schedule.includePatterns || [];
+	const isGlobPattern = (p: string) => /[*?[\]]/.test(p);
+	const fileBrowserPaths = patterns.filter((p) => !isGlobPattern(p));
+	const textPatterns = patterns.filter(isGlobPattern);
+
 	return {
+		name: schedule.name,
 		repositoryId: schedule.repositoryId,
 		frequency,
 		dailyTime,
 		weeklyDay,
-		includePatterns: schedule.includePatterns || undefined,
+		includePatterns: fileBrowserPaths.length > 0 ? fileBrowserPaths : undefined,
+		includePatternsText: textPatterns.length > 0 ? textPatterns.join("\n") : undefined,
 		excludePatternsText: schedule.excludePatterns?.join("\n") || undefined,
+		excludeIfPresentText: schedule.excludeIfPresent?.join("\n") || undefined,
 		...schedule.retentionPolicy,
 	};
 };
@@ -98,18 +113,40 @@ export const CreateScheduleForm = ({ initialValues, formId, onSubmit, volume }:
 
 	const handleSubmit = useCallback(
 		(data: InternalFormValues) => {
-			// Convert excludePatternsText string to excludePatterns array
-			const { excludePatternsText, ...rest } = data;
+			const {
+				excludePatternsText,
+				excludeIfPresentText,
+				includePatternsText,
+				includePatterns: fileBrowserPatterns,
+				...rest
+			} = data;
 			const excludePatterns = excludePatternsText
 				? excludePatternsText
 						.split("\n")
 						.map((p) => p.trim())
 						.filter(Boolean)
-				: undefined;
+				: [];
+
+			const excludeIfPresent = excludeIfPresentText
+				? excludeIfPresentText
+						.split("\n")
+						.map((p) => p.trim())
+						.filter(Boolean)
+				: [];
+
+			const textPatterns = includePatternsText
+				? includePatternsText
+						.split("\n")
+						.map((p) => p.trim())
+						.filter(Boolean)
+				: [];
+			const includePatterns = [...(fileBrowserPatterns || []), ...textPatterns];
 
 			onSubmit({
 				...rest,
+				includePatterns: includePatterns.length > 0 ? includePatterns : [],
 				excludePatterns,
+				excludeIfPresent,
 			});
 		},
 		[onSubmit],
@@ -148,6 +185,21 @@ export const CreateScheduleForm = ({ initialValues, formId, onSubmit, volume }:
 							</CardDescription>
 						</CardHeader>
 						<CardContent className="grid gap-6 md:grid-cols-2">
+							<FormField
+								control={form.control}
+								name="name"
+								render={({ field }) => (
+									<FormItem className="md:col-span-2">
+										<FormLabel>Backup name</FormLabel>
+										<FormControl>
+											<Input placeholder="My backup" {...field} />
+										</FormControl>
+										<FormDescription>A unique name to identify this backup schedule.</FormDescription>
+										<FormMessage />
+									</FormItem>
+								)}
+							/>
+
 							<FormField
 								control={form.control}
 								name="repositoryId"
@@ -260,6 +312,7 @@ export const CreateScheduleForm = ({ initialValues, formId, onSubmit, volume }:
 						</CardHeader>
 						<CardContent>
 							<VolumeFileBrowser
+								key={volume.id}
 								volumeName={volume.name}
 								selectedPaths={selectedPaths}
 								onSelectionChange={handleSelectionChange}
@@ -279,6 +332,27 @@ export const CreateScheduleForm = ({ initialValues, formId, onSubmit, volume }:
 									</div>
 								</div>
 							)}
+							<FormField
+								control={form.control}
+								name="includePatternsText"
+								render={({ field }) => (
+									<FormItem className="mt-6">
+										<FormLabel>Additional include patterns</FormLabel>
+										<FormControl>
+											<Textarea
+												{...field}
+												placeholder="/data/**&#10;/config/*.json&#10;*.db"
+												className="font-mono text-sm min-h-[100px]"
+											/>
+										</FormControl>
+										<FormDescription>
+											Optionally add custom include patterns using glob syntax. Enter one pattern per line. These will
+											be combined with the paths selected above.
+										</FormDescription>
+										<FormMessage />
+									</FormItem>
+								)}
+							/>
 						</CardContent>
 					</Card>
 
@@ -320,6 +394,28 @@ export const CreateScheduleForm = ({ initialValues, formId, onSubmit, volume }:
 									</FormItem>
 								)}
 							/>
+							<FormField
+								control={form.control}
+								name="excludeIfPresentText"
+								render={({ field }) => (
+									<FormItem className="mt-6">
+										<FormLabel>Exclude if file present</FormLabel>
+										<FormControl>
+											<Textarea
+												{...field}
+												placeholder=".nobackup&#10;.exclude-from-backup&#10;CACHEDIR.TAG"
+												className="font-mono text-sm min-h-20"
+											/>
+										</FormControl>
+										<FormDescription>
+											Exclude folders containing a file with the specified name. Enter one filename per line. For
+											example, use <code className="bg-muted px-1 rounded">.nobackup</code> to skip any folder
+											containing a <code className="bg-muted px-1 rounded">.nobackup</code> file.
+										</FormDescription>
+										<FormMessage />
+									</FormItem>
+								)}
+							/>
 						</CardContent>
 					</Card>
 
@@ -482,18 +578,27 @@ export const CreateScheduleForm = ({ initialValues, formId, onSubmit, volume }:
 									{repositoriesData?.find((r) => r.id === formValues.repositoryId)?.name || "—"}
 								</p>
 							</div>
-							{formValues.includePatterns && formValues.includePatterns.length > 0 && (
+							{(formValues.includePatterns && formValues.includePatterns.length > 0) ||
+							formValues.includePatternsText ? (
 								<div>
-									<p className="text-xs uppercase text-muted-foreground">Include paths</p>
+									<p className="text-xs uppercase text-muted-foreground">Include paths/patterns</p>
 									<div className="flex flex-col gap-1">
-										{formValues.includePatterns.map((path) => (
+										{formValues.includePatterns?.map((path) => (
 											<span key={path} className="text-xs font-mono bg-accent px-1.5 py-0.5 rounded">
 												{path}
 											</span>
 										))}
+										{formValues.includePatternsText
+											?.split("\n")
+											.filter(Boolean)
+											.map((pattern) => (
+												<span key={pattern} className="text-xs font-mono bg-accent px-1.5 py-0.5 rounded">
+													{pattern.trim()}
+												</span>
+											))}
 									</div>
 								</div>
-							)}
+							) : null}
 							{formValues.excludePatternsText && (
 								<div>
 									<p className="text-xs uppercase text-muted-foreground">Exclude patterns</p>
@@ -509,6 +614,21 @@ export const CreateScheduleForm = ({ initialValues, formId, onSubmit, volume }:
 									</div>
 								</div>
 							)}
+							{formValues.excludeIfPresentText && (
+								<div>
+									<p className="text-xs uppercase text-muted-foreground">Exclude if present</p>
+									<div className="flex flex-col gap-1">
+										{formValues.excludeIfPresentText
+											.split("\n")
+											.filter(Boolean)
+											.map((filename) => (
+												<span key={filename} className="text-xs font-mono bg-accent px-1.5 py-0.5 rounded">
+													{filename.trim()}
+												</span>
+											))}
+									</div>
+								</div>
+							)}
 							<div>
 								<p className="text-xs uppercase text-muted-foreground">Retention</p>
 								<p className="font-medium">
diff --git a/app/client/modules/backups/components/schedule-mirrors-config.tsx b/app/client/modules/backups/components/schedule-mirrors-config.tsx
new file mode 100644
index 00000000..419f5e0e
--- /dev/null
+++ b/app/client/modules/backups/components/schedule-mirrors-config.tsx
@@ -0,0 +1,352 @@
+import { useMutation, useQuery } from "@tanstack/react-query";
+import { Copy, Plus, Trash2 } from "lucide-react";
+import { useEffect, useMemo, useState } from "react";
+import { toast } from "sonner";
+import { Button } from "~/client/components/ui/button";
+import { Card, CardContent, CardDescription, CardHeader, CardTitle } from "~/client/components/ui/card";
+import { Switch } from "~/client/components/ui/switch";
+import { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from "~/client/components/ui/select";
+import { Table, TableBody, TableCell, TableHead, TableHeader, TableRow } from "~/client/components/ui/table";
+import { Badge } from "~/client/components/ui/badge";
+import { Tooltip, TooltipContent, TooltipTrigger } from "~/client/components/ui/tooltip";
+import {
+	getScheduleMirrorsOptions,
+	getMirrorCompatibilityOptions,
+	updateScheduleMirrorsMutation,
+} from "~/client/api-client/@tanstack/react-query.gen";
+import { parseError } from "~/client/lib/errors";
+import type { Repository } from "~/client/lib/types";
+import { RepositoryIcon } from "~/client/components/repository-icon";
+import { StatusDot } from "~/client/components/status-dot";
+import { formatDistanceToNow } from "date-fns";
+import { Link } from "react-router";
+import { cn } from "~/client/lib/utils";
+
+type Props = {
+	scheduleId: number;
+	primaryRepositoryId: string;
+	repositories: Repository[];
+};
+
+type MirrorAssignment = {
+	repositoryId: string;
+	enabled: boolean;
+	lastCopyAt: number | null;
+	lastCopyStatus: "success" | "error" | null;
+	lastCopyError: string | null;
+};
+
+export const ScheduleMirrorsConfig = ({ scheduleId, primaryRepositoryId, repositories }: Props) => {
+	const [assignments, setAssignments] = useState<Map<string, MirrorAssignment>>(new Map());
+	const [hasChanges, setHasChanges] = useState(false);
+	const [isAddingNew, setIsAddingNew] = useState(false);
+
+	const { data: currentMirrors } = useQuery({
+		...getScheduleMirrorsOptions({ path: { scheduleId: scheduleId.toString() } }),
+	});
+
+	const { data: compatibility } = useQuery({
+		...getMirrorCompatibilityOptions({ path: { scheduleId: scheduleId.toString() } }),
+	});
+
+	const updateMirrors = useMutation({
+		...updateScheduleMirrorsMutation(),
+		onSuccess: () => {
+			toast.success("Mirror settings saved successfully");
+			setHasChanges(false);
+		},
+		onError: (error) => {
+			toast.error("Failed to save mirror settings", {
+				description: parseError(error)?.message,
+			});
+		},
+	});
+
+	const compatibilityMap = useMemo(() => {
+		const map = new Map<string, { compatible: boolean; reason: string | null }>();
+		if (compatibility) {
+			for (const item of compatibility) {
+				map.set(item.repositoryId, { compatible: item.compatible, reason: item.reason });
+			}
+		}
+		return map;
+	}, [compatibility]);
+
+	useEffect(() => {
+		if (currentMirrors && !hasChanges) {
+			const map = new Map<string, MirrorAssignment>();
+			for (const mirror of currentMirrors) {
+				map.set(mirror.repositoryId, {
+					repositoryId: mirror.repositoryId,
+					enabled: mirror.enabled,
+					lastCopyAt: mirror.lastCopyAt,
+					lastCopyStatus: mirror.lastCopyStatus,
+					lastCopyError: mirror.lastCopyError,
+				});
+			}
+
+			setAssignments(map);
+		}
+	}, [currentMirrors, hasChanges]);
+
+	const addRepository = (repositoryId: string) => {
+		const newAssignments = new Map(assignments);
+		newAssignments.set(repositoryId, {
+			repositoryId,
+			enabled: true,
+			lastCopyAt: null,
+			lastCopyStatus: null,
+			lastCopyError: null,
+		});
+
+		setAssignments(newAssignments);
+		setHasChanges(true);
+		setIsAddingNew(false);
+	};
+
+	const removeRepository = (repositoryId: string) => {
+		const newAssignments = new Map(assignments);
+		newAssignments.delete(repositoryId);
+		setAssignments(newAssignments);
+		setHasChanges(true);
+	};
+
+	const toggleEnabled = (repositoryId: string) => {
+		const assignment = assignments.get(repositoryId);
+		if (!assignment) return;
+
+		const newAssignments = new Map(assignments);
+		newAssignments.set(repositoryId, {
+			...assignment,
+			enabled: !assignment.enabled,
+		});
+
+		setAssignments(newAssignments);
+		setHasChanges(true);
+	};
+
+	const handleSave = () => {
+		const mirrorsList = Array.from(assignments.values()).map((a) => ({
+			repositoryId: a.repositoryId,
+			enabled: a.enabled,
+		}));
+		updateMirrors.mutate({
+			path: { scheduleId: scheduleId.toString() },
+			body: {
+				mirrors: mirrorsList,
+			},
+		});
+	};
+
+	const handleReset = () => {
+		if (currentMirrors) {
+			const map = new Map<string, MirrorAssignment>();
+			for (const mirror of currentMirrors) {
+				map.set(mirror.repositoryId, {
+					repositoryId: mirror.repositoryId,
+					enabled: mirror.enabled,
+					lastCopyAt: mirror.lastCopyAt,
+					lastCopyStatus: mirror.lastCopyStatus,
+					lastCopyError: mirror.lastCopyError,
+				});
+			}
+			setAssignments(map);
+			setHasChanges(false);
+		}
+	};
+
+	const selectableRepositories =
+		repositories?.filter((r) => {
+			if (r.id === primaryRepositoryId) return false;
+			if (assignments.has(r.id)) return false;
+			return true;
+		}) || [];
+
+	const hasAvailableRepositories = selectableRepositories.some((r) => {
+		const compat = compatibilityMap.get(r.id);
+		return compat?.compatible !== false;
+	});
+
+	const assignedRepositories = Array.from(assignments.keys())
+		.map((id) => repositories?.find((r) => r.id === id))
+		.filter((r) => r !== undefined);
+
+	const getStatusVariant = (status: "success" | "error" | null) => {
+		if (status === "success") return "success";
+		if (status === "error") return "error";
+		return "neutral";
+	};
+
+	const getStatusLabel = (assignment: MirrorAssignment) => {
+		if (assignment.lastCopyStatus === "error" && assignment.lastCopyError) {
+			return assignment.lastCopyError;
+		}
+		if (assignment.lastCopyStatus === "success") {
+			return "Last copy successful";
+		}
+		return "Never copied";
+	};
+
+	return (
+		<Card>
+			<CardHeader>
+				<div className="flex items-center justify-between">
+					<div>
+						<CardTitle className="flex items-center gap-2">
+							<Copy className="h-5 w-5" />
+							Mirror Repositories
+						</CardTitle>
+						<CardDescription>
+							Configure secondary repositories where snapshots will be automatically copied after each backup
+						</CardDescription>
+					</div>
+					{!isAddingNew && selectableRepositories.length > 0 && (
+						<Button variant="outline" size="sm" onClick={() => setIsAddingNew(true)}>
+							<Plus className="h-4 w-4 mr-2" />
+							Add mirror
+						</Button>
+					)}
+				</div>
+			</CardHeader>
+			<CardContent>
+				{isAddingNew && (
+					<div className="mb-6 flex items-center gap-2 max-w-md">
+						<Select onValueChange={addRepository}>
+							<SelectTrigger className="w-full">
+								<SelectValue placeholder="Select a repository to mirror to..." />
+							</SelectTrigger>
+							<SelectContent>
+								{selectableRepositories.map((repository) => {
+									const compat = compatibilityMap.get(repository.id);
+
+									return (
+										<Tooltip key={repository.id}>
+											<TooltipTrigger asChild>
+												<div>
+													<SelectItem value={repository.id} disabled={!compat?.compatible}>
+														<div className="flex items-center gap-2">
+															<RepositoryIcon backend={repository.type} className="h-4 w-4" />
+															<span>{repository.name}</span>
+															<span className="text-xs uppercase text-muted-foreground">({repository.type})</span>
+														</div>
+													</SelectItem>
+												</div>
+											</TooltipTrigger>
+											<TooltipContent side="right" className={cn("max-w-xs", { hidden: compat?.compatible })}>
+												<p>{compat?.reason || "This repository is not compatible for mirroring."}</p>
+												<p className="mt-1 text-xs text-muted-foreground">
+													Consider creating a new backup scheduler with the desired destination instead.
+												</p>
+											</TooltipContent>
+										</Tooltip>
+									);
+								})}
+								{!hasAvailableRepositories && selectableRepositories.length > 0 && (
+									<div className="px-2 py-3 text-sm text-muted-foreground text-center">
+										All available repositories have conflicting backends.
+										<br />
+										<span className="text-xs">
+											Consider creating a new backup scheduler with the desired destination instead.
+										</span>
+									</div>
+								)}
+							</SelectContent>
+						</Select>
+						<Button variant="ghost" size="sm" onClick={() => setIsAddingNew(false)}>
+							Cancel
+						</Button>
+					</div>
+				)}
+
+				{assignedRepositories.length === 0 ? (
+					<div className="flex flex-col items-center justify-center py-8 text-center text-muted-foreground">
+						<Copy className="h-8 w-8 mb-2 opacity-20" />
+						<p className="text-sm">No mirror repositories configured for this schedule.</p>
+						<p className="text-xs mt-1">Click "Add mirror" to replicate backups to additional repositories.</p>
+					</div>
+				) : (
+					<div className="rounded-md border">
+						<Table>
+							<TableHeader>
+								<TableRow>
+									<TableHead>Repository</TableHead>
+									<TableHead className="text-center w-[100px]">Enabled</TableHead>
+									<TableHead className="w-[180px]">Last Copy</TableHead>
+									<TableHead className="w-[50px]"></TableHead>
+								</TableRow>
+							</TableHeader>
+							<TableBody>
+								{assignedRepositories.map((repository) => {
+									const assignment = assignments.get(repository.id);
+									if (!assignment) return null;
+
+									return (
+										<TableRow key={repository.id}>
+											<TableCell>
+												<div className="flex items-center gap-2">
+													<Link
+														to={`/repositories/${repository.name}`}
+														className="hover:underline flex items-center gap-2"
+													>
+														<RepositoryIcon backend={repository.type} className="h-4 w-4" />
+														<span className="font-medium">{repository.name}</span>
+													</Link>
+													<Badge variant="outline" className="text-[10px] align-middle">
+														{repository.type}
+													</Badge>
+												</div>
+											</TableCell>
+											<TableCell className="text-center">
+												<Switch
+													className="align-middle"
+													checked={assignment.enabled}
+													onCheckedChange={() => toggleEnabled(repository.id)}
+												/>
+											</TableCell>
+											<TableCell>
+												{assignment.lastCopyAt ? (
+													<div className="flex items-center gap-2">
+														<StatusDot
+															variant={getStatusVariant(assignment.lastCopyStatus)}
+															label={getStatusLabel(assignment)}
+														/>
+														<span className="text-sm text-muted-foreground">
+															{formatDistanceToNow(new Date(assignment.lastCopyAt), { addSuffix: true })}
+														</span>
+													</div>
+												) : (
+													<span className="text-sm text-muted-foreground">Never</span>
+												)}
+											</TableCell>
+											<TableCell>
+												<Button
+													variant="ghost"
+													size="icon"
+													onClick={() => removeRepository(repository.id)}
+													className="h-8 w-8 text-muted-foreground hover:text-destructive align-baseline"
+												>
+													<Trash2 className="h-4 w-4" />
+												</Button>
+											</TableCell>
+										</TableRow>
+									);
+								})}
+							</TableBody>
+						</Table>
+					</div>
+				)}
+
+				{hasChanges && (
+					<div className="flex gap-2 justify-end mt-4 pt-4">
+						<Button variant="outline" size="sm" onClick={handleReset}>
+							Cancel
+						</Button>
+						<Button variant="default" size="sm" onClick={handleSave} loading={updateMirrors.isPending}>
+							Save changes
+						</Button>
+					</div>
+				)}
+			</CardContent>
+		</Card>
+	);
+};
diff --git a/app/client/modules/backups/components/schedule-notifications-config.tsx b/app/client/modules/backups/components/schedule-notifications-config.tsx
index 40358c96..820e72b7 100644
--- a/app/client/modules/backups/components/schedule-notifications-config.tsx
+++ b/app/client/modules/backups/components/schedule-notifications-config.tsx
@@ -24,6 +24,7 @@ type NotificationAssignment = {
 	destinationId: number;
 	notifyOnStart: boolean;
 	notifyOnSuccess: boolean;
+	notifyOnWarning: boolean;
 	notifyOnFailure: boolean;
 };
 
@@ -57,6 +58,7 @@ export const ScheduleNotificationsConfig = ({ scheduleId, destinations }: Props)
 					destinationId: assignment.destinationId,
 					notifyOnStart: assignment.notifyOnStart,
 					notifyOnSuccess: assignment.notifyOnSuccess,
+					notifyOnWarning: assignment.notifyOnWarning,
 					notifyOnFailure: assignment.notifyOnFailure,
 				});
 			}
@@ -72,6 +74,7 @@ export const ScheduleNotificationsConfig = ({ scheduleId, destinations }: Props)
 			destinationId: id,
 			notifyOnStart: false,
 			notifyOnSuccess: false,
+			notifyOnWarning: true,
 			notifyOnFailure: true,
 		});
 
@@ -87,7 +90,10 @@ export const ScheduleNotificationsConfig = ({ scheduleId, destinations }: Props)
 		setHasChanges(true);
 	};
 
-	const toggleEvent = (destinationId: number, event: "notifyOnStart" | "notifyOnSuccess" | "notifyOnFailure") => {
+	const toggleEvent = (
+		destinationId: number,
+		event: "notifyOnStart" | "notifyOnSuccess" | "notifyOnWarning" | "notifyOnFailure",
+	) => {
 		const assignment = assignments.get(destinationId);
 		if (!assignment) return;
 
@@ -119,6 +125,7 @@ export const ScheduleNotificationsConfig = ({ scheduleId, destinations }: Props)
 					destinationId: assignment.destinationId,
 					notifyOnStart: assignment.notifyOnStart,
 					notifyOnSuccess: assignment.notifyOnSuccess,
+					notifyOnWarning: assignment.notifyOnWarning,
 					notifyOnFailure: assignment.notifyOnFailure,
 				});
 			}
@@ -193,7 +200,8 @@ export const ScheduleNotificationsConfig = ({ scheduleId, destinations }: Props)
 									<TableHead>Destination</TableHead>
 									<TableHead className="text-center w-[100px]">Start</TableHead>
 									<TableHead className="text-center w-[100px]">Success</TableHead>
-									<TableHead className="text-center w-[100px]">Failure</TableHead>
+									<TableHead className="text-center w-[100px]">Warnings</TableHead>
+									<TableHead className="text-center w-[100px]">Failures</TableHead>
 									<TableHead className="w-[50px]"></TableHead>
 								</TableRow>
 							</TableHeader>
@@ -226,6 +234,13 @@ export const ScheduleNotificationsConfig = ({ scheduleId, destinations }: Props)
 													onCheckedChange={() => toggleEvent(destination.id, "notifyOnSuccess")}
 												/>
 											</TableCell>
+											<TableCell className="text-center">
+												<Switch
+													className="align-middle"
+													checked={assignment.notifyOnWarning}
+													onCheckedChange={() => toggleEvent(destination.id, "notifyOnWarning")}
+												/>
+											</TableCell>
 											<TableCell className="text-center">
 												<Switch
 													className="align-middle"
diff --git a/app/client/modules/backups/components/schedule-summary.tsx b/app/client/modules/backups/components/schedule-summary.tsx
index 4422c775..8bdd3b9d 100644
--- a/app/client/modules/backups/components/schedule-summary.tsx
+++ b/app/client/modules/backups/components/schedule-summary.tsx
@@ -1,4 +1,4 @@
-import { Eraser, Pencil, Play, Square, Trash2 } from "lucide-react";
+import { Check, Database, Eraser, HardDrive, Pencil, Play, Square, Trash2, X } from "lucide-react";
 import { useMemo, useState } from "react";
 import { OnOff } from "~/client/components/onoff";
 import { Button } from "~/client/components/ui/button";
@@ -18,6 +18,7 @@ import { runForgetMutation } from "~/client/api-client/@tanstack/react-query.gen
 import { useMutation } from "@tanstack/react-query";
 import { toast } from "sonner";
 import { parseError } from "~/client/lib/errors";
+import { Link } from "react-router";
 
 type Props = {
 	schedule: BackupSchedule;
@@ -82,10 +83,17 @@ export const ScheduleSummary = (props: Props) => {
 				<CardHeader className="space-y-4">
 					<div className="flex flex-col sm:flex-row sm:items-center sm:justify-between gap-4">
 						<div>
-							<CardTitle>Backup schedule</CardTitle>
-							<CardDescription>
-								Automated backup configuration for volume&nbsp;
-								<strong className="text-strong-accent">{schedule.volume.name}</strong>
+							<CardTitle>{schedule.name}</CardTitle>
+							<CardDescription className="mt-1">
+								<Link to={`/volumes/${schedule.volume.name}`} className="hover:underline">
+									<HardDrive className="inline h-4 w-4 mr-2" />
+									<span>{schedule.volume.name}</span>
+								</Link>
+								<span className="mx-2">→</span>
+								<Link to={`/repositories/${schedule.repository.name}`} className="hover:underline">
+									<Database className="inline h-4 w-4 mr-2 text-strong-accent" />
+									<span className="text-strong-accent">{schedule.repository.name}</span>
+								</Link>
 							</CardDescription>
 						</div>
 						<div className="flex items-center gap-2 justify-between sm:justify-start">
@@ -220,8 +228,14 @@ export const ScheduleSummary = (props: Props) => {
 						</AlertDialogDescription>
 					</AlertDialogHeader>
 					<div className="flex gap-3 justify-end">
-						<AlertDialogCancel>Cancel</AlertDialogCancel>
-						<AlertDialogAction onClick={handleConfirmForget}>Run cleanup</AlertDialogAction>
+						<AlertDialogCancel>
+							<X className="h-4 w-4 mr-2" />
+							Cancel
+						</AlertDialogCancel>
+						<AlertDialogAction onClick={handleConfirmForget}>
+							<Check className="h-4 w-4 mr-2" />
+							Run cleanup
+						</AlertDialogAction>
 					</div>
 				</AlertDialogContent>
 			</AlertDialog>
diff --git a/app/client/modules/backups/components/snapshot-file-browser.tsx b/app/client/modules/backups/components/snapshot-file-browser.tsx
index 8ace50be..40804f16 100644
--- a/app/client/modules/backups/components/snapshot-file-browser.tsx
+++ b/app/client/modules/backups/components/snapshot-file-browser.tsx
@@ -1,6 +1,6 @@
 import { useCallback } from "react";
 import { useQuery, useQueryClient } from "@tanstack/react-query";
-import { FileIcon } from "lucide-react";
+import { FileIcon, RotateCcw, Trash2 } from "lucide-react";
 import { Link } from "react-router";
 import { FileTree } from "~/client/components/file-tree";
 import { Card, CardContent, CardDescription, CardHeader, CardTitle } from "~/client/components/ui/card";
@@ -98,6 +98,7 @@ export const SnapshotFileBrowser = (props: Props) => {
 								}
 								className={buttonVariants({ variant: "primary", size: "sm" })}
 							>
+								<RotateCcw className="h-4 w-4" />
 								Restore
 							</Link>
 							{onDeleteSnapshot && (
@@ -108,6 +109,7 @@ export const SnapshotFileBrowser = (props: Props) => {
 									disabled={isDeletingSnapshot}
 									loading={isDeletingSnapshot}
 								>
+									<Trash2 className="h-4 w-4 mr-2" />
 									{isDeletingSnapshot ? "Deleting..." : "Delete Snapshot"}
 								</Button>
 							)}
diff --git a/app/client/modules/backups/routes/backup-details.tsx b/app/client/modules/backups/routes/backup-details.tsx
index 09433c1b..4804c4b7 100644
--- a/app/client/modules/backups/routes/backup-details.tsx
+++ b/app/client/modules/backups/routes/backup-details.tsx
@@ -2,6 +2,7 @@ import { useId, useState } from "react";
 import { useQuery, useMutation } from "@tanstack/react-query";
 import { redirect, useNavigate } from "react-router";
 import { toast } from "sonner";
+import { Save, X } from "lucide-react";
 import { Button } from "~/client/components/ui/button";
 import {
 	AlertDialog,
@@ -29,15 +30,16 @@ import { ScheduleSummary } from "../components/schedule-summary";
 import type { Route } from "./+types/backup-details";
 import { SnapshotFileBrowser } from "../components/snapshot-file-browser";
 import { SnapshotTimeline } from "../components/snapshot-timeline";
-import { getBackupSchedule, listNotificationDestinations } from "~/client/api-client";
+import { getBackupSchedule, listNotificationDestinations, listRepositories } from "~/client/api-client";
 import { ScheduleNotificationsConfig } from "../components/schedule-notifications-config";
+import { ScheduleMirrorsConfig } from "../components/schedule-mirrors-config";
 import { cn } from "~/client/lib/utils";
 
 export const handle = {
-	breadcrumb: (match: Route.MetaArgs) => [
-		{ label: "Backups", href: "/backups" },
-		{ label: `Schedule #${match.params.id}` },
-	],
+	breadcrumb: (match: Route.MetaArgs) => {
+		const data = match.loaderData;
+		return [{ label: "Backups", href: "/backups" }, { label: data.schedule.name }];
+	},
 };
 
 export function meta(_: Route.MetaArgs) {
@@ -53,10 +55,11 @@ export function meta(_: Route.MetaArgs) {
 export const clientLoader = async ({ params }: Route.LoaderArgs) => {
 	const schedule = await getBackupSchedule({ path: { scheduleId: params.id } });
 	const notifs = await listNotificationDestinations();
+	const repos = await listRepositories();
 
 	if (!schedule.data) return redirect("/backups");
 
-	return { schedule: schedule.data, notifs: notifs.data };
+	return { schedule: schedule.data, notifs: notifs.data, repos: repos.data };
 };
 
 export default function ScheduleDetailsPage({ params, loaderData }: Route.ComponentProps) {
@@ -70,8 +73,6 @@ export default function ScheduleDetailsPage({ params, loaderData }: Route.Compon
 	const { data: schedule } = useQuery({
 		...getBackupScheduleOptions({ path: { scheduleId: params.id } }),
 		initialData: loaderData.schedule,
-		refetchInterval: 10000,
-		refetchOnWindowFocus: true,
 	});
 
 	const {
@@ -153,12 +154,14 @@ export default function ScheduleDetailsPage({ params, loaderData }: Route.Compon
 		updateSchedule.mutate({
 			path: { scheduleId: schedule.id.toString() },
 			body: {
+				name: formValues.name,
 				repositoryId: formValues.repositoryId,
 				enabled: schedule.enabled,
 				cronExpression,
 				retentionPolicy: Object.keys(retentionPolicy).length > 0 ? retentionPolicy : undefined,
 				includePatterns: formValues.includePatterns,
 				excludePatterns: formValues.excludePatterns,
+				excludeIfPresent: formValues.excludeIfPresent,
 			},
 		});
 	};
@@ -171,8 +174,9 @@ export default function ScheduleDetailsPage({ params, loaderData }: Route.Compon
 				enabled,
 				cronExpression: schedule.cronExpression,
 				retentionPolicy: schedule.retentionPolicy || undefined,
-				includePatterns: schedule.includePatterns || undefined,
-				excludePatterns: schedule.excludePatterns || undefined,
+				includePatterns: schedule.includePatterns || [],
+				excludePatterns: schedule.excludePatterns || [],
+				excludeIfPresent: schedule.excludeIfPresent || [],
 			},
 		});
 	};
@@ -203,9 +207,11 @@ export default function ScheduleDetailsPage({ params, loaderData }: Route.Compon
 				<CreateScheduleForm volume={schedule.volume} initialValues={schedule} onSubmit={handleSubmit} formId={formId} />
 				<div className="flex justify-end mt-4 gap-2">
 					<Button type="submit" className="ml-auto" variant="primary" form={formId} loading={updateSchedule.isPending}>
+						<Save className="h-4 w-4 mr-2" />
 						Update schedule
 					</Button>
 					<Button variant="outline" onClick={() => setIsEditMode(false)}>
+						<X className="h-4 w-4 mr-2" />
 						Cancel
 					</Button>
 				</div>
@@ -228,6 +234,13 @@ export default function ScheduleDetailsPage({ params, loaderData }: Route.Compon
 			<div className={cn({ hidden: !loaderData.notifs?.length })}>
 				<ScheduleNotificationsConfig scheduleId={schedule.id} destinations={loaderData.notifs ?? []} />
 			</div>
+			<div className={cn({ hidden: !loaderData.repos?.length || loaderData.repos.length < 2 })}>
+				<ScheduleMirrorsConfig
+					scheduleId={schedule.id}
+					primaryRepositoryId={schedule.repositoryId}
+					repositories={loaderData.repos ?? []}
+				/>
+			</div>
 			<SnapshotTimeline
 				loading={isLoading}
 				snapshots={snapshots ?? []}
diff --git a/app/client/modules/backups/routes/backups.tsx b/app/client/modules/backups/routes/backups.tsx
index 505d124b..651c86f4 100644
--- a/app/client/modules/backups/routes/backups.tsx
+++ b/app/client/modules/backups/routes/backups.tsx
@@ -33,8 +33,6 @@ export default function Backups({ loaderData }: Route.ComponentProps) {
 	const { data: schedules, isLoading } = useQuery({
 		...listBackupSchedulesOptions(),
 		initialData: loaderData,
-		refetchInterval: 10000,
-		refetchOnWindowFocus: true,
 	});
 
 	if (isLoading) {
@@ -69,13 +67,11 @@ export default function Backups({ loaderData }: Route.ComponentProps) {
 				{schedules.map((schedule) => (
 					<Link key={schedule.id} to={`/backups/${schedule.id}`}>
 						<Card key={schedule.id} className="flex flex-col h-full">
-							<CardHeader className="pb-3">
-								<div className="flex items-start justify-between gap-2">
-									<div className="flex items-center gap-2 flex-1 min-w-0">
-										<HardDrive className="h-5 w-5 text-muted-foreground shrink-0" />
-										<CardTitle className="text-lg truncate">
-											Volume <span className="text-strong-accent">{schedule.volume.name}</span>
-										</CardTitle>
+							<CardHeader className="pb-3 overflow-hidden">
+								<div className="flex items-center justify-between gap-2 w-full">
+									<div className="flex items-center gap-2 flex-1 min-w-0 w-0">
+										<CalendarClock className="h-5 w-5 text-muted-foreground shrink-0" />
+										<CardTitle className="text-lg truncate">{schedule.name}</CardTitle>
 									</div>
 									<BackupStatusDot
 										enabled={schedule.enabled}
@@ -83,9 +79,12 @@ export default function Backups({ loaderData }: Route.ComponentProps) {
 										isInProgress={schedule.lastBackupStatus === "in_progress"}
 									/>
 								</div>
-								<CardDescription className="flex items-center gap-2 mt-2">
-									<Database className="h-4 w-4" />
-									<span className="truncate">{schedule.repository.name}</span>
+								<CardDescription className="ml-0.5 flex items-center gap-2 text-xs">
+									<HardDrive className="h-3.5 w-3.5" />
+									<span className="truncate">{schedule.volume.name}</span>
+									<span className="text-muted-foreground">→</span>
+									<Database className="h-3.5 w-3.5 text-strong-accent" />
+									<span className="truncate text-strong-accent">{schedule.repository.name}</span>
 								</CardDescription>
 							</CardHeader>
 							<CardContent className="flex-1 space-y-4">
diff --git a/app/client/modules/backups/routes/create-backup.tsx b/app/client/modules/backups/routes/create-backup.tsx
index f982086b..f0c47639 100644
--- a/app/client/modules/backups/routes/create-backup.tsx
+++ b/app/client/modules/backups/routes/create-backup.tsx
@@ -1,6 +1,6 @@
 import { useId, useState } from "react";
 import { useMutation, useQuery } from "@tanstack/react-query";
-import { Database, HardDrive } from "lucide-react";
+import { Database, HardDrive, Plus } from "lucide-react";
 import { Link, useNavigate } from "react-router";
 import { toast } from "sonner";
 import {
@@ -83,6 +83,7 @@ export default function CreateBackup({ loaderData }: Route.ComponentProps) {
 
 		createSchedule.mutate({
 			body: {
+				name: formValues.name,
 				volumeId: selectedVolumeId,
 				repositoryId: formValues.repositoryId,
 				enabled: true,
@@ -90,6 +91,7 @@ export default function CreateBackup({ loaderData }: Route.ComponentProps) {
 				retentionPolicy: Object.keys(retentionPolicy).length > 0 ? retentionPolicy : undefined,
 				includePatterns: formValues.includePatterns,
 				excludePatterns: formValues.excludePatterns,
+				excludeIfPresent: formValues.excludeIfPresent,
 			},
 		});
 	};
@@ -160,6 +162,7 @@ export default function CreateBackup({ loaderData }: Route.ComponentProps) {
 					<CreateScheduleForm volume={selectedVolume} onSubmit={handleSubmit} formId={formId} />
 					<div className="flex justify-end mt-4 gap-2">
 						<Button type="submit" variant="primary" form={formId} loading={createSchedule.isPending}>
+							<Plus className="h-4 w-4 mr-2" />
 							Create
 						</Button>
 					</div>
diff --git a/app/client/modules/notifications/components/create-notification-form.tsx b/app/client/modules/notifications/components/create-notification-form.tsx
index 350536da..dc89d550 100644
--- a/app/client/modules/notifications/components/create-notification-form.tsx
+++ b/app/client/modules/notifications/components/create-notification-form.tsx
@@ -198,7 +198,7 @@ export const CreateNotificationForm = ({ onSubmit, mode = "create", initialValue
 							name="username"
 							render={({ field }) => (
 								<FormItem>
-									<FormLabel>Username</FormLabel>
+									<FormLabel>Username (Optional)</FormLabel>
 									<FormControl>
 										<Input {...field} placeholder="user@example.com" />
 									</FormControl>
@@ -211,7 +211,7 @@ export const CreateNotificationForm = ({ onSubmit, mode = "create", initialValue
 							name="password"
 							render={({ field }) => (
 								<FormItem>
-									<FormLabel>Password</FormLabel>
+									<FormLabel>Password (Optional)</FormLabel>
 									<FormControl>
 										<Input {...field} type="password" placeholder="••••••••" />
 									</FormControl>
diff --git a/app/client/modules/notifications/routes/create-notification.tsx b/app/client/modules/notifications/routes/create-notification.tsx
index 7990d650..72268a6b 100644
--- a/app/client/modules/notifications/routes/create-notification.tsx
+++ b/app/client/modules/notifications/routes/create-notification.tsx
@@ -1,5 +1,5 @@
 import { useMutation } from "@tanstack/react-query";
-import { Bell } from "lucide-react";
+import { Bell, Plus } from "lucide-react";
 import { useId } from "react";
 import { useNavigate } from "react-router";
 import { toast } from "sonner";
@@ -68,6 +68,7 @@ export default function CreateNotification() {
 							Cancel
 						</Button>
 						<Button type="submit" form={formId} loading={createNotification.isPending}>
+							<Plus className="h-4 w-4 mr-2" />
 							Create Destination
 						</Button>
 					</div>
diff --git a/app/client/modules/notifications/routes/notification-details.tsx b/app/client/modules/notifications/routes/notification-details.tsx
index 082f475d..c6675360 100644
--- a/app/client/modules/notifications/routes/notification-details.tsx
+++ b/app/client/modules/notifications/routes/notification-details.tsx
@@ -24,7 +24,7 @@ import { getNotificationDestination } from "~/client/api-client/sdk.gen";
 import type { Route } from "./+types/notification-details";
 import { cn } from "~/client/lib/utils";
 import { Card, CardContent, CardHeader, CardTitle } from "~/client/components/ui/card";
-import { Bell, TestTube2 } from "lucide-react";
+import { Bell, Save, TestTube2, Trash2, X } from "lucide-react";
 import { Alert, AlertDescription } from "~/client/components/ui/alert";
 import { CreateNotificationForm, type NotificationFormValues } from "../components/create-notification-form";
 
@@ -147,6 +147,7 @@ export default function NotificationDetailsPage({ loaderData }: Route.ComponentP
 						variant="destructive"
 						loading={deleteDestination.isPending}
 					>
+						<Trash2 className="h-4 w-4 mr-2" />
 						Delete
 					</Button>
 				</div>
@@ -174,6 +175,7 @@ export default function NotificationDetailsPage({ loaderData }: Route.ComponentP
 					<CreateNotificationForm mode="update" formId={formId} onSubmit={handleSubmit} initialValues={data.config} />
 					<div className="flex justify-end gap-2 pt-4 border-t">
 						<Button type="submit" form={formId} loading={updateDestination.isPending}>
+							<Save className="h-4 w-4 mr-2" />
 							Save Changes
 						</Button>
 					</div>
@@ -190,8 +192,14 @@ export default function NotificationDetailsPage({ loaderData }: Route.ComponentP
 						</AlertDialogDescription>
 					</AlertDialogHeader>
 					<AlertDialogFooter>
-						<AlertDialogCancel>Cancel</AlertDialogCancel>
-						<AlertDialogAction onClick={handleConfirmDelete}>Delete</AlertDialogAction>
+						<AlertDialogCancel>
+							<X className="h-4 w-4 mr-2" />
+							Cancel
+						</AlertDialogCancel>
+						<AlertDialogAction onClick={handleConfirmDelete}>
+							<Trash2 className="h-4 w-4 mr-2" />
+							Delete
+						</AlertDialogAction>
 					</AlertDialogFooter>
 				</AlertDialogContent>
 			</AlertDialog>
diff --git a/app/client/modules/notifications/routes/notifications.tsx b/app/client/modules/notifications/routes/notifications.tsx
index 4c3d4f97..995ca0be 100644
--- a/app/client/modules/notifications/routes/notifications.tsx
+++ b/app/client/modules/notifications/routes/notifications.tsx
@@ -49,8 +49,6 @@ export default function Notifications({ loaderData }: Route.ComponentProps) {
 	const { data } = useQuery({
 		...listNotificationDestinationsOptions(),
 		initialData: loaderData,
-		refetchInterval: 10000,
-		refetchOnWindowFocus: true,
 	});
 
 	const filteredNotifications =
diff --git a/app/client/modules/repositories/components/create-repository-form.tsx b/app/client/modules/repositories/components/create-repository-form.tsx
new file mode 100644
index 00000000..dc99c6d4
--- /dev/null
+++ b/app/client/modules/repositories/components/create-repository-form.tsx
@@ -0,0 +1,275 @@
+import { arktypeResolver } from "@hookform/resolvers/arktype";
+import { type } from "arktype";
+import { useEffect, useState } from "react";
+import { useForm } from "react-hook-form";
+import { Save } from "lucide-react";
+import { cn, slugify } from "~/client/lib/utils";
+import { deepClean } from "~/utils/object";
+import { Button } from "../../../components/ui/button";
+import {
+	Form,
+	FormControl,
+	FormDescription,
+	FormField,
+	FormItem,
+	FormLabel,
+	FormMessage,
+} from "../../../components/ui/form";
+import { Input } from "../../../components/ui/input";
+import { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from "../../../components/ui/select";
+import { Tooltip, TooltipContent, TooltipTrigger } from "../../../components/ui/tooltip";
+import { useSystemInfo } from "~/client/hooks/use-system-info";
+import { COMPRESSION_MODES, repositoryConfigSchema } from "~/schemas/restic";
+import { Checkbox } from "../../../components/ui/checkbox";
+import {
+	LocalRepositoryForm,
+	S3RepositoryForm,
+	R2RepositoryForm,
+	GCSRepositoryForm,
+	AzureRepositoryForm,
+	RcloneRepositoryForm,
+	RestRepositoryForm,
+	SftpRepositoryForm,
+} from "./repository-forms";
+
+export const formSchema = type({
+	name: "2<=string<=32",
+	compressionMode: type.valueOf(COMPRESSION_MODES).optional(),
+}).and(repositoryConfigSchema);
+const cleanSchema = type.pipe((d) => formSchema(deepClean(d)));
+
+export type RepositoryFormValues = typeof formSchema.inferIn;
+
+type Props = {
+	onSubmit: (values: RepositoryFormValues) => void;
+	mode?: "create" | "update";
+	initialValues?: Partial<RepositoryFormValues>;
+	formId?: string;
+	loading?: boolean;
+	className?: string;
+};
+
+const defaultValuesForType = {
+	local: { backend: "local" as const, compressionMode: "auto" as const },
+	s3: { backend: "s3" as const, compressionMode: "auto" as const },
+	r2: { backend: "r2" as const, compressionMode: "auto" as const },
+	gcs: { backend: "gcs" as const, compressionMode: "auto" as const },
+	azure: { backend: "azure" as const, compressionMode: "auto" as const },
+	rclone: { backend: "rclone" as const, compressionMode: "auto" as const },
+	rest: { backend: "rest" as const, compressionMode: "auto" as const },
+	sftp: { backend: "sftp" as const, compressionMode: "auto" as const, port: 22 },
+};
+
+export const CreateRepositoryForm = ({
+	onSubmit,
+	mode = "create",
+	initialValues,
+	formId,
+	loading,
+	className,
+}: Props) => {
+	const form = useForm<RepositoryFormValues>({
+		resolver: arktypeResolver(cleanSchema as unknown as typeof formSchema),
+		defaultValues: initialValues,
+		resetOptions: {
+			keepDefaultValues: true,
+			keepDirtyValues: false,
+		},
+	});
+
+	const { watch, setValue } = form;
+
+	const watchedBackend = watch("backend");
+	const watchedIsExistingRepository = watch("isExistingRepository");
+
+	const [passwordMode, setPasswordMode] = useState<"default" | "custom">("default");
+
+	const { capabilities } = useSystemInfo();
+
+	useEffect(() => {
+		form.reset({
+			name: form.getValues().name,
+			isExistingRepository: form.getValues().isExistingRepository,
+			customPassword: form.getValues().customPassword,
+			...defaultValuesForType[watchedBackend as keyof typeof defaultValuesForType],
+		});
+	}, [watchedBackend, form]);
+
+	return (
+		<Form {...form}>
+			<form id={formId} onSubmit={form.handleSubmit(onSubmit)} className={cn("space-y-4", className)}>
+				<FormField
+					control={form.control}
+					name="name"
+					render={({ field }) => (
+						<FormItem>
+							<FormLabel>Name</FormLabel>
+							<FormControl>
+								<Input
+									{...field}
+									placeholder="Repository name"
+									onChange={(e) => field.onChange(slugify(e.target.value))}
+									maxLength={32}
+									minLength={2}
+								/>
+							</FormControl>
+							<FormDescription>Unique identifier for the repository.</FormDescription>
+							<FormMessage />
+						</FormItem>
+					)}
+				/>
+				<FormField
+					control={form.control}
+					name="backend"
+					render={({ field }) => (
+						<FormItem>
+							<FormLabel>Backend</FormLabel>
+							<Select onValueChange={field.onChange} defaultValue={field.value} value={field.value}>
+								<FormControl>
+									<SelectTrigger>
+										<SelectValue placeholder="Select a backend" />
+									</SelectTrigger>
+								</FormControl>
+								<SelectContent>
+									<SelectItem value="local">Local</SelectItem>
+									<SelectItem value="s3">S3</SelectItem>
+									<SelectItem value="r2">Cloudflare R2</SelectItem>
+									<SelectItem value="gcs">Google Cloud Storage</SelectItem>
+									<SelectItem value="azure">Azure Blob Storage</SelectItem>
+									<SelectItem value="rest">REST Server</SelectItem>
+									<SelectItem value="sftp">SFTP</SelectItem>
+									<Tooltip>
+										<TooltipTrigger>
+											<SelectItem disabled={!capabilities.rclone} value="rclone">
+												rclone (40+ cloud providers)
+											</SelectItem>
+										</TooltipTrigger>
+										<TooltipContent className={cn({ hidden: capabilities.rclone })}>
+											<p>Setup rclone to use this backend</p>
+										</TooltipContent>
+									</Tooltip>
+								</SelectContent>
+							</Select>
+							<FormDescription>Choose the storage backend for this repository.</FormDescription>
+							<FormMessage />
+						</FormItem>
+					)}
+				/>
+
+				<FormField
+					control={form.control}
+					name="compressionMode"
+					render={({ field }) => (
+						<FormItem>
+							<FormLabel>Compression Mode</FormLabel>
+							<Select onValueChange={field.onChange} defaultValue={field.value} value={field.value}>
+								<FormControl>
+									<SelectTrigger>
+										<SelectValue placeholder="Select compression mode" />
+									</SelectTrigger>
+								</FormControl>
+								<SelectContent>
+									<SelectItem value="off">Off</SelectItem>
+									<SelectItem value="auto">Auto (fast)</SelectItem>
+									<SelectItem value="max">Max (slower, better compression)</SelectItem>
+								</SelectContent>
+							</Select>
+							<FormDescription>Compression mode for backups stored in this repository.</FormDescription>
+							<FormMessage />
+						</FormItem>
+					)}
+				/>
+
+				<FormField
+					control={form.control}
+					name="isExistingRepository"
+					render={({ field }) => (
+						<FormItem className="flex flex-row items-center space-x-3">
+							<FormControl>
+								<Checkbox
+									checked={field.value}
+									onCheckedChange={(checked) => {
+										field.onChange(checked);
+										if (!checked) {
+											setPasswordMode("default");
+											setValue("customPassword", undefined);
+										}
+									}}
+								/>
+							</FormControl>
+							<div className="space-y-1">
+								<FormLabel>Import existing repository</FormLabel>
+								<FormDescription>Check this if the repository already exists at the specified location</FormDescription>
+							</div>
+						</FormItem>
+					)}
+				/>
+				{watchedIsExistingRepository && (
+					<>
+						<FormItem>
+							<FormLabel>Repository Password</FormLabel>
+							<Select
+								onValueChange={(value) => {
+									setPasswordMode(value as "default" | "custom");
+									if (value === "default") {
+										setValue("customPassword", undefined);
+									}
+								}}
+								defaultValue={passwordMode}
+								value={passwordMode}
+							>
+								<FormControl>
+									<SelectTrigger>
+										<SelectValue placeholder="Select password option" />
+									</SelectTrigger>
+								</FormControl>
+								<SelectContent>
+									<SelectItem value="default">Use Zerobyte's password</SelectItem>
+									<SelectItem value="custom">Enter password manually</SelectItem>
+								</SelectContent>
+							</Select>
+							<FormDescription>
+								Choose whether to use Zerobyte's master password or enter a custom password for the existing repository.
+							</FormDescription>
+						</FormItem>
+
+						{passwordMode === "custom" && (
+							<FormField
+								control={form.control}
+								name="customPassword"
+								render={({ field }) => (
+									<FormItem>
+										<FormLabel>Repository Password</FormLabel>
+										<FormControl>
+											<Input type="password" placeholder="Enter repository password" {...field} />
+										</FormControl>
+										<FormDescription>
+											The password used to encrypt this repository. It will be stored securely.
+										</FormDescription>
+										<FormMessage />
+									</FormItem>
+								)}
+							/>
+						)}
+					</>
+				)}
+
+				{watchedBackend === "local" && <LocalRepositoryForm form={form} />}
+				{watchedBackend === "s3" && <S3RepositoryForm form={form} />}
+				{watchedBackend === "r2" && <R2RepositoryForm form={form} />}
+				{watchedBackend === "gcs" && <GCSRepositoryForm form={form} />}
+				{watchedBackend === "azure" && <AzureRepositoryForm form={form} />}
+				{watchedBackend === "rclone" && <RcloneRepositoryForm form={form} />}
+				{watchedBackend === "rest" && <RestRepositoryForm form={form} />}
+				{watchedBackend === "sftp" && <SftpRepositoryForm form={form} />}
+
+				{mode === "update" && (
+					<Button type="submit" className="w-full" loading={loading}>
+						<Save className="h-4 w-4 mr-2" />
+						Save Changes
+					</Button>
+				)}
+			</form>
+		</Form>
+	);
+};
diff --git a/app/client/modules/repositories/components/repository-forms/azure-repository-form.tsx b/app/client/modules/repositories/components/repository-forms/azure-repository-form.tsx
new file mode 100644
index 00000000..de2442fe
--- /dev/null
+++ b/app/client/modules/repositories/components/repository-forms/azure-repository-form.tsx
@@ -0,0 +1,78 @@
+import type { UseFormReturn } from "react-hook-form";
+import {
+	FormControl,
+	FormDescription,
+	FormField,
+	FormItem,
+	FormLabel,
+	FormMessage,
+} from "../../../../components/ui/form";
+import { Input } from "../../../../components/ui/input";
+import type { RepositoryFormValues } from "../create-repository-form";
+
+type Props = {
+	form: UseFormReturn<RepositoryFormValues>;
+};
+
+export const AzureRepositoryForm = ({ form }: Props) => {
+	return (
+		<>
+			<FormField
+				control={form.control}
+				name="container"
+				render={({ field }) => (
+					<FormItem>
+						<FormLabel>Container</FormLabel>
+						<FormControl>
+							<Input placeholder="my-backup-container" {...field} />
+						</FormControl>
+						<FormDescription>Azure Blob Storage container name for storing backups.</FormDescription>
+						<FormMessage />
+					</FormItem>
+				)}
+			/>
+			<FormField
+				control={form.control}
+				name="accountName"
+				render={({ field }) => (
+					<FormItem>
+						<FormLabel>Account Name</FormLabel>
+						<FormControl>
+							<Input placeholder="mystorageaccount" {...field} />
+						</FormControl>
+						<FormDescription>Azure Storage account name.</FormDescription>
+						<FormMessage />
+					</FormItem>
+				)}
+			/>
+			<FormField
+				control={form.control}
+				name="accountKey"
+				render={({ field }) => (
+					<FormItem>
+						<FormLabel>Account Key</FormLabel>
+						<FormControl>
+							<Input type="password" placeholder="••••••••" {...field} />
+						</FormControl>
+						<FormDescription>Azure Storage account key for authentication.</FormDescription>
+						<FormMessage />
+					</FormItem>
+				)}
+			/>
+			<FormField
+				control={form.control}
+				name="endpointSuffix"
+				render={({ field }) => (
+					<FormItem>
+						<FormLabel>Endpoint Suffix (Optional)</FormLabel>
+						<FormControl>
+							<Input placeholder="core.windows.net" {...field} />
+						</FormControl>
+						<FormDescription>Custom Azure endpoint suffix (defaults to core.windows.net).</FormDescription>
+						<FormMessage />
+					</FormItem>
+				)}
+			/>
+		</>
+	);
+};
diff --git a/app/client/modules/repositories/components/repository-forms/gcs-repository-form.tsx b/app/client/modules/repositories/components/repository-forms/gcs-repository-form.tsx
new file mode 100644
index 00000000..42ee8de7
--- /dev/null
+++ b/app/client/modules/repositories/components/repository-forms/gcs-repository-form.tsx
@@ -0,0 +1,65 @@
+import type { UseFormReturn } from "react-hook-form";
+import {
+	FormControl,
+	FormDescription,
+	FormField,
+	FormItem,
+	FormLabel,
+	FormMessage,
+} from "../../../../components/ui/form";
+import { Input } from "../../../../components/ui/input";
+import { Textarea } from "../../../../components/ui/textarea";
+import type { RepositoryFormValues } from "../create-repository-form";
+
+type Props = {
+	form: UseFormReturn<RepositoryFormValues>;
+};
+
+export const GCSRepositoryForm = ({ form }: Props) => {
+	return (
+		<>
+			<FormField
+				control={form.control}
+				name="bucket"
+				render={({ field }) => (
+					<FormItem>
+						<FormLabel>Bucket</FormLabel>
+						<FormControl>
+							<Input placeholder="my-backup-bucket" {...field} />
+						</FormControl>
+						<FormDescription>GCS bucket name for storing backups.</FormDescription>
+						<FormMessage />
+					</FormItem>
+				)}
+			/>
+			<FormField
+				control={form.control}
+				name="projectId"
+				render={({ field }) => (
+					<FormItem>
+						<FormLabel>Project ID</FormLabel>
+						<FormControl>
+							<Input placeholder="my-gcp-project-123" {...field} />
+						</FormControl>
+						<FormDescription>Google Cloud project ID.</FormDescription>
+						<FormMessage />
+					</FormItem>
+				)}
+			/>
+			<FormField
+				control={form.control}
+				name="credentialsJson"
+				render={({ field }) => (
+					<FormItem>
+						<FormLabel>Service Account JSON</FormLabel>
+						<FormControl>
+							<Textarea placeholder="Paste service account JSON key..." {...field} />
+						</FormControl>
+						<FormDescription>Service account JSON credentials for authentication.</FormDescription>
+						<FormMessage />
+					</FormItem>
+				)}
+			/>
+		</>
+	);
+};
diff --git a/app/client/modules/repositories/components/repository-forms/index.ts b/app/client/modules/repositories/components/repository-forms/index.ts
new file mode 100644
index 00000000..740ec8fd
--- /dev/null
+++ b/app/client/modules/repositories/components/repository-forms/index.ts
@@ -0,0 +1,8 @@
+export { LocalRepositoryForm } from "./local-repository-form";
+export { S3RepositoryForm } from "./s3-repository-form";
+export { R2RepositoryForm } from "./r2-repository-form";
+export { GCSRepositoryForm } from "./gcs-repository-form";
+export { AzureRepositoryForm } from "./azure-repository-form";
+export { RcloneRepositoryForm } from "./rclone-repository-form";
+export { RestRepositoryForm } from "./rest-repository-form";
+export { SftpRepositoryForm } from "./sftp-repository-form";
diff --git a/app/client/modules/repositories/components/repository-forms/local-repository-form.tsx b/app/client/modules/repositories/components/repository-forms/local-repository-form.tsx
new file mode 100644
index 00000000..e0f5b4c1
--- /dev/null
+++ b/app/client/modules/repositories/components/repository-forms/local-repository-form.tsx
@@ -0,0 +1,103 @@
+import { useState } from "react";
+import type { UseFormReturn } from "react-hook-form";
+import { Check, Pencil, X, AlertTriangle } from "lucide-react";
+import { Button } from "../../../../components/ui/button";
+import { FormItem, FormLabel, FormDescription } from "../../../../components/ui/form";
+import { DirectoryBrowser } from "../../../../components/directory-browser";
+import {
+	AlertDialog,
+	AlertDialogAction,
+	AlertDialogCancel,
+	AlertDialogContent,
+	AlertDialogDescription,
+	AlertDialogFooter,
+	AlertDialogHeader,
+	AlertDialogTitle,
+} from "../../../../components/ui/alert-dialog";
+import type { RepositoryFormValues } from "../create-repository-form";
+
+type Props = {
+	form: UseFormReturn<RepositoryFormValues>;
+};
+
+export const LocalRepositoryForm = ({ form }: Props) => {
+	const [showPathBrowser, setShowPathBrowser] = useState(false);
+	const [showPathWarning, setShowPathWarning] = useState(false);
+
+	return (
+		<>
+			<FormItem>
+				<FormLabel>Repository Directory</FormLabel>
+				<div className="flex items-center gap-2">
+					<div className="flex-1 text-sm font-mono bg-muted px-3 py-2 rounded-md border">
+						{form.watch("path") || "/var/lib/zerobyte/repositories"}
+					</div>
+					<Button type="button" variant="outline" onClick={() => setShowPathWarning(true)} size="sm">
+						<Pencil className="h-4 w-4 mr-2" />
+						Change
+					</Button>
+				</div>
+				<FormDescription>The directory where the repository will be stored.</FormDescription>
+			</FormItem>
+
+			<AlertDialog open={showPathWarning} onOpenChange={setShowPathWarning}>
+				<AlertDialogContent>
+					<AlertDialogHeader>
+						<AlertDialogTitle className="flex items-center gap-2">
+							<AlertTriangle className="h-5 w-5 text-yellow-500" />
+							Important: Host mount required
+						</AlertDialogTitle>
+						<AlertDialogDescription className="space-y-3">
+							<p>When selecting a custom path, ensure it is mounted from the host machine into the container.</p>
+							<p className="font-medium">
+								If the path is not a host mount, you will lose your repository data when the container restarts.
+							</p>
+							<p className="text-sm text-muted-foreground">
+								The default path <code className="bg-muted px-1 rounded">/var/lib/zerobyte/repositories</code> is
+								already mounted from the host and is safe to use.
+							</p>
+						</AlertDialogDescription>
+					</AlertDialogHeader>
+					<AlertDialogFooter>
+						<AlertDialogCancel>Cancel</AlertDialogCancel>
+						<AlertDialogAction
+							onClick={() => {
+								setShowPathBrowser(true);
+								setShowPathWarning(false);
+							}}
+						>
+							I Understand, Continue
+						</AlertDialogAction>
+					</AlertDialogFooter>
+				</AlertDialogContent>
+			</AlertDialog>
+
+			<AlertDialog open={showPathBrowser} onOpenChange={setShowPathBrowser}>
+				<AlertDialogContent className="max-w-2xl">
+					<AlertDialogHeader>
+						<AlertDialogTitle>Select Repository Directory</AlertDialogTitle>
+						<AlertDialogDescription>
+							Choose a directory from the filesystem to store the repository.
+						</AlertDialogDescription>
+					</AlertDialogHeader>
+					<div className="py-4">
+						<DirectoryBrowser
+							onSelectPath={(path) => form.setValue("path", path)}
+							selectedPath={form.watch("path") || "/var/lib/zerobyte/repositories"}
+						/>
+					</div>
+					<AlertDialogFooter>
+						<AlertDialogCancel>
+							<X className="h-4 w-4 mr-2" />
+							Cancel
+						</AlertDialogCancel>
+						<AlertDialogAction onClick={() => setShowPathBrowser(false)}>
+							<Check className="h-4 w-4 mr-2" />
+							Done
+						</AlertDialogAction>
+					</AlertDialogFooter>
+				</AlertDialogContent>
+			</AlertDialog>
+		</>
+	);
+};
diff --git a/app/client/modules/repositories/components/repository-forms/r2-repository-form.tsx b/app/client/modules/repositories/components/repository-forms/r2-repository-form.tsx
new file mode 100644
index 00000000..b4cfa242
--- /dev/null
+++ b/app/client/modules/repositories/components/repository-forms/r2-repository-form.tsx
@@ -0,0 +1,80 @@
+import type { UseFormReturn } from "react-hook-form";
+import {
+	FormControl,
+	FormDescription,
+	FormField,
+	FormItem,
+	FormLabel,
+	FormMessage,
+} from "../../../../components/ui/form";
+import { Input } from "../../../../components/ui/input";
+import type { RepositoryFormValues } from "../create-repository-form";
+
+type Props = {
+	form: UseFormReturn<RepositoryFormValues>;
+};
+
+export const R2RepositoryForm = ({ form }: Props) => {
+	return (
+		<>
+			<FormField
+				control={form.control}
+				name="endpoint"
+				render={({ field }) => (
+					<FormItem>
+						<FormLabel>Endpoint</FormLabel>
+						<FormControl>
+							<Input placeholder="<account-id>.r2.cloudflarestorage.com" {...field} />
+						</FormControl>
+						<FormDescription>
+							R2 endpoint (without https://). Find in R2 dashboard under bucket settings.
+						</FormDescription>
+						<FormMessage />
+					</FormItem>
+				)}
+			/>
+			<FormField
+				control={form.control}
+				name="bucket"
+				render={({ field }) => (
+					<FormItem>
+						<FormLabel>Bucket</FormLabel>
+						<FormControl>
+							<Input placeholder="my-backup-bucket" {...field} />
+						</FormControl>
+						<FormDescription>R2 bucket name for storing backups.</FormDescription>
+						<FormMessage />
+					</FormItem>
+				)}
+			/>
+			<FormField
+				control={form.control}
+				name="accessKeyId"
+				render={({ field }) => (
+					<FormItem>
+						<FormLabel>Access Key ID</FormLabel>
+						<FormControl>
+							<Input placeholder="Access Key ID from R2 API tokens" {...field} />
+						</FormControl>
+						<FormDescription>R2 API token Access Key ID (create in Cloudflare R2 dashboard).</FormDescription>
+						<FormMessage />
+					</FormItem>
+				)}
+			/>
+			<FormField
+				control={form.control}
+				name="secretAccessKey"
+				render={({ field }) => (
+					<FormItem>
+						<FormLabel>Secret Access Key</FormLabel>
+						<FormControl>
+							<Input type="password" placeholder="••••••••" {...field} />
+						</FormControl>
+						<FormDescription>R2 API token Secret Access Key (shown once when creating token).</FormDescription>
+						<FormMessage />
+					</FormItem>
+				)}
+			/>
+		</>
+	);
+};
diff --git a/app/client/modules/repositories/components/repository-forms/rclone-repository-form.tsx b/app/client/modules/repositories/components/repository-forms/rclone-repository-form.tsx
new file mode 100644
index 00000000..5941191a
--- /dev/null
+++ b/app/client/modules/repositories/components/repository-forms/rclone-repository-form.tsx
@@ -0,0 +1,96 @@
+import type { UseFormReturn } from "react-hook-form";
+import { useQuery } from "@tanstack/react-query";
+import { ExternalLink } from "lucide-react";
+import {
+	FormControl,
+	FormDescription,
+	FormField,
+	FormItem,
+	FormLabel,
+	FormMessage,
+} from "../../../../components/ui/form";
+import { Input } from "../../../../components/ui/input";
+import { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from "../../../../components/ui/select";
+import { Alert, AlertDescription } from "../../../../components/ui/alert";
+import { listRcloneRemotesOptions } from "../../../../api-client/@tanstack/react-query.gen";
+import type { RepositoryFormValues } from "../create-repository-form";
+
+type Props = {
+	form: UseFormReturn<RepositoryFormValues>;
+};
+
+export const RcloneRepositoryForm = ({ form }: Props) => {
+	const { data: rcloneRemotes, isLoading: isLoadingRemotes } = useQuery(listRcloneRemotesOptions());
+
+	if (!isLoadingRemotes && (!rcloneRemotes || rcloneRemotes.length === 0)) {
+		return (
+			<Alert>
+				<AlertDescription className="space-y-2">
+					<p className="font-medium">No rclone remotes configured</p>
+					<p className="text-sm text-muted-foreground">
+						To use rclone, you need to configure remotes on your host system
+					</p>
+					<a
+						href="https://rclone.org/docs/"
+						target="_blank"
+						rel="noopener noreferrer"
+						className="text-sm text-strong-accent inline-flex items-center gap-1"
+					>
+						View rclone documentation
+						<ExternalLink className="w-3 h-3" />
+					</a>
+				</AlertDescription>
+			</Alert>
+		);
+	}
+
+	return (
+		<>
+			<FormField
+				control={form.control}
+				name="remote"
+				render={({ field }) => (
+					<FormItem>
+						<FormLabel>Remote</FormLabel>
+						<Select onValueChange={(v) => field.onChange(v)} defaultValue={field.value} value={field.value}>
+							<FormControl>
+								<SelectTrigger>
+									<SelectValue placeholder="Select an rclone remote" />
+								</SelectTrigger>
+							</FormControl>
+							<SelectContent>
+								{isLoadingRemotes ? (
+									<SelectItem value="loading" disabled>
+										Loading remotes...
+									</SelectItem>
+								) : (
+									rcloneRemotes?.map((remote: { name: string; type: string }) => (
+										<SelectItem key={remote.name} value={remote.name}>
+											{remote.name} ({remote.type})
+										</SelectItem>
+									))
+								)}
+							</SelectContent>
+						</Select>
+						<FormDescription>Select the rclone remote configured on your host system.</FormDescription>
+						<FormMessage />
+					</FormItem>
+				)}
+			/>
+			<FormField
+				control={form.control}
+				name="path"
+				render={({ field }) => (
+					<FormItem>
+						<FormLabel>Path</FormLabel>
+						<FormControl>
+							<Input placeholder="backups/zerobyte" {...field} />
+						</FormControl>
+						<FormDescription>Path within the remote where backups will be stored.</FormDescription>
+						<FormMessage />
+					</FormItem>
+				)}
+			/>
+		</>
+	);
+};
diff --git a/app/client/modules/repositories/components/repository-forms/rest-repository-form.tsx b/app/client/modules/repositories/components/repository-forms/rest-repository-form.tsx
new file mode 100644
index 00000000..5721c1db
--- /dev/null
+++ b/app/client/modules/repositories/components/repository-forms/rest-repository-form.tsx
@@ -0,0 +1,78 @@
+import type { UseFormReturn } from "react-hook-form";
+import {
+	FormControl,
+	FormDescription,
+	FormField,
+	FormItem,
+	FormLabel,
+	FormMessage,
+} from "../../../../components/ui/form";
+import { Input } from "../../../../components/ui/input";
+import type { RepositoryFormValues } from "../create-repository-form";
+
+type Props = {
+	form: UseFormReturn<RepositoryFormValues>;
+};
+
+export const RestRepositoryForm = ({ form }: Props) => {
+	return (
+		<>
+			<FormField
+				control={form.control}
+				name="url"
+				render={({ field }) => (
+					<FormItem>
+						<FormLabel>REST Server URL</FormLabel>
+						<FormControl>
+							<Input placeholder="http://192.168.1.30:8000" {...field} />
+						</FormControl>
+						<FormDescription>URL of the REST server.</FormDescription>
+						<FormMessage />
+					</FormItem>
+				)}
+			/>
+			<FormField
+				control={form.control}
+				name="path"
+				render={({ field }) => (
+					<FormItem>
+						<FormLabel>Repository Path (Optional)</FormLabel>
+						<FormControl>
+							<Input placeholder="my-backup-repo" {...field} />
+						</FormControl>
+						<FormDescription>Path to the repository on the REST server (leave empty for root).</FormDescription>
+						<FormMessage />
+					</FormItem>
+				)}
+			/>
+			<FormField
+				control={form.control}
+				name="username"
+				render={({ field }) => (
+					<FormItem>
+						<FormLabel>Username (Optional)</FormLabel>
+						<FormControl>
+							<Input placeholder="username" {...field} />
+						</FormControl>
+						<FormDescription>Username for REST server authentication.</FormDescription>
+						<FormMessage />
+					</FormItem>
+				)}
+			/>
+			<FormField
+				control={form.control}
+				name="password"
+				render={({ field }) => (
+					<FormItem>
+						<FormLabel>Password (Optional)</FormLabel>
+						<FormControl>
+							<Input type="password" placeholder="••••••••" {...field} />
+						</FormControl>
+						<FormDescription>Password for REST server authentication.</FormDescription>
+						<FormMessage />
+					</FormItem>
+				)}
+			/>
+		</>
+	);
+};
diff --git a/app/client/modules/repositories/components/repository-forms/s3-repository-form.tsx b/app/client/modules/repositories/components/repository-forms/s3-repository-form.tsx
new file mode 100644
index 00000000..16082434
--- /dev/null
+++ b/app/client/modules/repositories/components/repository-forms/s3-repository-form.tsx
@@ -0,0 +1,78 @@
+import type { UseFormReturn } from "react-hook-form";
+import {
+	FormControl,
+	FormDescription,
+	FormField,
+	FormItem,
+	FormLabel,
+	FormMessage,
+} from "../../../../components/ui/form";
+import { Input } from "../../../../components/ui/input";
+import type { RepositoryFormValues } from "../create-repository-form";
+
+type Props = {
+	form: UseFormReturn<RepositoryFormValues>;
+};
+
+export const S3RepositoryForm = ({ form }: Props) => {
+	return (
+		<>
+			<FormField
+				control={form.control}
+				name="endpoint"
+				render={({ field }) => (
+					<FormItem>
+						<FormLabel>Endpoint</FormLabel>
+						<FormControl>
+							<Input placeholder="s3.amazonaws.com" {...field} />
+						</FormControl>
+						<FormDescription>S3-compatible endpoint URL.</FormDescription>
+						<FormMessage />
+					</FormItem>
+				)}
+			/>
+			<FormField
+				control={form.control}
+				name="bucket"
+				render={({ field }) => (
+					<FormItem>
+						<FormLabel>Bucket</FormLabel>
+						<FormControl>
+							<Input placeholder="my-backup-bucket" {...field} />
+						</FormControl>
+						<FormDescription>S3 bucket name for storing backups.</FormDescription>
+						<FormMessage />
+					</FormItem>
+				)}
+			/>
+			<FormField
+				control={form.control}
+				name="accessKeyId"
+				render={({ field }) => (
+					<FormItem>
+						<FormLabel>Access Key ID</FormLabel>
+						<FormControl>
+							<Input placeholder="AKIAIOSFODNN7EXAMPLE" {...field} />
+						</FormControl>
+						<FormDescription>S3 access key ID for authentication.</FormDescription>
+						<FormMessage />
+					</FormItem>
+				)}
+			/>
+			<FormField
+				control={form.control}
+				name="secretAccessKey"
+				render={({ field }) => (
+					<FormItem>
+						<FormLabel>Secret Access Key</FormLabel>
+						<FormControl>
+							<Input type="password" placeholder="••••••••" {...field} />
+						</FormControl>
+						<FormDescription>S3 secret access key for authentication.</FormDescription>
+						<FormMessage />
+					</FormItem>
+				)}
+			/>
+		</>
+	);
+};
diff --git a/app/client/modules/repositories/components/repository-forms/sftp-repository-form.tsx b/app/client/modules/repositories/components/repository-forms/sftp-repository-form.tsx
new file mode 100644
index 00000000..321d3ba5
--- /dev/null
+++ b/app/client/modules/repositories/components/repository-forms/sftp-repository-form.tsx
@@ -0,0 +1,101 @@
+import type { UseFormReturn } from "react-hook-form";
+import {
+	FormControl,
+	FormDescription,
+	FormField,
+	FormItem,
+	FormLabel,
+	FormMessage,
+} from "../../../../components/ui/form";
+import { Input } from "../../../../components/ui/input";
+import { Textarea } from "../../../../components/ui/textarea";
+import type { RepositoryFormValues } from "../create-repository-form";
+
+type Props = {
+	form: UseFormReturn<RepositoryFormValues>;
+};
+
+export const SftpRepositoryForm = ({ form }: Props) => {
+	return (
+		<>
+			<FormField
+				control={form.control}
+				name="host"
+				render={({ field }) => (
+					<FormItem>
+						<FormLabel>Host</FormLabel>
+						<FormControl>
+							<Input placeholder="192.168.1.100" {...field} />
+						</FormControl>
+						<FormDescription>SFTP server hostname or IP address.</FormDescription>
+						<FormMessage />
+					</FormItem>
+				)}
+			/>
+			<FormField
+				control={form.control}
+				name="port"
+				render={({ field }) => (
+					<FormItem>
+						<FormLabel>Port</FormLabel>
+						<FormControl>
+							<Input
+								type="number"
+								placeholder="22"
+								{...field}
+								onChange={(e) => field.onChange(parseInt(e.target.value, 10))}
+							/>
+						</FormControl>
+						<FormDescription>SSH port (default: 22).</FormDescription>
+						<FormMessage />
+					</FormItem>
+				)}
+			/>
+			<FormField
+				control={form.control}
+				name="user"
+				render={({ field }) => (
+					<FormItem>
+						<FormLabel>User</FormLabel>
+						<FormControl>
+							<Input placeholder="backup-user" {...field} />
+						</FormControl>
+						<FormDescription>SSH username for authentication.</FormDescription>
+						<FormMessage />
+					</FormItem>
+				)}
+			/>
+			<FormField
+				control={form.control}
+				name="path"
+				render={({ field }) => (
+					<FormItem>
+						<FormLabel>Path</FormLabel>
+						<FormControl>
+							<Input placeholder="backups/ironmount" {...field} />
+						</FormControl>
+						<FormDescription>Repository path on the SFTP server. </FormDescription>
+						<FormMessage />
+					</FormItem>
+				)}
+			/>
+			<FormField
+				control={form.control}
+				name="privateKey"
+				render={({ field }) => (
+					<FormItem>
+						<FormLabel>SSH Private Key</FormLabel>
+						<FormControl>
+							<Textarea
+								{...field}
+								placeholder="-----BEGIN OPENSSH PRIVATE KEY-----&#10;...&#10;-----END OPENSSH PRIVATE KEY-----"
+							/>
+						</FormControl>
+						<FormDescription>Paste the contents of your SSH private key.</FormDescription>
+						<FormMessage />
+					</FormItem>
+				)}
+			/>
+		</>
+	);
+};
diff --git a/app/client/modules/repositories/routes/create-repository.tsx b/app/client/modules/repositories/routes/create-repository.tsx
index 288e4ead..ec70f112 100644
--- a/app/client/modules/repositories/routes/create-repository.tsx
+++ b/app/client/modules/repositories/routes/create-repository.tsx
@@ -1,10 +1,13 @@
 import { useMutation } from "@tanstack/react-query";
-import { Database } from "lucide-react";
+import { Database, Plus } from "lucide-react";
 import { useId } from "react";
 import { useNavigate } from "react-router";
 import { toast } from "sonner";
 import { createRepositoryMutation } from "~/client/api-client/@tanstack/react-query.gen";
-import { CreateRepositoryForm, type RepositoryFormValues } from "~/client/components/create-repository-form";
+import {
+	CreateRepositoryForm,
+	type RepositoryFormValues,
+} from "~/client/modules/repositories/components/create-repository-form";
 import { Button } from "~/client/components/ui/button";
 import { Card, CardContent, CardHeader, CardTitle } from "~/client/components/ui/card";
 import { parseError } from "~/client/lib/errors";
@@ -79,7 +82,8 @@ export default function CreateRepository() {
 							Cancel
 						</Button>
 						<Button type="submit" form={formId} loading={createRepository.isPending}>
-							Create Repository
+							<Plus className="h-4 w-4 mr-2" />
+							Create repository
 						</Button>
 					</div>
 				</CardContent>
diff --git a/app/client/modules/repositories/routes/repositories.tsx b/app/client/modules/repositories/routes/repositories.tsx
index 4e65bacd..89e05d24 100644
--- a/app/client/modules/repositories/routes/repositories.tsx
+++ b/app/client/modules/repositories/routes/repositories.tsx
@@ -50,8 +50,6 @@ export default function Repositories({ loaderData }: Route.ComponentProps) {
 	const { data } = useQuery({
 		...listRepositoriesOptions(),
 		initialData: loaderData,
-		refetchInterval: 10000,
-		refetchOnWindowFocus: true,
 	});
 
 	const filteredRepositories =
@@ -74,7 +72,7 @@ export default function Repositories({ loaderData }: Route.ComponentProps) {
 				button={
 					<Button onClick={() => navigate("/repositories/create")}>
 						<Plus size={16} className="mr-2" />
-						Create Repository
+						Create repository
 					</Button>
 				}
 			/>
diff --git a/app/client/modules/repositories/routes/repository-details.tsx b/app/client/modules/repositories/routes/repository-details.tsx
index 394b7d7b..be3e7c99 100644
--- a/app/client/modules/repositories/routes/repository-details.tsx
+++ b/app/client/modules/repositories/routes/repository-details.tsx
@@ -25,7 +25,7 @@ import { cn } from "~/client/lib/utils";
 import { Tabs, TabsContent, TabsList, TabsTrigger } from "~/client/components/ui/tabs";
 import { RepositoryInfoTabContent } from "../tabs/info";
 import { RepositorySnapshotsTabContent } from "../tabs/snapshots";
-import { Loader2 } from "lucide-react";
+import { Loader2, Stethoscope, Trash2, X } from "lucide-react";
 
 export const handle = {
 	breadcrumb: (match: Route.MetaArgs) => [
@@ -64,8 +64,6 @@ export default function RepositoryDetailsPage({ loaderData }: Route.ComponentPro
 	const { data } = useQuery({
 		...getRepositoryOptions({ path: { name: loaderData.name } }),
 		initialData: loaderData,
-		refetchInterval: 10000,
-		refetchOnWindowFocus: true,
 	});
 
 	useEffect(() => {
@@ -151,13 +149,17 @@ export default function RepositoryDetailsPage({ loaderData }: Route.ComponentPro
 						{doctorMutation.isPending ? (
 							<>
 								<Loader2 className="mr-2 h-4 w-4 animate-spin" />
-								Running Doctor...
+								Running doctor...
 							</>
 						) : (
-							"Run Doctor"
+							<>
+								<Stethoscope className="h-4 w-4 mr-2" />
+								Run doctor
+							</>
 						)}
 					</Button>
 					<Button variant="destructive" onClick={() => setShowDeleteConfirm(true)} disabled={deleteRepo.isPending}>
+						<Trash2 className="h-4 w-4 mr-2" />
 						Delete
 					</Button>
 				</div>
@@ -186,11 +188,15 @@ export default function RepositoryDetailsPage({ loaderData }: Route.ComponentPro
 						</AlertDialogDescription>
 					</AlertDialogHeader>
 					<div className="flex gap-3 justify-end">
-						<AlertDialogCancel>Cancel</AlertDialogCancel>
+						<AlertDialogCancel>
+							<X className="h-4 w-4 mr-2" />
+							Cancel
+						</AlertDialogCancel>
 						<AlertDialogAction
 							onClick={handleConfirmDelete}
 							className="bg-destructive text-destructive-foreground hover:bg-destructive/90"
 						>
+							<Trash2 className="h-4 w-4 mr-2" />
 							Delete repository
 						</AlertDialogAction>
 					</div>
@@ -200,7 +206,7 @@ export default function RepositoryDetailsPage({ loaderData }: Route.ComponentPro
 			<AlertDialog open={showDoctorResults} onOpenChange={setShowDoctorResults}>
 				<AlertDialogContent className="max-w-2xl">
 					<AlertDialogHeader>
-						<AlertDialogTitle>Doctor Results</AlertDialogTitle>
+						<AlertDialogTitle>Doctor results</AlertDialogTitle>
 						<AlertDialogDescription>Repository doctor operation completed</AlertDialogDescription>
 					</AlertDialogHeader>
 
diff --git a/app/client/modules/repositories/tabs/info.tsx b/app/client/modules/repositories/tabs/info.tsx
index 585a5a18..bd198ea8 100644
--- a/app/client/modules/repositories/tabs/info.tsx
+++ b/app/client/modules/repositories/tabs/info.tsx
@@ -2,6 +2,7 @@ import { useMutation } from "@tanstack/react-query";
 import { useState } from "react";
 import { toast } from "sonner";
 import { useNavigate } from "react-router";
+import { Check, Save } from "lucide-react";
 import { Card } from "~/client/components/ui/card";
 import { Button } from "~/client/components/ui/button";
 import { Input } from "~/client/components/ui/input";
@@ -146,6 +147,7 @@ export const RepositoryInfoTabContent = ({ repository }: Props) => {
 
 					<div className="flex justify-end pt-4 border-t">
 						<Button type="submit" disabled={!hasChanges || updateMutation.isPending} loading={updateMutation.isPending}>
+							<Save className="h-4 w-4 mr-2" />
 							Save Changes
 						</Button>
 					</div>
@@ -155,12 +157,15 @@ export const RepositoryInfoTabContent = ({ repository }: Props) => {
 			<AlertDialog open={showConfirmDialog} onOpenChange={setShowConfirmDialog}>
 				<AlertDialogContent>
 					<AlertDialogHeader>
-						<AlertDialogTitle>Update Repository</AlertDialogTitle>
+						<AlertDialogTitle>Update repository</AlertDialogTitle>
 						<AlertDialogDescription>Are you sure you want to update the repository settings?</AlertDialogDescription>
 					</AlertDialogHeader>
 					<AlertDialogFooter>
 						<AlertDialogCancel>Cancel</AlertDialogCancel>
-						<AlertDialogAction onClick={confirmUpdate}>Update</AlertDialogAction>
+						<AlertDialogAction onClick={confirmUpdate}>
+							<Check className="h-4 w-4" />
+							Update
+						</AlertDialogAction>
 					</AlertDialogFooter>
 				</AlertDialogContent>
 			</AlertDialog>
diff --git a/app/client/modules/repositories/tabs/snapshots.tsx b/app/client/modules/repositories/tabs/snapshots.tsx
index c8138f89..6632c853 100644
--- a/app/client/modules/repositories/tabs/snapshots.tsx
+++ b/app/client/modules/repositories/tabs/snapshots.tsx
@@ -1,7 +1,7 @@
 import { useQuery } from "@tanstack/react-query";
-import { Database } from "lucide-react";
+import { Database, X } from "lucide-react";
 import { useState } from "react";
-import { listSnapshotsOptions } from "~/client/api-client/@tanstack/react-query.gen";
+import { listBackupSchedulesOptions, listSnapshotsOptions } from "~/client/api-client/@tanstack/react-query.gen";
 import { SnapshotsTable } from "~/client/components/snapshots-table";
 import { Button } from "~/client/components/ui/button";
 import { Card, CardContent, CardDescription, CardHeader, CardTitle } from "~/client/components/ui/card";
@@ -18,11 +18,13 @@ export const RepositorySnapshotsTabContent = ({ repository }: Props) => {
 
 	const { data, isFetching, failureReason } = useQuery({
 		...listSnapshotsOptions({ path: { name: repository.name } }),
-		refetchInterval: 10000,
-		refetchOnWindowFocus: true,
 		initialData: [],
 	});
 
+	const schedules = useQuery({
+		...listBackupSchedulesOptions(),
+	});
+
 	const filteredSnapshots = data.filter((snapshot: Snapshot) => {
 		if (!searchQuery) return true;
 		const searchLower = searchQuery.toLowerCase();
@@ -126,6 +128,7 @@ export const RepositorySnapshotsTabContent = ({ repository }: Props) => {
 								<div className="flex flex-col items-center gap-3">
 									<p className="text-muted-foreground">No snapshots match your search.</p>
 									<Button onClick={() => setSearchQuery("")} variant="outline" size="sm">
+										<X className="h-4 w-4 mr-2" />
 										Clear search
 									</Button>
 								</div>
@@ -134,7 +137,7 @@ export const RepositorySnapshotsTabContent = ({ repository }: Props) => {
 					</TableBody>
 				</Table>
 			) : (
-				<SnapshotsTable snapshots={filteredSnapshots} repositoryName={repository.name} />
+				<SnapshotsTable snapshots={filteredSnapshots} repositoryName={repository.name} backups={schedules.data ?? []} />
 			)}
 			<div className="px-4 py-2 text-sm text-muted-foreground bg-card-header flex justify-between border-t">
 				<span>
diff --git a/app/client/modules/settings/routes/settings.tsx b/app/client/modules/settings/routes/settings.tsx
index cd107e24..2999b722 100644
--- a/app/client/modules/settings/routes/settings.tsx
+++ b/app/client/modules/settings/routes/settings.tsx
@@ -1,5 +1,5 @@
 import { useMutation } from "@tanstack/react-query";
-import { Download, KeyRound, User } from "lucide-react";
+import { Download, KeyRound, User, X } from "lucide-react";
 import { ExportDialog } from "~/client/components/export-dialog";
 import { useState } from "react";
 import { useNavigate } from "react-router";
@@ -196,6 +196,7 @@ export default function Settings({ loaderData }: Route.ComponentProps) {
 						/>
 					</div>
 					<Button type="submit" loading={changePassword.isPending} className="mt-4">
+						<KeyRound className="h-4 w-4 mr-2" />
 						Change Password
 					</Button>
 				</form>
@@ -253,9 +254,11 @@ export default function Settings({ loaderData }: Route.ComponentProps) {
 										setDownloadPassword("");
 									}}
 								>
+									<X className="h-4 w-4 mr-2" />
 									Cancel
 								</Button>
 								<Button type="submit" loading={downloadResticPassword.isPending}>
+									<Download className="h-4 w-4 mr-2" />
 									Download
 								</Button>
 							</DialogFooter>
diff --git a/app/client/modules/volumes/components/create-volume-form.tsx b/app/client/modules/volumes/components/create-volume-form.tsx
new file mode 100644
index 00000000..5fd9ca60
--- /dev/null
+++ b/app/client/modules/volumes/components/create-volume-form.tsx
@@ -0,0 +1,218 @@
+import { arktypeResolver } from "@hookform/resolvers/arktype";
+import { useMutation } from "@tanstack/react-query";
+import { type } from "arktype";
+import { CheckCircle, Loader2, Plug, Save, XCircle } from "lucide-react";
+import { useEffect, useState } from "react";
+import { useForm } from "react-hook-form";
+import { cn, slugify } from "~/client/lib/utils";
+import { deepClean } from "~/utils/object";
+import { Button } from "../../../components/ui/button";
+import {
+	Form,
+	FormControl,
+	FormDescription,
+	FormField,
+	FormItem,
+	FormLabel,
+	FormMessage,
+} from "../../../components/ui/form";
+import { Input } from "../../../components/ui/input";
+import { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from "../../../components/ui/select";
+import { volumeConfigSchema } from "~/schemas/volumes";
+import { testConnectionMutation } from "../../../api-client/@tanstack/react-query.gen";
+import { Tooltip, TooltipContent, TooltipTrigger } from "../../../components/ui/tooltip";
+import { useSystemInfo } from "~/client/hooks/use-system-info";
+import { DirectoryForm, NFSForm, SMBForm, WebDAVForm, RcloneForm } from "./volume-forms";
+
+export const formSchema = type({
+	name: "2<=string<=32",
+}).and(volumeConfigSchema);
+const cleanSchema = type.pipe((d) => formSchema(deepClean(d)));
+
+export type FormValues = typeof formSchema.inferIn;
+
+type Props = {
+	onSubmit: (values: FormValues) => void;
+	mode?: "create" | "update";
+	initialValues?: Partial<FormValues>;
+	formId?: string;
+	loading?: boolean;
+	className?: string;
+};
+
+const defaultValuesForType = {
+	directory: { backend: "directory" as const, path: "/" },
+	nfs: { backend: "nfs" as const, port: 2049, version: "4.1" as const },
+	smb: { backend: "smb" as const, port: 445, vers: "3.0" as const },
+	webdav: { backend: "webdav" as const, port: 80, ssl: false },
+	rclone: { backend: "rclone" as const, remote: "", path: "" },
+};
+
+export const CreateVolumeForm = ({ onSubmit, mode = "create", initialValues, formId, loading, className }: Props) => {
+	const form = useForm<FormValues>({
+		resolver: arktypeResolver(cleanSchema as unknown as typeof formSchema),
+		defaultValues: initialValues || {
+			name: "",
+			backend: "directory",
+		},
+		resetOptions: {
+			keepDefaultValues: true,
+			keepDirtyValues: false,
+		},
+	});
+
+	const { watch, getValues } = form;
+
+	const { capabilities } = useSystemInfo();
+
+	const watchedBackend = watch("backend");
+
+	useEffect(() => {
+		if (mode === "create") {
+			form.reset({
+				name: form.getValues().name,
+				...defaultValuesForType[watchedBackend as keyof typeof defaultValuesForType],
+			});
+		}
+	}, [watchedBackend, form, mode]);
+
+	const [testMessage, setTestMessage] = useState<{ success: boolean; message: string } | null>(null);
+
+	const testBackendConnection = useMutation({
+		...testConnectionMutation(),
+		onMutate: () => {
+			setTestMessage(null);
+		},
+		onError: (error) => {
+			setTestMessage({
+				success: false,
+				message: error?.message || "Failed to test connection. Please try again.",
+			});
+		},
+		onSuccess: (data) => {
+			setTestMessage(data);
+		},
+	});
+
+	const handleTestConnection = async () => {
+		const formValues = getValues();
+
+		if (formValues.backend === "nfs" || formValues.backend === "smb" || formValues.backend === "webdav") {
+			testBackendConnection.mutate({
+				body: { config: formValues },
+			});
+		}
+	};
+
+	return (
+		<Form {...form}>
+			<form id={formId} onSubmit={form.handleSubmit(onSubmit)} className={cn("space-y-4", className)}>
+				<FormField
+					control={form.control}
+					name="name"
+					render={({ field }) => (
+						<FormItem>
+							<FormLabel>Name</FormLabel>
+							<FormControl>
+								<Input
+									{...field}
+									placeholder="Volume name"
+									onChange={(e) => field.onChange(slugify(e.target.value))}
+									maxLength={32}
+									minLength={2}
+								/>
+							</FormControl>
+							<FormDescription>Unique identifier for the volume.</FormDescription>
+							<FormMessage />
+						</FormItem>
+					)}
+				/>
+				<FormField
+					control={form.control}
+					name="backend"
+					defaultValue="directory"
+					render={({ field }) => (
+						<FormItem>
+							<FormLabel>Backend</FormLabel>
+							<Select onValueChange={field.onChange} value={field.value}>
+								<FormControl>
+									<SelectTrigger>
+										<SelectValue placeholder="Select a backend" />
+									</SelectTrigger>
+								</FormControl>
+								<SelectContent>
+									<SelectItem value="directory">Directory</SelectItem>
+									<SelectItem value="nfs">NFS</SelectItem>
+									<SelectItem value="smb">SMB</SelectItem>
+									<SelectItem value="webdav">WebDAV</SelectItem>
+									<Tooltip>
+										<TooltipTrigger>
+											<SelectItem disabled={!capabilities.rclone} value="rclone">
+												rclone (40+ cloud providers)
+											</SelectItem>
+										</TooltipTrigger>
+										<TooltipContent className={cn({ hidden: capabilities.rclone })}>
+											<p>Setup rclone to use this backend</p>
+										</TooltipContent>
+									</Tooltip>
+								</SelectContent>
+							</Select>
+							<FormDescription>Choose the storage backend for this volume.</FormDescription>
+							<FormMessage />
+						</FormItem>
+					)}
+				/>
+				{watchedBackend === "directory" && <DirectoryForm form={form} />}
+				{watchedBackend === "nfs" && <NFSForm form={form} />}
+				{watchedBackend === "webdav" && <WebDAVForm form={form} />}
+				{watchedBackend === "smb" && <SMBForm form={form} />}
+				{watchedBackend === "rclone" && <RcloneForm form={form} />}
+				{watchedBackend && watchedBackend !== "directory" && watchedBackend !== "rclone" && (
+					<div className="space-y-3">
+						<div className="flex items-center gap-2">
+							<Button
+								type="button"
+								variant="outline"
+								onClick={handleTestConnection}
+								disabled={testBackendConnection.isPending}
+								className="flex-1"
+							>
+								{testBackendConnection.isPending && <Loader2 className="mr-2 h-4 w-4 animate-spin" />}
+								{!testBackendConnection.isPending && testMessage?.success && (
+									<CheckCircle className="mr-2 h-4 w-4 text-green-500" />
+								)}
+								{!testBackendConnection.isPending && testMessage && !testMessage.success && (
+									<XCircle className="mr-2 h-4 w-4 text-red-500" />
+								)}
+								{!testBackendConnection.isPending && !testMessage && <Plug className="mr-2 h-4 w-4" />}
+								{testBackendConnection.isPending
+									? "Testing..."
+									: testMessage
+										? testMessage.success
+											? "Connection Successful"
+											: "Test Failed"
+										: "Test Connection"}
+							</Button>
+						</div>
+						{testMessage && (
+							<div
+								className={cn("text-xs p-2 rounded-md text-wrap wrap-anywhere", {
+									"bg-green-50 text-green-700 border border-green-200": testMessage.success,
+									"bg-red-50 text-red-700 border border-red-200": !testMessage.success,
+								})}
+							>
+								{testMessage.message}
+							</div>
+						)}
+					</div>
+				)}
+				{mode === "update" && (
+					<Button type="submit" className="w-full" loading={loading}>
+						<Save className="h-4 w-4 mr-2" />
+						Save changes
+					</Button>
+				)}
+			</form>
+		</Form>
+	);
+};
diff --git a/app/client/modules/volumes/components/healthchecks-card.tsx b/app/client/modules/volumes/components/healthchecks-card.tsx
index 49c2e195..198efc46 100644
--- a/app/client/modules/volumes/components/healthchecks-card.tsx
+++ b/app/client/modules/volumes/components/healthchecks-card.tsx
@@ -1,6 +1,6 @@
 import { useMutation } from "@tanstack/react-query";
 import { formatDistanceToNow } from "date-fns";
-import { HeartIcon } from "lucide-react";
+import { Activity, HeartIcon } from "lucide-react";
 import { toast } from "sonner";
 import { healthCheckVolumeMutation, updateVolumeMutation } from "~/client/api-client/@tanstack/react-query.gen";
 import { OnOff } from "~/client/components/onoff";
@@ -80,6 +80,7 @@ export const HealthchecksCard = ({ volume }: Props) => {
 							loading={healthcheck.isPending}
 							onClick={() => healthcheck.mutate({ path: { name: volume.name } })}
 						>
+							<Activity className="h-4 w-4 mr-2" />
 							Run Health Check
 						</Button>
 					</div>
diff --git a/app/client/modules/volumes/components/volume-forms/directory-form.tsx b/app/client/modules/volumes/components/volume-forms/directory-form.tsx
new file mode 100644
index 00000000..4209c5f7
--- /dev/null
+++ b/app/client/modules/volumes/components/volume-forms/directory-form.tsx
@@ -0,0 +1,51 @@
+import { Pencil } from "lucide-react";
+import type { UseFormReturn } from "react-hook-form";
+import type { FormValues } from "../create-volume-form";
+import { DirectoryBrowser } from "../../../../components/directory-browser";
+import { Button } from "../../../../components/ui/button";
+import {
+	FormControl,
+	FormDescription,
+	FormField,
+	FormItem,
+	FormLabel,
+	FormMessage,
+} from "../../../../components/ui/form";
+
+type Props = {
+	form: UseFormReturn<FormValues>;
+};
+
+export const DirectoryForm = ({ form }: Props) => {
+	return (
+		<FormField
+			control={form.control}
+			name="path"
+			render={({ field }) => {
+				return (
+					<FormItem>
+						<FormLabel>Directory Path</FormLabel>
+						<FormControl>
+							{field.value ? (
+								<div className="flex items-center gap-2">
+									<div className="flex-1 border rounded-md p-3 bg-muted/50">
+										<div className="text-xs font-medium text-muted-foreground mb-1">Selected path:</div>
+										<div className="text-sm font-mono break-all">{field.value}</div>
+									</div>
+									<Button type="button" variant="outline" size="sm" onClick={() => field.onChange("")}>
+										<Pencil className="h-4 w-4 mr-2" />
+										Change
+									</Button>
+								</div>
+							) : (
+								<DirectoryBrowser onSelectPath={(path) => field.onChange(path)} selectedPath={field.value} />
+							)}
+						</FormControl>
+						<FormDescription>Browse and select a directory on the host filesystem to track.</FormDescription>
+						<FormMessage />
+					</FormItem>
+				);
+			}}
+		/>
+	);
+};
diff --git a/app/client/modules/volumes/components/volume-forms/index.ts b/app/client/modules/volumes/components/volume-forms/index.ts
new file mode 100644
index 00000000..cdb2f2a3
--- /dev/null
+++ b/app/client/modules/volumes/components/volume-forms/index.ts
@@ -0,0 +1,5 @@
+export { DirectoryForm } from "./directory-form";
+export { NFSForm } from "./nfs-form";
+export { SMBForm } from "./smb-form";
+export { WebDAVForm } from "./webdav-form";
+export { RcloneForm } from "./rclone-form";
diff --git a/app/client/modules/volumes/components/volume-forms/nfs-form.tsx b/app/client/modules/volumes/components/volume-forms/nfs-form.tsx
new file mode 100644
index 00000000..e4ebb0a5
--- /dev/null
+++ b/app/client/modules/volumes/components/volume-forms/nfs-form.tsx
@@ -0,0 +1,120 @@
+import type { UseFormReturn } from "react-hook-form";
+import type { FormValues } from "../create-volume-form";
+import {
+	FormControl,
+	FormDescription,
+	FormField,
+	FormItem,
+	FormLabel,
+	FormMessage,
+} from "../../../../components/ui/form";
+import { Input } from "../../../../components/ui/input";
+import { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from "../../../../components/ui/select";
+
+type Props = {
+	form: UseFormReturn<FormValues>;
+};
+
+export const NFSForm = ({ form }: Props) => {
+	return (
+		<>
+			<FormField
+				control={form.control}
+				name="server"
+				render={({ field }) => (
+					<FormItem>
+						<FormLabel>Server</FormLabel>
+						<FormControl>
+							<Input placeholder="192.168.1.100" {...field} />
+						</FormControl>
+						<FormDescription>NFS server IP address or hostname.</FormDescription>
+						<FormMessage />
+					</FormItem>
+				)}
+			/>
+			<FormField
+				control={form.control}
+				name="exportPath"
+				render={({ field }) => (
+					<FormItem>
+						<FormLabel>Export Path</FormLabel>
+						<FormControl>
+							<Input placeholder="/export/data" {...field} />
+						</FormControl>
+						<FormDescription>Path to the NFS export on the server.</FormDescription>
+						<FormMessage />
+					</FormItem>
+				)}
+			/>
+			<FormField
+				control={form.control}
+				name="port"
+				defaultValue={2049}
+				render={({ field }) => (
+					<FormItem>
+						<FormLabel>Port</FormLabel>
+						<FormControl>
+							<Input
+								type="number"
+								placeholder="2049"
+								{...field}
+								onChange={(e) => field.onChange(parseInt(e.target.value, 10) || undefined)}
+							/>
+						</FormControl>
+						<FormDescription>NFS server port (default: 2049).</FormDescription>
+						<FormMessage />
+					</FormItem>
+				)}
+			/>
+			<FormField
+				control={form.control}
+				name="version"
+				defaultValue="4.1"
+				render={({ field }) => (
+					<FormItem>
+						<FormLabel>Version</FormLabel>
+						<Select onValueChange={field.onChange} defaultValue="4.1">
+							<FormControl>
+								<SelectTrigger>
+									<SelectValue placeholder="Select NFS version" />
+								</SelectTrigger>
+							</FormControl>
+							<SelectContent>
+								<SelectItem value="3">NFS v3</SelectItem>
+								<SelectItem value="4">NFS v4</SelectItem>
+								<SelectItem value="4.1">NFS v4.1</SelectItem>
+							</SelectContent>
+						</Select>
+						<FormDescription>NFS protocol version to use.</FormDescription>
+						<FormMessage />
+					</FormItem>
+				)}
+			/>
+			<FormField
+				control={form.control}
+				name="readOnly"
+				defaultValue={false}
+				render={({ field }) => (
+					<FormItem>
+						<FormLabel>Read-only Mode</FormLabel>
+						<FormControl>
+							<div className="flex items-center space-x-2">
+								<input
+									type="checkbox"
+									checked={field.value ?? false}
+									onChange={(e) => field.onChange(e.target.checked)}
+									className="rounded border-gray-300"
+								/>
+								<span className="text-sm">Mount volume as read-only</span>
+							</div>
+						</FormControl>
+						<FormDescription>
+							Prevent any modifications to the volume. Recommended for backup sources and sensitive data.
+						</FormDescription>
+						<FormMessage />
+					</FormItem>
+				)}
+			/>
+		</>
+	);
+};
diff --git a/app/client/modules/volumes/components/volume-forms/rclone-form.tsx b/app/client/modules/volumes/components/volume-forms/rclone-form.tsx
new file mode 100644
index 00000000..79ef10a8
--- /dev/null
+++ b/app/client/modules/volumes/components/volume-forms/rclone-form.tsx
@@ -0,0 +1,127 @@
+import { ExternalLink } from "lucide-react";
+import type { UseFormReturn } from "react-hook-form";
+import type { FormValues } from "../create-volume-form";
+import {
+	FormControl,
+	FormDescription,
+	FormField,
+	FormItem,
+	FormLabel,
+	FormMessage,
+} from "../../../../components/ui/form";
+import { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from "../../../../components/ui/select";
+import { Alert, AlertDescription } from "../../../../components/ui/alert";
+import { Input } from "../../../../components/ui/input";
+import { listRcloneRemotesOptions } from "~/client/api-client/@tanstack/react-query.gen";
+import { useSystemInfo } from "~/client/hooks/use-system-info";
+import { useQuery } from "@tanstack/react-query";
+
+type Props = {
+	form: UseFormReturn<FormValues>;
+};
+
+export const RcloneForm = ({ form }: Props) => {
+	const { capabilities } = useSystemInfo();
+
+	const { data: rcloneRemotes, isLoading: isLoadingRemotes } = useQuery({
+		...listRcloneRemotesOptions(),
+		enabled: capabilities.rclone,
+	});
+
+	if (!isLoadingRemotes && (!rcloneRemotes || rcloneRemotes.length === 0)) {
+		return (
+			<Alert>
+				<AlertDescription className="space-y-2">
+					<p className="font-medium">No rclone remotes configured</p>
+					<p className="text-sm text-muted-foreground">
+						To use rclone, you need to configure remotes on your host system
+					</p>
+					<a
+						href="https://rclone.org/docs/"
+						target="_blank"
+						rel="noopener noreferrer"
+						className="text-sm text-strong-accent inline-flex items-center gap-1"
+					>
+						View rclone documentation
+						<ExternalLink className="w-3 h-3" />
+					</a>
+				</AlertDescription>
+			</Alert>
+		);
+	}
+
+	return (
+		<>
+			<FormField
+				control={form.control}
+				name="remote"
+				render={({ field }) => (
+					<FormItem>
+						<FormLabel>Remote</FormLabel>
+						<Select onValueChange={(v) => field.onChange(v)}>
+							<FormControl>
+								<SelectTrigger>
+									<SelectValue placeholder="Select an rclone remote" />
+								</SelectTrigger>
+							</FormControl>
+							<SelectContent>
+								{isLoadingRemotes ? (
+									<SelectItem value="loading" disabled>
+										Loading remotes...
+									</SelectItem>
+								) : (
+									rcloneRemotes?.map((remote) => (
+										<SelectItem key={remote.name} value={remote.name}>
+											{remote.name} ({remote.type})
+										</SelectItem>
+									))
+								)}
+							</SelectContent>
+						</Select>
+						<FormDescription>Select the rclone remote configured on your host system.</FormDescription>
+						<FormMessage />
+					</FormItem>
+				)}
+			/>
+			<FormField
+				control={form.control}
+				name="path"
+				render={({ field }) => (
+					<FormItem>
+						<FormLabel>Path</FormLabel>
+						<FormControl>
+							<Input placeholder="/" {...field} />
+						</FormControl>
+						<FormDescription>Path on the remote to mount. Use "/" for the root.</FormDescription>
+						<FormMessage />
+					</FormItem>
+				)}
+			/>
+			<FormField
+				control={form.control}
+				name="readOnly"
+				defaultValue={false}
+				render={({ field }) => (
+					<FormItem>
+						<FormLabel>Read-only Mode</FormLabel>
+						<FormControl>
+							<div className="flex items-center space-x-2">
+								<input
+									type="checkbox"
+									checked={field.value ?? false}
+									onChange={(e) => field.onChange(e.target.checked)}
+									className="rounded border-gray-300"
+								/>
+								<span className="text-sm">Mount volume as read-only</span>
+							</div>
+						</FormControl>
+						<FormDescription>
+							Prevent any modifications to the volume. Recommended for backup sources and sensitive data.
+						</FormDescription>
+						<FormMessage />
+					</FormItem>
+				)}
+			/>
+		</>
+	);
+};
diff --git a/app/client/modules/volumes/components/volume-forms/smb-form.tsx b/app/client/modules/volumes/components/volume-forms/smb-form.tsx
new file mode 100644
index 00000000..7f995c46
--- /dev/null
+++ b/app/client/modules/volumes/components/volume-forms/smb-form.tsx
@@ -0,0 +1,163 @@
+import type { UseFormReturn } from "react-hook-form";
+import type { FormValues } from "../create-volume-form";
+import {
+	FormControl,
+	FormDescription,
+	FormField,
+	FormItem,
+	FormLabel,
+	FormMessage,
+} from "../../../../components/ui/form";
+import { Input } from "../../../../components/ui/input";
+import { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from "../../../../components/ui/select";
+
+type Props = {
+	form: UseFormReturn<FormValues>;
+};
+
+export const SMBForm = ({ form }: Props) => {
+	return (
+		<>
+			<FormField
+				control={form.control}
+				name="server"
+				render={({ field }) => (
+					<FormItem>
+						<FormLabel>Server</FormLabel>
+						<FormControl>
+							<Input placeholder="192.168.1.100" value={field.value} onChange={field.onChange} />
+						</FormControl>
+						<FormDescription>SMB server IP address or hostname.</FormDescription>
+						<FormMessage />
+					</FormItem>
+				)}
+			/>
+			<FormField
+				control={form.control}
+				name="share"
+				render={({ field }) => (
+					<FormItem>
+						<FormLabel>Share</FormLabel>
+						<FormControl>
+							<Input placeholder="myshare" value={field.value} onChange={field.onChange} />
+						</FormControl>
+						<FormDescription>SMB share name on the server.</FormDescription>
+						<FormMessage />
+					</FormItem>
+				)}
+			/>
+			<FormField
+				control={form.control}
+				name="username"
+				render={({ field }) => (
+					<FormItem>
+						<FormLabel>Username</FormLabel>
+						<FormControl>
+							<Input placeholder="admin" value={field.value} onChange={field.onChange} />
+						</FormControl>
+						<FormDescription>Username for SMB authentication.</FormDescription>
+						<FormMessage />
+					</FormItem>
+				)}
+			/>
+			<FormField
+				control={form.control}
+				name="password"
+				render={({ field }) => (
+					<FormItem>
+						<FormLabel>Password</FormLabel>
+						<FormControl>
+							<Input type="password" placeholder="••••••••" value={field.value} onChange={field.onChange} />
+						</FormControl>
+						<FormDescription>Password for SMB authentication.</FormDescription>
+						<FormMessage />
+					</FormItem>
+				)}
+			/>
+			<FormField
+				control={form.control}
+				name="vers"
+				defaultValue="3.0"
+				render={({ field }) => (
+					<FormItem>
+						<FormLabel>SMB Version</FormLabel>
+						<Select onValueChange={field.onChange} value={field.value}>
+							<FormControl>
+								<SelectTrigger>
+									<SelectValue placeholder="Select SMB version" />
+								</SelectTrigger>
+							</FormControl>
+							<SelectContent>
+								<SelectItem value="1.0">SMB v1.0</SelectItem>
+								<SelectItem value="2.0">SMB v2.0</SelectItem>
+								<SelectItem value="2.1">SMB v2.1</SelectItem>
+								<SelectItem value="3.0">SMB v3.0</SelectItem>
+							</SelectContent>
+						</Select>
+						<FormDescription>SMB protocol version to use (default: 3.0).</FormDescription>
+						<FormMessage />
+					</FormItem>
+				)}
+			/>
+			<FormField
+				control={form.control}
+				name="domain"
+				render={({ field }) => (
+					<FormItem>
+						<FormLabel>Domain (Optional)</FormLabel>
+						<FormControl>
+							<Input placeholder="WORKGROUP" value={field.value} onChange={field.onChange} />
+						</FormControl>
+						<FormDescription>Domain or workgroup for authentication (optional).</FormDescription>
+						<FormMessage />
+					</FormItem>
+				)}
+			/>
+			<FormField
+				control={form.control}
+				name="port"
+				defaultValue={445}
+				render={({ field }) => (
+					<FormItem>
+						<FormLabel>Port</FormLabel>
+						<FormControl>
+							<Input
+								type="number"
+								placeholder="445"
+								value={field.value}
+								onChange={(e) => field.onChange(parseInt(e.target.value, 10) || undefined)}
+							/>
+						</FormControl>
+						<FormDescription>SMB server port (default: 445).</FormDescription>
+						<FormMessage />
+					</FormItem>
+				)}
+			/>
+			<FormField
+				control={form.control}
+				name="readOnly"
+				defaultValue={false}
+				render={({ field }) => (
+					<FormItem>
+						<FormLabel>Read-only Mode</FormLabel>
+						<FormControl>
+							<div className="flex items-center space-x-2">
+								<input
+									type="checkbox"
+									checked={field.value ?? false}
+									onChange={(e) => field.onChange(e.target.checked)}
+									className="rounded border-gray-300"
+								/>
+								<span className="text-sm">Mount volume as read-only</span>
+							</div>
+						</FormControl>
+						<FormDescription>
+							Prevent any modifications to the volume. Recommended for backup sources and sensitive data.
+						</FormDescription>
+						<FormMessage />
+					</FormItem>
+				)}
+			/>
+		</>
+	);
+};
diff --git a/app/client/modules/volumes/components/volume-forms/webdav-form.tsx b/app/client/modules/volumes/components/volume-forms/webdav-form.tsx
new file mode 100644
index 00000000..1a399ed7
--- /dev/null
+++ b/app/client/modules/volumes/components/volume-forms/webdav-form.tsx
@@ -0,0 +1,146 @@
+import type { UseFormReturn } from "react-hook-form";
+import type { FormValues } from "../create-volume-form";
+import {
+	FormControl,
+	FormDescription,
+	FormField,
+	FormItem,
+	FormLabel,
+	FormMessage,
+} from "../../../../components/ui/form";
+import { Input } from "../../../../components/ui/input";
+
+type Props = {
+	form: UseFormReturn<FormValues>;
+};
+
+export const WebDAVForm = ({ form }: Props) => {
+	return (
+		<>
+			<FormField
+				control={form.control}
+				name="server"
+				render={({ field }) => (
+					<FormItem>
+						<FormLabel>Server</FormLabel>
+						<FormControl>
+							<Input placeholder="example.com" {...field} />
+						</FormControl>
+						<FormDescription>WebDAV server hostname or IP address.</FormDescription>
+						<FormMessage />
+					</FormItem>
+				)}
+			/>
+			<FormField
+				control={form.control}
+				name="path"
+				render={({ field }) => (
+					<FormItem>
+						<FormLabel>Path</FormLabel>
+						<FormControl>
+							<Input placeholder="/webdav" {...field} />
+						</FormControl>
+						<FormDescription>Path to the WebDAV directory on the server.</FormDescription>
+						<FormMessage />
+					</FormItem>
+				)}
+			/>
+			<FormField
+				control={form.control}
+				name="username"
+				render={({ field }) => (
+					<FormItem>
+						<FormLabel>Username (Optional)</FormLabel>
+						<FormControl>
+							<Input placeholder="admin" {...field} />
+						</FormControl>
+						<FormDescription>Username for WebDAV authentication (optional).</FormDescription>
+						<FormMessage />
+					</FormItem>
+				)}
+			/>
+			<FormField
+				control={form.control}
+				name="password"
+				render={({ field }) => (
+					<FormItem>
+						<FormLabel>Password (Optional)</FormLabel>
+						<FormControl>
+							<Input type="password" placeholder="••••••••" {...field} />
+						</FormControl>
+						<FormDescription>Password for WebDAV authentication (optional).</FormDescription>
+						<FormMessage />
+					</FormItem>
+				)}
+			/>
+			<FormField
+				control={form.control}
+				name="port"
+				defaultValue={80}
+				render={({ field }) => (
+					<FormItem>
+						<FormLabel>Port</FormLabel>
+						<FormControl>
+							<Input
+								type="number"
+								placeholder="80"
+								{...field}
+								onChange={(e) => field.onChange(parseInt(e.target.value, 10) || undefined)}
+							/>
+						</FormControl>
+						<FormDescription>WebDAV server port (default: 80 for HTTP, 443 for HTTPS).</FormDescription>
+						<FormMessage />
+					</FormItem>
+				)}
+			/>
+			<FormField
+				control={form.control}
+				name="ssl"
+				defaultValue={false}
+				render={({ field }) => (
+					<FormItem>
+						<FormLabel>Use SSL/HTTPS</FormLabel>
+						<FormControl>
+							<div className="flex items-center space-x-2">
+								<input
+									type="checkbox"
+									checked={field.value ?? false}
+									onChange={(e) => field.onChange(e.target.checked)}
+									className="rounded border-gray-300"
+								/>
+								<span className="text-sm">Enable HTTPS for secure connections</span>
+							</div>
+						</FormControl>
+						<FormDescription>Use HTTPS instead of HTTP for secure connections.</FormDescription>
+						<FormMessage />
+					</FormItem>
+				)}
+			/>
+			<FormField
+				control={form.control}
+				name="readOnly"
+				defaultValue={false}
+				render={({ field }) => (
+					<FormItem>
+						<FormLabel>Read-only Mode</FormLabel>
+						<FormControl>
+							<div className="flex items-center space-x-2">
+								<input
+									type="checkbox"
+									checked={field.value ?? false}
+									onChange={(e) => field.onChange(e.target.checked)}
+									className="rounded border-gray-300"
+								/>
+								<span className="text-sm">Mount volume as read-only</span>
+							</div>
+						</FormControl>
+						<FormDescription>
+							Prevent any modifications to the volume. Recommended for backup sources and sensitive data.
+						</FormDescription>
+						<FormMessage />
+					</FormItem>
+				)}
+			/>
+		</>
+	);
+};
diff --git a/app/client/modules/volumes/routes/create-volume.tsx b/app/client/modules/volumes/routes/create-volume.tsx
index 15218ac8..e2faf6a6 100644
--- a/app/client/modules/volumes/routes/create-volume.tsx
+++ b/app/client/modules/volumes/routes/create-volume.tsx
@@ -1,10 +1,10 @@
 import { useMutation } from "@tanstack/react-query";
-import { HardDrive } from "lucide-react";
+import { HardDrive, Plus } from "lucide-react";
 import { useId } from "react";
 import { useNavigate } from "react-router";
 import { toast } from "sonner";
 import { createVolumeMutation } from "~/client/api-client/@tanstack/react-query.gen";
-import { CreateVolumeForm, type FormValues } from "~/client/components/create-volume-form";
+import { CreateVolumeForm, type FormValues } from "~/client/modules/volumes/components/create-volume-form";
 import { Button } from "~/client/components/ui/button";
 import { Card, CardContent, CardHeader, CardTitle } from "~/client/components/ui/card";
 import { parseError } from "~/client/lib/errors";
@@ -73,6 +73,7 @@ export default function CreateVolume() {
 							Cancel
 						</Button>
 						<Button type="submit" form={formId} loading={createVolume.isPending}>
+							<Plus className="h-4 w-4 mr-2" />
 							Create Volume
 						</Button>
 					</div>
diff --git a/app/client/modules/volumes/routes/volume-details.tsx b/app/client/modules/volumes/routes/volume-details.tsx
index 3ee690a3..082589c9 100644
--- a/app/client/modules/volumes/routes/volume-details.tsx
+++ b/app/client/modules/volumes/routes/volume-details.tsx
@@ -2,6 +2,7 @@ import { useMutation, useQuery } from "@tanstack/react-query";
 import { useNavigate, useParams, useSearchParams } from "react-router";
 import { toast } from "sonner";
 import { useState } from "react";
+import { Plug, Unplug } from "lucide-react";
 import { StatusDot } from "~/client/components/status-dot";
 import { Button } from "~/client/components/ui/button";
 import { Tabs, TabsContent, TabsList, TabsTrigger } from "~/client/components/ui/tabs";
@@ -71,8 +72,6 @@ export default function VolumeDetails({ loaderData }: Route.ComponentProps) {
 	const { data } = useQuery({
 		...getVolumeOptions({ path: { name: name ?? "" } }),
 		initialData: loaderData,
-		refetchInterval: 10000,
-		refetchOnWindowFocus: true,
 	});
 
 	const { capabilities } = useSystemInfo();
@@ -150,6 +149,7 @@ export default function VolumeDetails({ loaderData }: Route.ComponentProps) {
 						loading={mountVol.isPending}
 						className={cn({ hidden: volume.status === "mounted" })}
 					>
+						<Plug className="h-4 w-4 mr-2" />
 						Mount
 					</Button>
 					<Button
@@ -158,6 +158,7 @@ export default function VolumeDetails({ loaderData }: Route.ComponentProps) {
 						loading={unmountVol.isPending}
 						className={cn({ hidden: volume.status !== "mounted" })}
 					>
+						<Unplug className="h-4 w-4 mr-2" />
 						Unmount
 					</Button>
 					<Button variant="destructive" onClick={() => setShowDeleteConfirm(true)} disabled={deleteVol.isPending}>
diff --git a/app/client/modules/volumes/routes/volumes.tsx b/app/client/modules/volumes/routes/volumes.tsx
index fc8bbda4..3a2bc14b 100644
--- a/app/client/modules/volumes/routes/volumes.tsx
+++ b/app/client/modules/volumes/routes/volumes.tsx
@@ -61,8 +61,6 @@ export default function Volumes({ loaderData }: Route.ComponentProps) {
 	const { data } = useQuery({
 		...listVolumesOptions(),
 		initialData: loaderData,
-		refetchInterval: 10000,
-		refetchOnWindowFocus: true,
 	});
 
 	const filteredVolumes =
diff --git a/app/client/modules/volumes/tabs/info.tsx b/app/client/modules/volumes/tabs/info.tsx
index 2b21307d..79a9c200 100644
--- a/app/client/modules/volumes/tabs/info.tsx
+++ b/app/client/modules/volumes/tabs/info.tsx
@@ -2,7 +2,8 @@ import { useMutation } from "@tanstack/react-query";
 import { useState } from "react";
 import { useNavigate } from "react-router";
 import { toast } from "sonner";
-import { CreateVolumeForm, type FormValues } from "~/client/components/create-volume-form";
+import { Check } from "lucide-react";
+import { CreateVolumeForm, type FormValues } from "~/client/modules/volumes/components/create-volume-form";
 import {
 	AlertDialog,
 	AlertDialogAction,
@@ -94,7 +95,10 @@ export const VolumeInfoTabContent = ({ volume, statfs }: Props) => {
 					</AlertDialogHeader>
 					<AlertDialogFooter>
 						<AlertDialogCancel>Cancel</AlertDialogCancel>
-						<AlertDialogAction onClick={confirmUpdate}>Update</AlertDialogAction>
+						<AlertDialogAction onClick={confirmUpdate}>
+							<Check className="h-4 w-4" />
+							Update
+						</AlertDialogAction>
 					</AlertDialogFooter>
 				</AlertDialogContent>
 			</AlertDialog>
diff --git a/app/drizzle/0018_breezy_invaders.sql b/app/drizzle/0018_breezy_invaders.sql
new file mode 100644
index 00000000..7a3e100b
--- /dev/null
+++ b/app/drizzle/0018_breezy_invaders.sql
@@ -0,0 +1,139 @@
+CREATE TABLE `backup_schedule_mirrors_table` (
+	`id` integer PRIMARY KEY AUTOINCREMENT NOT NULL,
+	`schedule_id` integer NOT NULL,
+	`repository_id` text NOT NULL,
+	`enabled` integer DEFAULT true NOT NULL,
+	`last_copy_at` integer,
+	`last_copy_status` text,
+	`last_copy_error` text,
+	`created_at` integer DEFAULT (unixepoch() * 1000) NOT NULL,
+	FOREIGN KEY (`schedule_id`) REFERENCES `backup_schedules_table`(`id`) ON UPDATE no action ON DELETE cascade,
+	FOREIGN KEY (`repository_id`) REFERENCES `repositories_table`(`id`) ON UPDATE no action ON DELETE cascade
+);
+--> statement-breakpoint
+CREATE UNIQUE INDEX `backup_schedule_mirrors_table_schedule_id_repository_id_unique` ON `backup_schedule_mirrors_table` (`schedule_id`,`repository_id`);--> statement-breakpoint
+PRAGMA foreign_keys=OFF;--> statement-breakpoint
+CREATE TABLE `__new_app_metadata` (
+	`key` text PRIMARY KEY NOT NULL,
+	`value` text NOT NULL,
+	`created_at` integer DEFAULT (unixepoch() * 1000) NOT NULL,
+	`updated_at` integer DEFAULT (unixepoch() * 1000) NOT NULL
+);
+--> statement-breakpoint
+INSERT INTO `__new_app_metadata`("key", "value", "created_at", "updated_at") SELECT "key", "value", "created_at", "updated_at" FROM `app_metadata`;--> statement-breakpoint
+DROP TABLE `app_metadata`;--> statement-breakpoint
+ALTER TABLE `__new_app_metadata` RENAME TO `app_metadata`;--> statement-breakpoint
+PRAGMA foreign_keys=ON;--> statement-breakpoint
+CREATE TABLE `__new_backup_schedule_notifications_table` (
+	`schedule_id` integer NOT NULL,
+	`destination_id` integer NOT NULL,
+	`notify_on_start` integer DEFAULT false NOT NULL,
+	`notify_on_success` integer DEFAULT false NOT NULL,
+	`notify_on_failure` integer DEFAULT true NOT NULL,
+	`created_at` integer DEFAULT (unixepoch() * 1000) NOT NULL,
+	PRIMARY KEY(`schedule_id`, `destination_id`),
+	FOREIGN KEY (`schedule_id`) REFERENCES `backup_schedules_table`(`id`) ON UPDATE no action ON DELETE cascade,
+	FOREIGN KEY (`destination_id`) REFERENCES `notification_destinations_table`(`id`) ON UPDATE no action ON DELETE cascade
+);
+--> statement-breakpoint
+INSERT INTO `__new_backup_schedule_notifications_table`("schedule_id", "destination_id", "notify_on_start", "notify_on_success", "notify_on_failure", "created_at") SELECT "schedule_id", "destination_id", "notify_on_start", "notify_on_success", "notify_on_failure", "created_at" FROM `backup_schedule_notifications_table`;--> statement-breakpoint
+DROP TABLE `backup_schedule_notifications_table`;--> statement-breakpoint
+ALTER TABLE `__new_backup_schedule_notifications_table` RENAME TO `backup_schedule_notifications_table`;--> statement-breakpoint
+CREATE TABLE `__new_backup_schedules_table` (
+	`id` integer PRIMARY KEY AUTOINCREMENT NOT NULL,
+	`volume_id` integer NOT NULL,
+	`repository_id` text NOT NULL,
+	`enabled` integer DEFAULT true NOT NULL,
+	`cron_expression` text NOT NULL,
+	`retention_policy` text,
+	`exclude_patterns` text DEFAULT '[]',
+	`include_patterns` text DEFAULT '[]',
+	`last_backup_at` integer,
+	`last_backup_status` text,
+	`last_backup_error` text,
+	`next_backup_at` integer,
+	`created_at` integer DEFAULT (unixepoch() * 1000) NOT NULL,
+	`updated_at` integer DEFAULT (unixepoch() * 1000) NOT NULL,
+	FOREIGN KEY (`volume_id`) REFERENCES `volumes_table`(`id`) ON UPDATE no action ON DELETE cascade,
+	FOREIGN KEY (`repository_id`) REFERENCES `repositories_table`(`id`) ON UPDATE no action ON DELETE cascade
+);
+--> statement-breakpoint
+INSERT INTO `__new_backup_schedules_table`("id", "volume_id", "repository_id", "enabled", "cron_expression", "retention_policy", "exclude_patterns", "include_patterns", "last_backup_at", "last_backup_status", "last_backup_error", "next_backup_at", "created_at", "updated_at") SELECT "id", "volume_id", "repository_id", "enabled", "cron_expression", "retention_policy", "exclude_patterns", "include_patterns", "last_backup_at", "last_backup_status", "last_backup_error", "next_backup_at", "created_at", "updated_at" FROM `backup_schedules_table`;--> statement-breakpoint
+DROP TABLE `backup_schedules_table`;--> statement-breakpoint
+ALTER TABLE `__new_backup_schedules_table` RENAME TO `backup_schedules_table`;--> statement-breakpoint
+CREATE TABLE `__new_notification_destinations_table` (
+	`id` integer PRIMARY KEY AUTOINCREMENT NOT NULL,
+	`name` text NOT NULL,
+	`enabled` integer DEFAULT true NOT NULL,
+	`type` text NOT NULL,
+	`config` text NOT NULL,
+	`created_at` integer DEFAULT (unixepoch() * 1000) NOT NULL,
+	`updated_at` integer DEFAULT (unixepoch() * 1000) NOT NULL
+);
+--> statement-breakpoint
+INSERT INTO `__new_notification_destinations_table`("id", "name", "enabled", "type", "config", "created_at", "updated_at") SELECT "id", "name", "enabled", "type", "config", "created_at", "updated_at" FROM `notification_destinations_table`;--> statement-breakpoint
+DROP TABLE `notification_destinations_table`;--> statement-breakpoint
+ALTER TABLE `__new_notification_destinations_table` RENAME TO `notification_destinations_table`;--> statement-breakpoint
+CREATE UNIQUE INDEX `notification_destinations_table_name_unique` ON `notification_destinations_table` (`name`);--> statement-breakpoint
+CREATE TABLE `__new_repositories_table` (
+	`id` text PRIMARY KEY NOT NULL,
+	`short_id` text NOT NULL,
+	`name` text NOT NULL,
+	`type` text NOT NULL,
+	`config` text NOT NULL,
+	`compression_mode` text DEFAULT 'auto',
+	`status` text DEFAULT 'unknown',
+	`last_checked` integer,
+	`last_error` text,
+	`created_at` integer DEFAULT (unixepoch() * 1000) NOT NULL,
+	`updated_at` integer DEFAULT (unixepoch() * 1000) NOT NULL
+);
+--> statement-breakpoint
+INSERT INTO `__new_repositories_table`("id", "short_id", "name", "type", "config", "compression_mode", "status", "last_checked", "last_error", "created_at", "updated_at") SELECT "id", "short_id", "name", "type", "config", "compression_mode", "status", "last_checked", "last_error", "created_at", "updated_at" FROM `repositories_table`;--> statement-breakpoint
+DROP TABLE `repositories_table`;--> statement-breakpoint
+ALTER TABLE `__new_repositories_table` RENAME TO `repositories_table`;--> statement-breakpoint
+CREATE UNIQUE INDEX `repositories_table_short_id_unique` ON `repositories_table` (`short_id`);--> statement-breakpoint
+CREATE UNIQUE INDEX `repositories_table_name_unique` ON `repositories_table` (`name`);--> statement-breakpoint
+CREATE TABLE `__new_sessions_table` (
+	`id` text PRIMARY KEY NOT NULL,
+	`user_id` integer NOT NULL,
+	`expires_at` integer NOT NULL,
+	`created_at` integer DEFAULT (unixepoch() * 1000) NOT NULL,
+	FOREIGN KEY (`user_id`) REFERENCES `users_table`(`id`) ON UPDATE no action ON DELETE cascade
+);
+--> statement-breakpoint
+INSERT INTO `__new_sessions_table`("id", "user_id", "expires_at", "created_at") SELECT "id", "user_id", "expires_at", "created_at" FROM `sessions_table`;--> statement-breakpoint
+DROP TABLE `sessions_table`;--> statement-breakpoint
+ALTER TABLE `__new_sessions_table` RENAME TO `sessions_table`;--> statement-breakpoint
+CREATE TABLE `__new_users_table` (
+	`id` integer PRIMARY KEY AUTOINCREMENT NOT NULL,
+	`username` text NOT NULL,
+	`password_hash` text NOT NULL,
+	`has_downloaded_restic_password` integer DEFAULT false NOT NULL,
+	`created_at` integer DEFAULT (unixepoch() * 1000) NOT NULL,
+	`updated_at` integer DEFAULT (unixepoch() * 1000) NOT NULL
+);
+--> statement-breakpoint
+INSERT INTO `__new_users_table`("id", "username", "password_hash", "has_downloaded_restic_password", "created_at", "updated_at") SELECT "id", "username", "password_hash", "has_downloaded_restic_password", "created_at", "updated_at" FROM `users_table`;--> statement-breakpoint
+DROP TABLE `users_table`;--> statement-breakpoint
+ALTER TABLE `__new_users_table` RENAME TO `users_table`;--> statement-breakpoint
+CREATE UNIQUE INDEX `users_table_username_unique` ON `users_table` (`username`);--> statement-breakpoint
+CREATE TABLE `__new_volumes_table` (
+	`id` integer PRIMARY KEY AUTOINCREMENT NOT NULL,
+	`short_id` text NOT NULL,
+	`name` text NOT NULL,
+	`type` text NOT NULL,
+	`status` text DEFAULT 'unmounted' NOT NULL,
+	`last_error` text,
+	`last_health_check` integer DEFAULT (unixepoch() * 1000) NOT NULL,
+	`created_at` integer DEFAULT (unixepoch() * 1000) NOT NULL,
+	`updated_at` integer DEFAULT (unixepoch() * 1000) NOT NULL,
+	`config` text NOT NULL,
+	`auto_remount` integer DEFAULT true NOT NULL
+);
+--> statement-breakpoint
+INSERT INTO `__new_volumes_table`("id", "short_id", "name", "type", "status", "last_error", "last_health_check", "created_at", "updated_at", "config", "auto_remount") SELECT "id", "short_id", "name", "type", "status", "last_error", "last_health_check", "created_at", "updated_at", "config", "auto_remount" FROM `volumes_table`;--> statement-breakpoint
+DROP TABLE `volumes_table`;--> statement-breakpoint
+ALTER TABLE `__new_volumes_table` RENAME TO `volumes_table`;--> statement-breakpoint
+CREATE UNIQUE INDEX `volumes_table_short_id_unique` ON `volumes_table` (`short_id`);--> statement-breakpoint
+CREATE UNIQUE INDEX `volumes_table_name_unique` ON `volumes_table` (`name`);
\ No newline at end of file
diff --git a/app/drizzle/0019_secret_nomad.sql b/app/drizzle/0019_secret_nomad.sql
new file mode 100644
index 00000000..b8e3bbbd
--- /dev/null
+++ b/app/drizzle/0019_secret_nomad.sql
@@ -0,0 +1,24 @@
+PRAGMA foreign_keys=OFF;--> statement-breakpoint
+CREATE TABLE `__new_backup_schedules_table` (
+	`id` integer PRIMARY KEY AUTOINCREMENT NOT NULL,
+	`name` text NOT NULL,
+	`volume_id` integer NOT NULL REFERENCES `volumes_table`(`id`) ON DELETE CASCADE,
+	`repository_id` text NOT NULL REFERENCES `repositories_table`(`id`) ON DELETE CASCADE,
+	`enabled` integer DEFAULT true NOT NULL,
+	`cron_expression` text NOT NULL,
+	`retention_policy` text,
+	`exclude_patterns` text DEFAULT '[]',
+	`include_patterns` text DEFAULT '[]',
+	`last_backup_at` integer,
+	`last_backup_status` text,
+	`last_backup_error` text,
+	`next_backup_at` integer,
+	`created_at` integer DEFAULT (unixepoch() * 1000) NOT NULL,
+	`updated_at` integer DEFAULT (unixepoch() * 1000) NOT NULL
+);--> statement-breakpoint
+INSERT INTO `__new_backup_schedules_table`(`id`, `name`, `volume_id`, `repository_id`, `enabled`, `cron_expression`, `retention_policy`, `exclude_patterns`, `include_patterns`, `last_backup_at`, `last_backup_status`, `last_backup_error`, `next_backup_at`, `created_at`, `updated_at`)
+SELECT `id`, lower(hex(randomblob(3))), `volume_id`, `repository_id`, `enabled`, `cron_expression`, `retention_policy`, `exclude_patterns`, `include_patterns`, `last_backup_at`, `last_backup_status`, `last_backup_error`, `next_backup_at`, `created_at`, `updated_at` FROM `backup_schedules_table`;--> statement-breakpoint
+DROP TABLE `backup_schedules_table`;--> statement-breakpoint
+ALTER TABLE `__new_backup_schedules_table` RENAME TO `backup_schedules_table`;--> statement-breakpoint
+PRAGMA foreign_keys=ON;--> statement-breakpoint
+CREATE UNIQUE INDEX `backup_schedules_table_name_unique` ON `backup_schedules_table` (`name`);
\ No newline at end of file
diff --git a/app/drizzle/0020_even_dexter_bennett.sql b/app/drizzle/0020_even_dexter_bennett.sql
new file mode 100644
index 00000000..82196245
--- /dev/null
+++ b/app/drizzle/0020_even_dexter_bennett.sql
@@ -0,0 +1 @@
+ALTER TABLE `backup_schedules_table` ADD `exclude_if_present` text DEFAULT '[]';
\ No newline at end of file
diff --git a/app/drizzle/0021_steady_viper.sql b/app/drizzle/0021_steady_viper.sql
new file mode 100644
index 00000000..0f3b456c
--- /dev/null
+++ b/app/drizzle/0021_steady_viper.sql
@@ -0,0 +1 @@
+ALTER TABLE `backup_schedule_notifications_table` ADD `notify_on_warning` integer DEFAULT true NOT NULL;
\ No newline at end of file
diff --git a/app/drizzle/meta/0018_snapshot.json b/app/drizzle/meta/0018_snapshot.json
new file mode 100644
index 00000000..27420d26
--- /dev/null
+++ b/app/drizzle/meta/0018_snapshot.json
@@ -0,0 +1,792 @@
+{
+  "version": "6",
+  "dialect": "sqlite",
+  "id": "d5a60aea-4490-423e-8725-6ace87a76c9b",
+  "prevId": "d0bfd316-b8f5-459b-ab17-0ce679479321",
+  "tables": {
+    "app_metadata": {
+      "name": "app_metadata",
+      "columns": {
+        "key": {
+          "name": "key",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "value": {
+          "name": "value",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "backup_schedule_mirrors_table": {
+      "name": "backup_schedule_mirrors_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": true
+        },
+        "schedule_id": {
+          "name": "schedule_id",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "repository_id": {
+          "name": "repository_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "enabled": {
+          "name": "enabled",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        },
+        "last_copy_at": {
+          "name": "last_copy_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_copy_status": {
+          "name": "last_copy_status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_copy_error": {
+          "name": "last_copy_error",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {
+        "backup_schedule_mirrors_table_schedule_id_repository_id_unique": {
+          "name": "backup_schedule_mirrors_table_schedule_id_repository_id_unique",
+          "columns": [
+            "schedule_id",
+            "repository_id"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {
+        "backup_schedule_mirrors_table_schedule_id_backup_schedules_table_id_fk": {
+          "name": "backup_schedule_mirrors_table_schedule_id_backup_schedules_table_id_fk",
+          "tableFrom": "backup_schedule_mirrors_table",
+          "tableTo": "backup_schedules_table",
+          "columnsFrom": [
+            "schedule_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "backup_schedule_mirrors_table_repository_id_repositories_table_id_fk": {
+          "name": "backup_schedule_mirrors_table_repository_id_repositories_table_id_fk",
+          "tableFrom": "backup_schedule_mirrors_table",
+          "tableTo": "repositories_table",
+          "columnsFrom": [
+            "repository_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "backup_schedule_notifications_table": {
+      "name": "backup_schedule_notifications_table",
+      "columns": {
+        "schedule_id": {
+          "name": "schedule_id",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "destination_id": {
+          "name": "destination_id",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "notify_on_start": {
+          "name": "notify_on_start",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": false
+        },
+        "notify_on_success": {
+          "name": "notify_on_success",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": false
+        },
+        "notify_on_failure": {
+          "name": "notify_on_failure",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "backup_schedule_notifications_table_schedule_id_backup_schedules_table_id_fk": {
+          "name": "backup_schedule_notifications_table_schedule_id_backup_schedules_table_id_fk",
+          "tableFrom": "backup_schedule_notifications_table",
+          "tableTo": "backup_schedules_table",
+          "columnsFrom": [
+            "schedule_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "backup_schedule_notifications_table_destination_id_notification_destinations_table_id_fk": {
+          "name": "backup_schedule_notifications_table_destination_id_notification_destinations_table_id_fk",
+          "tableFrom": "backup_schedule_notifications_table",
+          "tableTo": "notification_destinations_table",
+          "columnsFrom": [
+            "destination_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {
+        "backup_schedule_notifications_table_schedule_id_destination_id_pk": {
+          "columns": [
+            "schedule_id",
+            "destination_id"
+          ],
+          "name": "backup_schedule_notifications_table_schedule_id_destination_id_pk"
+        }
+      },
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "backup_schedules_table": {
+      "name": "backup_schedules_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": true
+        },
+        "volume_id": {
+          "name": "volume_id",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "repository_id": {
+          "name": "repository_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "enabled": {
+          "name": "enabled",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        },
+        "cron_expression": {
+          "name": "cron_expression",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "retention_policy": {
+          "name": "retention_policy",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "exclude_patterns": {
+          "name": "exclude_patterns",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "'[]'"
+        },
+        "include_patterns": {
+          "name": "include_patterns",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "'[]'"
+        },
+        "last_backup_at": {
+          "name": "last_backup_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_backup_status": {
+          "name": "last_backup_status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_backup_error": {
+          "name": "last_backup_error",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "next_backup_at": {
+          "name": "next_backup_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "backup_schedules_table_volume_id_volumes_table_id_fk": {
+          "name": "backup_schedules_table_volume_id_volumes_table_id_fk",
+          "tableFrom": "backup_schedules_table",
+          "tableTo": "volumes_table",
+          "columnsFrom": [
+            "volume_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "backup_schedules_table_repository_id_repositories_table_id_fk": {
+          "name": "backup_schedules_table_repository_id_repositories_table_id_fk",
+          "tableFrom": "backup_schedules_table",
+          "tableTo": "repositories_table",
+          "columnsFrom": [
+            "repository_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "notification_destinations_table": {
+      "name": "notification_destinations_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "enabled": {
+          "name": "enabled",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        },
+        "type": {
+          "name": "type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "config": {
+          "name": "config",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {
+        "notification_destinations_table_name_unique": {
+          "name": "notification_destinations_table_name_unique",
+          "columns": [
+            "name"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "repositories_table": {
+      "name": "repositories_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "short_id": {
+          "name": "short_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "type": {
+          "name": "type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "config": {
+          "name": "config",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "compression_mode": {
+          "name": "compression_mode",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "'auto'"
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "'unknown'"
+        },
+        "last_checked": {
+          "name": "last_checked",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_error": {
+          "name": "last_error",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {
+        "repositories_table_short_id_unique": {
+          "name": "repositories_table_short_id_unique",
+          "columns": [
+            "short_id"
+          ],
+          "isUnique": true
+        },
+        "repositories_table_name_unique": {
+          "name": "repositories_table_name_unique",
+          "columns": [
+            "name"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "sessions_table": {
+      "name": "sessions_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "expires_at": {
+          "name": "expires_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "sessions_table_user_id_users_table_id_fk": {
+          "name": "sessions_table_user_id_users_table_id_fk",
+          "tableFrom": "sessions_table",
+          "tableTo": "users_table",
+          "columnsFrom": [
+            "user_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "users_table": {
+      "name": "users_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": true
+        },
+        "username": {
+          "name": "username",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "password_hash": {
+          "name": "password_hash",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "has_downloaded_restic_password": {
+          "name": "has_downloaded_restic_password",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {
+        "users_table_username_unique": {
+          "name": "users_table_username_unique",
+          "columns": [
+            "username"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "volumes_table": {
+      "name": "volumes_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": true
+        },
+        "short_id": {
+          "name": "short_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "type": {
+          "name": "type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "'unmounted'"
+        },
+        "last_error": {
+          "name": "last_error",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_health_check": {
+          "name": "last_health_check",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "config": {
+          "name": "config",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "auto_remount": {
+          "name": "auto_remount",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        }
+      },
+      "indexes": {
+        "volumes_table_short_id_unique": {
+          "name": "volumes_table_short_id_unique",
+          "columns": [
+            "short_id"
+          ],
+          "isUnique": true
+        },
+        "volumes_table_name_unique": {
+          "name": "volumes_table_name_unique",
+          "columns": [
+            "name"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    }
+  },
+  "views": {},
+  "enums": {},
+  "_meta": {
+    "schemas": {},
+    "tables": {},
+    "columns": {}
+  },
+  "internal": {
+    "indexes": {}
+  }
+}
\ No newline at end of file
diff --git a/app/drizzle/meta/0019_snapshot.json b/app/drizzle/meta/0019_snapshot.json
new file mode 100644
index 00000000..3f2d178c
--- /dev/null
+++ b/app/drizzle/meta/0019_snapshot.json
@@ -0,0 +1,807 @@
+{
+  "version": "6",
+  "dialect": "sqlite",
+  "id": "b5b3acff-51d7-45ae-b9d2-4b07a6286fc3",
+  "prevId": "d5a60aea-4490-423e-8725-6ace87a76c9b",
+  "tables": {
+    "app_metadata": {
+      "name": "app_metadata",
+      "columns": {
+        "key": {
+          "name": "key",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "value": {
+          "name": "value",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "backup_schedule_mirrors_table": {
+      "name": "backup_schedule_mirrors_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": true
+        },
+        "schedule_id": {
+          "name": "schedule_id",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "repository_id": {
+          "name": "repository_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "enabled": {
+          "name": "enabled",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        },
+        "last_copy_at": {
+          "name": "last_copy_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_copy_status": {
+          "name": "last_copy_status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_copy_error": {
+          "name": "last_copy_error",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {
+        "backup_schedule_mirrors_table_schedule_id_repository_id_unique": {
+          "name": "backup_schedule_mirrors_table_schedule_id_repository_id_unique",
+          "columns": [
+            "schedule_id",
+            "repository_id"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {
+        "backup_schedule_mirrors_table_schedule_id_backup_schedules_table_id_fk": {
+          "name": "backup_schedule_mirrors_table_schedule_id_backup_schedules_table_id_fk",
+          "tableFrom": "backup_schedule_mirrors_table",
+          "tableTo": "backup_schedules_table",
+          "columnsFrom": [
+            "schedule_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "backup_schedule_mirrors_table_repository_id_repositories_table_id_fk": {
+          "name": "backup_schedule_mirrors_table_repository_id_repositories_table_id_fk",
+          "tableFrom": "backup_schedule_mirrors_table",
+          "tableTo": "repositories_table",
+          "columnsFrom": [
+            "repository_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "backup_schedule_notifications_table": {
+      "name": "backup_schedule_notifications_table",
+      "columns": {
+        "schedule_id": {
+          "name": "schedule_id",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "destination_id": {
+          "name": "destination_id",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "notify_on_start": {
+          "name": "notify_on_start",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": false
+        },
+        "notify_on_success": {
+          "name": "notify_on_success",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": false
+        },
+        "notify_on_failure": {
+          "name": "notify_on_failure",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "backup_schedule_notifications_table_schedule_id_backup_schedules_table_id_fk": {
+          "name": "backup_schedule_notifications_table_schedule_id_backup_schedules_table_id_fk",
+          "tableFrom": "backup_schedule_notifications_table",
+          "tableTo": "backup_schedules_table",
+          "columnsFrom": [
+            "schedule_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "backup_schedule_notifications_table_destination_id_notification_destinations_table_id_fk": {
+          "name": "backup_schedule_notifications_table_destination_id_notification_destinations_table_id_fk",
+          "tableFrom": "backup_schedule_notifications_table",
+          "tableTo": "notification_destinations_table",
+          "columnsFrom": [
+            "destination_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {
+        "backup_schedule_notifications_table_schedule_id_destination_id_pk": {
+          "columns": [
+            "schedule_id",
+            "destination_id"
+          ],
+          "name": "backup_schedule_notifications_table_schedule_id_destination_id_pk"
+        }
+      },
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "backup_schedules_table": {
+      "name": "backup_schedules_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "volume_id": {
+          "name": "volume_id",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "repository_id": {
+          "name": "repository_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "enabled": {
+          "name": "enabled",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        },
+        "cron_expression": {
+          "name": "cron_expression",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "retention_policy": {
+          "name": "retention_policy",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "exclude_patterns": {
+          "name": "exclude_patterns",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "'[]'"
+        },
+        "include_patterns": {
+          "name": "include_patterns",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "'[]'"
+        },
+        "last_backup_at": {
+          "name": "last_backup_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_backup_status": {
+          "name": "last_backup_status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_backup_error": {
+          "name": "last_backup_error",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "next_backup_at": {
+          "name": "next_backup_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {
+        "backup_schedules_table_name_unique": {
+          "name": "backup_schedules_table_name_unique",
+          "columns": [
+            "name"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {
+        "backup_schedules_table_volume_id_volumes_table_id_fk": {
+          "name": "backup_schedules_table_volume_id_volumes_table_id_fk",
+          "tableFrom": "backup_schedules_table",
+          "tableTo": "volumes_table",
+          "columnsFrom": [
+            "volume_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "backup_schedules_table_repository_id_repositories_table_id_fk": {
+          "name": "backup_schedules_table_repository_id_repositories_table_id_fk",
+          "tableFrom": "backup_schedules_table",
+          "tableTo": "repositories_table",
+          "columnsFrom": [
+            "repository_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "notification_destinations_table": {
+      "name": "notification_destinations_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "enabled": {
+          "name": "enabled",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        },
+        "type": {
+          "name": "type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "config": {
+          "name": "config",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {
+        "notification_destinations_table_name_unique": {
+          "name": "notification_destinations_table_name_unique",
+          "columns": [
+            "name"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "repositories_table": {
+      "name": "repositories_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "short_id": {
+          "name": "short_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "type": {
+          "name": "type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "config": {
+          "name": "config",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "compression_mode": {
+          "name": "compression_mode",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "'auto'"
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "'unknown'"
+        },
+        "last_checked": {
+          "name": "last_checked",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_error": {
+          "name": "last_error",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {
+        "repositories_table_short_id_unique": {
+          "name": "repositories_table_short_id_unique",
+          "columns": [
+            "short_id"
+          ],
+          "isUnique": true
+        },
+        "repositories_table_name_unique": {
+          "name": "repositories_table_name_unique",
+          "columns": [
+            "name"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "sessions_table": {
+      "name": "sessions_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "expires_at": {
+          "name": "expires_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "sessions_table_user_id_users_table_id_fk": {
+          "name": "sessions_table_user_id_users_table_id_fk",
+          "tableFrom": "sessions_table",
+          "tableTo": "users_table",
+          "columnsFrom": [
+            "user_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "users_table": {
+      "name": "users_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": true
+        },
+        "username": {
+          "name": "username",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "password_hash": {
+          "name": "password_hash",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "has_downloaded_restic_password": {
+          "name": "has_downloaded_restic_password",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {
+        "users_table_username_unique": {
+          "name": "users_table_username_unique",
+          "columns": [
+            "username"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "volumes_table": {
+      "name": "volumes_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": true
+        },
+        "short_id": {
+          "name": "short_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "type": {
+          "name": "type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "'unmounted'"
+        },
+        "last_error": {
+          "name": "last_error",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_health_check": {
+          "name": "last_health_check",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "config": {
+          "name": "config",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "auto_remount": {
+          "name": "auto_remount",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        }
+      },
+      "indexes": {
+        "volumes_table_short_id_unique": {
+          "name": "volumes_table_short_id_unique",
+          "columns": [
+            "short_id"
+          ],
+          "isUnique": true
+        },
+        "volumes_table_name_unique": {
+          "name": "volumes_table_name_unique",
+          "columns": [
+            "name"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    }
+  },
+  "views": {},
+  "enums": {},
+  "_meta": {
+    "schemas": {},
+    "tables": {},
+    "columns": {}
+  },
+  "internal": {
+    "indexes": {}
+  }
+}
\ No newline at end of file
diff --git a/app/drizzle/meta/0020_snapshot.json b/app/drizzle/meta/0020_snapshot.json
new file mode 100644
index 00000000..3c30048b
--- /dev/null
+++ b/app/drizzle/meta/0020_snapshot.json
@@ -0,0 +1,815 @@
+{
+  "version": "6",
+  "dialect": "sqlite",
+  "id": "729d3ce9-b4b9-41f6-a270-d74c96510238",
+  "prevId": "b5b3acff-51d7-45ae-b9d2-4b07a6286fc3",
+  "tables": {
+    "app_metadata": {
+      "name": "app_metadata",
+      "columns": {
+        "key": {
+          "name": "key",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "value": {
+          "name": "value",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "backup_schedule_mirrors_table": {
+      "name": "backup_schedule_mirrors_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": true
+        },
+        "schedule_id": {
+          "name": "schedule_id",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "repository_id": {
+          "name": "repository_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "enabled": {
+          "name": "enabled",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        },
+        "last_copy_at": {
+          "name": "last_copy_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_copy_status": {
+          "name": "last_copy_status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_copy_error": {
+          "name": "last_copy_error",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {
+        "backup_schedule_mirrors_table_schedule_id_repository_id_unique": {
+          "name": "backup_schedule_mirrors_table_schedule_id_repository_id_unique",
+          "columns": [
+            "schedule_id",
+            "repository_id"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {
+        "backup_schedule_mirrors_table_schedule_id_backup_schedules_table_id_fk": {
+          "name": "backup_schedule_mirrors_table_schedule_id_backup_schedules_table_id_fk",
+          "tableFrom": "backup_schedule_mirrors_table",
+          "tableTo": "backup_schedules_table",
+          "columnsFrom": [
+            "schedule_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "backup_schedule_mirrors_table_repository_id_repositories_table_id_fk": {
+          "name": "backup_schedule_mirrors_table_repository_id_repositories_table_id_fk",
+          "tableFrom": "backup_schedule_mirrors_table",
+          "tableTo": "repositories_table",
+          "columnsFrom": [
+            "repository_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "backup_schedule_notifications_table": {
+      "name": "backup_schedule_notifications_table",
+      "columns": {
+        "schedule_id": {
+          "name": "schedule_id",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "destination_id": {
+          "name": "destination_id",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "notify_on_start": {
+          "name": "notify_on_start",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": false
+        },
+        "notify_on_success": {
+          "name": "notify_on_success",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": false
+        },
+        "notify_on_failure": {
+          "name": "notify_on_failure",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "backup_schedule_notifications_table_schedule_id_backup_schedules_table_id_fk": {
+          "name": "backup_schedule_notifications_table_schedule_id_backup_schedules_table_id_fk",
+          "tableFrom": "backup_schedule_notifications_table",
+          "tableTo": "backup_schedules_table",
+          "columnsFrom": [
+            "schedule_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "backup_schedule_notifications_table_destination_id_notification_destinations_table_id_fk": {
+          "name": "backup_schedule_notifications_table_destination_id_notification_destinations_table_id_fk",
+          "tableFrom": "backup_schedule_notifications_table",
+          "tableTo": "notification_destinations_table",
+          "columnsFrom": [
+            "destination_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {
+        "backup_schedule_notifications_table_schedule_id_destination_id_pk": {
+          "columns": [
+            "schedule_id",
+            "destination_id"
+          ],
+          "name": "backup_schedule_notifications_table_schedule_id_destination_id_pk"
+        }
+      },
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "backup_schedules_table": {
+      "name": "backup_schedules_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "volume_id": {
+          "name": "volume_id",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "repository_id": {
+          "name": "repository_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "enabled": {
+          "name": "enabled",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        },
+        "cron_expression": {
+          "name": "cron_expression",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "retention_policy": {
+          "name": "retention_policy",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "exclude_patterns": {
+          "name": "exclude_patterns",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "'[]'"
+        },
+        "exclude_if_present": {
+          "name": "exclude_if_present",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "'[]'"
+        },
+        "include_patterns": {
+          "name": "include_patterns",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "'[]'"
+        },
+        "last_backup_at": {
+          "name": "last_backup_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_backup_status": {
+          "name": "last_backup_status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_backup_error": {
+          "name": "last_backup_error",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "next_backup_at": {
+          "name": "next_backup_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {
+        "backup_schedules_table_name_unique": {
+          "name": "backup_schedules_table_name_unique",
+          "columns": [
+            "name"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {
+        "backup_schedules_table_volume_id_volumes_table_id_fk": {
+          "name": "backup_schedules_table_volume_id_volumes_table_id_fk",
+          "tableFrom": "backup_schedules_table",
+          "tableTo": "volumes_table",
+          "columnsFrom": [
+            "volume_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "backup_schedules_table_repository_id_repositories_table_id_fk": {
+          "name": "backup_schedules_table_repository_id_repositories_table_id_fk",
+          "tableFrom": "backup_schedules_table",
+          "tableTo": "repositories_table",
+          "columnsFrom": [
+            "repository_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "notification_destinations_table": {
+      "name": "notification_destinations_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "enabled": {
+          "name": "enabled",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        },
+        "type": {
+          "name": "type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "config": {
+          "name": "config",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {
+        "notification_destinations_table_name_unique": {
+          "name": "notification_destinations_table_name_unique",
+          "columns": [
+            "name"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "repositories_table": {
+      "name": "repositories_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "short_id": {
+          "name": "short_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "type": {
+          "name": "type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "config": {
+          "name": "config",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "compression_mode": {
+          "name": "compression_mode",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "'auto'"
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "'unknown'"
+        },
+        "last_checked": {
+          "name": "last_checked",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_error": {
+          "name": "last_error",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {
+        "repositories_table_short_id_unique": {
+          "name": "repositories_table_short_id_unique",
+          "columns": [
+            "short_id"
+          ],
+          "isUnique": true
+        },
+        "repositories_table_name_unique": {
+          "name": "repositories_table_name_unique",
+          "columns": [
+            "name"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "sessions_table": {
+      "name": "sessions_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "expires_at": {
+          "name": "expires_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "sessions_table_user_id_users_table_id_fk": {
+          "name": "sessions_table_user_id_users_table_id_fk",
+          "tableFrom": "sessions_table",
+          "tableTo": "users_table",
+          "columnsFrom": [
+            "user_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "users_table": {
+      "name": "users_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": true
+        },
+        "username": {
+          "name": "username",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "password_hash": {
+          "name": "password_hash",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "has_downloaded_restic_password": {
+          "name": "has_downloaded_restic_password",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {
+        "users_table_username_unique": {
+          "name": "users_table_username_unique",
+          "columns": [
+            "username"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "volumes_table": {
+      "name": "volumes_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": true
+        },
+        "short_id": {
+          "name": "short_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "type": {
+          "name": "type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "'unmounted'"
+        },
+        "last_error": {
+          "name": "last_error",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_health_check": {
+          "name": "last_health_check",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "config": {
+          "name": "config",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "auto_remount": {
+          "name": "auto_remount",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        }
+      },
+      "indexes": {
+        "volumes_table_short_id_unique": {
+          "name": "volumes_table_short_id_unique",
+          "columns": [
+            "short_id"
+          ],
+          "isUnique": true
+        },
+        "volumes_table_name_unique": {
+          "name": "volumes_table_name_unique",
+          "columns": [
+            "name"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    }
+  },
+  "views": {},
+  "enums": {},
+  "_meta": {
+    "schemas": {},
+    "tables": {},
+    "columns": {}
+  },
+  "internal": {
+    "indexes": {}
+  }
+}
\ No newline at end of file
diff --git a/app/drizzle/meta/0021_snapshot.json b/app/drizzle/meta/0021_snapshot.json
new file mode 100644
index 00000000..52562dfe
--- /dev/null
+++ b/app/drizzle/meta/0021_snapshot.json
@@ -0,0 +1,823 @@
+{
+  "version": "6",
+  "dialect": "sqlite",
+  "id": "e7c02f6c-e255-402e-9f18-d50a3fef8e4d",
+  "prevId": "729d3ce9-b4b9-41f6-a270-d74c96510238",
+  "tables": {
+    "app_metadata": {
+      "name": "app_metadata",
+      "columns": {
+        "key": {
+          "name": "key",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "value": {
+          "name": "value",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "backup_schedule_mirrors_table": {
+      "name": "backup_schedule_mirrors_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": true
+        },
+        "schedule_id": {
+          "name": "schedule_id",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "repository_id": {
+          "name": "repository_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "enabled": {
+          "name": "enabled",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        },
+        "last_copy_at": {
+          "name": "last_copy_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_copy_status": {
+          "name": "last_copy_status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_copy_error": {
+          "name": "last_copy_error",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {
+        "backup_schedule_mirrors_table_schedule_id_repository_id_unique": {
+          "name": "backup_schedule_mirrors_table_schedule_id_repository_id_unique",
+          "columns": [
+            "schedule_id",
+            "repository_id"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {
+        "backup_schedule_mirrors_table_schedule_id_backup_schedules_table_id_fk": {
+          "name": "backup_schedule_mirrors_table_schedule_id_backup_schedules_table_id_fk",
+          "tableFrom": "backup_schedule_mirrors_table",
+          "tableTo": "backup_schedules_table",
+          "columnsFrom": [
+            "schedule_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "backup_schedule_mirrors_table_repository_id_repositories_table_id_fk": {
+          "name": "backup_schedule_mirrors_table_repository_id_repositories_table_id_fk",
+          "tableFrom": "backup_schedule_mirrors_table",
+          "tableTo": "repositories_table",
+          "columnsFrom": [
+            "repository_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "backup_schedule_notifications_table": {
+      "name": "backup_schedule_notifications_table",
+      "columns": {
+        "schedule_id": {
+          "name": "schedule_id",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "destination_id": {
+          "name": "destination_id",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "notify_on_start": {
+          "name": "notify_on_start",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": false
+        },
+        "notify_on_success": {
+          "name": "notify_on_success",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": false
+        },
+        "notify_on_warning": {
+          "name": "notify_on_warning",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        },
+        "notify_on_failure": {
+          "name": "notify_on_failure",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "backup_schedule_notifications_table_schedule_id_backup_schedules_table_id_fk": {
+          "name": "backup_schedule_notifications_table_schedule_id_backup_schedules_table_id_fk",
+          "tableFrom": "backup_schedule_notifications_table",
+          "tableTo": "backup_schedules_table",
+          "columnsFrom": [
+            "schedule_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "backup_schedule_notifications_table_destination_id_notification_destinations_table_id_fk": {
+          "name": "backup_schedule_notifications_table_destination_id_notification_destinations_table_id_fk",
+          "tableFrom": "backup_schedule_notifications_table",
+          "tableTo": "notification_destinations_table",
+          "columnsFrom": [
+            "destination_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {
+        "backup_schedule_notifications_table_schedule_id_destination_id_pk": {
+          "columns": [
+            "schedule_id",
+            "destination_id"
+          ],
+          "name": "backup_schedule_notifications_table_schedule_id_destination_id_pk"
+        }
+      },
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "backup_schedules_table": {
+      "name": "backup_schedules_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "volume_id": {
+          "name": "volume_id",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "repository_id": {
+          "name": "repository_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "enabled": {
+          "name": "enabled",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        },
+        "cron_expression": {
+          "name": "cron_expression",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "retention_policy": {
+          "name": "retention_policy",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "exclude_patterns": {
+          "name": "exclude_patterns",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "'[]'"
+        },
+        "exclude_if_present": {
+          "name": "exclude_if_present",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "'[]'"
+        },
+        "include_patterns": {
+          "name": "include_patterns",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "'[]'"
+        },
+        "last_backup_at": {
+          "name": "last_backup_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_backup_status": {
+          "name": "last_backup_status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_backup_error": {
+          "name": "last_backup_error",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "next_backup_at": {
+          "name": "next_backup_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {
+        "backup_schedules_table_name_unique": {
+          "name": "backup_schedules_table_name_unique",
+          "columns": [
+            "name"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {
+        "backup_schedules_table_volume_id_volumes_table_id_fk": {
+          "name": "backup_schedules_table_volume_id_volumes_table_id_fk",
+          "tableFrom": "backup_schedules_table",
+          "tableTo": "volumes_table",
+          "columnsFrom": [
+            "volume_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "backup_schedules_table_repository_id_repositories_table_id_fk": {
+          "name": "backup_schedules_table_repository_id_repositories_table_id_fk",
+          "tableFrom": "backup_schedules_table",
+          "tableTo": "repositories_table",
+          "columnsFrom": [
+            "repository_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "notification_destinations_table": {
+      "name": "notification_destinations_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "enabled": {
+          "name": "enabled",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        },
+        "type": {
+          "name": "type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "config": {
+          "name": "config",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {
+        "notification_destinations_table_name_unique": {
+          "name": "notification_destinations_table_name_unique",
+          "columns": [
+            "name"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "repositories_table": {
+      "name": "repositories_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "short_id": {
+          "name": "short_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "type": {
+          "name": "type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "config": {
+          "name": "config",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "compression_mode": {
+          "name": "compression_mode",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "'auto'"
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "'unknown'"
+        },
+        "last_checked": {
+          "name": "last_checked",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_error": {
+          "name": "last_error",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {
+        "repositories_table_short_id_unique": {
+          "name": "repositories_table_short_id_unique",
+          "columns": [
+            "short_id"
+          ],
+          "isUnique": true
+        },
+        "repositories_table_name_unique": {
+          "name": "repositories_table_name_unique",
+          "columns": [
+            "name"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "sessions_table": {
+      "name": "sessions_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "expires_at": {
+          "name": "expires_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "sessions_table_user_id_users_table_id_fk": {
+          "name": "sessions_table_user_id_users_table_id_fk",
+          "tableFrom": "sessions_table",
+          "tableTo": "users_table",
+          "columnsFrom": [
+            "user_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "users_table": {
+      "name": "users_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": true
+        },
+        "username": {
+          "name": "username",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "password_hash": {
+          "name": "password_hash",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "has_downloaded_restic_password": {
+          "name": "has_downloaded_restic_password",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {
+        "users_table_username_unique": {
+          "name": "users_table_username_unique",
+          "columns": [
+            "username"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "volumes_table": {
+      "name": "volumes_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": true
+        },
+        "short_id": {
+          "name": "short_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "type": {
+          "name": "type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "'unmounted'"
+        },
+        "last_error": {
+          "name": "last_error",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_health_check": {
+          "name": "last_health_check",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "config": {
+          "name": "config",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "auto_remount": {
+          "name": "auto_remount",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        }
+      },
+      "indexes": {
+        "volumes_table_short_id_unique": {
+          "name": "volumes_table_short_id_unique",
+          "columns": [
+            "short_id"
+          ],
+          "isUnique": true
+        },
+        "volumes_table_name_unique": {
+          "name": "volumes_table_name_unique",
+          "columns": [
+            "name"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    }
+  },
+  "views": {},
+  "enums": {},
+  "_meta": {
+    "schemas": {},
+    "tables": {},
+    "columns": {}
+  },
+  "internal": {
+    "indexes": {}
+  }
+}
\ No newline at end of file
diff --git a/app/drizzle/meta/_journal.json b/app/drizzle/meta/_journal.json
index e11599d7..004e9b77 100644
--- a/app/drizzle/meta/_journal.json
+++ b/app/drizzle/meta/_journal.json
@@ -1,132 +1,160 @@
 {
-	"version": "7",
-	"dialect": "sqlite",
-	"entries": [
-		{
-			"idx": 0,
-			"version": "6",
-			"when": 1755765658194,
-			"tag": "0000_known_madelyne_pryor",
-			"breakpoints": true
-		},
-		{
-			"idx": 1,
-			"version": "6",
-			"when": 1755775437391,
-			"tag": "0001_far_frank_castle",
-			"breakpoints": true
-		},
-		{
-			"idx": 2,
-			"version": "6",
-			"when": 1756930554198,
-			"tag": "0002_cheerful_randall",
-			"breakpoints": true
-		},
-		{
-			"idx": 3,
-			"version": "6",
-			"when": 1758653407064,
-			"tag": "0003_mature_hellcat",
-			"breakpoints": true
-		},
-		{
-			"idx": 4,
-			"version": "6",
-			"when": 1758961535488,
-			"tag": "0004_wealthy_tomas",
-			"breakpoints": true
-		},
-		{
-			"idx": 5,
-			"version": "6",
-			"when": 1759416698274,
-			"tag": "0005_simple_alice",
-			"breakpoints": true
-		},
-		{
-			"idx": 6,
-			"version": "6",
-			"when": 1760734377440,
-			"tag": "0006_secret_micromacro",
-			"breakpoints": true
-		},
-		{
-			"idx": 7,
-			"version": "6",
-			"when": 1761224911352,
-			"tag": "0007_watery_sersi",
-			"breakpoints": true
-		},
-		{
-			"idx": 8,
-			"version": "6",
-			"when": 1761414054481,
-			"tag": "0008_silent_lady_bullseye",
-			"breakpoints": true
-		},
-		{
-			"idx": 9,
-			"version": "6",
-			"when": 1762095226041,
-			"tag": "0009_little_adam_warlock",
-			"breakpoints": true
-		},
-		{
-			"idx": 10,
-			"version": "6",
-			"when": 1762610065889,
-			"tag": "0010_perfect_proemial_gods",
-			"breakpoints": true
-		},
-		{
-			"idx": 11,
-			"version": "6",
-			"when": 1763644043601,
-			"tag": "0011_familiar_stone_men",
-			"breakpoints": true
-		},
-		{
-			"idx": 12,
-			"version": "6",
-			"when": 1764100562084,
-			"tag": "0012_add_short_ids",
-			"breakpoints": true
-		},
-		{
-			"idx": 13,
-			"version": "6",
-			"when": 1764182159797,
-			"tag": "0013_elite_sprite",
-			"breakpoints": true
-		},
-		{
-			"idx": 14,
-			"version": "6",
-			"when": 1764182405089,
-			"tag": "0014_wild_echo",
-			"breakpoints": true
-		},
-		{
-			"idx": 15,
-			"version": "6",
-			"when": 1764182465287,
-			"tag": "0015_jazzy_sersi",
-			"breakpoints": true
-		},
-		{
-			"idx": 16,
-			"version": "6",
-			"when": 1764194697035,
-			"tag": "0016_fix-timestamps-to-ms",
-			"breakpoints": true
-		},
-		{
-			"idx": 17,
-			"version": "6",
-			"when": 1764357897219,
-			"tag": "0017_fix-compression-modes",
-			"breakpoints": true
-		}
-	]
-}
+  "version": "7",
+  "dialect": "sqlite",
+  "entries": [
+    {
+      "idx": 0,
+      "version": "6",
+      "when": 1755765658194,
+      "tag": "0000_known_madelyne_pryor",
+      "breakpoints": true
+    },
+    {
+      "idx": 1,
+      "version": "6",
+      "when": 1755775437391,
+      "tag": "0001_far_frank_castle",
+      "breakpoints": true
+    },
+    {
+      "idx": 2,
+      "version": "6",
+      "when": 1756930554198,
+      "tag": "0002_cheerful_randall",
+      "breakpoints": true
+    },
+    {
+      "idx": 3,
+      "version": "6",
+      "when": 1758653407064,
+      "tag": "0003_mature_hellcat",
+      "breakpoints": true
+    },
+    {
+      "idx": 4,
+      "version": "6",
+      "when": 1758961535488,
+      "tag": "0004_wealthy_tomas",
+      "breakpoints": true
+    },
+    {
+      "idx": 5,
+      "version": "6",
+      "when": 1759416698274,
+      "tag": "0005_simple_alice",
+      "breakpoints": true
+    },
+    {
+      "idx": 6,
+      "version": "6",
+      "when": 1760734377440,
+      "tag": "0006_secret_micromacro",
+      "breakpoints": true
+    },
+    {
+      "idx": 7,
+      "version": "6",
+      "when": 1761224911352,
+      "tag": "0007_watery_sersi",
+      "breakpoints": true
+    },
+    {
+      "idx": 8,
+      "version": "6",
+      "when": 1761414054481,
+      "tag": "0008_silent_lady_bullseye",
+      "breakpoints": true
+    },
+    {
+      "idx": 9,
+      "version": "6",
+      "when": 1762095226041,
+      "tag": "0009_little_adam_warlock",
+      "breakpoints": true
+    },
+    {
+      "idx": 10,
+      "version": "6",
+      "when": 1762610065889,
+      "tag": "0010_perfect_proemial_gods",
+      "breakpoints": true
+    },
+    {
+      "idx": 11,
+      "version": "6",
+      "when": 1763644043601,
+      "tag": "0011_familiar_stone_men",
+      "breakpoints": true
+    },
+    {
+      "idx": 12,
+      "version": "6",
+      "when": 1764100562084,
+      "tag": "0012_add_short_ids",
+      "breakpoints": true
+    },
+    {
+      "idx": 13,
+      "version": "6",
+      "when": 1764182159797,
+      "tag": "0013_elite_sprite",
+      "breakpoints": true
+    },
+    {
+      "idx": 14,
+      "version": "6",
+      "when": 1764182405089,
+      "tag": "0014_wild_echo",
+      "breakpoints": true
+    },
+    {
+      "idx": 15,
+      "version": "6",
+      "when": 1764182465287,
+      "tag": "0015_jazzy_sersi",
+      "breakpoints": true
+    },
+    {
+      "idx": 16,
+      "version": "6",
+      "when": 1764194697035,
+      "tag": "0016_fix-timestamps-to-ms",
+      "breakpoints": true
+    },
+    {
+      "idx": 17,
+      "version": "6",
+      "when": 1764357897219,
+      "tag": "0017_fix-compression-modes",
+      "breakpoints": true
+    },
+    {
+      "idx": 18,
+      "version": "6",
+      "when": 1764794371040,
+      "tag": "0018_breezy_invaders",
+      "breakpoints": true
+    },
+    {
+      "idx": 19,
+      "version": "6",
+      "when": 1764839917446,
+      "tag": "0019_secret_nomad",
+      "breakpoints": true
+    },
+    {
+      "idx": 20,
+      "version": "6",
+      "when": 1764847918249,
+      "tag": "0020_even_dexter_bennett",
+      "breakpoints": true
+    },
+    {
+      "idx": 21,
+      "version": "6",
+      "when": 1765307881092,
+      "tag": "0021_steady_viper",
+      "breakpoints": true
+    }
+  ]
+}
\ No newline at end of file
diff --git a/app/schemas/notifications.ts b/app/schemas/notifications.ts
index 28ff5450..6f170882 100644
--- a/app/schemas/notifications.ts
+++ b/app/schemas/notifications.ts
@@ -17,8 +17,8 @@ export const emailNotificationConfigSchema = type({
 	type: "'email'",
 	smtpHost: "string",
 	smtpPort: "1 <= number <= 65535",
-	username: "string",
-	password: "string",
+	username: "string?",
+	password: "string?",
 	from: "string",
 	to: "string[]",
 	useTLS: "boolean",
diff --git a/app/schemas/volumes.ts b/app/schemas/volumes.ts
index dedc75f9..d0306075 100644
--- a/app/schemas/volumes.ts
+++ b/app/schemas/volumes.ts
@@ -5,6 +5,7 @@ export const BACKEND_TYPES = {
 	smb: "smb",
 	directory: "directory",
 	webdav: "webdav",
+	rclone: "rclone",
 } as const;
 
 export type BackendType = keyof typeof BACKEND_TYPES;
@@ -47,7 +48,14 @@ export const webdavConfigSchema = type({
 	ssl: "boolean?",
 });
 
-export const volumeConfigSchema = nfsConfigSchema.or(smbConfigSchema).or(webdavConfigSchema).or(directoryConfigSchema);
+export const rcloneConfigSchema = type({
+	backend: "'rclone'",
+	remote: "string",
+	path: "string",
+	readOnly: "boolean?",
+});
+
+export const volumeConfigSchema = nfsConfigSchema.or(smbConfigSchema).or(webdavConfigSchema).or(directoryConfigSchema).or(rcloneConfigSchema);
 
 export type BackendConfig = typeof volumeConfigSchema.infer;
 
diff --git a/app/server/core/capabilities.ts b/app/server/core/capabilities.ts
index 8860c416..14d62964 100644
--- a/app/server/core/capabilities.ts
+++ b/app/server/core/capabilities.ts
@@ -33,6 +33,18 @@ async function detectCapabilities(): Promise<SystemCapabilities> {
 	};
 }
 
+export const parseDockerHost = (dockerHost?: string) => {
+	const match = dockerHost?.match(/^(ssh|http|https):\/\/([^:]+)(?::(\d+))?$/);
+	if (match) {
+		const protocol = match[1] as "ssh" | "http" | "https";
+		const host = match[2];
+		const port = match[3] ? parseInt(match[3], 10) : undefined;
+		return { protocol, host, port };
+	}
+
+	return {};
+};
+
 /**
  * Checks if Docker is available by:
  * 1. Checking if /var/run/docker.sock exists and is accessible
@@ -40,9 +52,7 @@ async function detectCapabilities(): Promise<SystemCapabilities> {
  */
 async function detectDocker(): Promise<boolean> {
 	try {
-		await fs.access("/var/run/docker.sock");
-
-		const docker = new Docker();
+		const docker = new Docker(parseDockerHost(process.env.DOCKER_HOST));
 		await docker.ping();
 
 		logger.info("Docker capability: enabled");
diff --git a/app/server/core/config.ts b/app/server/core/config.ts
index 033827ed..bd138c4b 100644
--- a/app/server/core/config.ts
+++ b/app/server/core/config.ts
@@ -2,12 +2,10 @@ import { type } from "arktype";
 import "dotenv/config";
 
 const envSchema = type({
-	NODE_ENV: type.enumerated("development", "production", "test").default("development"),
-	SESSION_SECRET: "string?",
+	NODE_ENV: type.enumerated("development", "production", "test").default("production"),
 }).pipe((s) => ({
 	__prod__: s.NODE_ENV === "production",
 	environment: s.NODE_ENV,
-	sessionSecret: s.SESSION_SECRET || "change-me-in-production-please",
 }));
 
 const parseConfig = (env: unknown) => {
diff --git a/app/server/core/events.ts b/app/server/core/events.ts
index 33fbb42a..2e7f43d1 100644
--- a/app/server/core/events.ts
+++ b/app/server/core/events.ts
@@ -24,6 +24,14 @@ interface ServerEvents {
 		repositoryName: string;
 		status: "success" | "error" | "stopped" | "warning";
 	}) => void;
+	"mirror:started": (data: { scheduleId: number; repositoryId: string; repositoryName: string }) => void;
+	"mirror:completed": (data: {
+		scheduleId: number;
+		repositoryId: string;
+		repositoryName: string;
+		status: "success" | "error";
+		error?: string;
+	}) => void;
 	"volume:mounted": (data: { volumeName: string }) => void;
 	"volume:unmounted": (data: { volumeName: string }) => void;
 	"volume:updated": (data: { volumeName: string }) => void;
diff --git a/app/server/core/repository-mutex.ts b/app/server/core/repository-mutex.ts
new file mode 100644
index 00000000..4717c882
--- /dev/null
+++ b/app/server/core/repository-mutex.ts
@@ -0,0 +1,180 @@
+import { logger } from "../utils/logger";
+
+export type LockType = "shared" | "exclusive";
+
+interface LockHolder {
+	id: string;
+	operation: string;
+	acquiredAt: number;
+}
+
+interface RepositoryLockState {
+	sharedHolders: Map<string, LockHolder>;
+	exclusiveHolder: LockHolder | null;
+	waitQueue: Array<{
+		type: LockType;
+		operation: string;
+		resolve: (lockId: string) => void;
+	}>;
+}
+
+class RepositoryMutex {
+	private locks = new Map<string, RepositoryLockState>();
+	private lockIdCounter = 0;
+
+	private getOrCreateState(repositoryId: string): RepositoryLockState {
+		let state = this.locks.get(repositoryId);
+		if (!state) {
+			state = {
+				sharedHolders: new Map(),
+				exclusiveHolder: null,
+				waitQueue: [],
+			};
+			this.locks.set(repositoryId, state);
+		}
+		return state;
+	}
+
+	private generateLockId(): string {
+		return `lock_${++this.lockIdCounter}_${Date.now()}`;
+	}
+
+	private cleanupStateIfEmpty(repositoryId: string): void {
+		const state = this.locks.get(repositoryId);
+		if (state && state.sharedHolders.size === 0 && !state.exclusiveHolder && state.waitQueue.length === 0) {
+			this.locks.delete(repositoryId);
+		}
+	}
+
+	async acquireShared(repositoryId: string, operation: string): Promise<() => void> {
+		const state = this.getOrCreateState(repositoryId);
+
+		if (!state.exclusiveHolder) {
+			const lockId = this.generateLockId();
+			state.sharedHolders.set(lockId, {
+				id: lockId,
+				operation,
+				acquiredAt: Date.now(),
+			});
+			return () => this.releaseShared(repositoryId, lockId);
+		}
+
+		logger.debug(
+			`[Mutex] Waiting for shared lock on repo ${repositoryId}: ${operation} (exclusive held by: ${state.exclusiveHolder.operation})`,
+		);
+		const lockId = await new Promise<string>((resolve) => {
+			state.waitQueue.push({ type: "shared", operation, resolve });
+		});
+
+		return () => this.releaseShared(repositoryId, lockId);
+	}
+
+	async acquireExclusive(repositoryId: string, operation: string): Promise<() => void> {
+		const state = this.getOrCreateState(repositoryId);
+
+		if (!state.exclusiveHolder && state.sharedHolders.size === 0 && state.waitQueue.length === 0) {
+			const lockId = this.generateLockId();
+			state.exclusiveHolder = {
+				id: lockId,
+				operation,
+				acquiredAt: Date.now(),
+			};
+			return () => this.releaseExclusive(repositoryId, lockId);
+		}
+
+		logger.debug(
+			`[Mutex] Waiting for exclusive lock on repo ${repositoryId}: ${operation} (shared: ${state.sharedHolders.size}, exclusive: ${state.exclusiveHolder ? "yes" : "no"}, queue: ${state.waitQueue.length})`,
+		);
+		const lockId = await new Promise<string>((resolve) => {
+			state.waitQueue.push({ type: "exclusive", operation, resolve });
+		});
+
+		logger.debug(`[Mutex] Acquired exclusive lock for repo ${repositoryId}: ${operation} (${lockId})`);
+		return () => this.releaseExclusive(repositoryId, lockId);
+	}
+
+	private releaseShared(repositoryId: string, lockId: string): void {
+		const state = this.locks.get(repositoryId);
+		if (!state) {
+			return;
+		}
+
+		const holder = state.sharedHolders.get(lockId);
+		if (!holder) {
+			return;
+		}
+
+		state.sharedHolders.delete(lockId);
+		const duration = Date.now() - holder.acquiredAt;
+		logger.debug(`[Mutex] Released shared lock for repo ${repositoryId}: ${holder.operation} (held for ${duration}ms)`);
+
+		this.processWaitQueue(repositoryId);
+		this.cleanupStateIfEmpty(repositoryId);
+	}
+
+	private releaseExclusive(repositoryId: string, lockId: string): void {
+		const state = this.locks.get(repositoryId);
+		if (!state) {
+			return;
+		}
+
+		if (!state.exclusiveHolder || state.exclusiveHolder.id !== lockId) {
+			return;
+		}
+
+		const duration = Date.now() - state.exclusiveHolder.acquiredAt;
+		logger.debug(
+			`[Mutex] Released exclusive lock for repo ${repositoryId}: ${state.exclusiveHolder.operation} (held for ${duration}ms)`,
+		);
+		state.exclusiveHolder = null;
+
+		this.processWaitQueue(repositoryId);
+		this.cleanupStateIfEmpty(repositoryId);
+	}
+
+	private processWaitQueue(repositoryId: string): void {
+		const state = this.locks.get(repositoryId);
+		if (!state || state.waitQueue.length === 0) {
+			return;
+		}
+
+		if (state.exclusiveHolder) {
+			return;
+		}
+
+		const firstWaiter = state.waitQueue[0];
+
+		if (firstWaiter.type === "exclusive") {
+			if (state.sharedHolders.size === 0) {
+				state.waitQueue.shift();
+				const lockId = this.generateLockId();
+				state.exclusiveHolder = {
+					id: lockId,
+					operation: firstWaiter.operation,
+					acquiredAt: Date.now(),
+				};
+				firstWaiter.resolve(lockId);
+			}
+		} else {
+			while (state.waitQueue.length > 0 && state.waitQueue[0].type === "shared") {
+				const waiter = state.waitQueue.shift();
+				if (!waiter) break;
+				const lockId = this.generateLockId();
+				state.sharedHolders.set(lockId, {
+					id: lockId,
+					operation: waiter.operation,
+					acquiredAt: Date.now(),
+				});
+				waiter.resolve(lockId);
+			}
+		}
+	}
+
+	isLocked(repositoryId: string): boolean {
+		const state = this.locks.get(repositoryId);
+		if (!state) return false;
+		return state.exclusiveHolder !== null || state.sharedHolders.size > 0;
+	}
+}
+
+export const repoMutex = new RepositoryMutex();
diff --git a/app/server/db/db.ts b/app/server/db/db.ts
index 78bf4bc2..07109455 100644
--- a/app/server/db/db.ts
+++ b/app/server/db/db.ts
@@ -6,6 +6,7 @@ import { migrate } from "drizzle-orm/bun-sqlite/migrator";
 import { DATABASE_URL } from "../core/constants";
 import * as schema from "./schema";
 import fs from "node:fs/promises";
+import { config } from "../core/config";
 
 await fs.mkdir(path.dirname(DATABASE_URL), { recursive: true });
 
@@ -15,8 +16,7 @@ export const db = drizzle({ client: sqlite, schema });
 export const runDbMigrations = () => {
 	let migrationsFolder = path.join("/app", "assets", "migrations");
 
-	const { NODE_ENV } = process.env;
-	if (NODE_ENV !== "production") {
+	if (!config.__prod__) {
 		migrationsFolder = path.join("/app", "app", "drizzle");
 	}
 
diff --git a/app/server/db/schema.ts b/app/server/db/schema.ts
index 9b0ac0ce..55c741c2 100644
--- a/app/server/db/schema.ts
+++ b/app/server/db/schema.ts
@@ -1,5 +1,5 @@
 import { relations, sql } from "drizzle-orm";
-import { int, integer, sqliteTable, text, primaryKey } from "drizzle-orm/sqlite-core";
+import { int, integer, sqliteTable, text, primaryKey, unique } from "drizzle-orm/sqlite-core";
 import type { CompressionMode, RepositoryBackend, repositoryConfigSchema, RepositoryStatus } from "~/schemas/restic";
 import type { BackendStatus, BackendType, volumeConfigSchema } from "~/schemas/volumes";
 import type { NotificationType, notificationConfigSchema } from "~/schemas/notifications";
@@ -67,6 +67,7 @@ export type Repository = typeof repositoriesTable.$inferSelect;
  */
 export const backupSchedulesTable = sqliteTable("backup_schedules_table", {
 	id: int().primaryKey({ autoIncrement: true }),
+	name: text().notNull().unique(),
 	volumeId: int("volume_id")
 		.notNull()
 		.references(() => volumesTable.id, { onDelete: "cascade" }),
@@ -85,6 +86,7 @@ export const backupSchedulesTable = sqliteTable("backup_schedules_table", {
 		keepWithinDuration?: string;
 	}>(),
 	excludePatterns: text("exclude_patterns", { mode: "json" }).$type<string[]>().default([]),
+	excludeIfPresent: text("exclude_if_present", { mode: "json" }).$type<string[]>().default([]),
 	includePatterns: text("include_patterns", { mode: "json" }).$type<string[]>().default([]),
 	lastBackupAt: int("last_backup_at", { mode: "number" }),
 	lastBackupStatus: text("last_backup_status").$type<"success" | "error" | "in_progress" | "warning">(),
@@ -93,6 +95,7 @@ export const backupSchedulesTable = sqliteTable("backup_schedules_table", {
 	createdAt: int("created_at", { mode: "number" }).notNull().default(sql`(unixepoch() * 1000)`),
 	updatedAt: int("updated_at", { mode: "number" }).notNull().default(sql`(unixepoch() * 1000)`),
 });
+
 export const backupScheduleRelations = relations(backupSchedulesTable, ({ one, many }) => ({
 	volume: one(volumesTable, {
 		fields: [backupSchedulesTable.volumeId],
@@ -103,6 +106,7 @@ export const backupScheduleRelations = relations(backupSchedulesTable, ({ one, m
 		references: [repositoriesTable.id],
 	}),
 	notifications: many(backupScheduleNotificationsTable),
+	mirrors: many(backupScheduleMirrorsTable),
 }));
 export type BackupSchedule = typeof backupSchedulesTable.$inferSelect;
 
@@ -137,6 +141,7 @@ export const backupScheduleNotificationsTable = sqliteTable(
 			.references(() => notificationDestinationsTable.id, { onDelete: "cascade" }),
 		notifyOnStart: int("notify_on_start", { mode: "boolean" }).notNull().default(false),
 		notifyOnSuccess: int("notify_on_success", { mode: "boolean" }).notNull().default(false),
+		notifyOnWarning: int("notify_on_warning", { mode: "boolean" }).notNull().default(true),
 		notifyOnFailure: int("notify_on_failure", { mode: "boolean" }).notNull().default(true),
 		createdAt: int("created_at", { mode: "number" }).notNull().default(sql`(unixepoch() * 1000)`),
 	},
@@ -154,6 +159,41 @@ export const backupScheduleNotificationRelations = relations(backupScheduleNotif
 }));
 export type BackupScheduleNotification = typeof backupScheduleNotificationsTable.$inferSelect;
 
+/**
+ * Backup Schedule Mirrors Junction Table (Many-to-Many)
+ * Allows copying snapshots to secondary repositories after backup completes
+ */
+export const backupScheduleMirrorsTable = sqliteTable(
+	"backup_schedule_mirrors_table",
+	{
+		id: int().primaryKey({ autoIncrement: true }),
+		scheduleId: int("schedule_id")
+			.notNull()
+			.references(() => backupSchedulesTable.id, { onDelete: "cascade" }),
+		repositoryId: text("repository_id")
+			.notNull()
+			.references(() => repositoriesTable.id, { onDelete: "cascade" }),
+		enabled: int("enabled", { mode: "boolean" }).notNull().default(true),
+		lastCopyAt: int("last_copy_at", { mode: "number" }),
+		lastCopyStatus: text("last_copy_status").$type<"success" | "error">(),
+		lastCopyError: text("last_copy_error"),
+		createdAt: int("created_at", { mode: "number" }).notNull().default(sql`(unixepoch() * 1000)`),
+	},
+	(table) => [unique().on(table.scheduleId, table.repositoryId)],
+);
+
+export const backupScheduleMirrorRelations = relations(backupScheduleMirrorsTable, ({ one }) => ({
+	schedule: one(backupSchedulesTable, {
+		fields: [backupScheduleMirrorsTable.scheduleId],
+		references: [backupSchedulesTable.id],
+	}),
+	repository: one(repositoriesTable, {
+		fields: [backupScheduleMirrorsTable.repositoryId],
+		references: [repositoriesTable.id],
+	}),
+}));
+export type BackupScheduleMirror = typeof backupScheduleMirrorsTable.$inferSelect;
+
 /**
  * App Metadata Table
  * Used for storing key-value pairs like migration checkpoints
diff --git a/app/server/jobs/repository-healthchecks.ts b/app/server/jobs/repository-healthchecks.ts
index 1e600c9f..bc233903 100644
--- a/app/server/jobs/repository-healthchecks.ts
+++ b/app/server/jobs/repository-healthchecks.ts
@@ -4,6 +4,7 @@ import { logger } from "../utils/logger";
 import { db } from "../db/db";
 import { eq, or } from "drizzle-orm";
 import { repositoriesTable } from "../db/schema";
+import { repoMutex } from "../core/repository-mutex";
 
 export class RepositoryHealthCheckJob extends Job {
 	async run() {
@@ -14,6 +15,11 @@ export class RepositoryHealthCheckJob extends Job {
 		});
 
 		for (const repository of repositories) {
+			if (repoMutex.isLocked(repository.id)) {
+				logger.debug(`Skipping health check for repository ${repository.name}: currently locked`);
+				continue;
+			}
+
 			try {
 				await repositoriesService.checkHealth(repository.id);
 			} catch (error) {
diff --git a/app/server/modules/backends/backend.ts b/app/server/modules/backends/backend.ts
index c3431d5f..c19388d3 100644
--- a/app/server/modules/backends/backend.ts
+++ b/app/server/modules/backends/backend.ts
@@ -3,6 +3,7 @@ import type { Volume } from "../../db/schema";
 import { getVolumePath } from "../volumes/helpers";
 import { makeDirectoryBackend } from "./directory/directory-backend";
 import { makeNfsBackend } from "./nfs/nfs-backend";
+import { makeRcloneBackend } from "./rclone/rclone-backend";
 import { makeSmbBackend } from "./smb/smb-backend";
 import { makeWebdavBackend } from "./webdav/webdav-backend";
 
@@ -33,5 +34,8 @@ export const createVolumeBackend = (volume: Volume): VolumeBackend => {
 		case "webdav": {
 			return makeWebdavBackend(volume.config, path);
 		}
+		case "rclone": {
+			return makeRcloneBackend(volume.config, path);
+		}
 	}
 };
diff --git a/app/server/modules/backends/rclone/rclone-backend.ts b/app/server/modules/backends/rclone/rclone-backend.ts
new file mode 100644
index 00000000..0fcffba8
--- /dev/null
+++ b/app/server/modules/backends/rclone/rclone-backend.ts
@@ -0,0 +1,128 @@
+import * as fs from "node:fs/promises";
+import * as os from "node:os";
+import { $ } from "bun";
+import { OPERATION_TIMEOUT } from "../../../core/constants";
+import { toMessage } from "../../../utils/errors";
+import { logger } from "../../../utils/logger";
+import { getMountForPath } from "../../../utils/mountinfo";
+import { withTimeout } from "../../../utils/timeout";
+import type { VolumeBackend } from "../backend";
+import { executeUnmount } from "../utils/backend-utils";
+import { BACKEND_STATUS, type BackendConfig } from "~/schemas/volumes";
+
+const mount = async (config: BackendConfig, path: string) => {
+	logger.debug(`Mounting rclone volume ${path}...`);
+
+	if (config.backend !== "rclone") {
+		logger.error("Provided config is not for rclone backend");
+		return { status: BACKEND_STATUS.error, error: "Provided config is not for rclone backend" };
+	}
+
+	if (os.platform() !== "linux") {
+		logger.error("Rclone mounting is only supported on Linux hosts.");
+		return { status: BACKEND_STATUS.error, error: "Rclone mounting is only supported on Linux hosts." };
+	}
+
+	const { status } = await checkHealth(path);
+	if (status === "mounted") {
+		return { status: BACKEND_STATUS.mounted };
+	}
+
+	logger.debug(`Trying to unmount any existing mounts at ${path} before mounting...`);
+	await unmount(path);
+
+	const run = async () => {
+		await fs.mkdir(path, { recursive: true });
+
+		const remotePath = `${config.remote}:${config.path}`;
+		const args = ["mount", remotePath, path, "--daemon"];
+
+		if (config.readOnly) {
+			args.push("--read-only");
+		}
+
+		args.push("--vfs-cache-mode", "writes");
+		args.push("--allow-non-empty");
+		args.push("--allow-other");
+
+		logger.debug(`Mounting rclone volume ${path}...`);
+		logger.info(`Executing rclone: rclone ${args.join(" ")}`);
+
+		const result = await $`rclone ${args}`.nothrow();
+
+		if (result.exitCode !== 0) {
+			const errorMsg = result.stderr.toString() || result.stdout.toString() || "Unknown error";
+			throw new Error(`Failed to mount rclone volume: ${errorMsg}`);
+		}
+
+		logger.info(`Rclone volume at ${path} mounted successfully.`);
+		return { status: BACKEND_STATUS.mounted };
+	};
+
+	try {
+		return await withTimeout(run(), OPERATION_TIMEOUT, "Rclone mount");
+	} catch (error) {
+		const errorMsg = toMessage(error);
+
+		logger.error("Error mounting rclone volume", { error: errorMsg });
+		return { status: BACKEND_STATUS.error, error: errorMsg };
+	}
+};
+
+const unmount = async (path: string) => {
+	if (os.platform() !== "linux") {
+		logger.error("Rclone unmounting is only supported on Linux hosts.");
+		return { status: BACKEND_STATUS.error, error: "Rclone unmounting is only supported on Linux hosts." };
+	}
+
+	const run = async () => {
+		try {
+			await fs.access(path);
+		} catch (e) {
+			logger.warn(`Path ${path} does not exist. Skipping unmount.`, e);
+			return { status: BACKEND_STATUS.unmounted };
+		}
+
+		await executeUnmount(path);
+		await fs.rmdir(path);
+
+		logger.info(`Rclone volume at ${path} unmounted successfully.`);
+		return { status: BACKEND_STATUS.unmounted };
+	};
+
+	try {
+		return await withTimeout(run(), OPERATION_TIMEOUT, "Rclone unmount");
+	} catch (error) {
+		logger.error("Error unmounting rclone volume", { path, error: toMessage(error) });
+		return { status: BACKEND_STATUS.error, error: toMessage(error) };
+	}
+};
+
+const checkHealth = async (path: string) => {
+	const run = async () => {
+		logger.debug(`Checking health of rclone volume at ${path}...`);
+		await fs.access(path);
+
+		const mount = await getMountForPath(path);
+
+		if (!mount || mount.fstype !== "fuse.rclone") {
+			throw new Error(`Path ${path} is not mounted as rclone.`);
+		}
+
+		logger.debug(`Rclone volume at ${path} is healthy and mounted.`);
+		return { status: BACKEND_STATUS.mounted };
+	};
+
+	try {
+		return await withTimeout(run(), OPERATION_TIMEOUT, "Rclone health check");
+	} catch (error) {
+		logger.error("Rclone volume health check failed:", toMessage(error));
+		return { status: BACKEND_STATUS.error, error: toMessage(error) };
+	}
+};
+
+export const makeRcloneBackend = (config: BackendConfig, path: string): VolumeBackend => ({
+	mount: () => mount(config, path),
+	unmount: () => unmount(path),
+	checkHealth: () => checkHealth(path),
+});
diff --git a/app/server/modules/backends/smb/smb-backend.ts b/app/server/modules/backends/smb/smb-backend.ts
index cdc112ab..774e10fd 100644
--- a/app/server/modules/backends/smb/smb-backend.ts
+++ b/app/server/modules/backends/smb/smb-backend.ts
@@ -1,6 +1,7 @@
 import * as fs from "node:fs/promises";
 import * as os from "node:os";
 import { OPERATION_TIMEOUT } from "../../../core/constants";
+import { cryptoUtils } from "../../../utils/crypto";
 import { toMessage } from "../../../utils/errors";
 import { logger } from "../../../utils/logger";
 import { getMountForPath } from "../../../utils/mountinfo";
@@ -33,10 +34,12 @@ const mount = async (config: BackendConfig, path: string) => {
 	const run = async () => {
 		await fs.mkdir(path, { recursive: true });
 
+		const password = await cryptoUtils.decrypt(config.password);
+
 		const source = `//${config.server}/${config.share}`;
 		const options = [
 			`user=${config.username}`,
-			`pass=${config.password}`,
+			`pass=${password}`,
 			`vers=${config.vers}`,
 			`port=${config.port}`,
 			"uid=1000",
diff --git a/app/server/modules/backends/webdav/webdav-backend.ts b/app/server/modules/backends/webdav/webdav-backend.ts
index 1e9b72f6..2467736d 100644
--- a/app/server/modules/backends/webdav/webdav-backend.ts
+++ b/app/server/modules/backends/webdav/webdav-backend.ts
@@ -3,6 +3,7 @@ import * as fs from "node:fs/promises";
 import * as os from "node:os";
 import { promisify } from "node:util";
 import { OPERATION_TIMEOUT } from "../../../core/constants";
+import { cryptoUtils } from "../../../utils/crypto";
 import { toMessage } from "../../../utils/errors";
 import { logger } from "../../../utils/logger";
 import { getMountForPath } from "../../../utils/mountinfo";
@@ -49,8 +50,9 @@ const mount = async (config: BackendConfig, path: string) => {
 			: ["uid=1000", "gid=1000", "file_mode=0664", "dir_mode=0775"];
 
 		if (config.username && config.password) {
+			const password = await cryptoUtils.decrypt(config.password);
 			const secretsFile = "/etc/davfs2/secrets";
-			const secretsContent = `${source} ${config.username} ${config.password}\n`;
+			const secretsContent = `${source} ${config.username} ${password}\n`;
 			await fs.appendFile(secretsFile, secretsContent, { mode: 0o600 });
 		}
 
diff --git a/app/server/modules/backups/backups.controller.ts b/app/server/modules/backups/backups.controller.ts
index ed6fa4a9..0bcc93eb 100644
--- a/app/server/modules/backups/backups.controller.ts
+++ b/app/server/modules/backups/backups.controller.ts
@@ -12,6 +12,10 @@ import {
 	stopBackupDto,
 	updateBackupScheduleDto,
 	updateBackupScheduleBody,
+	getScheduleMirrorsDto,
+	updateScheduleMirrorsDto,
+	updateScheduleMirrorsBody,
+	getMirrorCompatibilityDto,
 	type CreateBackupScheduleDto,
 	type DeleteBackupScheduleDto,
 	type GetBackupScheduleDto,
@@ -21,6 +25,9 @@ import {
 	type RunForgetDto,
 	type StopBackupDto,
 	type UpdateBackupScheduleDto,
+	type GetScheduleMirrorsDto,
+	type UpdateScheduleMirrorsDto,
+	type GetMirrorCompatibilityDto,
 } from "./backups.dto";
 import { backupsService } from "./backups.service";
 import {
@@ -113,4 +120,23 @@ export const backupScheduleController = new Hono()
 
 			return c.json<UpdateScheduleNotificationsDto>(assignments, 200);
 		},
-	);
+	)
+	.get("/:scheduleId/mirrors", getScheduleMirrorsDto, async (c) => {
+		const scheduleId = Number.parseInt(c.req.param("scheduleId"), 10);
+		const mirrors = await backupsService.getMirrors(scheduleId);
+
+		return c.json<GetScheduleMirrorsDto>(mirrors, 200);
+	})
+	.put("/:scheduleId/mirrors", updateScheduleMirrorsDto, validator("json", updateScheduleMirrorsBody), async (c) => {
+		const scheduleId = Number.parseInt(c.req.param("scheduleId"), 10);
+		const body = c.req.valid("json");
+		const mirrors = await backupsService.updateMirrors(scheduleId, body);
+
+		return c.json<UpdateScheduleMirrorsDto>(mirrors, 200);
+	})
+	.get("/:scheduleId/mirrors/compatibility", getMirrorCompatibilityDto, async (c) => {
+		const scheduleId = Number.parseInt(c.req.param("scheduleId"), 10);
+		const compatibility = await backupsService.getMirrorCompatibility(scheduleId);
+
+		return c.json<GetMirrorCompatibilityDto>(compatibility, 200);
+	});
diff --git a/app/server/modules/backups/backups.dto.ts b/app/server/modules/backups/backups.dto.ts
index 95c4d49c..fc771bf1 100644
--- a/app/server/modules/backups/backups.dto.ts
+++ b/app/server/modules/backups/backups.dto.ts
@@ -17,12 +17,14 @@ export type RetentionPolicy = typeof retentionPolicySchema.infer;
 
 const backupScheduleSchema = type({
 	id: "number",
+	name: "string",
 	volumeId: "number",
 	repositoryId: "string",
 	enabled: "boolean",
 	cronExpression: "string",
 	retentionPolicy: retentionPolicySchema.or("null"),
 	excludePatterns: "string[] | null",
+	excludeIfPresent: "string[] | null",
 	includePatterns: "string[] | null",
 	lastBackupAt: "number | null",
 	lastBackupStatus: "'success' | 'error' | 'in_progress' | 'warning' | null",
@@ -37,6 +39,19 @@ const backupScheduleSchema = type({
 	}),
 );
 
+const scheduleMirrorSchema = type({
+	scheduleId: "number",
+	repositoryId: "string",
+	enabled: "boolean",
+	lastCopyAt: "number | null",
+	lastCopyStatus: "'success' | 'error' | null",
+	lastCopyError: "string | null",
+	createdAt: "number",
+	repository: repositorySchema,
+});
+
+export type ScheduleMirrorDto = typeof scheduleMirrorSchema.infer;
+
 /**
  * List all backup schedules
  */
@@ -107,12 +122,14 @@ export const getBackupScheduleForVolumeDto = describeRoute({
  * Create a new backup schedule
  */
 export const createBackupScheduleBody = type({
+	name: "1 <= string <= 32",
 	volumeId: "number",
 	repositoryId: "string",
 	enabled: "boolean",
 	cronExpression: "string",
 	retentionPolicy: retentionPolicySchema.optional(),
 	excludePatterns: "string[]?",
+	excludeIfPresent: "string[]?",
 	includePatterns: "string[]?",
 	tags: "string[]?",
 });
@@ -143,11 +160,13 @@ export const createBackupScheduleDto = describeRoute({
  * Update a backup schedule
  */
 export const updateBackupScheduleBody = type({
+	name: "(1 <= string <= 32)?",
 	repositoryId: "string",
 	enabled: "boolean?",
 	cronExpression: "string",
 	retentionPolicy: retentionPolicySchema.optional(),
 	excludePatterns: "string[]?",
+	excludeIfPresent: "string[]?",
 	includePatterns: "string[]?",
 	tags: "string[]?",
 });
@@ -276,3 +295,75 @@ export const runForgetDto = describeRoute({
 		},
 	},
 });
+
+export const getScheduleMirrorsResponse = scheduleMirrorSchema.array();
+export type GetScheduleMirrorsDto = typeof getScheduleMirrorsResponse.infer;
+
+export const getScheduleMirrorsDto = describeRoute({
+	description: "Get mirror repository assignments for a backup schedule",
+	operationId: "getScheduleMirrors",
+	tags: ["Backups"],
+	responses: {
+		200: {
+			description: "List of mirror repository assignments for the schedule",
+			content: {
+				"application/json": {
+					schema: resolver(getScheduleMirrorsResponse),
+				},
+			},
+		},
+	},
+});
+
+export const updateScheduleMirrorsBody = type({
+	mirrors: type({
+		repositoryId: "string",
+		enabled: "boolean",
+	}).array(),
+});
+
+export type UpdateScheduleMirrorsBody = typeof updateScheduleMirrorsBody.infer;
+
+export const updateScheduleMirrorsResponse = scheduleMirrorSchema.array();
+export type UpdateScheduleMirrorsDto = typeof updateScheduleMirrorsResponse.infer;
+
+export const updateScheduleMirrorsDto = describeRoute({
+	description: "Update mirror repository assignments for a backup schedule",
+	operationId: "updateScheduleMirrors",
+	tags: ["Backups"],
+	responses: {
+		200: {
+			description: "Mirror assignments updated successfully",
+			content: {
+				"application/json": {
+					schema: resolver(updateScheduleMirrorsResponse),
+				},
+			},
+		},
+	},
+});
+
+const mirrorCompatibilitySchema = type({
+	repositoryId: "string",
+	compatible: "boolean",
+	reason: "string | null",
+});
+
+export const getMirrorCompatibilityResponse = mirrorCompatibilitySchema.array();
+export type GetMirrorCompatibilityDto = typeof getMirrorCompatibilityResponse.infer;
+
+export const getMirrorCompatibilityDto = describeRoute({
+	description: "Get mirror compatibility info for all repositories relative to a backup schedule's primary repository",
+	operationId: "getMirrorCompatibility",
+	tags: ["Backups"],
+	responses: {
+		200: {
+			description: "List of repositories with their mirror compatibility status",
+			content: {
+				"application/json": {
+					schema: resolver(getMirrorCompatibilityResponse),
+				},
+			},
+		},
+	},
+});
diff --git a/app/server/modules/backups/backups.service.ts b/app/server/modules/backups/backups.service.ts
index 89aa3ade..a95fc738 100644
--- a/app/server/modules/backups/backups.service.ts
+++ b/app/server/modules/backups/backups.service.ts
@@ -1,16 +1,18 @@
-import { eq } from "drizzle-orm";
+import { and, eq, ne } from "drizzle-orm";
 import cron from "node-cron";
 import { CronExpressionParser } from "cron-parser";
 import { NotFoundError, BadRequestError, ConflictError } from "http-errors-enhanced";
 import { db } from "../../db/db";
-import { backupSchedulesTable, repositoriesTable, volumesTable } from "../../db/schema";
+import { backupSchedulesTable, backupScheduleMirrorsTable, repositoriesTable, volumesTable } from "../../db/schema";
 import { restic } from "../../utils/restic";
 import { logger } from "../../utils/logger";
 import { getVolumePath } from "../volumes/helpers";
-import type { CreateBackupScheduleBody, UpdateBackupScheduleBody } from "./backups.dto";
+import type { CreateBackupScheduleBody, UpdateBackupScheduleBody, UpdateScheduleMirrorsBody } from "./backups.dto";
 import { toMessage } from "../../utils/errors";
 import { serverEvents } from "../../core/events";
 import { notificationsService } from "../notifications/notifications.service";
+import { repoMutex } from "../../core/repository-mutex";
+import { checkMirrorCompatibility, getIncompatibleMirrorError } from "~/server/utils/backend-compatibility";
 
 const runningBackups = new Map<number, AbortController>();
 
@@ -42,7 +44,7 @@ const listSchedules = async () => {
 
 const getSchedule = async (scheduleId: number) => {
 	const schedule = await db.query.backupSchedulesTable.findFirst({
-		where: eq(volumesTable.id, scheduleId),
+		where: eq(backupSchedulesTable.id, scheduleId),
 		with: {
 			volume: true,
 			repository: true,
@@ -61,6 +63,14 @@ const createSchedule = async (data: CreateBackupScheduleBody) => {
 		throw new BadRequestError("Invalid cron expression");
 	}
 
+	const existingName = await db.query.backupSchedulesTable.findFirst({
+		where: eq(backupSchedulesTable.name, data.name),
+	});
+
+	if (existingName) {
+		throw new ConflictError("A backup schedule with this name already exists");
+	}
+
 	const volume = await db.query.volumesTable.findFirst({
 		where: eq(volumesTable.id, data.volumeId),
 	});
@@ -82,12 +92,14 @@ const createSchedule = async (data: CreateBackupScheduleBody) => {
 	const [newSchedule] = await db
 		.insert(backupSchedulesTable)
 		.values({
+			name: data.name,
 			volumeId: data.volumeId,
 			repositoryId: data.repositoryId,
 			enabled: data.enabled,
 			cronExpression: data.cronExpression,
 			retentionPolicy: data.retentionPolicy ?? null,
 			excludePatterns: data.excludePatterns ?? [],
+			excludeIfPresent: data.excludeIfPresent ?? [],
 			includePatterns: data.includePatterns ?? [],
 			nextBackupAt: nextBackupAt,
 		})
@@ -113,6 +125,16 @@ const updateSchedule = async (scheduleId: number, data: UpdateBackupScheduleBody
 		throw new BadRequestError("Invalid cron expression");
 	}
 
+	if (data.name) {
+		const existingName = await db.query.backupSchedulesTable.findFirst({
+			where: and(eq(backupSchedulesTable.name, data.name), ne(backupSchedulesTable.id, scheduleId)),
+		});
+
+		if (existingName) {
+			throw new ConflictError("A backup schedule with this name already exists");
+		}
+	}
+
 	const repository = await db.query.repositoriesTable.findFirst({
 		where: eq(repositoriesTable.id, data.repositoryId),
 	});
@@ -225,6 +247,7 @@ const executeBackup = async (scheduleId: number, manual = false) => {
 
 		const backupOptions: {
 			exclude?: string[];
+			excludeIfPresent?: string[];
 			include?: string[];
 			tags?: string[];
 			signal?: AbortSignal;
@@ -237,40 +260,57 @@ const executeBackup = async (scheduleId: number, manual = false) => {
 			backupOptions.exclude = schedule.excludePatterns;
 		}
 
+		if (schedule.excludeIfPresent && schedule.excludeIfPresent.length > 0) {
+			backupOptions.excludeIfPresent = schedule.excludeIfPresent;
+		}
+
 		if (schedule.includePatterns && schedule.includePatterns.length > 0) {
 			backupOptions.include = schedule.includePatterns;
 		}
 
-		const { exitCode } = await restic.backup(repository.config, volumePath, {
-			...backupOptions,
-			compressionMode: repository.compressionMode ?? "auto",
-			onProgress: (progress) => {
-				serverEvents.emit("backup:progress", {
-					scheduleId,
-					volumeName: volume.name,
-					repositoryName: repository.name,
-					...progress,
-				});
-			},
-		});
+		const releaseBackupLock = await repoMutex.acquireShared(repository.id, `backup:${volume.name}`);
+		let exitCode: number;
+		try {
+			const result = await restic.backup(repository.config, volumePath, {
+				...backupOptions,
+				compressionMode: repository.compressionMode ?? "auto",
+				onProgress: (progress) => {
+					serverEvents.emit("backup:progress", {
+						scheduleId,
+						volumeName: volume.name,
+						repositoryName: repository.name,
+						...progress,
+					});
+				},
+			});
+			exitCode = result.exitCode;
+		} finally {
+			releaseBackupLock();
+		}
 
 		if (schedule.retentionPolicy) {
-			await restic.forget(repository.config, schedule.retentionPolicy, { tag: schedule.id.toString() });
+			void runForget(schedule.id);
 		}
 
+		copyToMirrors(scheduleId, repository, schedule.retentionPolicy).catch((error) => {
+			logger.error(`Background mirror copy failed for schedule ${scheduleId}: ${toMessage(error)}`);
+		});
+
+		const finalStatus = exitCode === 0 ? "success" : "warning";
+
 		const nextBackupAt = calculateNextRun(schedule.cronExpression);
 		await db
 			.update(backupSchedulesTable)
 			.set({
 				lastBackupAt: Date.now(),
-				lastBackupStatus: exitCode === 0 ? "success" : "warning",
+				lastBackupStatus: finalStatus,
 				lastBackupError: null,
 				nextBackupAt: nextBackupAt,
 				updatedAt: Date.now(),
 			})
 			.where(eq(backupSchedulesTable.id, scheduleId));
 
-		if (exitCode !== 0) {
+		if (finalStatus === "warning") {
 			logger.warn(`Backup completed with warnings for volume ${volume.name} to repository ${repository.name}`);
 		} else {
 			logger.info(`Backup completed successfully for volume ${volume.name} to repository ${repository.name}`);
@@ -280,11 +320,11 @@ const executeBackup = async (scheduleId: number, manual = false) => {
 			scheduleId,
 			volumeName: volume.name,
 			repositoryName: repository.name,
-			status: exitCode === 0 ? "success" : "warning",
+			status: finalStatus,
 		});
 
 		notificationsService
-			.sendBackupNotification(scheduleId, exitCode === 0 ? "success" : "warning", {
+			.sendBackupNotification(scheduleId, finalStatus === "success" ? "success" : "warning", {
 				volumeName: volume.name,
 				repositoryName: repository.name,
 			})
@@ -402,11 +442,202 @@ const runForget = async (scheduleId: number) => {
 		throw new NotFoundError("Repository not found");
 	}
 
-	logger.info(`Manually running retention policy (forget) for schedule ${scheduleId}`);
-	await restic.forget(repository.config, schedule.retentionPolicy, { tag: schedule.id.toString() });
+	logger.info(`running retention policy (forget) for schedule ${scheduleId}`);
+	const releaseLock = await repoMutex.acquireExclusive(repository.id, `forget:manual:${scheduleId}`);
+	try {
+		await restic.forget(repository.config, schedule.retentionPolicy, { tag: schedule.id.toString() });
+	} finally {
+		releaseLock();
+	}
+
 	logger.info(`Retention policy applied successfully for schedule ${scheduleId}`);
 };
 
+const getMirrors = async (scheduleId: number) => {
+	const schedule = await db.query.backupSchedulesTable.findFirst({
+		where: eq(backupSchedulesTable.id, scheduleId),
+	});
+
+	if (!schedule) {
+		throw new NotFoundError("Backup schedule not found");
+	}
+
+	const mirrors = await db.query.backupScheduleMirrorsTable.findMany({
+		where: eq(backupScheduleMirrorsTable.scheduleId, scheduleId),
+		with: { repository: true },
+	});
+
+	return mirrors;
+};
+
+const updateMirrors = async (scheduleId: number, data: UpdateScheduleMirrorsBody) => {
+	const schedule = await db.query.backupSchedulesTable.findFirst({
+		where: eq(backupSchedulesTable.id, scheduleId),
+		with: { repository: true },
+	});
+
+	if (!schedule) {
+		throw new NotFoundError("Backup schedule not found");
+	}
+
+	for (const mirror of data.mirrors) {
+		if (mirror.repositoryId === schedule.repositoryId) {
+			throw new BadRequestError("Cannot add the primary repository as a mirror");
+		}
+
+		const repo = await db.query.repositoriesTable.findFirst({
+			where: eq(repositoriesTable.id, mirror.repositoryId),
+		});
+
+		if (!repo) {
+			throw new NotFoundError(`Repository ${mirror.repositoryId} not found`);
+		}
+
+		const compatibility = await checkMirrorCompatibility(schedule.repository.config, repo.config, repo.id);
+
+		if (!compatibility.compatible) {
+			throw new BadRequestError(
+				getIncompatibleMirrorError(repo.name, schedule.repository.config.backend, repo.config.backend),
+			);
+		}
+	}
+
+	const existingMirrors = await db.query.backupScheduleMirrorsTable.findMany({
+		where: eq(backupScheduleMirrorsTable.scheduleId, scheduleId),
+	});
+
+	const existingMirrorsMap = new Map(
+		existingMirrors.map((m) => [
+			m.repositoryId,
+			{ lastCopyAt: m.lastCopyAt, lastCopyStatus: m.lastCopyStatus, lastCopyError: m.lastCopyError },
+		]),
+	);
+
+	await db.delete(backupScheduleMirrorsTable).where(eq(backupScheduleMirrorsTable.scheduleId, scheduleId));
+
+	if (data.mirrors.length > 0) {
+		await db.insert(backupScheduleMirrorsTable).values(
+			data.mirrors.map((mirror) => {
+				const existing = existingMirrorsMap.get(mirror.repositoryId);
+				return {
+					scheduleId,
+					repositoryId: mirror.repositoryId,
+					enabled: mirror.enabled,
+					lastCopyAt: existing?.lastCopyAt ?? null,
+					lastCopyStatus: existing?.lastCopyStatus ?? null,
+					lastCopyError: existing?.lastCopyError ?? null,
+				};
+			}),
+		);
+	}
+
+	return getMirrors(scheduleId);
+};
+
+const copyToMirrors = async (
+	scheduleId: number,
+	sourceRepository: { id: string; config: (typeof repositoriesTable.$inferSelect)["config"] },
+	retentionPolicy: (typeof backupSchedulesTable.$inferSelect)["retentionPolicy"],
+) => {
+	const mirrors = await db.query.backupScheduleMirrorsTable.findMany({
+		where: eq(backupScheduleMirrorsTable.scheduleId, scheduleId),
+		with: { repository: true },
+	});
+
+	const enabledMirrors = mirrors.filter((m) => m.enabled);
+
+	if (enabledMirrors.length === 0) {
+		return;
+	}
+
+	logger.info(
+		`[Background] Copying snapshots to ${enabledMirrors.length} mirror repositories for schedule ${scheduleId}`,
+	);
+
+	for (const mirror of enabledMirrors) {
+		try {
+			logger.info(`[Background] Copying to mirror repository: ${mirror.repository.name}`);
+
+			serverEvents.emit("mirror:started", {
+				scheduleId,
+				repositoryId: mirror.repositoryId,
+				repositoryName: mirror.repository.name,
+			});
+
+			const releaseSource = await repoMutex.acquireShared(sourceRepository.id, `mirror_source:${scheduleId}`);
+			const releaseMirror = await repoMutex.acquireShared(mirror.repository.id, `mirror:${scheduleId}`);
+
+			try {
+				await restic.copy(sourceRepository.config, mirror.repository.config, { tag: scheduleId.toString() });
+			} finally {
+				releaseSource();
+				releaseMirror();
+			}
+
+			if (retentionPolicy) {
+				const releaseForget = await repoMutex.acquireExclusive(mirror.repository.id, `forget:mirror:${scheduleId}`);
+
+				try {
+					logger.info(`[Background] Applying retention policy to mirror repository: ${mirror.repository.name}`);
+					await restic.forget(mirror.repository.config, retentionPolicy, { tag: scheduleId.toString() });
+				} finally {
+					releaseForget();
+				}
+			}
+
+			await db
+				.update(backupScheduleMirrorsTable)
+				.set({ lastCopyAt: Date.now(), lastCopyStatus: "success", lastCopyError: null })
+				.where(eq(backupScheduleMirrorsTable.id, mirror.id));
+
+			logger.info(`[Background] Successfully copied to mirror repository: ${mirror.repository.name}`);
+
+			serverEvents.emit("mirror:completed", {
+				scheduleId,
+				repositoryId: mirror.repositoryId,
+				repositoryName: mirror.repository.name,
+				status: "success",
+			});
+		} catch (error) {
+			const errorMessage = toMessage(error);
+			logger.error(`[Background] Failed to copy to mirror repository ${mirror.repository.name}: ${errorMessage}`);
+
+			await db
+				.update(backupScheduleMirrorsTable)
+				.set({ lastCopyAt: Date.now(), lastCopyStatus: "error", lastCopyError: errorMessage })
+				.where(eq(backupScheduleMirrorsTable.id, mirror.id));
+
+			serverEvents.emit("mirror:completed", {
+				scheduleId,
+				repositoryId: mirror.repositoryId,
+				repositoryName: mirror.repository.name,
+				status: "error",
+				error: errorMessage,
+			});
+		}
+	}
+};
+
+const getMirrorCompatibility = async (scheduleId: number) => {
+	const schedule = await db.query.backupSchedulesTable.findFirst({
+		where: eq(backupSchedulesTable.id, scheduleId),
+		with: { repository: true },
+	});
+
+	if (!schedule) {
+		throw new NotFoundError("Backup schedule not found");
+	}
+
+	const allRepositories = await db.query.repositoriesTable.findMany();
+	const repos = allRepositories.filter((repo) => repo.id !== schedule.repositoryId);
+
+	const compatibility = await Promise.all(
+		repos.map((repo) => checkMirrorCompatibility(schedule.repository.config, repo.config, repo.id)),
+	);
+
+	return compatibility;
+};
+
 export const backupsService = {
 	listSchedules,
 	getSchedule,
@@ -418,4 +649,7 @@ export const backupsService = {
 	getScheduleForVolume,
 	stopBackup,
 	runForget,
+	getMirrors,
+	updateMirrors,
+	getMirrorCompatibility,
 };
diff --git a/app/server/modules/events/events.controller.ts b/app/server/modules/events/events.controller.ts
index a93dc27e..cd40b845 100644
--- a/app/server/modules/events/events.controller.ts
+++ b/app/server/modules/events/events.controller.ts
@@ -70,12 +70,34 @@ export const eventsController = new Hono().get("/", (c) => {
 			});
 		};
 
+		const onMirrorStarted = (data: { scheduleId: number; repositoryId: string; repositoryName: string }) => {
+			stream.writeSSE({
+				data: JSON.stringify(data),
+				event: "mirror:started",
+			});
+		};
+
+		const onMirrorCompleted = (data: {
+			scheduleId: number;
+			repositoryId: string;
+			repositoryName: string;
+			status: "success" | "error";
+			error?: string;
+		}) => {
+			stream.writeSSE({
+				data: JSON.stringify(data),
+				event: "mirror:completed",
+			});
+		};
+
 		serverEvents.on("backup:started", onBackupStarted);
 		serverEvents.on("backup:progress", onBackupProgress);
 		serverEvents.on("backup:completed", onBackupCompleted);
 		serverEvents.on("volume:mounted", onVolumeMounted);
 		serverEvents.on("volume:unmounted", onVolumeUnmounted);
 		serverEvents.on("volume:updated", onVolumeUpdated);
+		serverEvents.on("mirror:started", onMirrorStarted);
+		serverEvents.on("mirror:completed", onMirrorCompleted);
 
 		let keepAlive = true;
 
@@ -88,6 +110,8 @@ export const eventsController = new Hono().get("/", (c) => {
 			serverEvents.off("volume:mounted", onVolumeMounted);
 			serverEvents.off("volume:unmounted", onVolumeUnmounted);
 			serverEvents.off("volume:updated", onVolumeUpdated);
+			serverEvents.off("mirror:started", onMirrorStarted);
+			serverEvents.off("mirror:completed", onMirrorCompleted);
 		});
 
 		while (keepAlive) {
diff --git a/app/server/modules/lifecycle/startup.ts b/app/server/modules/lifecycle/startup.ts
index ea5b6f98..105071a2 100644
--- a/app/server/modules/lifecycle/startup.ts
+++ b/app/server/modules/lifecycle/startup.ts
@@ -34,7 +34,7 @@ export const startup = async () => {
 
 	Scheduler.build(CleanupDanglingMountsJob).schedule("0 * * * *");
 	Scheduler.build(VolumeHealthCheckJob).schedule("*/30 * * * *");
-	Scheduler.build(RepositoryHealthCheckJob).schedule("0 12 * * *");
+	Scheduler.build(RepositoryHealthCheckJob).schedule("50 12 * * *");
 	Scheduler.build(BackupExecutionJob).schedule("* * * * *");
 	Scheduler.build(CleanupSessionsJob).schedule("0 0 * * *");
 };
diff --git a/app/server/modules/notifications/builders/email.ts b/app/server/modules/notifications/builders/email.ts
index a0323f10..cec160dd 100644
--- a/app/server/modules/notifications/builders/email.ts
+++ b/app/server/modules/notifications/builders/email.ts
@@ -1,10 +1,13 @@
 import type { NotificationConfig } from "~/schemas/notifications";
 
 export function buildEmailShoutrrrUrl(config: Extract<NotificationConfig, { type: "email" }>): string {
-	const auth = `${encodeURIComponent(config.username)}:${encodeURIComponent(config.password)}`;
+	const auth =
+		config.username && config.password
+			? `${encodeURIComponent(config.username)}:${encodeURIComponent(config.password)}@`
+			: "";
 	const host = `${config.smtpHost}:${config.smtpPort}`;
 	const toRecipients = config.to.map((email) => encodeURIComponent(email)).join(",");
 	const useStartTLS = config.useTLS ? "yes" : "no";
 
-	return `smtp://${auth}@${host}/?from=${encodeURIComponent(config.from)}&to=${toRecipients}&starttls=${useStartTLS}`;
+	return `smtp://${auth}${host}/?from=${encodeURIComponent(config.from)}&to=${toRecipients}&starttls=${useStartTLS}`;
 }
diff --git a/app/server/modules/notifications/notifications.dto.ts b/app/server/modules/notifications/notifications.dto.ts
index 65d682f6..887a93ae 100644
--- a/app/server/modules/notifications/notifications.dto.ts
+++ b/app/server/modules/notifications/notifications.dto.ts
@@ -190,6 +190,7 @@ export const scheduleNotificationAssignmentSchema = type({
 	destinationId: "number",
 	notifyOnStart: "boolean",
 	notifyOnSuccess: "boolean",
+	notifyOnWarning: "boolean",
 	notifyOnFailure: "boolean",
 	createdAt: "number",
 	destination: notificationDestinationSchema,
@@ -227,6 +228,7 @@ export const updateScheduleNotificationsBody = type({
 		destinationId: "number",
 		notifyOnStart: "boolean",
 		notifyOnSuccess: "boolean",
+		notifyOnWarning: "boolean",
 		notifyOnFailure: "boolean",
 	}).array(),
 });
diff --git a/app/server/modules/notifications/notifications.service.ts b/app/server/modules/notifications/notifications.service.ts
index 4099d8b4..b25b79f6 100644
--- a/app/server/modules/notifications/notifications.service.ts
+++ b/app/server/modules/notifications/notifications.service.ts
@@ -38,7 +38,7 @@ async function encryptSensitiveFields(config: NotificationConfig): Promise<Notif
 		case "email":
 			return {
 				...config,
-				password: await cryptoUtils.encrypt(config.password),
+				password: config.password ? await cryptoUtils.encrypt(config.password) : undefined,
 			};
 		case "slack":
 			return {
@@ -85,7 +85,7 @@ async function decryptSensitiveFields(config: NotificationConfig): Promise<Notif
 		case "email":
 			return {
 				...config,
-				password: await cryptoUtils.decrypt(config.password),
+				password: config.password ? await cryptoUtils.decrypt(config.password) : undefined,
 			};
 		case "slack":
 			return {
@@ -253,6 +253,7 @@ const updateScheduleNotifications = async (
 		destinationId: number;
 		notifyOnStart: boolean;
 		notifyOnSuccess: boolean;
+		notifyOnWarning: boolean;
 		notifyOnFailure: boolean;
 	}>,
 ) => {
@@ -300,8 +301,9 @@ const sendBackupNotification = async (
 					return assignment.notifyOnStart;
 				case "success":
 					return assignment.notifyOnSuccess;
-				case "failure":
 				case "warning":
+					return assignment.notifyOnWarning;
+				case "failure":
 					return assignment.notifyOnFailure;
 				default:
 					return false;
diff --git a/app/server/modules/repositories/repositories.controller.ts b/app/server/modules/repositories/repositories.controller.ts
index c629deca..a53a3a29 100644
--- a/app/server/modules/repositories/repositories.controller.ts
+++ b/app/server/modules/repositories/repositories.controller.ts
@@ -90,6 +90,7 @@ export const repositoriesController = new Hono()
 				short_id: snapshot.short_id,
 				duration,
 				paths: snapshot.paths,
+				tags: snapshot.tags ?? [],
 				size: summary?.total_bytes_processed || 0,
 				time: new Date(snapshot.time).getTime(),
 			};
@@ -113,6 +114,7 @@ export const repositoriesController = new Hono()
 			time: new Date(snapshot.time).getTime(),
 			paths: snapshot.paths,
 			size: snapshot.summary?.total_bytes_processed || 0,
+			tags: snapshot.tags ?? [],
 			summary: snapshot.summary,
 		};
 
diff --git a/app/server/modules/repositories/repositories.dto.ts b/app/server/modules/repositories/repositories.dto.ts
index aa77a62e..c659b18b 100644
--- a/app/server/modules/repositories/repositories.dto.ts
+++ b/app/server/modules/repositories/repositories.dto.ts
@@ -174,6 +174,7 @@ export const snapshotSchema = type({
 	paths: "string[]",
 	size: "number",
 	duration: "number",
+	tags: "string[]",
 });
 
 const listSnapshotsResponse = snapshotSchema.array();
diff --git a/app/server/modules/repositories/repositories.service.ts b/app/server/modules/repositories/repositories.service.ts
index 127a8275..ea23a161 100644
--- a/app/server/modules/repositories/repositories.service.ts
+++ b/app/server/modules/repositories/repositories.service.ts
@@ -8,6 +8,7 @@ import { toMessage } from "../../utils/errors";
 import { generateShortId } from "../../utils/id";
 import { restic } from "../../utils/restic";
 import { cryptoUtils } from "../../utils/crypto";
+import { repoMutex } from "../../core/repository-mutex";
 import type { CompressionMode, OverwriteMode, RepositoryConfig } from "~/schemas/restic";
 
 const listRepositories = async () => {
@@ -160,15 +161,20 @@ const listSnapshots = async (name: string, backupId?: string) => {
 		throw new NotFoundError("Repository not found");
 	}
 
-	let snapshots = [];
+	const releaseLock = await repoMutex.acquireShared(repository.id, "snapshots");
+	try {
+		let snapshots = [];
 
-	if (backupId) {
-		snapshots = await restic.snapshots(repository.config, { tags: [backupId.toString()] });
-	} else {
-		snapshots = await restic.snapshots(repository.config);
-	}
+		if (backupId) {
+			snapshots = await restic.snapshots(repository.config, { tags: [backupId.toString()] });
+		} else {
+			snapshots = await restic.snapshots(repository.config);
+		}
 
-	return snapshots;
+		return snapshots;
+	} finally {
+		releaseLock();
+	}
 };
 
 const listSnapshotFiles = async (name: string, snapshotId: string, path?: string) => {
@@ -180,22 +186,27 @@ const listSnapshotFiles = async (name: string, snapshotId: string, path?: string
 		throw new NotFoundError("Repository not found");
 	}
 
-	const result = await restic.ls(repository.config, snapshotId, path);
+	const releaseLock = await repoMutex.acquireShared(repository.id, `ls:${snapshotId}`);
+	try {
+		const result = await restic.ls(repository.config, snapshotId, path);
 
-	if (!result.snapshot) {
-		throw new NotFoundError("Snapshot not found or empty");
-	}
+		if (!result.snapshot) {
+			throw new NotFoundError("Snapshot not found or empty");
+		}
 
-	return {
-		snapshot: {
-			id: result.snapshot.id,
-			short_id: result.snapshot.short_id,
-			time: result.snapshot.time,
-			hostname: result.snapshot.hostname,
-			paths: result.snapshot.paths,
-		},
-		files: result.nodes,
-	};
+		return {
+			snapshot: {
+				id: result.snapshot.id,
+				short_id: result.snapshot.short_id,
+				time: result.snapshot.time,
+				hostname: result.snapshot.hostname,
+				paths: result.snapshot.paths,
+			},
+			files: result.nodes,
+		};
+	} finally {
+		releaseLock();
+	}
 };
 
 const restoreSnapshot = async (
@@ -220,14 +231,19 @@ const restoreSnapshot = async (
 
 	const target = options?.targetPath || "/";
 
-	const result = await restic.restore(repository.config, snapshotId, target, options);
-
-	return {
-		success: true,
-		message: "Snapshot restored successfully",
-		filesRestored: result.files_restored,
-		filesSkipped: result.files_skipped,
-	};
+	const releaseLock = await repoMutex.acquireShared(repository.id, `restore:${snapshotId}`);
+	try {
+		const result = await restic.restore(repository.config, snapshotId, target, options);
+
+		return {
+			success: true,
+			message: "Snapshot restored successfully",
+			filesRestored: result.files_restored,
+			filesSkipped: result.files_skipped,
+		};
+	} finally {
+		releaseLock();
+	}
 };
 
 const getSnapshotDetails = async (name: string, snapshotId: string) => {
@@ -239,14 +255,19 @@ const getSnapshotDetails = async (name: string, snapshotId: string) => {
 		throw new NotFoundError("Repository not found");
 	}
 
-	const snapshots = await restic.snapshots(repository.config);
-	const snapshot = snapshots.find((snap) => snap.id === snapshotId || snap.short_id === snapshotId);
+	const releaseLock = await repoMutex.acquireShared(repository.id, `snapshot_details:${snapshotId}`);
+	try {
+		const snapshots = await restic.snapshots(repository.config);
+		const snapshot = snapshots.find((snap) => snap.id === snapshotId || snap.short_id === snapshotId);
 
-	if (!snapshot) {
-		throw new NotFoundError("Snapshot not found");
-	}
+		if (!snapshot) {
+			throw new NotFoundError("Snapshot not found");
+		}
 
-	return snapshot;
+		return snapshot;
+	} finally {
+		releaseLock();
+	}
 };
 
 const checkHealth = async (repositoryId: string) => {
@@ -258,18 +279,23 @@ const checkHealth = async (repositoryId: string) => {
 		throw new NotFoundError("Repository not found");
 	}
 
-	const { hasErrors, error } = await restic.check(repository.config);
-
-	await db
-		.update(repositoriesTable)
-		.set({
-			status: hasErrors ? "error" : "healthy",
-			lastChecked: Date.now(),
-			lastError: error,
-		})
-		.where(eq(repositoriesTable.id, repository.id));
+	const releaseLock = await repoMutex.acquireExclusive(repository.id, "check");
+	try {
+		const { hasErrors, error } = await restic.check(repository.config);
 
-	return { lastError: error };
+		await db
+			.update(repositoriesTable)
+			.set({
+				status: hasErrors ? "error" : "healthy",
+				lastChecked: Date.now(),
+				lastError: error,
+			})
+			.where(eq(repositoriesTable.id, repository.id));
+
+		return { lastError: error };
+	} finally {
+		releaseLock();
+	}
 };
 
 const doctorRepository = async (name: string) => {
@@ -295,48 +321,51 @@ const doctorRepository = async (name: string) => {
 		error: unlockResult.error,
 	});
 
-	const checkResult = await restic.check(repository.config, { readData: false }).then(
-		(result) => result,
-		(error) => ({ success: false, output: null, error: toMessage(error), hasErrors: true }),
-	);
-
-	steps.push({
-		step: "check",
-		success: checkResult.success,
-		output: checkResult.output,
-		error: checkResult.error,
-	});
-
-	if (checkResult.hasErrors) {
-		const repairResult = await restic.repairIndex(repository.config).then(
-			(result) => ({ success: true, output: result.output, error: null }),
-			(error) => ({ success: false, output: null, error: toMessage(error) }),
-		);
-
-		steps.push({
-			step: "repair_index",
-			success: repairResult.success,
-			output: repairResult.output,
-			error: repairResult.error,
-		});
-
-		const recheckResult = await restic.check(repository.config, { readData: false }).then(
+	const releaseLock = await repoMutex.acquireExclusive(repository.id, "doctor");
+	try {
+		const checkResult = await restic.check(repository.config, { readData: false }).then(
 			(result) => result,
 			(error) => ({ success: false, output: null, error: toMessage(error), hasErrors: true }),
 		);
 
 		steps.push({
-			step: "recheck",
-			success: recheckResult.success,
-			output: recheckResult.output,
-			error: recheckResult.error,
+			step: "check",
+			success: checkResult.success,
+			output: checkResult.output,
+			error: checkResult.error,
 		});
+
+		if (checkResult.hasErrors) {
+			const repairResult = await restic.repairIndex(repository.config).then(
+				(result) => ({ success: true, output: result.output, error: null }),
+				(error) => ({ success: false, output: null, error: toMessage(error) }),
+			);
+
+			steps.push({
+				step: "repair_index",
+				success: repairResult.success,
+				output: repairResult.output,
+				error: repairResult.error,
+			});
+
+			const recheckResult = await restic.check(repository.config, { readData: false }).then(
+				(result) => result,
+				(error) => ({ success: false, output: null, error: toMessage(error), hasErrors: true }),
+			);
+
+			steps.push({
+				step: "recheck",
+				success: recheckResult.success,
+				output: recheckResult.output,
+				error: recheckResult.error,
+			});
+		}
+	} finally {
+		releaseLock();
 	}
 
 	const allSuccessful = steps.every((s) => s.success);
 
-	console.log("Doctor steps:", steps);
-
 	await db
 		.update(repositoriesTable)
 		.set({
@@ -361,7 +390,12 @@ const deleteSnapshot = async (name: string, snapshotId: string) => {
 		throw new NotFoundError("Repository not found");
 	}
 
-	await restic.deleteSnapshot(repository.config, snapshotId);
+	const releaseLock = await repoMutex.acquireExclusive(repository.id, `delete:${snapshotId}`);
+	try {
+		await restic.deleteSnapshot(repository.config, snapshotId);
+	} finally {
+		releaseLock();
+	}
 };
 
 const updateRepository = async (name: string, updates: { name?: string; compressionMode?: CompressionMode }) => {
diff --git a/app/server/modules/volumes/volume.service.ts b/app/server/modules/volumes/volume.service.ts
index 7169d6fc..3f415c0b 100644
--- a/app/server/modules/volumes/volume.service.ts
+++ b/app/server/modules/volumes/volume.service.ts
@@ -5,9 +5,10 @@ import Docker from "dockerode";
 import { and, eq, ne } from "drizzle-orm";
 import { ConflictError, InternalServerError, NotFoundError } from "http-errors-enhanced";
 import slugify from "slugify";
-import { getCapabilities } from "../../core/capabilities";
+import { getCapabilities, parseDockerHost } from "../../core/capabilities";
 import { db } from "../../db/db";
 import { volumesTable } from "../../db/schema";
+import { cryptoUtils } from "../../utils/crypto";
 import { toMessage } from "../../utils/errors";
 import { generateShortId } from "../../utils/id";
 import { getStatFs, type StatFs } from "../../utils/mountinfo";
@@ -19,6 +20,23 @@ import { logger } from "../../utils/logger";
 import { serverEvents } from "../../core/events";
 import type { BackendConfig } from "~/schemas/volumes";
 
+async function encryptSensitiveFields(config: BackendConfig): Promise<BackendConfig> {
+	switch (config.backend) {
+		case "smb":
+			return {
+				...config,
+				password: await cryptoUtils.encrypt(config.password),
+			};
+		case "webdav":
+			return {
+				...config,
+				password: config.password ? await cryptoUtils.encrypt(config.password) : undefined,
+			};
+		default:
+			return config;
+	}
+}
+
 const listVolumes = async () => {
 	const volumes = await db.query.volumesTable.findMany({});
 
@@ -37,13 +55,14 @@ const createVolume = async (name: string, backendConfig: BackendConfig) => {
 	}
 
 	const shortId = generateShortId();
+	const encryptedConfig = await encryptSensitiveFields(backendConfig);
 
 	const [created] = await db
 		.insert(volumesTable)
 		.values({
 			shortId,
 			name: slug,
-			config: backendConfig,
+			config: encryptedConfig,
 			type: backendConfig.backend,
 		})
 		.returning();
@@ -175,11 +194,13 @@ const updateVolume = async (name: string, volumeData: UpdateVolumeBody) => {
 		await backend.unmount();
 	}
 
+	const encryptedConfig = volumeData.config ? await encryptSensitiveFields(volumeData.config) : undefined;
+
 	const [updated] = await db
 		.update(volumesTable)
 		.set({
 			name: newName,
-			config: volumeData.config,
+			config: encryptedConfig,
 			type: volumeData.config?.backend,
 			autoRemount: volumeData.autoRemount,
 			updatedAt: Date.now(),
@@ -277,7 +298,8 @@ const getContainersUsingVolume = async (name: string) => {
 	}
 
 	try {
-		const docker = new Docker();
+		const docker = new Docker(parseDockerHost(process.env.DOCKER_HOST));
+
 		const containers = await docker.listContainers({ all: true });
 
 		const usingContainers = [];
diff --git a/app/server/utils/backend-compatibility.ts b/app/server/utils/backend-compatibility.ts
new file mode 100644
index 00000000..329db412
--- /dev/null
+++ b/app/server/utils/backend-compatibility.ts
@@ -0,0 +1,148 @@
+import type { RepositoryConfig } from "~/schemas/restic";
+import { cryptoUtils } from "./crypto";
+
+type BackendConflictGroup = "s3" | "gcs" | "azure" | "rest" | "sftp" | null;
+
+export const getBackendConflictGroup = (backend: string): BackendConflictGroup => {
+	switch (backend) {
+		case "s3":
+		case "r2":
+			return "s3";
+		case "gcs":
+			return "gcs";
+		case "azure":
+			return "azure";
+		case "rest":
+			return "rest";
+		case "sftp":
+			return "sftp";
+		case "local":
+		case "rclone":
+			return null;
+		default:
+			return null;
+	}
+};
+
+export const hasCompatibleCredentials = async (
+	config1: RepositoryConfig,
+	config2: RepositoryConfig,
+): Promise<boolean> => {
+	const group1 = getBackendConflictGroup(config1.backend);
+	const group2 = getBackendConflictGroup(config2.backend);
+
+	if (!group1 || !group2 || group1 !== group2) {
+		return true;
+	}
+
+	switch (group1) {
+		case "s3": {
+			if (
+				(config1.backend === "s3" || config1.backend === "r2") &&
+				(config2.backend === "s3" || config2.backend === "r2")
+			) {
+				const accessKey1 = await cryptoUtils.decrypt(config1.accessKeyId);
+				const secretKey1 = await cryptoUtils.decrypt(config1.secretAccessKey);
+
+				const accessKey2 = await cryptoUtils.decrypt(config2.accessKeyId);
+				const secretKey2 = await cryptoUtils.decrypt(config2.secretAccessKey);
+
+				return accessKey1 === accessKey2 && secretKey1 === secretKey2;
+			}
+			return false;
+		}
+		case "gcs": {
+			if (config1.backend === "gcs" && config2.backend === "gcs") {
+				const credentials1 = await cryptoUtils.decrypt(config1.credentialsJson);
+				const credentials2 = await cryptoUtils.decrypt(config2.credentialsJson);
+
+				return credentials1 === credentials2 && config1.projectId === config2.projectId;
+			}
+			return false;
+		}
+		case "azure": {
+			if (config1.backend === "azure" && config2.backend === "azure") {
+				const config1Accountkey = await cryptoUtils.decrypt(config1.accountKey);
+				const config2Accountkey = await cryptoUtils.decrypt(config2.accountKey);
+
+				return config1.accountName === config2.accountName && config1Accountkey === config2Accountkey;
+			}
+			return false;
+		}
+		case "rest": {
+			if (config1.backend === "rest" && config2.backend === "rest") {
+				if (!config1.username && !config2.username && !config1.password && !config2.password) {
+					return true;
+				}
+
+				const config1Username = await cryptoUtils.decrypt(config1.username || "");
+				const config1Password = await cryptoUtils.decrypt(config1.password || "");
+				const config2Username = await cryptoUtils.decrypt(config2.username || "");
+				const config2Password = await cryptoUtils.decrypt(config2.password || "");
+
+				return config1Username === config2Username && config1Password === config2Password;
+			}
+			return false;
+		}
+		case "sftp": {
+			return false;
+		}
+		default:
+			return false;
+	}
+};
+
+export interface CompatibilityResult {
+	repositoryId: string;
+	compatible: boolean;
+	reason: string | null;
+}
+
+export const checkMirrorCompatibility = async (
+	primaryConfig: RepositoryConfig,
+	mirrorConfig: RepositoryConfig,
+	mirrorRepositoryId: string,
+): Promise<CompatibilityResult> => {
+	const primaryConflictGroup = getBackendConflictGroup(primaryConfig.backend);
+	const mirrorConflictGroup = getBackendConflictGroup(mirrorConfig.backend);
+
+	if (!primaryConflictGroup || !mirrorConflictGroup) {
+		return {
+			repositoryId: mirrorRepositoryId,
+			compatible: true,
+			reason: null,
+		};
+	}
+
+	if (primaryConflictGroup !== mirrorConflictGroup) {
+		return {
+			repositoryId: mirrorRepositoryId,
+			compatible: true,
+			reason: null,
+		};
+	}
+
+	const compatible = await hasCompatibleCredentials(primaryConfig, mirrorConfig);
+
+	if (compatible) {
+		return {
+			repositoryId: mirrorRepositoryId,
+			compatible: true,
+			reason: null,
+		};
+	}
+
+	return {
+		repositoryId: mirrorRepositoryId,
+		compatible: false,
+		reason: `Both use ${primaryConflictGroup.toUpperCase()} backends with different credentials`,
+	};
+};
+
+export const getIncompatibleMirrorError = (mirrorRepoName: string, primaryBackend: string, mirrorBackend: string) => {
+	return (
+		`Cannot mirror to ${mirrorRepoName}: both repositories use the same backend type (${primaryBackend}/${mirrorBackend}) with different credentials. ` +
+		"Restic cannot use different credentials for the same backend in a copy operation. " +
+		"Consider creating a new backup scheduler with the desired destination instead."
+	);
+};
diff --git a/app/server/utils/crypto.ts b/app/server/utils/crypto.ts
index 5394cefd..c096f558 100644
--- a/app/server/utils/crypto.ts
+++ b/app/server/utils/crypto.ts
@@ -10,7 +10,8 @@ const isEncrypted = (val?: string): boolean => {
 };
 
 /**
- * Given a string, encrypts it using a randomly generated salt
+ * Given a string, encrypts it using a randomly generated salt.
+ * Returns the input unchanged if it's empty or already encrypted.
  */
 const encrypt = async (data: string) => {
 	if (!data) {
@@ -21,7 +22,7 @@ const encrypt = async (data: string) => {
 		return data;
 	}
 
-	const secret = (await Bun.file(RESTIC_PASS_FILE).text()).trim();
+	const secret = await Bun.file(RESTIC_PASS_FILE).text();
 
 	const salt = crypto.randomBytes(16);
 	const key = crypto.pbkdf2Sync(secret, salt, 100000, keyLength, "sha256");
@@ -35,14 +36,15 @@ const encrypt = async (data: string) => {
 };
 
 /**
- * Given an encrypted string, decrypts it using the salt stored in the string
+ * Given an encrypted string, decrypts it using the salt stored in the string.
+ * Returns the input unchanged if it's not encrypted (for backward compatibility).
  */
 const decrypt = async (encryptedData: string) => {
 	if (!isEncrypted(encryptedData)) {
 		return encryptedData;
 	}
 
-	const secret = await Bun.file(RESTIC_PASS_FILE).text();
+	const secret = (await Bun.file(RESTIC_PASS_FILE).text()).trim();
 
 	const parts = encryptedData.split(":").slice(1); // Remove prefix
 	const saltHex = parts.shift() as string;
diff --git a/app/server/utils/logger.ts b/app/server/utils/logger.ts
index c5b77adb..82eac353 100644
--- a/app/server/utils/logger.ts
+++ b/app/server/utils/logger.ts
@@ -1,15 +1,17 @@
 import { createLogger, format, transports } from "winston";
 import { sanitizeSensitiveData } from "./sanitize";
+import { config } from "../core/config";
 
 const { printf, combine, colorize } = format;
 
 const printConsole = printf((info) => `${info.level} > ${info.message}`);
 const consoleFormat = combine(colorize(), printConsole);
 
+const defaultLevel = config.__prod__ ? "info" : "debug";
 const winstonLogger = createLogger({
-	level: "debug",
+	level: process.env.LOG_LEVEL || defaultLevel,
 	format: format.json(),
-	transports: [new transports.Console({ level: "debug", format: consoleFormat })],
+	transports: [new transports.Console({ level: process.env.LOG_LEVEL || defaultLevel, format: consoleFormat })],
 });
 
 const log = (level: "info" | "warn" | "error" | "debug", messages: unknown[]) => {
diff --git a/app/server/utils/restic.ts b/app/server/utils/restic.ts
index 28e01cee..85d70d42 100644
--- a/app/server/utils/restic.ts
+++ b/app/server/utils/restic.ts
@@ -1,6 +1,7 @@
 import crypto from "node:crypto";
 import fs from "node:fs/promises";
 import path from "node:path";
+import os from "node:os";
 import { throttle } from "es-toolkit";
 import { type } from "arktype";
 import { $ } from "bun";
@@ -40,6 +41,7 @@ const snapshotInfoSchema = type({
 	time: "string",
 	uid: "number?",
 	username: "string",
+	tags: "string[]?",
 	summary: type({
 		backup_end: "string",
 		backup_start: "string",
@@ -200,8 +202,8 @@ const init = async (config: RepositoryConfig) => {
 
 	const env = await buildEnv(config);
 
-	const args = ["init", "--repo", repoUrl, "--json"];
-	addRepoSpecificArgs(args, config, env);
+	const args = ["init", "--repo", repoUrl];
+	addCommonArgs(args, env);
 
 	const res = await $`restic ${args}`.env(env).nothrow();
 	await cleanupTemporaryKeys(config, env);
@@ -233,6 +235,7 @@ const backup = async (
 	source: string,
 	options?: {
 		exclude?: string[];
+		excludeIfPresent?: string[];
 		include?: string[];
 		tags?: string[];
 		compressionMode?: CompressionMode;
@@ -260,8 +263,9 @@ const backup = async (
 
 	let includeFile: string | null = null;
 	if (options?.include && options.include.length > 0) {
-		const tmp = await fs.mkdtemp("restic-include");
+		const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "zerobyte-restic-include-"));
 		includeFile = path.join(tmp, `include.txt`);
+
 		const includePaths = options.include.map((p) => path.join(source, p));
 
 		await fs.writeFile(includeFile, includePaths.join("\n"), "utf-8");
@@ -277,8 +281,13 @@ const backup = async (
 		}
 	}
 
-	addRepoSpecificArgs(args, config, env);
-	args.push("--json");
+	if (options?.excludeIfPresent && options.excludeIfPresent.length > 0) {
+		for (const filename of options.excludeIfPresent) {
+			args.push("--exclude-if-present", filename);
+		}
+	}
+
+	addCommonArgs(args, env);
 
 	const logData = throttle((data: string) => {
 		logger.info(data.trim());
@@ -404,8 +413,7 @@ const restore = async (
 		}
 	}
 
-	addRepoSpecificArgs(args, config, env);
-	args.push("--json");
+	addCommonArgs(args, env);
 
 	logger.debug(`Executing: restic ${args.join(" ")}`);
 	const res = await $`restic ${args}`.env(env).nothrow();
@@ -468,8 +476,7 @@ const snapshots = async (config: RepositoryConfig, options: { tags?: string[] }
 		}
 	}
 
-	addRepoSpecificArgs(args, config, env);
-	args.push("--json");
+	addCommonArgs(args, env);
 
 	const res = await $`restic ${args}`.env(env).nothrow().quiet();
 	await cleanupTemporaryKeys(config, env);
@@ -518,8 +525,7 @@ const forget = async (config: RepositoryConfig, options: RetentionPolicy, extra:
 	}
 
 	args.push("--prune");
-	addRepoSpecificArgs(args, config, env);
-	args.push("--json");
+	addCommonArgs(args, env);
 
 	const res = await $`restic ${args}`.env(env).nothrow();
 	await cleanupTemporaryKeys(config, env);
@@ -537,7 +543,7 @@ const deleteSnapshot = async (config: RepositoryConfig, snapshotId: string) => {
 	const env = await buildEnv(config);
 
 	const args: string[] = ["--repo", repoUrl, "forget", snapshotId, "--prune"];
-	addRepoSpecificArgs(args, config, env);
+	addCommonArgs(args, env);
 
 	const res = await $`restic ${args}`.env(env).nothrow();
 	await cleanupTemporaryKeys(config, env);
@@ -581,13 +587,13 @@ const ls = async (config: RepositoryConfig, snapshotId: string, path?: string) =
 	const repoUrl = buildRepoUrl(config);
 	const env = await buildEnv(config);
 
-	const args: string[] = ["--repo", repoUrl, "ls", snapshotId, "--json", "--long"];
+	const args: string[] = ["--repo", repoUrl, "ls", snapshotId, "--long"];
 
 	if (path) {
 		args.push(path);
 	}
 
-	addRepoSpecificArgs(args, config, env);
+	addCommonArgs(args, env);
 
 	const res = await safeSpawn({ command: "restic", args, env });
 	await cleanupTemporaryKeys(config, env);
@@ -637,8 +643,8 @@ const unlock = async (config: RepositoryConfig) => {
 	const repoUrl = buildRepoUrl(config);
 	const env = await buildEnv(config);
 
-	const args = ["unlock", "--repo", repoUrl, "--remove-all", "--json"];
-	addRepoSpecificArgs(args, config, env);
+	const args = ["unlock", "--repo", repoUrl, "--remove-all"];
+	addCommonArgs(args, env);
 
 	const res = await $`restic ${args}`.env(env).nothrow();
 	await cleanupTemporaryKeys(config, env);
@@ -662,7 +668,7 @@ const check = async (config: RepositoryConfig, options?: { readData?: boolean })
 		args.push("--read-data");
 	}
 
-	addRepoSpecificArgs(args, config, env);
+	addCommonArgs(args, env);
 
 	const res = await $`restic ${args}`.env(env).nothrow();
 	await cleanupTemporaryKeys(config, env);
@@ -696,7 +702,7 @@ const repairIndex = async (config: RepositoryConfig) => {
 	const env = await buildEnv(config);
 
 	const args = ["repair", "index", "--repo", repoUrl];
-	addRepoSpecificArgs(args, config, env);
+	addCommonArgs(args, env);
 
 	const res = await $`restic ${args}`.env(env).nothrow();
 	await cleanupTemporaryKeys(config, env);
@@ -717,10 +723,65 @@ const repairIndex = async (config: RepositoryConfig) => {
 	};
 };
 
-const addRepoSpecificArgs = (args: string[], config: RepositoryConfig, env: Record<string, string>) => {
-	if (config.backend === "sftp" && env._SFTP_SSH_ARGS) {
-		args.push("-o", `sftp.args=${env._SFTP_SSH_ARGS}`);
+const copy = async (
+	sourceConfig: RepositoryConfig,
+	destConfig: RepositoryConfig,
+	options: {
+		tag?: string;
+		snapshotId?: string;
+	},
+) => {
+	const sourceRepoUrl = buildRepoUrl(sourceConfig);
+	const destRepoUrl = buildRepoUrl(destConfig);
+
+	const sourceEnv = await buildEnv(sourceConfig);
+	const destEnv = await buildEnv(destConfig);
+
+	const env: Record<string, string> = {
+		...sourceEnv,
+		...destEnv,
+		RESTIC_FROM_PASSWORD_FILE: sourceEnv.RESTIC_PASSWORD_FILE,
+	};
+
+	const args: string[] = ["--repo", destRepoUrl, "copy", "--from-repo", sourceRepoUrl];
+
+	if (options.tag) {
+		args.push("--tag", options.tag);
+	}
+
+	if (options.snapshotId) {
+		args.push(options.snapshotId);
+	} else {
+		args.push("latest");
+	}
+
+	addCommonArgs(args, env);
+
+	if (sourceConfig.backend === "sftp" && sourceEnv._SFTP_SSH_ARGS) {
+		args.push("-o", `sftp.args=${sourceEnv._SFTP_SSH_ARGS}`);
 	}
+
+	logger.info(`Copying snapshots from ${sourceRepoUrl} to ${destRepoUrl}...`);
+	logger.debug(`Executing: restic ${args.join(" ")}`);
+
+	const res = await $`restic ${args}`.env(env).nothrow();
+
+	await cleanupTemporaryKeys(sourceConfig, sourceEnv);
+	await cleanupTemporaryKeys(destConfig, destEnv);
+
+	const stdout = res.text();
+	const stderr = res.stderr.toString();
+
+	if (res.exitCode !== 0) {
+		logger.error(`Restic copy failed: ${stderr}`);
+		throw new ResticError(res.exitCode, stderr);
+	}
+
+	logger.info(`Restic copy completed from ${sourceRepoUrl} to ${destRepoUrl}`);
+	return {
+		success: true,
+		output: stdout,
+	};
 };
 
 const cleanupTemporaryKeys = async (config: RepositoryConfig, env: Record<string, string>) => {
@@ -733,6 +794,14 @@ const cleanupTemporaryKeys = async (config: RepositoryConfig, env: Record<string
 	}
 };
 
+const addCommonArgs = (args: string[], env: Record<string, string>) => {
+	args.push("--json");
+
+	if (env._SFTP_SSH_ARGS) {
+		args.push("-o", `sftp.args=${env._SFTP_SSH_ARGS}`);
+	}
+};
+
 export const restic = {
 	ensurePassfile,
 	init,
@@ -745,4 +814,5 @@ export const restic = {
 	ls,
 	check,
 	repairIndex,
+	copy,
 };
diff --git a/biome.json b/biome.json
index 68a6cf18..928a49a7 100644
--- a/biome.json
+++ b/biome.json
@@ -1,8 +1,9 @@
 {
-	"$schema": "https://biomejs.dev/schemas/2.3.5/schema.json",
+	"$schema": "./node_modules/@biomejs/biome/configuration_schema.json",
 	"vcs": {
 		"enabled": true,
 		"clientKind": "git",
+		"defaultBranch": "origin/main",
 		"useIgnoreFile": true
 	},
 	"files": {
diff --git a/bun.lock b/bun.lock
index 489487d6..66bf1d8d 100644
--- a/bun.lock
+++ b/bun.lock
@@ -1,27 +1,28 @@
 {
   "lockfileVersion": 1,
+  "configVersion": 0,
   "workspaces": {
     "": {
       "dependencies": {
-        "@hono/standard-validator": "^0.1.5",
+        "@hono/standard-validator": "^0.2.0",
         "@hookform/resolvers": "^5.2.2",
         "@radix-ui/react-alert-dialog": "^1.1.15",
         "@radix-ui/react-checkbox": "^1.3.3",
         "@radix-ui/react-dialog": "^1.1.15",
-        "@radix-ui/react-label": "^2.1.7",
+        "@radix-ui/react-label": "^2.1.8",
         "@radix-ui/react-progress": "^1.1.8",
         "@radix-ui/react-scroll-area": "^1.2.10",
         "@radix-ui/react-select": "^2.2.6",
-        "@radix-ui/react-separator": "^1.1.7",
-        "@radix-ui/react-slot": "^1.2.3",
+        "@radix-ui/react-separator": "^1.1.8",
+        "@radix-ui/react-slot": "^1.2.4",
         "@radix-ui/react-switch": "^1.2.6",
         "@radix-ui/react-tabs": "^1.1.13",
         "@radix-ui/react-tooltip": "^1.2.8",
-        "@react-router/node": "^7.9.3",
-        "@react-router/serve": "^7.9.3",
-        "@scalar/hono-api-reference": "^0.9.24",
-        "@tanstack/react-query": "^5.90.2",
-        "arktype": "^2.1.26",
+        "@react-router/node": "^7.10.0",
+        "@react-router/serve": "^7.10.0",
+        "@scalar/hono-api-reference": "^0.9.25",
+        "@tanstack/react-query": "^5.90.11",
+        "arktype": "^2.1.28",
         "class-variance-authority": "^0.7.1",
         "clsx": "^2.1.1",
         "cron-parser": "^5.4.0",
@@ -30,54 +31,54 @@
         "dockerode": "^4.0.9",
         "dotenv": "^17.2.3",
         "drizzle-orm": "^0.44.7",
-        "es-toolkit": "^1.41.0",
-        "hono": "^4.10.5",
+        "es-toolkit": "^1.42.0",
+        "hono": "4.10.5",
         "hono-openapi": "^1.1.1",
-        "http-errors-enhanced": "^3.0.2",
-        "isbot": "^5.1.31",
-        "lucide-react": "^0.546.0",
+        "http-errors-enhanced": "^4.0.2",
+        "isbot": "^5.1.32",
+        "lucide-react": "^0.555.0",
         "next-themes": "^0.4.6",
         "node-cron": "^4.2.1",
-        "react": "^19.2.0",
-        "react-dom": "^19.2.0",
-        "react-hook-form": "^7.63.0",
-        "react-router": "^7.9.3",
+        "react": "^19.2.1",
+        "react-dom": "^19.2.1",
+        "react-hook-form": "^7.68.0",
+        "react-router": "^7.10.0",
         "react-router-hono-server": "^2.22.0",
-        "recharts": "3.2.1",
+        "recharts": "3.5.1",
         "slugify": "^1.6.6",
         "sonner": "^2.0.7",
-        "tailwind-merge": "^3.3.1",
+        "tailwind-merge": "^3.4.0",
         "tiny-typed-emitter": "^2.1.0",
         "winston": "^3.18.3",
-        "yaml": "^2.8.1",
+        "yaml": "^2.8.2",
       },
       "devDependencies": {
-        "@biomejs/biome": "^2.3.5",
-        "@hey-api/openapi-ts": "^0.87.4",
-        "@react-router/dev": "^7.9.3",
-        "@tailwindcss/vite": "^4.1.14",
-        "@tanstack/react-query-devtools": "^5.90.2",
-        "@types/bun": "^1.3.2",
-        "@types/dockerode": "^3.3.45",
-        "@types/node": "^24.6.2",
-        "@types/react": "^19.2.0",
-        "@types/react-dom": "^19.2.0",
-        "drizzle-kit": "^0.31.6",
+        "@biomejs/biome": "^2.3.8",
+        "@hey-api/openapi-ts": "^0.88.0",
+        "@react-router/dev": "^7.10.0",
+        "@tailwindcss/vite": "^4.1.17",
+        "@tanstack/react-query-devtools": "^5.91.1",
+        "@types/bun": "^1.3.3",
+        "@types/dockerode": "^3.3.47",
+        "@types/node": "^24.10.1",
+        "@types/react": "^19.2.7",
+        "@types/react-dom": "^19.2.3",
+        "drizzle-kit": "^0.31.7",
         "lightningcss": "^1.30.2",
-        "tailwindcss": "^4.1.14",
+        "tailwindcss": "^4.1.17",
         "tinyglobby": "^0.2.15",
         "tw-animate-css": "^1.4.0",
         "typescript": "^5.9.3",
-        "vite": "^7.1.9",
+        "vite": "^7.2.6",
         "vite-bundle-analyzer": "^1.2.3",
         "vite-tsconfig-paths": "^5.1.4",
       },
     },
   },
   "packages": {
-    "@ark/schema": ["@ark/schema@0.54.0", "", { "dependencies": { "@ark/util": "0.54.0" } }, "sha512-QloFou+ODfb5qXgPxX1EbJyRqZEwoElzvJ6VuuFVvWJQGoigBEUW3L0HejXG/B9v8K3VvDikuULp5ELSwZn8hg=="],
+    "@ark/schema": ["@ark/schema@0.56.0", "", { "dependencies": { "@ark/util": "0.56.0" } }, "sha512-ECg3hox/6Z/nLajxXqNhgPtNdHWC9zNsDyskwO28WinoFEnWow4IsERNz9AnXRhTZJnYIlAJ4uGn3nlLk65vZA=="],
 
-    "@ark/util": ["@ark/util@0.54.0", "", {}, "sha512-ugTfpEDGA6d2uU2/3M7uRiuPNYckQMhg2wfNMw8zZHXjPhuVCbXWZzIcBojuXuCN8j4MrNWNqQ9z7f8W/JiE8w=="],
+    "@ark/util": ["@ark/util@0.56.0", "", {}, "sha512-BghfRC8b9pNs3vBoDJhcta0/c1J1rsoS1+HgVUreMFPdhz/CRAKReAu57YEllNaSy98rWAdY1gE+gFup7OXpgA=="],
 
     "@babel/code-frame": ["@babel/code-frame@7.27.1", "", { "dependencies": { "@babel/helper-validator-identifier": "^7.27.1", "js-tokens": "^4.0.0", "picocolors": "^1.1.1" } }, "sha512-cjQ7ZlQ0Mv3b47hABuTevyTuYN4i+loJKGeV9flcCgIK37cCXRh+L1bd3iBHlynerhQ7BhCkn2BPbQUL+rGqFg=="],
 
@@ -137,23 +138,23 @@
 
     "@balena/dockerignore": ["@balena/dockerignore@1.0.2", "", {}, "sha512-wMue2Sy4GAVTk6Ic4tJVcnfdau+gx2EnG7S+uAEe+TWJFqE4YoWN4/H8MSLj4eYJKxGg26lZwboEniNiNwZQ6Q=="],
 
-    "@biomejs/biome": ["@biomejs/biome@2.3.5", "", { "optionalDependencies": { "@biomejs/cli-darwin-arm64": "2.3.5", "@biomejs/cli-darwin-x64": "2.3.5", "@biomejs/cli-linux-arm64": "2.3.5", "@biomejs/cli-linux-arm64-musl": "2.3.5", "@biomejs/cli-linux-x64": "2.3.5", "@biomejs/cli-linux-x64-musl": "2.3.5", "@biomejs/cli-win32-arm64": "2.3.5", "@biomejs/cli-win32-x64": "2.3.5" }, "bin": { "biome": "bin/biome" } }, "sha512-HvLhNlIlBIbAV77VysRIBEwp55oM/QAjQEin74QQX9Xb259/XP/D5AGGnZMOyF1el4zcvlNYYR3AyTMUV3ILhg=="],
+    "@biomejs/biome": ["@biomejs/biome@2.3.8", "", { "optionalDependencies": { "@biomejs/cli-darwin-arm64": "2.3.8", "@biomejs/cli-darwin-x64": "2.3.8", "@biomejs/cli-linux-arm64": "2.3.8", "@biomejs/cli-linux-arm64-musl": "2.3.8", "@biomejs/cli-linux-x64": "2.3.8", "@biomejs/cli-linux-x64-musl": "2.3.8", "@biomejs/cli-win32-arm64": "2.3.8", "@biomejs/cli-win32-x64": "2.3.8" }, "bin": { "biome": "bin/biome" } }, "sha512-Qjsgoe6FEBxWAUzwFGFrB+1+M8y/y5kwmg5CHac+GSVOdmOIqsAiXM5QMVGZJ1eCUCLlPZtq4aFAQ0eawEUuUA=="],
 
-    "@biomejs/cli-darwin-arm64": ["@biomejs/cli-darwin-arm64@2.3.5", "", { "os": "darwin", "cpu": "arm64" }, "sha512-fLdTur8cJU33HxHUUsii3GLx/TR0BsfQx8FkeqIiW33cGMtUD56fAtrh+2Fx1uhiCsVZlFh6iLKUU3pniZREQw=="],
+    "@biomejs/cli-darwin-arm64": ["@biomejs/cli-darwin-arm64@2.3.8", "", { "os": "darwin", "cpu": "arm64" }, "sha512-HM4Zg9CGQ3txTPflxD19n8MFPrmUAjaC7PQdLkugeeC0cQ+PiVrd7i09gaBS/11QKsTDBJhVg85CEIK9f50Qww=="],
 
-    "@biomejs/cli-darwin-x64": ["@biomejs/cli-darwin-x64@2.3.5", "", { "os": "darwin", "cpu": "x64" }, "sha512-qpT8XDqeUlzrOW8zb4k3tjhT7rmvVRumhi2657I2aGcY4B+Ft5fNwDdZGACzn8zj7/K1fdWjgwYE3i2mSZ+vOA=="],
+    "@biomejs/cli-darwin-x64": ["@biomejs/cli-darwin-x64@2.3.8", "", { "os": "darwin", "cpu": "x64" }, "sha512-lUDQ03D7y/qEao7RgdjWVGCu+BLYadhKTm40HkpJIi6kn8LSv5PAwRlew/DmwP4YZ9ke9XXoTIQDO1vAnbRZlA=="],
 
-    "@biomejs/cli-linux-arm64": ["@biomejs/cli-linux-arm64@2.3.5", "", { "os": "linux", "cpu": "arm64" }, "sha512-u/pybjTBPGBHB66ku4pK1gj+Dxgx7/+Z0jAriZISPX1ocTO8aHh8x8e7Kb1rB4Ms0nA/SzjtNOVJ4exVavQBCw=="],
+    "@biomejs/cli-linux-arm64": ["@biomejs/cli-linux-arm64@2.3.8", "", { "os": "linux", "cpu": "arm64" }, "sha512-Uo1OJnIkJgSgF+USx970fsM/drtPcQ39I+JO+Fjsaa9ZdCN1oysQmy6oAGbyESlouz+rzEckLTF6DS7cWse95g=="],
 
-    "@biomejs/cli-linux-arm64-musl": ["@biomejs/cli-linux-arm64-musl@2.3.5", "", { "os": "linux", "cpu": "arm64" }, "sha512-eGUG7+hcLgGnMNl1KHVZUYxahYAhC462jF/wQolqu4qso2MSk32Q+QrpN7eN4jAHAg7FUMIo897muIhK4hXhqg=="],
+    "@biomejs/cli-linux-arm64-musl": ["@biomejs/cli-linux-arm64-musl@2.3.8", "", { "os": "linux", "cpu": "arm64" }, "sha512-PShR4mM0sjksUMyxbyPNMxoKFPVF48fU8Qe8Sfx6w6F42verbwRLbz+QiKNiDPRJwUoMG1nPM50OBL3aOnTevA=="],
 
-    "@biomejs/cli-linux-x64": ["@biomejs/cli-linux-x64@2.3.5", "", { "os": "linux", "cpu": "x64" }, "sha512-XrIVi9YAW6ye0CGQ+yax0gLfx+BFOtKaNX74n+xHWla6Cl6huUmcKNO7HPx7BiKnJUzrxXY1qYlm7xMvi08X4g=="],
+    "@biomejs/cli-linux-x64": ["@biomejs/cli-linux-x64@2.3.8", "", { "os": "linux", "cpu": "x64" }, "sha512-QDPMD5bQz6qOVb3kiBui0zKZXASLo0NIQ9JVJio5RveBEFgDgsvJFUvZIbMbUZT3T00M/1wdzwWXk4GIh0KaAw=="],
 
-    "@biomejs/cli-linux-x64-musl": ["@biomejs/cli-linux-x64-musl@2.3.5", "", { "os": "linux", "cpu": "x64" }, "sha512-awVuycTPpVTH/+WDVnEEYSf6nbCBHf/4wB3lquwT7puhNg8R4XvonWNZzUsfHZrCkjkLhFH/vCZK5jHatD9FEg=="],
+    "@biomejs/cli-linux-x64-musl": ["@biomejs/cli-linux-x64-musl@2.3.8", "", { "os": "linux", "cpu": "x64" }, "sha512-YGLkqU91r1276uwSjiUD/xaVikdxgV1QpsicT0bIA1TaieM6E5ibMZeSyjQ/izBn4tKQthUSsVZacmoJfa3pDA=="],
 
-    "@biomejs/cli-win32-arm64": ["@biomejs/cli-win32-arm64@2.3.5", "", { "os": "win32", "cpu": "arm64" }, "sha512-DlBiMlBZZ9eIq4H7RimDSGsYcOtfOIfZOaI5CqsWiSlbTfqbPVfWtCf92wNzx8GNMbu1s7/g3ZZESr6+GwM/SA=="],
+    "@biomejs/cli-win32-arm64": ["@biomejs/cli-win32-arm64@2.3.8", "", { "os": "win32", "cpu": "arm64" }, "sha512-H4IoCHvL1fXKDrTALeTKMiE7GGWFAraDwBYFquE/L/5r1927Te0mYIGseXi4F+lrrwhSWbSGt5qPFswNoBaCxg=="],
 
-    "@biomejs/cli-win32-x64": ["@biomejs/cli-win32-x64@2.3.5", "", { "os": "win32", "cpu": "x64" }, "sha512-nUmR8gb6yvrKhtRgzwo/gDimPwnO5a4sCydf8ZS2kHIJhEmSmk+STsusr1LHTuM//wXppBawvSQi2xFXJCdgKQ=="],
+    "@biomejs/cli-win32-x64": ["@biomejs/cli-win32-x64@2.3.8", "", { "os": "win32", "cpu": "x64" }, "sha512-RguzimPoZWtBapfKhKjcWXBVI91tiSprqdBYu7tWhgN8pKRZhw24rFeNZTNf6UiBfjCYCi9eFQs/JzJZIhuK4w=="],
 
     "@colors/colors": ["@colors/colors@1.6.0", "", {}, "sha512-Ir+AOibqzrIsL6ajt3Rz3LskB7OiMVHqltZmspbW/TJuTVuyOMirVqAkjfY6JISiLHgyNqicAC8AyHHGzNd/dA=="],
 
@@ -233,20 +234,18 @@
 
     "@hey-api/json-schema-ref-parser": ["@hey-api/json-schema-ref-parser@1.2.1", "", { "dependencies": { "@jsdevtools/ono": "^7.1.3", "@types/json-schema": "^7.0.15", "js-yaml": "^4.1.0", "lodash": "^4.17.21" } }, "sha512-inPeksRLq+j3ArnuGOzQPQE//YrhezQG0+9Y9yizScBN2qatJ78fIByhEgKdNAbtguDCn4RPxmEhcrePwHxs4A=="],
 
-    "@hey-api/openapi-ts": ["@hey-api/openapi-ts@0.87.4", "", { "dependencies": { "@hey-api/codegen-core": "^0.3.3", "@hey-api/json-schema-ref-parser": "1.2.1", "ansi-colors": "4.1.3", "c12": "3.3.2", "color-support": "1.1.3", "commander": "14.0.1", "open": "10.2.0", "semver": "7.7.2" }, "peerDependencies": { "typescript": ">=5.5.3" }, "bin": { "openapi-ts": "bin/run.js" } }, "sha512-ogSjR7l+PCBoRvvJVrUFZ3Cv4GDnETpwAr5G9EwsbjKVJHZDsQn3EIOYJi2WqKl9VPZBT1CtycIxR/ZmCS/T4A=="],
+    "@hey-api/openapi-ts": ["@hey-api/openapi-ts@0.88.0", "", { "dependencies": { "@hey-api/codegen-core": "^0.3.3", "@hey-api/json-schema-ref-parser": "1.2.1", "ansi-colors": "4.1.3", "c12": "3.3.2", "color-support": "1.1.3", "commander": "14.0.2", "open": "11.0.0", "semver": "7.7.2" }, "peerDependencies": { "typescript": ">=5.5.3" }, "bin": { "openapi-ts": "bin/run.js" } }, "sha512-ZrvmDfmVf+N4ry786LAhS/DoH+xkIjIJIeDnj2aL1qnMTIDsdRIXXvr80EnAZVBgunzu1wTBbHb3H9OfyDQ2EQ=="],
 
     "@hono/node-server": ["@hono/node-server@1.19.6", "", { "peerDependencies": { "hono": "^4" } }, "sha512-Shz/KjlIeAhfiuE93NDKVdZ7HdBVLQAfdbaXEaoAVO3ic9ibRSLGIQGkcBbFyuLr+7/1D5ZCINM8B+6IvXeMtw=="],
 
     "@hono/node-ws": ["@hono/node-ws@1.2.0", "", { "dependencies": { "ws": "^8.17.0" }, "peerDependencies": { "@hono/node-server": "^1.11.1", "hono": "^4.6.0" } }, "sha512-OBPQ8OSHBw29mj00wT/xGYtB6HY54j0fNSdVZ7gZM3TUeq0So11GXaWtFf1xWxQNfumKIsj0wRuLKWfVsO5GgQ=="],
 
-    "@hono/standard-validator": ["@hono/standard-validator@0.1.5", "", { "peerDependencies": { "@standard-schema/spec": "1.0.0", "hono": ">=3.9.0" } }, "sha512-EIyZPPwkyLn6XKwFj5NBEWHXhXbgmnVh2ceIFo5GO7gKI9WmzTjPDKnppQB0KrqKeAkq3kpoW4SIbu5X1dgx3w=="],
+    "@hono/standard-validator": ["@hono/standard-validator@0.2.0", "", { "peerDependencies": { "@standard-schema/spec": "1.0.0", "hono": ">=3.9.0" } }, "sha512-pFq0UVAnjzXcDAgqFpDeVL3MOUPrlIh/kPqBDvbCYoThVhhS+Vf37VcdsakdOFFGiqoiYVxp3LifXFhGhp/rgQ=="],
 
     "@hono/vite-dev-server": ["@hono/vite-dev-server@0.23.0", "", { "dependencies": { "@hono/node-server": "^1.14.2", "minimatch": "^9.0.3" }, "peerDependencies": { "hono": "*", "miniflare": "*", "wrangler": "*" }, "optionalPeers": ["miniflare", "wrangler"] }, "sha512-tHV86xToed9Up0j/dubQW2PDP4aYNFDSfQrjcV6Ra7bqCGrxhtg/zZBmbgSco3aTxKOEPzDXKK+6seAAfsbIXw=="],
 
     "@hookform/resolvers": ["@hookform/resolvers@5.2.2", "", { "dependencies": { "@standard-schema/utils": "^0.3.0" }, "peerDependencies": { "react-hook-form": "^7.55.0" } }, "sha512-A/IxlMLShx3KjV/HeTcTfaMxdwy690+L/ZADoeaTltLx+CVuzkeVIPuybK3jrRfw7YZnmdKsVVHAlEPIAEUNlA=="],
 
-    "@isaacs/cliui": ["@isaacs/cliui@8.0.2", "", { "dependencies": { "string-width": "^5.1.2", "string-width-cjs": "npm:string-width@^4.2.0", "strip-ansi": "^7.0.1", "strip-ansi-cjs": "npm:strip-ansi@^6.0.1", "wrap-ansi": "^8.1.0", "wrap-ansi-cjs": "npm:wrap-ansi@^7.0.0" } }, "sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA=="],
-
     "@jridgewell/gen-mapping": ["@jridgewell/gen-mapping@0.3.13", "", { "dependencies": { "@jridgewell/sourcemap-codec": "^1.5.0", "@jridgewell/trace-mapping": "^0.3.24" } }, "sha512-2kkt/7niJ6MgEPxF0bYdQ6etZaA+fQvDcLKckhy1yIQOzaoKjBBjSj63/aLVjYE3qhRt5dvM+uUyfCg6UKCBbA=="],
 
     "@jridgewell/remapping": ["@jridgewell/remapping@2.3.5", "", { "dependencies": { "@jridgewell/gen-mapping": "^0.3.5", "@jridgewell/trace-mapping": "^0.3.24" } }, "sha512-LI9u/+laYG4Ds1TDKSJW2YPrIlcVYOwi2fUC6xB43lueCjgxV4lffOCZCtYFiH6TNOX+tQKXx97T4IKHbhyHEQ=="],
@@ -263,14 +262,6 @@
 
     "@mjackson/node-fetch-server": ["@mjackson/node-fetch-server@0.2.0", "", {}, "sha512-EMlH1e30yzmTpGLQjlFmaDAjyOeZhng1/XCd7DExR8PNAnG/G1tyruZxEoUe11ClnwGhGrtsdnyyUx1frSzjng=="],
 
-    "@npmcli/git": ["@npmcli/git@4.1.0", "", { "dependencies": { "@npmcli/promise-spawn": "^6.0.0", "lru-cache": "^7.4.4", "npm-pick-manifest": "^8.0.0", "proc-log": "^3.0.0", "promise-inflight": "^1.0.1", "promise-retry": "^2.0.1", "semver": "^7.3.5", "which": "^3.0.0" } }, "sha512-9hwoB3gStVfa0N31ymBmrX+GuDGdVA/QWShZVqE0HK2Af+7QGGrCTbZia/SW0ImUTjTne7SP91qxDmtXvDHRPQ=="],
-
-    "@npmcli/package-json": ["@npmcli/package-json@4.0.1", "", { "dependencies": { "@npmcli/git": "^4.1.0", "glob": "^10.2.2", "hosted-git-info": "^6.1.1", "json-parse-even-better-errors": "^3.0.0", "normalize-package-data": "^5.0.0", "proc-log": "^3.0.0", "semver": "^7.5.3" } }, "sha512-lRCEGdHZomFsURroh522YvA/2cVb9oPIJrjHanCJZkiasz1BzcnLr3tBJhlV7S86MBJBuAQ33is2D60YitZL2Q=="],
-
-    "@npmcli/promise-spawn": ["@npmcli/promise-spawn@6.0.2", "", { "dependencies": { "which": "^3.0.0" } }, "sha512-gGq0NJkIGSwdbUt4yhdF8ZrmkGKVz9vAdVzpOfnom+V8PLSmSOVhZwbNvZZS1EYcJN5hzzKBxmmVVAInM6HQLg=="],
-
-    "@pkgjs/parseargs": ["@pkgjs/parseargs@0.11.0", "", {}, "sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg=="],
-
     "@protobufjs/aspromise": ["@protobufjs/aspromise@1.1.2", "", {}, "sha512-j+gKExEuLmKwvz3OgROXtrJ2UG2x8Ch2YZUxahh+s1F2HZ+wAceUNLkvy6zKCPVRkU++ZWQrdxsUeQXmcg4uoQ=="],
 
     "@protobufjs/base64": ["@protobufjs/base64@1.1.2", "", {}, "sha512-AZkcAA5vnN/v4PDqKyMR5lx7hZttPDgClv83E//FMNhR2TMcLUhfRUBHCmSl0oi9zMgDDqRUJkSxO3wm85+XLg=="],
@@ -367,13 +358,13 @@
 
     "@radix-ui/rect": ["@radix-ui/rect@1.1.1", "", {}, "sha512-HPwpGIzkl28mWyZqG52jiqDJ12waP11Pa1lGoiyUkIEuMLBP0oeK/C89esbXrxsky5we7dfd8U58nm0SgAWpVw=="],
 
-    "@react-router/dev": ["@react-router/dev@7.9.5", "", { "dependencies": { "@babel/core": "^7.27.7", "@babel/generator": "^7.27.5", "@babel/parser": "^7.27.7", "@babel/plugin-syntax-jsx": "^7.27.1", "@babel/preset-typescript": "^7.27.1", "@babel/traverse": "^7.27.7", "@babel/types": "^7.27.7", "@npmcli/package-json": "^4.0.1", "@react-router/node": "7.9.5", "@remix-run/node-fetch-server": "^0.9.0", "arg": "^5.0.1", "babel-dead-code-elimination": "^1.0.6", "chokidar": "^4.0.0", "dedent": "^1.5.3", "es-module-lexer": "^1.3.1", "exit-hook": "2.2.1", "isbot": "^5.1.11", "jsesc": "3.0.2", "lodash": "^4.17.21", "p-map": "^7.0.3", "pathe": "^1.1.2", "picocolors": "^1.1.1", "prettier": "^3.6.2", "react-refresh": "^0.14.0", "semver": "^7.3.7", "tinyglobby": "^0.2.14", "valibot": "^1.1.0", "vite-node": "^3.2.2" }, "peerDependencies": { "@react-router/serve": "^7.9.5", "@vitejs/plugin-rsc": "*", "react-router": "^7.9.5", "typescript": "^5.1.0", "vite": "^5.1.0 || ^6.0.0 || ^7.0.0", "wrangler": "^3.28.2 || ^4.0.0" }, "optionalPeers": ["@react-router/serve", "@vitejs/plugin-rsc", "typescript", "wrangler"], "bin": { "react-router": "bin.js" } }, "sha512-MkWI4zN7VbQ0tteuJtX5hmDINNS26IW236a8lM8+o1344xdnT/ZsBvcUh8AkzDdCRYEz1blgzgirpj0Wc1gmXg=="],
+    "@react-router/dev": ["@react-router/dev@7.10.0", "", { "dependencies": { "@babel/core": "^7.27.7", "@babel/generator": "^7.27.5", "@babel/parser": "^7.27.7", "@babel/plugin-syntax-jsx": "^7.27.1", "@babel/preset-typescript": "^7.27.1", "@babel/traverse": "^7.27.7", "@babel/types": "^7.27.7", "@react-router/node": "7.10.0", "@remix-run/node-fetch-server": "^0.9.0", "arg": "^5.0.1", "babel-dead-code-elimination": "^1.0.6", "chokidar": "^4.0.0", "dedent": "^1.5.3", "es-module-lexer": "^1.3.1", "exit-hook": "2.2.1", "isbot": "^5.1.11", "jsesc": "3.0.2", "lodash": "^4.17.21", "p-map": "^7.0.3", "pathe": "^1.1.2", "picocolors": "^1.1.1", "pkg-types": "^2.3.0", "prettier": "^3.6.2", "react-refresh": "^0.14.0", "semver": "^7.3.7", "tinyglobby": "^0.2.14", "valibot": "^1.1.0", "vite-node": "^3.2.2" }, "peerDependencies": { "@react-router/serve": "^7.10.0", "@vitejs/plugin-rsc": "*", "react-router": "^7.10.0", "typescript": "^5.1.0", "vite": "^5.1.0 || ^6.0.0 || ^7.0.0", "wrangler": "^3.28.2 || ^4.0.0" }, "optionalPeers": ["@react-router/serve", "@vitejs/plugin-rsc", "typescript", "wrangler"], "bin": { "react-router": "bin.js" } }, "sha512-3UgkV0N5lp3+Ol3q64L4ZHgPXv2XA4KHJ59MVLSK2prokrOrPaYvqbdx40r602M+hRZp/u04ln2A6cOfBW6kxA=="],
 
-    "@react-router/express": ["@react-router/express@7.9.5", "", { "dependencies": { "@react-router/node": "7.9.5" }, "peerDependencies": { "express": "^4.17.1 || ^5", "react-router": "7.9.5", "typescript": "^5.1.0" }, "optionalPeers": ["typescript"] }, "sha512-Mg94Tw9JSaRuwkvIC6PaODRzsLs6mo70ppz5qdIK/G3iotSxsH08TDNdzot7CaXXevk/pIiD/+Tbn0H/asHsYA=="],
+    "@react-router/express": ["@react-router/express@7.10.0", "", { "dependencies": { "@react-router/node": "7.10.0" }, "peerDependencies": { "express": "^4.17.1 || ^5", "react-router": "7.10.0", "typescript": "^5.1.0" }, "optionalPeers": ["typescript"] }, "sha512-3cBJ2cyHn5J+wSNFn+XdNSpXVAlQ+nbj7CMa3OsiEpFb+d0GLthirvSESqRjX2Eid94xNHICqKpYS9bR4QqIxg=="],
 
-    "@react-router/node": ["@react-router/node@7.9.5", "", { "dependencies": { "@mjackson/node-fetch-server": "^0.2.0" }, "peerDependencies": { "react-router": "7.9.5", "typescript": "^5.1.0" }, "optionalPeers": ["typescript"] }, "sha512-3mDd32mXh3gEkG0cLPnUaoLkY1pApsTPqn7O1j+P8aLf997uYz5lYDjt33vtMhaotlRM0x+5JziAKtz/76YBpQ=="],
+    "@react-router/node": ["@react-router/node@7.10.0", "", { "dependencies": { "@mjackson/node-fetch-server": "^0.2.0" }, "peerDependencies": { "react-router": "7.10.0", "typescript": "^5.1.0" }, "optionalPeers": ["typescript"] }, "sha512-pff3Xz3gASrIUUX54QdlPzasdN9XRLnzoFEwUVsH5y2sZ6vijQdjZExLS6aQhPiuUr/uVPwN2WngO0Ryfrxulg=="],
 
-    "@react-router/serve": ["@react-router/serve@7.9.5", "", { "dependencies": { "@mjackson/node-fetch-server": "^0.2.0", "@react-router/express": "7.9.5", "@react-router/node": "7.9.5", "compression": "^1.7.4", "express": "^4.19.2", "get-port": "5.1.1", "morgan": "^1.10.0", "source-map-support": "^0.5.21" }, "peerDependencies": { "react-router": "7.9.5" }, "bin": { "react-router-serve": "bin.js" } }, "sha512-sww8oDNqz8SgaXEQ3maqTuMlibCMpmWvLE0s5zyEyOQb1G99clYMcXceQ2HNU2jtXJkp+P5XI1CngpGpngyTnw=="],
+    "@react-router/serve": ["@react-router/serve@7.10.0", "", { "dependencies": { "@mjackson/node-fetch-server": "^0.2.0", "@react-router/express": "7.10.0", "@react-router/node": "7.10.0", "compression": "^1.7.4", "express": "^4.19.2", "get-port": "5.1.1", "morgan": "^1.10.0", "source-map-support": "^0.5.21" }, "peerDependencies": { "react-router": "7.10.0" }, "bin": { "react-router-serve": "bin.js" } }, "sha512-tgdbw1lmDkzF3gCMj//iNklgUrYHUxz35rj0sbyLeti8K2gVsNxaZWyt5omanFgkeZ7WYfi0wzLHviqxl228eA=="],
 
     "@reduxjs/toolkit": ["@reduxjs/toolkit@2.10.1", "", { "dependencies": { "@standard-schema/spec": "^1.0.0", "@standard-schema/utils": "^0.3.0", "immer": "^10.2.0", "redux": "^5.0.1", "redux-thunk": "^3.1.0", "reselect": "^5.1.0" }, "peerDependencies": { "react": "^16.9.0 || ^17.0.0 || ^18 || ^19", "react-redux": "^7.2.1 || ^8.1.3 || ^9.0.0" }, "optionalPeers": ["react", "react-redux"] }, "sha512-/U17EXQ9Do9Yx4DlNGU6eVNfZvFJfYpUtRRdLf19PbPjdWBxNlxGZXywQZ1p1Nz8nMkWplTI7iD/23m07nolDA=="],
 
@@ -423,13 +414,11 @@
 
     "@rollup/rollup-win32-x64-msvc": ["@rollup/rollup-win32-x64-msvc@4.53.2", "", { "os": "win32", "cpu": "x64" }, "sha512-k+/Rkcyx//P6fetPoLMb8pBeqJBNGx81uuf7iljX9++yNBVRDQgD04L+SVXmXmh5ZP4/WOp4mWF0kmi06PW2tA=="],
 
-    "@scalar/core": ["@scalar/core@0.3.22", "", { "dependencies": { "@scalar/types": "0.4.0" } }, "sha512-6lzeRkvgkukSgge35kvxJKiJBny4rdGSaLTNzn/sF1F6JRfUo7I0AgqFxxSZWMD+EG4kGyNxAz0zciDSx2Cjvw=="],
-
-    "@scalar/hono-api-reference": ["@scalar/hono-api-reference@0.9.24", "", { "dependencies": { "@scalar/core": "0.3.22" }, "peerDependencies": { "hono": "^4.10.3" } }, "sha512-NjPY3iMm/FqYRXAgr6V7qBhJGbSUQ8hbijFUMuqZo4pIjGEUNLeB5L9U2Gh4cDIPPWeso8mlc16jaX7dV0FrPw=="],
+    "@scalar/core": ["@scalar/core@0.3.23", "", { "dependencies": { "@scalar/types": "0.5.0" } }, "sha512-hop7LVR3MKB2VpS8dly3gmmbB3lBGxQRtL0pBaC77zFMRHoBv1DuB2bj8l4gxd5grzitJ1LsYduvywLAMY9F6g=="],
 
-    "@scalar/openapi-types": ["@scalar/openapi-types@0.5.1", "", { "dependencies": { "zod": "4.1.11" } }, "sha512-8g7s9lPolyDFtijyh3Ob459tpezPuZbkXoFgJwBTHjPZ7ap+TvOJTvLk56CFwxVBVz2BxCzWJqxYyy3FUdeLoA=="],
+    "@scalar/hono-api-reference": ["@scalar/hono-api-reference@0.9.25", "", { "dependencies": { "@scalar/core": "0.3.23" }, "peerDependencies": { "hono": "^4.10.3" } }, "sha512-ZEQAhvVU/FXdJs8+rVXdfWjwzkE+M6Zr+4W+zNhy8DF17BIpxFXfVL7i3OxK1V/4EtkTplkETjYGTR4ju3RFZw=="],
 
-    "@scalar/types": ["@scalar/types@0.4.0", "", { "dependencies": { "@scalar/openapi-types": "0.5.1", "nanoid": "5.1.5", "type-fest": "5.0.0", "zod": "4.1.11" } }, "sha512-vOD1GZez7kPdVA+UQit05QE9dbALfevhK9kqRTsqcPX7FvvZ9eQWSNl1GKmKtmRiAZGThv2agM5AvHRxkH2JSw=="],
+    "@scalar/types": ["@scalar/types@0.5.0", "", { "dependencies": { "nanoid": "5.1.5", "type-fest": "5.0.0", "zod": "4.1.11" } }, "sha512-imDMuTieOc5kHM9/Kt/1lmiI5ZtusuaYlzsXTP99IsWvD8mJ7ivF73lPBRj4PKtg4vY+ta5CO/vJpvnCYandRg=="],
 
     "@so-ric/colorspace": ["@so-ric/colorspace@1.1.6", "", { "dependencies": { "color": "^5.0.2", "text-hex": "1.0.x" } }, "sha512-/KiKkpHNOBgkFJwu9sh48LkHSMYGyuTcSFK/qMBdnOAlrRJzRSXAOFB5qwzaVQuDl8wAvHVMkaASQDReTahxuw=="],
 
@@ -471,15 +460,15 @@
 
     "@tailwindcss/vite": ["@tailwindcss/vite@4.1.17", "", { "dependencies": { "@tailwindcss/node": "4.1.17", "@tailwindcss/oxide": "4.1.17", "tailwindcss": "4.1.17" }, "peerDependencies": { "vite": "^5.2.0 || ^6 || ^7" } }, "sha512-4+9w8ZHOiGnpcGI6z1TVVfWaX/koK7fKeSYF3qlYg2xpBtbteP2ddBxiarL+HVgfSJGeK5RIxRQmKm4rTJJAwA=="],
 
-    "@tanstack/query-core": ["@tanstack/query-core@5.90.8", "", {}, "sha512-4E0RP/0GJCxSNiRF2kAqE/LQkTJVlL/QNU7gIJSptaseV9HP6kOuA+N11y4bZKZxa3QopK3ZuewwutHx6DqDXQ=="],
+    "@tanstack/query-core": ["@tanstack/query-core@5.90.11", "", {}, "sha512-f9z/nXhCgWDF4lHqgIE30jxLe4sYv15QodfdPDKYAk7nAEjNcndy4dHz3ezhdUaR23BpWa4I2EH4/DZ0//Uf8A=="],
 
-    "@tanstack/query-devtools": ["@tanstack/query-devtools@5.90.1", "", {}, "sha512-GtINOPjPUH0OegJExZ70UahT9ykmAhmtNVcmtdnOZbxLwT7R5OmRztR5Ahe3/Cu7LArEmR6/588tAycuaWb1xQ=="],
+    "@tanstack/query-devtools": ["@tanstack/query-devtools@5.91.1", "", {}, "sha512-l8bxjk6BMsCaVQH6NzQEE/bEgFy1hAs5qbgXl0xhzezlaQbPk6Mgz9BqEg2vTLPOHD8N4k+w/gdgCbEzecGyNg=="],
 
-    "@tanstack/react-query": ["@tanstack/react-query@5.90.8", "", { "dependencies": { "@tanstack/query-core": "5.90.8" }, "peerDependencies": { "react": "^18 || ^19" } }, "sha512-/3b9QGzkf4rE5/miL6tyhldQRlLXzMHcySOm/2Tm2OLEFE9P1ImkH0+OviDBSvyAvtAOJocar5xhd7vxdLi3aQ=="],
+    "@tanstack/react-query": ["@tanstack/react-query@5.90.11", "", { "dependencies": { "@tanstack/query-core": "5.90.11" }, "peerDependencies": { "react": "^18 || ^19" } }, "sha512-3uyzz01D1fkTLXuxF3JfoJoHQMU2fxsfJwE+6N5hHy0dVNoZOvwKP8Z2k7k1KDeD54N20apcJnG75TBAStIrBA=="],
 
-    "@tanstack/react-query-devtools": ["@tanstack/react-query-devtools@5.90.2", "", { "dependencies": { "@tanstack/query-devtools": "5.90.1" }, "peerDependencies": { "@tanstack/react-query": "^5.90.2", "react": "^18 || ^19" } }, "sha512-vAXJzZuBXtCQtrY3F/yUNJCV4obT/A/n81kb3+YqLbro5Z2+phdAbceO+deU3ywPw8B42oyJlp4FhO0SoivDFQ=="],
+    "@tanstack/react-query-devtools": ["@tanstack/react-query-devtools@5.91.1", "", { "dependencies": { "@tanstack/query-devtools": "5.91.1" }, "peerDependencies": { "@tanstack/react-query": "^5.90.10", "react": "^18 || ^19" } }, "sha512-tRnJYwEbH0kAOuToy8Ew7bJw1lX3AjkkgSlf/vzb+NpnqmHPdWM+lA2DSdGQSLi1SU0PDRrrCI1vnZnci96CsQ=="],
 
-    "@types/bun": ["@types/bun@1.3.2", "", { "dependencies": { "bun-types": "1.3.2" } }, "sha512-t15P7k5UIgHKkxwnMNkJbWlh/617rkDGEdSsDbu+qNHTaz9SKf7aC8fiIlUdD5RPpH6GEkP0cK7WlvmrEBRtWg=="],
+    "@types/bun": ["@types/bun@1.3.3", "", { "dependencies": { "bun-types": "1.3.3" } }, "sha512-ogrKbJ2X5N0kWLLFKeytG0eHDleBYtngtlbu9cyBKFtNL3cnpDZkNdQj8flVf6WTZUX5ulI9AY1oa7ljhSrp+g=="],
 
     "@types/d3-array": ["@types/d3-array@3.2.2", "", {}, "sha512-hOLWVbm7uRza0BYXpIIW5pxfrKe0W+D5lrFiAEYR+pb6w3N2SwSMaJbXdUfSEv+dT4MfHBLtn5js0LAWaO6otw=="],
 
@@ -501,7 +490,7 @@
 
     "@types/docker-modem": ["@types/docker-modem@3.0.6", "", { "dependencies": { "@types/node": "*", "@types/ssh2": "*" } }, "sha512-yKpAGEuKRSS8wwx0joknWxsmLha78wNMe9R2S3UNsVOkZded8UqOrV8KoeDXoXsjndxwyF3eIhyClGbO1SEhEg=="],
 
-    "@types/dockerode": ["@types/dockerode@3.3.45", "", { "dependencies": { "@types/docker-modem": "*", "@types/node": "*", "@types/ssh2": "*" } }, "sha512-iYpZF+xr5QLpIICejLdUF2r5gh8IXY1Gw3WLmt41dUbS3Vn/3hVgL+6lJBVbmrhYBWfbWPPstdr6+A0s95DTWA=="],
+    "@types/dockerode": ["@types/dockerode@3.3.47", "", { "dependencies": { "@types/docker-modem": "*", "@types/node": "*", "@types/ssh2": "*" } }, "sha512-ShM1mz7rCjdssXt7Xz0u1/R2BJC7piWa3SJpUBiVjCf2A3XNn4cP6pUVaD8bLanpPVVn4IKzJuw3dOvkJ8IbYw=="],
 
     "@types/estree": ["@types/estree@1.0.8", "", {}, "sha512-dWHzHa2WqEXI/O1E9OjrocMTKJl2mSrEolh1Iomrv6U+JuNwaHXsXx9bLu5gG7BUWFIN0skIQJQ/L1rIex4X6w=="],
 
@@ -509,7 +498,7 @@
 
     "@types/node": ["@types/node@24.10.1", "", { "dependencies": { "undici-types": "~7.16.0" } }, "sha512-GNWcUTRBgIRJD5zj+Tq0fKOJ5XZajIiBroOF0yvj2bSU1WvNdYS/dn9UxwsujGW4JX06dnHyjV2y9rRaybH0iQ=="],
 
-    "@types/react": ["@types/react@19.2.4", "", { "dependencies": { "csstype": "^3.0.2" } }, "sha512-tBFxBp9Nfyy5rsmefN+WXc1JeW/j2BpBHFdLZbEVfs9wn3E3NRFxwV0pJg8M1qQAexFpvz73hJXFofV0ZAu92A=="],
+    "@types/react": ["@types/react@19.2.7", "", { "dependencies": { "csstype": "^3.2.2" } }, "sha512-MWtvHrGZLFttgeEj28VXHxpmwYbor/ATPYbBfSFZEIRK0ecCFLl2Qo55z52Hss+UV9CRN7trSeq1zbgx7YDWWg=="],
 
     "@types/react-dom": ["@types/react-dom@19.2.3", "", { "peerDependencies": { "@types/react": "^19.2.0" } }, "sha512-jp2L/eY6fn+KgVVQAOqYItbF0VY/YApe5Mz2F0aykSO8gx31bYCZyvSeYxCHKvzHG5eZjc+zyaS5BrBWya2+kQ=="],
 
@@ -533,9 +522,9 @@
 
     "aria-hidden": ["aria-hidden@1.2.6", "", { "dependencies": { "tslib": "^2.0.0" } }, "sha512-ik3ZgC9dY/lYVVM++OISsaYDeg1tb0VtP5uL3ouh1koGOaUMDPpbFIei4JkFimWUFPn90sbMNMXQAIVOlnYKJA=="],
 
-    "arkregex": ["arkregex@0.0.2", "", { "dependencies": { "@ark/util": "0.53.0" } }, "sha512-ttjDUICBVoXD/m8bf7eOjx8XMR6yIT2FmmW9vsN0FCcFOygEZvvIX8zK98tTdXkzi0LkRi5CmadB44jFEIyDNA=="],
+    "arkregex": ["arkregex@0.0.4", "", { "dependencies": { "@ark/util": "0.56.0" } }, "sha512-biS/FkvSwQq59TZ453piUp8bxMui11pgOMV9WHAnli1F8o0ayNCZzUwQadL/bGIUic5TkS/QlPcyMuI8ZIwedQ=="],
 
-    "arktype": ["arktype@2.1.26", "", { "dependencies": { "@ark/schema": "0.54.0", "@ark/util": "0.54.0", "arkregex": "0.0.2" } }, "sha512-zDwukKV6uTElKCAbIoQ9OU6shXE5ALjvZAqHErOSv6l0iLKlubELZ7AcevYLaWFYr5rmIN4Uv9+dIzInktSO1A=="],
+    "arktype": ["arktype@2.1.28", "", { "dependencies": { "@ark/schema": "0.56.0", "@ark/util": "0.56.0", "arkregex": "0.0.4" } }, "sha512-LVZqXl2zWRpNFnbITrtFmqeqNkPPo+KemuzbGSY6jvJwCb4v8NsDzrWOLHnQgWl26TkJeWWcUNUeBpq2Mst1/Q=="],
 
     "array-flatten": ["array-flatten@1.1.1", "", {}, "sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg=="],
 
@@ -569,7 +558,7 @@
 
     "buildcheck": ["buildcheck@0.0.6", "", {}, "sha512-8f9ZJCUXyT1M35Jx7MkBgmBMo3oHTTBIPLiY9xyL0pl3T5RwcPEY8cUHr5LBNfu/fk6c2T4DJZuVM/8ZZT2D2A=="],
 
-    "bun-types": ["bun-types@1.3.2", "", { "dependencies": { "@types/node": "*" }, "peerDependencies": { "@types/react": "^19" } }, "sha512-i/Gln4tbzKNuxP70OWhJRZz1MRfvqExowP7U6JKoI8cntFrtxg7RJK3jvz7wQW54UuvNC8tbKHHri5fy74FVqg=="],
+    "bun-types": ["bun-types@1.3.3", "", { "dependencies": { "@types/node": "*" } }, "sha512-z3Xwlg7j2l9JY27x5Qn3Wlyos8YAp0kKRlrePAOjgjMGS5IG6E7Jnlx736vH9UVI4wUICwwhC9anYL++XeOgTQ=="],
 
     "bundle-name": ["bundle-name@4.1.0", "", { "dependencies": { "run-applescript": "^7.0.0" } }, "sha512-tjwM5exMg6BGRI+kNmTntNsvdZS1X8BFYS6tnJ2hdH0kVxM6/eVZ2xy+FqStSWvYmtfFMDLIxurorHwDKfDz5Q=="],
 
@@ -607,7 +596,7 @@
 
     "color-support": ["color-support@1.1.3", "", { "bin": { "color-support": "bin.js" } }, "sha512-qiBjkpbMLO/HL68y+lh4q0/O1MZFj2RX6X/KmMa3+gJD3z+WwI1ZzDHysvqHGS3mP6mznPckpXmw1nI9cJjyRg=="],
 
-    "commander": ["commander@14.0.1", "", {}, "sha512-2JkV3gUZUVrbNA+1sjBOYLsMZ5cEEl8GTFP2a4AVz5hvasAMCQ1D2l2le/cX+pV4N6ZU17zjUahLpIXRrnWL8A=="],
+    "commander": ["commander@14.0.2", "", {}, "sha512-TywoWNNRbhoD0BXs1P3ZEScW8W5iKrnbithIl0YH+uCmBd0QpPOA8yc82DS3BIE5Ma6FnBVUsJ7wVUDz4dvOWQ=="],
 
     "compressible": ["compressible@2.0.18", "", { "dependencies": { "mime-db": ">= 1.43.0 < 2" } }, "sha512-AF3r7P5dWxL8MxyITRMlORQNaOA2IkAFaTr4k7BUumjPtRpGDTZpl0Pb1XCO6JeDCBdp126Cgs9sMxqSjgYyRg=="],
 
@@ -631,9 +620,7 @@
 
     "cron-parser": ["cron-parser@5.4.0", "", { "dependencies": { "luxon": "^3.7.1" } }, "sha512-HxYB8vTvnQFx4dLsZpGRa0uHp6X3qIzS3ZJgJ9v6l/5TJMgeWQbLkR5yiJ5hOxGbc9+jCADDnydIe15ReLZnJA=="],
 
-    "cross-spawn": ["cross-spawn@7.0.6", "", { "dependencies": { "path-key": "^3.1.0", "shebang-command": "^2.0.0", "which": "^2.0.1" } }, "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA=="],
-
-    "csstype": ["csstype@3.1.3", "", {}, "sha512-M1uQkMl8rQK/szD0LNhtqxIPLpimGm8sOBwU7lLnCpSbTyY3yeU1Vc7l4KT5zT4s/yOxHH5O7tIuuLOCnLADRw=="],
+    "csstype": ["csstype@3.2.3", "", {}, "sha512-z1HGKcYy2xA8AGQfwrn0PAy+PB7X/GSj3UVJW9qKyn43xWa+gl5nXmU4qqLMRzWVLFC8KusUX8T/0kCiOYpAIQ=="],
 
     "d3-array": ["d3-array@3.2.4", "", { "dependencies": { "internmap": "1 - 2" } }, "sha512-tdQAmyA18i4J7wprpYq8ClcxZy3SC31QMeByyCFyRt7BVHdREQZ5lpzoe5mFEYZUWe+oq8HBvk9JjpibyEV4Jg=="],
 
@@ -665,7 +652,7 @@
 
     "dedent": ["dedent@1.7.0", "", { "peerDependencies": { "babel-plugin-macros": "^3.1.0" }, "optionalPeers": ["babel-plugin-macros"] }, "sha512-HGFtf8yhuhGhqO07SV79tRp+br4MnbdjeVxotpn1QBl30pcLLCQjX5b2295ll0fv8RKDKsmWYrl05usHM9CewQ=="],
 
-    "default-browser": ["default-browser@5.3.0", "", { "dependencies": { "bundle-name": "^4.1.0", "default-browser-id": "^5.0.0" } }, "sha512-Qq68+VkJlc8tjnPV1i7HtbIn7ohmjZa88qUvHMIK0ZKUXMCuV45cT7cEXALPUmeXCe0q1DWQkQTemHVaLIFSrg=="],
+    "default-browser": ["default-browser@5.4.0", "", { "dependencies": { "bundle-name": "^4.1.0", "default-browser-id": "^5.0.0" } }, "sha512-XDuvSq38Hr1MdN47EDvYtx3U0MTqpCEn+F6ft8z2vYDzMrvQhVp0ui9oQdqW3MvK3vqUETglt1tVGgjLuJ5izg=="],
 
     "default-browser-id": ["default-browser-id@5.0.0", "", {}, "sha512-A6p/pu/6fyBcA1TRz/GqWYPViplrftcW2gZC9q79ngNCKAeR/X3gcEdXQHl4KNXV+3wgIJ1CPkJQ3IHM6lcsyA=="],
 
@@ -691,14 +678,12 @@
 
     "dotenv": ["dotenv@17.2.3", "", {}, "sha512-JVUnt+DUIzu87TABbhPmNfVdBDt18BLOWjMUFJMSi/Qqg7NTYtabbvSNJGOJ7afbRuv9D/lngizHtP7QyLQ+9w=="],
 
-    "drizzle-kit": ["drizzle-kit@0.31.6", "", { "dependencies": { "@drizzle-team/brocli": "^0.10.2", "@esbuild-kit/esm-loader": "^2.5.5", "esbuild": "^0.25.4", "esbuild-register": "^3.5.0" }, "bin": { "drizzle-kit": "bin.cjs" } }, "sha512-/B4e/4pwnx25QwD5xXgdpo1S+077a2VZdosXbItE/oNmUgQwZydGDz9qJYmnQl/b+5IX0rLfwRhrPnroGtrg8Q=="],
+    "drizzle-kit": ["drizzle-kit@0.31.7", "", { "dependencies": { "@drizzle-team/brocli": "^0.10.2", "@esbuild-kit/esm-loader": "^2.5.5", "esbuild": "^0.25.4", "esbuild-register": "^3.5.0" }, "bin": { "drizzle-kit": "bin.cjs" } }, "sha512-hOzRGSdyKIU4FcTSFYGKdXEjFsncVwHZ43gY3WU5Bz9j5Iadp6Rh6hxLSQ1IWXpKLBKt/d5y1cpSPcV+FcoQ1A=="],
 
     "drizzle-orm": ["drizzle-orm@0.44.7", "", { "peerDependencies": { "@aws-sdk/client-rds-data": ">=3", "@cloudflare/workers-types": ">=4", "@electric-sql/pglite": ">=0.2.0", "@libsql/client": ">=0.10.0", "@libsql/client-wasm": ">=0.10.0", "@neondatabase/serverless": ">=0.10.0", "@op-engineering/op-sqlite": ">=2", "@opentelemetry/api": "^1.4.1", "@planetscale/database": ">=1.13", "@prisma/client": "*", "@tidbcloud/serverless": "*", "@types/better-sqlite3": "*", "@types/pg": "*", "@types/sql.js": "*", "@upstash/redis": ">=1.34.7", "@vercel/postgres": ">=0.8.0", "@xata.io/client": "*", "better-sqlite3": ">=7", "bun-types": "*", "expo-sqlite": ">=14.0.0", "gel": ">=2", "knex": "*", "kysely": "*", "mysql2": ">=2", "pg": ">=8", "postgres": ">=3", "sql.js": ">=1", "sqlite3": ">=5" }, "optionalPeers": ["@aws-sdk/client-rds-data", "@cloudflare/workers-types", "@electric-sql/pglite", "@libsql/client", "@libsql/client-wasm", "@neondatabase/serverless", "@op-engineering/op-sqlite", "@opentelemetry/api", "@planetscale/database", "@prisma/client", "@tidbcloud/serverless", "@types/better-sqlite3", "@types/pg", "@types/sql.js", "@upstash/redis", "@vercel/postgres", "@xata.io/client", "better-sqlite3", "bun-types", "expo-sqlite", "gel", "knex", "kysely", "mysql2", "pg", "postgres", "sql.js", "sqlite3"] }, "sha512-quIpnYznjU9lHshEOAYLoZ9s3jweleHlZIAWR/jX9gAWNg/JhQ1wj0KGRf7/Zm+obRrYd9GjPVJg790QY9N5AQ=="],
 
     "dunder-proto": ["dunder-proto@1.0.1", "", { "dependencies": { "call-bind-apply-helpers": "^1.0.1", "es-errors": "^1.3.0", "gopd": "^1.2.0" } }, "sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A=="],
 
-    "eastasianwidth": ["eastasianwidth@0.2.0", "", {}, "sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA=="],
-
     "ee-first": ["ee-first@1.1.1", "", {}, "sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow=="],
 
     "electron-to-chromium": ["electron-to-chromium@1.5.250", "", {}, "sha512-/5UMj9IiGDMOFBnN4i7/Ry5onJrAGSbOGo3s9FEKmwobGq6xw832ccET0CE3CkkMBZ8GJSlUIesZofpyurqDXw=="],
@@ -713,8 +698,6 @@
 
     "enhanced-resolve": ["enhanced-resolve@5.18.3", "", { "dependencies": { "graceful-fs": "^4.2.4", "tapable": "^2.2.0" } }, "sha512-d4lC8xfavMeBjzGr2vECC3fsGXziXZQyJxD868h2M/mBI3PwAuODxAkLkq5HYuvrPYcUtiLzsTo8U3PgX3Ocww=="],
 
-    "err-code": ["err-code@2.0.3", "", {}, "sha512-2bmlRpNKBxT/CRmPOlyISQpNj+qSeYvcym/uT0Jx2bMOlKLtSy1ZmLuVxSEKKyor/N5yhvp/ZiG1oE3DEYMSFA=="],
-
     "es-define-property": ["es-define-property@1.0.1", "", {}, "sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g=="],
 
     "es-errors": ["es-errors@1.3.0", "", {}, "sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw=="],
@@ -723,7 +706,7 @@
 
     "es-object-atoms": ["es-object-atoms@1.1.1", "", { "dependencies": { "es-errors": "^1.3.0" } }, "sha512-FGgH2h8zKNim9ljj7dankFPcICIK9Cp5bm+c2gQSYePhpaG5+esrLODihIorn+Pe6FGJzWhXQotPv73jTaldXA=="],
 
-    "es-toolkit": ["es-toolkit@1.41.0", "", {}, "sha512-bDd3oRmbVgqZCJS6WmeQieOrzpl3URcWBUVDXxOELlUW2FuW+0glPOz1n0KnRie+PdyvUZcXz2sOn00c6pPRIA=="],
+    "es-toolkit": ["es-toolkit@1.42.0", "", {}, "sha512-SLHIyY7VfDJBM8clz4+T2oquwTQxEzu263AyhVK4jREOAwJ+8eebaa4wM3nlvnAqhDrMm2EsA6hWHaQsMPQ1nA=="],
 
     "esbuild": ["esbuild@0.25.12", "", { "optionalDependencies": { "@esbuild/aix-ppc64": "0.25.12", "@esbuild/android-arm": "0.25.12", "@esbuild/android-arm64": "0.25.12", "@esbuild/android-x64": "0.25.12", "@esbuild/darwin-arm64": "0.25.12", "@esbuild/darwin-x64": "0.25.12", "@esbuild/freebsd-arm64": "0.25.12", "@esbuild/freebsd-x64": "0.25.12", "@esbuild/linux-arm": "0.25.12", "@esbuild/linux-arm64": "0.25.12", "@esbuild/linux-ia32": "0.25.12", "@esbuild/linux-loong64": "0.25.12", "@esbuild/linux-mips64el": "0.25.12", "@esbuild/linux-ppc64": "0.25.12", "@esbuild/linux-riscv64": "0.25.12", "@esbuild/linux-s390x": "0.25.12", "@esbuild/linux-x64": "0.25.12", "@esbuild/netbsd-arm64": "0.25.12", "@esbuild/netbsd-x64": "0.25.12", "@esbuild/openbsd-arm64": "0.25.12", "@esbuild/openbsd-x64": "0.25.12", "@esbuild/openharmony-arm64": "0.25.12", "@esbuild/sunos-x64": "0.25.12", "@esbuild/win32-arm64": "0.25.12", "@esbuild/win32-ia32": "0.25.12", "@esbuild/win32-x64": "0.25.12" }, "bin": { "esbuild": "bin/esbuild" } }, "sha512-bbPBYYrtZbkt6Os6FiTLCTFxvq4tt3JKall1vRwshA3fdVztsLAatFaZobhkBC8/BrPetoa0oksYoKXoG4ryJg=="],
 
@@ -751,8 +734,6 @@
 
     "fn.name": ["fn.name@1.1.0", "", {}, "sha512-GRnmB5gPyJpAhTQdSZTSp9uaPSvl09KoYcMQtsB9rQoOmzs9dH6ffeccH+Z+cv6P68Hu5bC6JjRh4Ah/mHSNRw=="],
 
-    "foreground-child": ["foreground-child@3.3.1", "", { "dependencies": { "cross-spawn": "^7.0.6", "signal-exit": "^4.0.1" } }, "sha512-gIXjKqtFuWEgzFRJA9WCQeSJLZDjgJUOMCMzxtvFq/37KojM1BFGufqsCy0r4qSQmYLsZYMeyRqzIWOMup03sw=="],
-
     "forwarded": ["forwarded@0.2.0", "", {}, "sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow=="],
 
     "fresh": ["fresh@0.5.2", "", {}, "sha512-zJ2mQYM18rEFOudeV4GShTGIQ7RbzA7ozbU9I/XBpm7kqgMywgmylMwXHxZJmkVoYkna9d2pVXVXPdYTP9ej8Q=="],
@@ -779,8 +760,6 @@
 
     "giget": ["giget@2.0.0", "", { "dependencies": { "citty": "^0.1.6", "consola": "^3.4.0", "defu": "^6.1.4", "node-fetch-native": "^1.6.6", "nypm": "^0.6.0", "pathe": "^2.0.3" }, "bin": { "giget": "dist/cli.mjs" } }, "sha512-L5bGsVkxJbJgdnwyuheIunkGatUF/zssUoxxjACCseZYAVbaqdh9Tsmmlkl8vYan09H7sbvKt4pS8GqKLBrEzA=="],
 
-    "glob": ["glob@10.4.5", "", { "dependencies": { "foreground-child": "^3.1.0", "jackspeak": "^3.1.2", "minimatch": "^9.0.4", "minipass": "^7.1.2", "package-json-from-dist": "^1.0.0", "path-scurry": "^1.11.1" }, "bin": { "glob": "dist/esm/bin.mjs" } }, "sha512-7Bv8RF0k6xjo7d4A/PxYLbUCfb6c+Vpd2/mB2yRDlew7Jb5hEXiCD9ibfO7wpk8i4sevK6DFny9h7EYbM3/sHg=="],
-
     "globrex": ["globrex@0.1.2", "", {}, "sha512-uHJgbwAMwNFf5mLst7IWLNg14x1CkeqglJb/K3doi4dw6q2IvAAmM/Y81kevy83wP+Sst+nutFTYOGg3d1lsxg=="],
 
     "gopd": ["gopd@1.2.0", "", {}, "sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg=="],
@@ -795,11 +774,9 @@
 
     "hono-openapi": ["hono-openapi@1.1.1", "", { "peerDependencies": { "@hono/standard-validator": "^0.1.2", "@standard-community/standard-json": "^0.3.5", "@standard-community/standard-openapi": "^0.2.8", "@types/json-schema": "^7.0.15", "hono": "^4.8.3", "openapi-types": "^12.1.3" }, "optionalPeers": ["@hono/standard-validator", "hono"] }, "sha512-AC3HNhZYPHhnZdSy2Je7GDoTTNxPos6rKRQKVDBbSilY3cWJPqsxRnN6zA4pU7tfxmQEMTqkiLXbw6sAaemB8Q=="],
 
-    "hosted-git-info": ["hosted-git-info@6.1.3", "", { "dependencies": { "lru-cache": "^7.5.1" } }, "sha512-HVJyzUrLIL1c0QmviVh5E8VGyUS7xCFPS6yydaVd1UegW+ibV/CohqTH9MkOLDp5o+rb82DMo77PTuc9F/8GKw=="],
-
     "http-errors": ["http-errors@2.0.0", "", { "dependencies": { "depd": "2.0.0", "inherits": "2.0.4", "setprototypeof": "1.2.0", "statuses": "2.0.1", "toidentifier": "1.0.1" } }, "sha512-FtwrG/euBzaEjYeRqOgly7G0qviiXoJWnvEH2Z1plBdXgbyjv34pHTSb9zoeHMyDy33+DWy5Wt9Wo+TURtOYSQ=="],
 
-    "http-errors-enhanced": ["http-errors-enhanced@3.0.2", "", {}, "sha512-Pl8CVX7eu46fYSfEGCnOGD8aZkd/2dtr9214BpNRDiU1THT7vsu+T87SDQZgxjOGmsNXaTZe1sqIo/oZgJIfow=="],
+    "http-errors-enhanced": ["http-errors-enhanced@4.0.2", "", {}, "sha512-5EXN1gmhJVvuWpNfz+RclWvLnnENEXNMPfww3gm30H9mQzPF4QSBj/MD5FRkVDxGIUhO/cR2GSLCd/6C6xpBcw=="],
 
     "iconv-lite": ["iconv-lite@0.4.24", "", { "dependencies": { "safer-buffer": ">= 2.1.2 < 3" } }, "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA=="],
 
@@ -813,12 +790,12 @@
 
     "ipaddr.js": ["ipaddr.js@1.9.1", "", {}, "sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g=="],
 
-    "is-core-module": ["is-core-module@2.16.1", "", { "dependencies": { "hasown": "^2.0.2" } }, "sha512-UfoeMA6fIJ8wTYFEUjelnaGI67v6+N7qXJEvQuIGa99l4xsCruSYOVSQ0uPANn4dAzm8lkYPaKLrrijLq7x23w=="],
-
     "is-docker": ["is-docker@3.0.0", "", { "bin": { "is-docker": "cli.js" } }, "sha512-eljcgEDlEns/7AXFosB5K/2nCM4P7FQPkGc/DWLy5rmFEWvZayGrik1d9/QIY5nJ4f9YsVvBkA6kJpHn9rISdQ=="],
 
     "is-fullwidth-code-point": ["is-fullwidth-code-point@3.0.0", "", {}, "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg=="],
 
+    "is-in-ssh": ["is-in-ssh@1.0.0", "", {}, "sha512-jYa6Q9rH90kR1vKB6NM7qqd1mge3Fx4Dhw5TVlK1MUBqhEOuCagrEHMevNuCcbECmXZ0ThXkRm+Ymr51HwEPAw=="],
+
     "is-inside-container": ["is-inside-container@1.0.0", "", { "dependencies": { "is-docker": "^3.0.0" }, "bin": { "is-inside-container": "cli.js" } }, "sha512-KIYLCCJghfHZxqjYBE7rEy0OBuTd5xCHS7tHVgvCLkx7StIoaxwNW3hCALgEUjFfeRk+MG/Qxmp/vtETEF3tRA=="],
 
     "is-stream": ["is-stream@2.0.1", "", {}, "sha512-hFoiJiTl63nn+kstHGBtewWSKnQLpyb155KHheA1l39uvtO9nWIop1p3udqPcUd/xbF1VLMO4n7OI6p7RbngDg=="],
@@ -827,10 +804,6 @@
 
     "isbot": ["isbot@5.1.32", "", {}, "sha512-VNfjM73zz2IBZmdShMfAUg10prm6t7HFUQmNAEOAVS4YH92ZrZcvkMcGX6cIgBJAzWDzPent/EeAtYEHNPNPBQ=="],
 
-    "isexe": ["isexe@2.0.0", "", {}, "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw=="],
-
-    "jackspeak": ["jackspeak@3.4.3", "", { "dependencies": { "@isaacs/cliui": "^8.0.2" }, "optionalDependencies": { "@pkgjs/parseargs": "^0.11.0" } }, "sha512-OGlZQpz2yfahA/Rd1Y8Cd9SIEsqvXkLVoSw/cgwhnhFMDbsQFeZYoJJ7bIZBS9BcamUW96asq/npPWugM+RQBw=="],
-
     "jiti": ["jiti@2.6.1", "", { "bin": { "jiti": "lib/jiti-cli.mjs" } }, "sha512-ekilCSN1jwRvIbgeg/57YFh8qQDNbwDb9xT/qu2DAHbFFZUicIl4ygVaAvzveMhMVr3LnpSKTNnwt8PoOfmKhQ=="],
 
     "js-tokens": ["js-tokens@4.0.0", "", {}, "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ=="],
@@ -839,8 +812,6 @@
 
     "jsesc": ["jsesc@3.0.2", "", { "bin": { "jsesc": "bin/jsesc" } }, "sha512-xKqzzWXDttJuOcawBt4KnKHHIf5oQ/Cxax+0PWFG+DFDgHNAdi+TXECADI+RYiFUMmx8792xsMbbgXj4CwnP4g=="],
 
-    "json-parse-even-better-errors": ["json-parse-even-better-errors@3.0.2", "", {}, "sha512-fi0NG4bPjCHunUJffmLd0gxssIgkNmArMvis4iNah6Owg1MCJjWhEcDLmsK6iGkJq3tHwbDkTlce70/tmXN4cQ=="],
-
     "json5": ["json5@2.2.3", "", { "bin": { "json5": "lib/cli.js" } }, "sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg=="],
 
     "kuler": ["kuler@2.0.0", "", {}, "sha512-Xq9nH7KlWZmXAtodXDDRE7vs6DU1gTU8zYDHDiWLSip45Egwq3plLHzPn27NgvzL2r1LMPC1vdqh98sQxtqj4A=="],
@@ -879,7 +850,7 @@
 
     "lru-cache": ["lru-cache@5.1.1", "", { "dependencies": { "yallist": "^3.0.2" } }, "sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w=="],
 
-    "lucide-react": ["lucide-react@0.546.0", "", { "peerDependencies": { "react": "^16.5.1 || ^17.0.0 || ^18.0.0 || ^19.0.0" } }, "sha512-Z94u6fKT43lKeYHiVyvyR8fT7pwCzDu7RyMPpTvh054+xahSgj4HFQ+NmflvzdXsoAjYGdCguGaFKYuvq0ThCQ=="],
+    "lucide-react": ["lucide-react@0.555.0", "", { "peerDependencies": { "react": "^16.5.1 || ^17.0.0 || ^18.0.0 || ^19.0.0" } }, "sha512-D8FvHUGbxWBRQM90NZeIyhAvkFfsh3u9ekrMvJ30Z6gnpBHS6HC6ldLg7tL45hwiIz/u66eKDtdA23gwwGsAHA=="],
 
     "luxon": ["luxon@3.7.2", "", {}, "sha512-vtEhXh/gNjI9Yg1u4jX/0YVPMvxzHuGgCm6tC5kZyb08yjGWGnqAjGJvcXbqQR2P3MyMEFnRbpcdFS6PBcLqew=="],
 
@@ -901,8 +872,6 @@
 
     "minimatch": ["minimatch@9.0.5", "", { "dependencies": { "brace-expansion": "^2.0.1" } }, "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow=="],
 
-    "minipass": ["minipass@7.1.2", "", {}, "sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw=="],
-
     "mkdirp-classic": ["mkdirp-classic@0.5.3", "", {}, "sha512-gKLcREMhtuZRwRAfqP3RFW+TK4JqApVBtOIftVgjuABpAtpxhPGaDcfvbhNvD0B8iD1oUr/txX35NjcaY6Ns/A=="],
 
     "morgan": ["morgan@1.10.1", "", { "dependencies": { "basic-auth": "~2.0.1", "debug": "2.6.9", "depd": "~2.0.0", "on-finished": "~2.3.0", "on-headers": "~1.1.0" } }, "sha512-223dMRJtI/l25dJKWpgij2cMtywuG/WiUKXdvwfbhGKBhy1puASqXwFzmWZ7+K73vUPoR7SS2Qz2cI/g9MKw0A=="],
@@ -923,16 +892,6 @@
 
     "node-releases": ["node-releases@2.0.27", "", {}, "sha512-nmh3lCkYZ3grZvqcCH+fjmQ7X+H0OeZgP40OierEaAptX4XofMh5kwNbWh7lBduUzCcV/8kZ+NDLCwm2iorIlA=="],
 
-    "normalize-package-data": ["normalize-package-data@5.0.0", "", { "dependencies": { "hosted-git-info": "^6.0.0", "is-core-module": "^2.8.1", "semver": "^7.3.5", "validate-npm-package-license": "^3.0.4" } }, "sha512-h9iPVIfrVZ9wVYQnxFgtw1ugSvGEMOlyPWWtm8BMJhnwyEL/FLbYbTY3V3PpjI/BUK67n9PEWDu6eHzu1fB15Q=="],
-
-    "npm-install-checks": ["npm-install-checks@6.3.0", "", { "dependencies": { "semver": "^7.1.1" } }, "sha512-W29RiK/xtpCGqn6f3ixfRYGk+zRyr+Ew9F2E20BfXxT5/euLdA/Nm7fO7OeTGuAmTs30cpgInyJ0cYe708YTZw=="],
-
-    "npm-normalize-package-bin": ["npm-normalize-package-bin@3.0.1", "", {}, "sha512-dMxCf+zZ+3zeQZXKxmyuCKlIDPGuv8EF940xbkC4kQVDTtqoh6rJFO+JTKSA6/Rwi0getWmtuy4Itup0AMcaDQ=="],
-
-    "npm-package-arg": ["npm-package-arg@10.1.0", "", { "dependencies": { "hosted-git-info": "^6.0.0", "proc-log": "^3.0.0", "semver": "^7.3.5", "validate-npm-package-name": "^5.0.0" } }, "sha512-uFyyCEmgBfZTtrKk/5xDfHp6+MdrqGotX/VoOyEEl3mBwiEE5FlBaePanazJSVMPT7vKepcjYBY2ztg9A3yPIA=="],
-
-    "npm-pick-manifest": ["npm-pick-manifest@8.0.2", "", { "dependencies": { "npm-install-checks": "^6.0.0", "npm-normalize-package-bin": "^3.0.0", "npm-package-arg": "^10.0.0", "semver": "^7.3.5" } }, "sha512-1dKY+86/AIiq1tkKVD3l0WI+Gd3vkknVGAggsFeBkTvbhMQ1OND/LKkYv4JtXPKUJ8bOTCyLiqEg2P6QNdK+Gg=="],
-
     "nypm": ["nypm@0.6.2", "", { "dependencies": { "citty": "^0.1.6", "consola": "^3.4.2", "pathe": "^2.0.3", "pkg-types": "^2.3.0", "tinyexec": "^1.0.1" }, "bin": { "nypm": "dist/cli.mjs" } }, "sha512-7eM+hpOtrKrBDCh7Ypu2lJ9Z7PNZBdi/8AT3AX8xoCj43BBVHD0hPSTEvMtkMpfs8FCqBGhxB+uToIQimA111g=="],
 
     "object-inspect": ["object-inspect@1.13.4", "", {}, "sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew=="],
@@ -947,20 +906,14 @@
 
     "one-time": ["one-time@1.0.0", "", { "dependencies": { "fn.name": "1.x.x" } }, "sha512-5DXOiRKwuSEcQ/l0kGCF6Q3jcADFv5tSmRaJck/OqkVFcOzutB134KRSfF0xDrL39MNnqxbHBbUUcjZIhTgb2g=="],
 
-    "open": ["open@10.2.0", "", { "dependencies": { "default-browser": "^5.2.1", "define-lazy-prop": "^3.0.0", "is-inside-container": "^1.0.0", "wsl-utils": "^0.1.0" } }, "sha512-YgBpdJHPyQ2UE5x+hlSXcnejzAvD0b22U2OuAP+8OnlJT+PjWPxtgmGqKKc+RgTM63U9gN0YzrYc71R2WT/hTA=="],
+    "open": ["open@11.0.0", "", { "dependencies": { "default-browser": "^5.4.0", "define-lazy-prop": "^3.0.0", "is-in-ssh": "^1.0.0", "is-inside-container": "^1.0.0", "powershell-utils": "^0.1.0", "wsl-utils": "^0.3.0" } }, "sha512-smsWv2LzFjP03xmvFoJ331ss6h+jixfA4UUV/Bsiyuu4YJPfN+FIQGOIiv4w9/+MoHkfkJ22UIaQWRVFRfH6Vw=="],
 
     "openapi-types": ["openapi-types@12.1.3", "", {}, "sha512-N4YtSYJqghVu4iek2ZUvcN/0aqH1kRDuNqzcycDxhOUpg7GdvLa2F3DgS6yBNhInhv2r/6I0Flkn7CqL8+nIcw=="],
 
     "p-map": ["p-map@7.0.4", "", {}, "sha512-tkAQEw8ysMzmkhgw8k+1U/iPhWNhykKnSk4Rd5zLoPJCuJaGRPo6YposrZgaxHKzDHdDWWZvE/Sk7hsL2X/CpQ=="],
 
-    "package-json-from-dist": ["package-json-from-dist@1.0.1", "", {}, "sha512-UEZIS3/by4OC8vL3P2dTXRETpebLI2NiI5vIrjaD/5UtrkFX/tNbwjTSRAGC/+7CAo2pIcBaRgWmcBBHcsaCIw=="],
-
     "parseurl": ["parseurl@1.3.3", "", {}, "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ=="],
 
-    "path-key": ["path-key@3.1.1", "", {}, "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q=="],
-
-    "path-scurry": ["path-scurry@1.11.1", "", { "dependencies": { "lru-cache": "^10.2.0", "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0" } }, "sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA=="],
-
     "path-to-regexp": ["path-to-regexp@0.1.12", "", {}, "sha512-RA1GjUVMnvYFxuqovrEqZoxxW5NUZqbwKtYz/Tt7nXerk0LbLblQmrsgdeOxV5SFHf0UDggjS/bSeOZwt1pmEQ=="],
 
     "pathe": ["pathe@1.1.2", "", {}, "sha512-whLdWMYL2TwI08hn8/ZqAbrVemu0LNaNNJZX73O6qaIdCTfXutsLhMkjdENX0qhsQ9uIimo4/aQOmXkoon2nDQ=="],
@@ -975,13 +928,9 @@
 
     "postcss": ["postcss@8.5.6", "", { "dependencies": { "nanoid": "^3.3.11", "picocolors": "^1.1.1", "source-map-js": "^1.2.1" } }, "sha512-3Ybi1tAuwAP9s0r1UQ2J4n5Y0G05bJkpUIO0/bI9MhwmD70S5aTWbXGBwxHrelT+XM1k6dM0pk+SwNkpTRN7Pg=="],
 
-    "prettier": ["prettier@3.6.2", "", { "bin": { "prettier": "bin/prettier.cjs" } }, "sha512-I7AIg5boAr5R0FFtJ6rCfD+LFsWHp81dolrFD8S79U9tb8Az2nGrJncnMSnys+bpQJfRUzqs9hnA81OAA3hCuQ=="],
-
-    "proc-log": ["proc-log@3.0.0", "", {}, "sha512-++Vn7NS4Xf9NacaU9Xq3URUuqZETPsf8L4j5/ckhaRYsfPeRyzGw+iDjFhV/Jr3uNmTvvddEJFWh5R1gRgUH8A=="],
+    "powershell-utils": ["powershell-utils@0.1.0", "", {}, "sha512-dM0jVuXJPsDN6DvRpea484tCUaMiXWjuCn++HGTqUWzGDjv5tZkEZldAJ/UMlqRYGFrD/etByo4/xOuC/snX2A=="],
 
-    "promise-inflight": ["promise-inflight@1.0.1", "", {}, "sha512-6zWPyEOFaQBJYcGMHBKTKJ3u6TBsnMFOIZSa6ce1e/ZrrsOlnHRHbabMjLiBYKp+n44X9eUI6VUPaukCXHuG4g=="],
-
-    "promise-retry": ["promise-retry@2.0.1", "", { "dependencies": { "err-code": "^2.0.2", "retry": "^0.12.0" } }, "sha512-y+WKFlBR8BGXnsNlIHFGPZmyDf3DFMoLhaflAnyZgV6rG6xu+JwesTo2Q9R6XwYmtmwAFCkAk3e35jEdoeh/3g=="],
+    "prettier": ["prettier@3.6.2", "", { "bin": { "prettier": "bin/prettier.cjs" } }, "sha512-I7AIg5boAr5R0FFtJ6rCfD+LFsWHp81dolrFD8S79U9tb8Az2nGrJncnMSnys+bpQJfRUzqs9hnA81OAA3hCuQ=="],
 
     "protobufjs": ["protobufjs@7.5.4", "", { "dependencies": { "@protobufjs/aspromise": "^1.1.2", "@protobufjs/base64": "^1.1.2", "@protobufjs/codegen": "^2.0.4", "@protobufjs/eventemitter": "^1.1.0", "@protobufjs/fetch": "^1.1.0", "@protobufjs/float": "^1.0.2", "@protobufjs/inquire": "^1.1.0", "@protobufjs/path": "^1.1.2", "@protobufjs/pool": "^1.1.0", "@protobufjs/utf8": "^1.1.0", "@types/node": ">=13.7.0", "long": "^5.0.0" } }, "sha512-CvexbZtbov6jW2eXAvLukXjXUW1TzFaivC46BpWc/3BpcCysb5Vffu+B3XHMm8lVEuy2Mm4XGex8hBSg1yapPg=="],
 
@@ -999,11 +948,11 @@
 
     "rc9": ["rc9@2.1.2", "", { "dependencies": { "defu": "^6.1.4", "destr": "^2.0.3" } }, "sha512-btXCnMmRIBINM2LDZoEmOogIZU7Qe7zn4BpomSKZ/ykbLObuBdvG+mFq11DL6fjH1DRwHhrlgtYWG96bJiC7Cg=="],
 
-    "react": ["react@19.2.0", "", {}, "sha512-tmbWg6W31tQLeB5cdIBOicJDJRR2KzXsV7uSK9iNfLWQ5bIZfxuPEHp7M8wiHyHnn0DD1i7w3Zmin0FtkrwoCQ=="],
+    "react": ["react@19.2.1", "", {}, "sha512-DGrYcCWK7tvYMnWh79yrPHt+vdx9tY+1gPZa7nJQtO/p8bLTDaHp4dzwEhQB7pZ4Xe3ok4XKuEPrVuc+wlpkmw=="],
 
-    "react-dom": ["react-dom@19.2.0", "", { "dependencies": { "scheduler": "^0.27.0" }, "peerDependencies": { "react": "^19.2.0" } }, "sha512-UlbRu4cAiGaIewkPyiRGJk0imDN2T3JjieT6spoL2UeSf5od4n5LB/mQ4ejmxhCFT1tYe8IvaFulzynWovsEFQ=="],
+    "react-dom": ["react-dom@19.2.1", "", { "dependencies": { "scheduler": "^0.27.0" }, "peerDependencies": { "react": "^19.2.1" } }, "sha512-ibrK8llX2a4eOskq1mXKu/TGZj9qzomO+sNfO98M6d9zIPOEhlBkMkBUBLd1vgS0gQsLDBzA+8jJBVXDnfHmJg=="],
 
-    "react-hook-form": ["react-hook-form@7.66.0", "", { "peerDependencies": { "react": "^16.8.0 || ^17 || ^18 || ^19" } }, "sha512-xXBqsWGKrY46ZqaHDo+ZUYiMUgi8suYu5kdrS20EG8KiL7VRQitEbNjm+UcrDYrNi1YLyfpmAeGjCZYXLT9YBw=="],
+    "react-hook-form": ["react-hook-form@7.68.0", "", { "peerDependencies": { "react": "^16.8.0 || ^17 || ^18 || ^19" } }, "sha512-oNN3fjrZ/Xo40SWlHf1yCjlMK417JxoSJVUXQjGdvdRCU07NTFei1i1f8ApUAts+IVh14e4EdakeLEA+BEAs/Q=="],
 
     "react-is": ["react-is@19.2.0", "", {}, "sha512-x3Ax3kNSMIIkyVYhWPyO09bu0uttcAIoecO/um/rKGQ4EltYWVYtyiGkS/3xMynrbVQdS69Jhlv8FXUEZehlzA=="],
 
@@ -1015,7 +964,7 @@
 
     "react-remove-scroll-bar": ["react-remove-scroll-bar@2.3.8", "", { "dependencies": { "react-style-singleton": "^2.2.2", "tslib": "^2.0.0" }, "peerDependencies": { "@types/react": "*", "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0" }, "optionalPeers": ["@types/react"] }, "sha512-9r+yi9+mgU33AKcj6IbT9oRCO78WriSj6t/cF8DWBZJ9aOGPOTEDvdUDz1FwKim7QXWwmHqtdHnRJfhAxEG46Q=="],
 
-    "react-router": ["react-router@7.9.5", "", { "dependencies": { "cookie": "^1.0.1", "set-cookie-parser": "^2.6.0" }, "peerDependencies": { "react": ">=18", "react-dom": ">=18" }, "optionalPeers": ["react-dom"] }, "sha512-JmxqrnBZ6E9hWmf02jzNn9Jm3UqyeimyiwzD69NjxGySG6lIz/1LVPsoTCwN7NBX2XjCEa1LIX5EMz1j2b6u6A=="],
+    "react-router": ["react-router@7.10.0", "", { "dependencies": { "cookie": "^1.0.1", "set-cookie-parser": "^2.6.0" }, "peerDependencies": { "react": ">=18", "react-dom": ">=18" }, "optionalPeers": ["react-dom"] }, "sha512-FVyCOH4IZ0eDDRycODfUqoN8ZSR2LbTvtx6RPsBgzvJ8xAXlMZNCrOFpu+jb8QbtZnpAd/cEki2pwE848pNGxw=="],
 
     "react-router-hono-server": ["react-router-hono-server@2.22.0", "", { "dependencies": { "@drizzle-team/brocli": "^0.11.0", "@hono/node-server": "^1.19.5", "@hono/node-ws": "^1.2.0", "@hono/vite-dev-server": "^0.23.0", "hono": "^4.10.3" }, "peerDependencies": { "@cloudflare/workers-types": "^4.20250317.0", "@react-router/dev": "^7.9.0", "@types/react": "^19.0.0", "miniflare": "^3.20241205.0", "react-router": "^7.9.0", "vite": "^7.0.0", "wrangler": "^4.2.0" }, "optionalPeers": ["@cloudflare/workers-types", "miniflare", "wrangler"], "bin": { "react-router-hono-server": "dist/cli.js" } }, "sha512-XPJp1PQtkjHsFrneUdvmv22o7LPBGYEW11KtTDEmpXQINW5ViwpzUuwb0/eGjZ9E4RQh6AOKYsXA4+QIqXTkrQ=="],
 
@@ -1025,7 +974,7 @@
 
     "readdirp": ["readdirp@4.1.2", "", {}, "sha512-GDhwkLfywWL2s6vEjyhri+eXmfH6j1L7JE27WhqLeYzoh/A3DBaYGEj2H/HFZCn/kMfim73FXxEJTw06WtxQwg=="],
 
-    "recharts": ["recharts@3.2.1", "", { "dependencies": { "@reduxjs/toolkit": "1.x.x || 2.x.x", "clsx": "^2.1.1", "decimal.js-light": "^2.5.1", "es-toolkit": "^1.39.3", "eventemitter3": "^5.0.1", "immer": "^10.1.1", "react-redux": "8.x.x || 9.x.x", "reselect": "5.1.1", "tiny-invariant": "^1.3.3", "use-sync-external-store": "^1.2.2", "victory-vendor": "^37.0.2" }, "peerDependencies": { "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0", "react-dom": "^16.0.0 || ^17.0.0 || ^18.0.0 || ^19.0.0", "react-is": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0" } }, "sha512-0JKwHRiFZdmLq/6nmilxEZl3pqb4T+aKkOkOi/ZISRZwfBhVMgInxzlYU9D4KnCH3KINScLy68m/OvMXoYGZUw=="],
+    "recharts": ["recharts@3.5.1", "", { "dependencies": { "@reduxjs/toolkit": "1.x.x || 2.x.x", "clsx": "^2.1.1", "decimal.js-light": "^2.5.1", "es-toolkit": "^1.39.3", "eventemitter3": "^5.0.1", "immer": "^10.1.1", "react-redux": "8.x.x || 9.x.x", "reselect": "5.1.1", "tiny-invariant": "^1.3.3", "use-sync-external-store": "^1.2.2", "victory-vendor": "^37.0.2" }, "peerDependencies": { "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0", "react-dom": "^16.0.0 || ^17.0.0 || ^18.0.0 || ^19.0.0", "react-is": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0" } }, "sha512-+v+HJojK7gnEgG6h+b2u7k8HH7FhyFUzAc4+cPrsjL4Otdgqr/ecXzAnHciqlzV1ko064eNcsdzrYOM78kankA=="],
 
     "redux": ["redux@5.0.1", "", {}, "sha512-M9/ELqF6fy8FwmkpnF0S3YKOqMyoWJ4+CS5Efg2ct3oY9daQvd/Pc71FpGZsVsbl3Cpb+IIcjBDUnnyBdQbq4w=="],
 
@@ -1037,8 +986,6 @@
 
     "resolve-pkg-maps": ["resolve-pkg-maps@1.0.0", "", {}, "sha512-seS2Tj26TBVOC2NIc2rOe2y2ZO7efxITtLZcGSOnHHNOQ7CkiUBfw0Iw2ck6xkIhPwLhKNLS8BO+hEpngQlqzw=="],
 
-    "retry": ["retry@0.12.0", "", {}, "sha512-9LkiTwjUh6rT555DtE9rTX+BKByPfrMzEAtnlEtdEwr3Nkffwiihqe2bWADg+OQRjt9gl6ICdmB/ZFDCGAtSow=="],
-
     "rollup": ["rollup@4.53.2", "", { "dependencies": { "@types/estree": "1.0.8" }, "optionalDependencies": { "@rollup/rollup-android-arm-eabi": "4.53.2", "@rollup/rollup-android-arm64": "4.53.2", "@rollup/rollup-darwin-arm64": "4.53.2", "@rollup/rollup-darwin-x64": "4.53.2", "@rollup/rollup-freebsd-arm64": "4.53.2", "@rollup/rollup-freebsd-x64": "4.53.2", "@rollup/rollup-linux-arm-gnueabihf": "4.53.2", "@rollup/rollup-linux-arm-musleabihf": "4.53.2", "@rollup/rollup-linux-arm64-gnu": "4.53.2", "@rollup/rollup-linux-arm64-musl": "4.53.2", "@rollup/rollup-linux-loong64-gnu": "4.53.2", "@rollup/rollup-linux-ppc64-gnu": "4.53.2", "@rollup/rollup-linux-riscv64-gnu": "4.53.2", "@rollup/rollup-linux-riscv64-musl": "4.53.2", "@rollup/rollup-linux-s390x-gnu": "4.53.2", "@rollup/rollup-linux-x64-gnu": "4.53.2", "@rollup/rollup-linux-x64-musl": "4.53.2", "@rollup/rollup-openharmony-arm64": "4.53.2", "@rollup/rollup-win32-arm64-msvc": "4.53.2", "@rollup/rollup-win32-ia32-msvc": "4.53.2", "@rollup/rollup-win32-x64-gnu": "4.53.2", "@rollup/rollup-win32-x64-msvc": "4.53.2", "fsevents": "~2.3.2" }, "bin": { "rollup": "dist/bin/rollup" } }, "sha512-MHngMYwGJVi6Fmnk6ISmnk7JAHRNF0UkuucA0CUW3N3a4KnONPEZz+vUanQP/ZC/iY1Qkf3bwPWzyY84wEks1g=="],
 
     "run-applescript": ["run-applescript@7.1.0", "", {}, "sha512-DPe5pVFaAsinSaV6QjQ6gdiedWDcRCbUuiQfQa2wmWV7+xC9bGulGI8+TdRmoFkAPaBXk8CrAbnlY2ISniJ47Q=="],
@@ -1061,10 +1008,6 @@
 
     "setprototypeof": ["setprototypeof@1.2.0", "", {}, "sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw=="],
 
-    "shebang-command": ["shebang-command@2.0.0", "", { "dependencies": { "shebang-regex": "^3.0.0" } }, "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA=="],
-
-    "shebang-regex": ["shebang-regex@3.0.0", "", {}, "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A=="],
-
     "side-channel": ["side-channel@1.1.0", "", { "dependencies": { "es-errors": "^1.3.0", "object-inspect": "^1.13.3", "side-channel-list": "^1.0.0", "side-channel-map": "^1.0.1", "side-channel-weakmap": "^1.0.2" } }, "sha512-ZX99e6tRweoUXqR+VBrslhda51Nh5MTQwou5tnUDgbtyM0dBgmhEDtWGP/xbKn6hqfPRHujUNwz5fy/wbbhnpw=="],
 
     "side-channel-list": ["side-channel-list@1.0.0", "", { "dependencies": { "es-errors": "^1.3.0", "object-inspect": "^1.13.3" } }, "sha512-FCLHtRD/gnpCiCHEiJLOwdmFP+wzCmDEkc9y7NsYxeF4u7Btsn1ZuwgwJGxImImHicJArLP4R0yX4c2KCrMrTA=="],
@@ -1073,8 +1016,6 @@
 
     "side-channel-weakmap": ["side-channel-weakmap@1.0.2", "", { "dependencies": { "call-bound": "^1.0.2", "es-errors": "^1.3.0", "get-intrinsic": "^1.2.5", "object-inspect": "^1.13.3", "side-channel-map": "^1.0.1" } }, "sha512-WPS/HvHQTYnHisLo9McqBHOJk2FkHO/tlpvldyrnem4aeQp4hai3gythswg6p01oSoTl58rcpiFAjF2br2Ak2A=="],
 
-    "signal-exit": ["signal-exit@4.1.0", "", {}, "sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw=="],
-
     "slugify": ["slugify@1.6.6", "", {}, "sha512-h+z7HKHYXj6wJU+AnS/+IH8Uh9fdcX1Lrhg1/VMdf9PwoBQXFcXiAdsy2tSK0P6gKwJLXp02r90ahUCqHk9rrw=="],
 
     "sonner": ["sonner@2.0.7", "", { "peerDependencies": { "react": "^18.0.0 || ^19.0.0 || ^19.0.0-rc", "react-dom": "^18.0.0 || ^19.0.0 || ^19.0.0-rc" } }, "sha512-W6ZN4p58k8aDKA4XPcx2hpIQXBRAgyiWVkYhT7CvK6D3iAu7xjvVyhQHg2/iaKJZ1XVJ4r7XuwGL+WGEK37i9w=="],
@@ -1085,14 +1026,6 @@
 
     "source-map-support": ["source-map-support@0.5.21", "", { "dependencies": { "buffer-from": "^1.0.0", "source-map": "^0.6.0" } }, "sha512-uBHU3L3czsIyYXKX88fdrGovxdSCoTGDRZ6SYXtSRxLZUzHg5P/66Ht6uoUlHu9EZod+inXhKo3qQgwXUT/y1w=="],
 
-    "spdx-correct": ["spdx-correct@3.2.0", "", { "dependencies": { "spdx-expression-parse": "^3.0.0", "spdx-license-ids": "^3.0.0" } }, "sha512-kN9dJbvnySHULIluDHy32WHRUu3Og7B9sbY7tsFLctQkIqnMh3hErYgdMjTYuqmcXX+lK5T1lnUt3G7zNswmZA=="],
-
-    "spdx-exceptions": ["spdx-exceptions@2.5.0", "", {}, "sha512-PiU42r+xO4UbUS1buo3LPJkjlO7430Xn5SVAhdpzzsPHsjbYVflnnFdATgabnLude+Cqu25p6N+g2lw/PFsa4w=="],
-
-    "spdx-expression-parse": ["spdx-expression-parse@3.0.1", "", { "dependencies": { "spdx-exceptions": "^2.1.0", "spdx-license-ids": "^3.0.0" } }, "sha512-cbqHunsQWnJNE6KhVSMsMeH5H/L9EpymbzqTQ3uLwNCLZ1Q481oWaofqH7nO6V07xlXwY6PhQdQ2IedWx/ZK4Q=="],
-
-    "spdx-license-ids": ["spdx-license-ids@3.0.22", "", {}, "sha512-4PRT4nh1EImPbt2jASOKHX7PB7I+e4IWNLvkKFDxNhJlfjbYlleYQh285Z/3mPTHSAK/AvdMmw5BNNuYH8ShgQ=="],
-
     "split-ca": ["split-ca@1.0.1", "", {}, "sha512-Q5thBSxp5t8WPTTJQS59LrGqOZqOsrhDGDVm8azCqIBjSBd7nd9o2PM+mDulQQkh8h//4U6hFZnc/mul8t5pWQ=="],
 
     "ssh2": ["ssh2@1.17.0", "", { "dependencies": { "asn1": "^0.2.6", "bcrypt-pbkdf": "^1.0.2" }, "optionalDependencies": { "cpu-features": "~0.0.10", "nan": "^2.23.0" } }, "sha512-wPldCk3asibAjQ/kziWQQt1Wh3PgDFpC0XpwclzKcdT1vql6KeYxf5LIt4nlFkUeR8WuphYMKqUA56X4rjbfgQ=="],
@@ -1103,14 +1036,10 @@
 
     "string-width": ["string-width@4.2.3", "", { "dependencies": { "emoji-regex": "^8.0.0", "is-fullwidth-code-point": "^3.0.0", "strip-ansi": "^6.0.1" } }, "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g=="],
 
-    "string-width-cjs": ["string-width@4.2.3", "", { "dependencies": { "emoji-regex": "^8.0.0", "is-fullwidth-code-point": "^3.0.0", "strip-ansi": "^6.0.1" } }, "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g=="],
-
     "string_decoder": ["string_decoder@1.3.0", "", { "dependencies": { "safe-buffer": "~5.2.0" } }, "sha512-hkRX8U1WjJFd8LsDJ2yQ/wWWxaopEsABU1XfkM8A+j0+85JAGppt16cr1Whg6KIbb4okU6Mql6BOj+uup/wKeA=="],
 
     "strip-ansi": ["strip-ansi@6.0.1", "", { "dependencies": { "ansi-regex": "^5.0.1" } }, "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A=="],
 
-    "strip-ansi-cjs": ["strip-ansi@6.0.1", "", { "dependencies": { "ansi-regex": "^5.0.1" } }, "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A=="],
-
     "tagged-tag": ["tagged-tag@1.0.0", "", {}, "sha512-yEFYrVhod+hdNyx7g5Bnkkb0G6si8HJurOoOEgC8B/O0uXLHlaey/65KRv6cuWBNhBgHKAROVpc7QyYqE5gFng=="],
 
     "tailwind-merge": ["tailwind-merge@3.4.0", "", {}, "sha512-uSaO4gnW+b3Y2aWoWfFpX62vn2sR3skfhbjsEnaBI81WD1wBLlHZe5sWf0AqjksNdYTbGBEd0UasQMT3SNV15g=="],
@@ -1171,15 +1100,11 @@
 
     "valibot": ["valibot@1.1.0", "", { "peerDependencies": { "typescript": ">=5" }, "optionalPeers": ["typescript"] }, "sha512-Nk8lX30Qhu+9txPYTwM0cFlWLdPFsFr6LblzqIySfbZph9+BFsAHsNvHOymEviUepeIW6KFHzpX8TKhbptBXXw=="],
 
-    "validate-npm-package-license": ["validate-npm-package-license@3.0.4", "", { "dependencies": { "spdx-correct": "^3.0.0", "spdx-expression-parse": "^3.0.0" } }, "sha512-DpKm2Ui/xN7/HQKCtpZxoRWBhZ9Z0kqtygG8XCgNQ8ZlDnxuQmWhj566j8fN4Cu3/JmbhsDo7fcAJq4s9h27Ew=="],
-
-    "validate-npm-package-name": ["validate-npm-package-name@5.0.1", "", {}, "sha512-OljLrQ9SQdOUqTaQxqL5dEfZWrXExyyWsozYlAWFawPVNuD83igl7uJD2RTkNMbniIYgt8l81eCJGIdQF7avLQ=="],
-
     "vary": ["vary@1.1.2", "", {}, "sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg=="],
 
     "victory-vendor": ["victory-vendor@37.3.6", "", { "dependencies": { "@types/d3-array": "^3.0.3", "@types/d3-ease": "^3.0.0", "@types/d3-interpolate": "^3.0.1", "@types/d3-scale": "^4.0.2", "@types/d3-shape": "^3.1.0", "@types/d3-time": "^3.0.0", "@types/d3-timer": "^3.0.0", "d3-array": "^3.1.6", "d3-ease": "^3.0.1", "d3-interpolate": "^3.0.1", "d3-scale": "^4.0.2", "d3-shape": "^3.1.0", "d3-time": "^3.0.0", "d3-timer": "^3.0.1" } }, "sha512-SbPDPdDBYp+5MJHhBCAyI7wKM3d5ivekigc2Dk2s7pgbZ9wIgIBYGVw4zGHBml/qTFbexrofXW6Gu4noGxrOwQ=="],
 
-    "vite": ["vite@7.2.2", "", { "dependencies": { "esbuild": "^0.25.0", "fdir": "^6.5.0", "picomatch": "^4.0.3", "postcss": "^8.5.6", "rollup": "^4.43.0", "tinyglobby": "^0.2.15" }, "optionalDependencies": { "fsevents": "~2.3.3" }, "peerDependencies": { "@types/node": "^20.19.0 || >=22.12.0", "jiti": ">=1.21.0", "less": "^4.0.0", "lightningcss": "^1.21.0", "sass": "^1.70.0", "sass-embedded": "^1.70.0", "stylus": ">=0.54.8", "sugarss": "^5.0.0", "terser": "^5.16.0", "tsx": "^4.8.1", "yaml": "^2.4.2" }, "optionalPeers": ["@types/node", "jiti", "less", "lightningcss", "sass", "sass-embedded", "stylus", "sugarss", "terser", "tsx", "yaml"], "bin": { "vite": "bin/vite.js" } }, "sha512-BxAKBWmIbrDgrokdGZH1IgkIk/5mMHDreLDmCJ0qpyJaAteP8NvMhkwr/ZCQNqNH97bw/dANTE9PDzqwJghfMQ=="],
+    "vite": ["vite@7.2.6", "", { "dependencies": { "esbuild": "^0.25.0", "fdir": "^6.5.0", "picomatch": "^4.0.3", "postcss": "^8.5.6", "rollup": "^4.43.0", "tinyglobby": "^0.2.15" }, "optionalDependencies": { "fsevents": "~2.3.3" }, "peerDependencies": { "@types/node": "^20.19.0 || >=22.12.0", "jiti": ">=1.21.0", "less": "^4.0.0", "lightningcss": "^1.21.0", "sass": "^1.70.0", "sass-embedded": "^1.70.0", "stylus": ">=0.54.8", "sugarss": "^5.0.0", "terser": "^5.16.0", "tsx": "^4.8.1", "yaml": "^2.4.2" }, "optionalPeers": ["@types/node", "jiti", "less", "lightningcss", "sass", "sass-embedded", "stylus", "sugarss", "terser", "tsx", "yaml"], "bin": { "vite": "bin/vite.js" } }, "sha512-tI2l/nFHC5rLh7+5+o7QjKjSR04ivXDF4jcgV0f/bTQ+OJiITy5S6gaynVsEM+7RqzufMnVbIon6Sr5x1SDYaQ=="],
 
     "vite-bundle-analyzer": ["vite-bundle-analyzer@1.2.3", "", { "bin": { "analyze": "dist/bin.js" } }, "sha512-8nhwDGHWMKKgg6oegAOpDgTT7/yzTVzeYzLF4y8WBJoYu9gO7h29UpHiQnXD2rAvfQzDy5Wqe/Za5cgqhnxi5g=="],
 
@@ -1187,27 +1112,23 @@
 
     "vite-tsconfig-paths": ["vite-tsconfig-paths@5.1.4", "", { "dependencies": { "debug": "^4.1.1", "globrex": "^0.1.2", "tsconfck": "^3.0.3" }, "peerDependencies": { "vite": "*" }, "optionalPeers": ["vite"] }, "sha512-cYj0LRuLV2c2sMqhqhGpaO3LretdtMn/BVX4cPLanIZuwwrkVl+lK84E/miEXkCHWXuq65rhNN4rXsBcOB3S4w=="],
 
-    "which": ["which@3.0.1", "", { "dependencies": { "isexe": "^2.0.0" }, "bin": { "node-which": "bin/which.js" } }, "sha512-XA1b62dzQzLfaEOSQFTCOd5KFf/1VSzZo7/7TUjnya6u0vGGKzU96UQBZTAThCb2j4/xjBAyii1OhRLJEivHvg=="],
-
     "winston": ["winston@3.18.3", "", { "dependencies": { "@colors/colors": "^1.6.0", "@dabh/diagnostics": "^2.0.8", "async": "^3.2.3", "is-stream": "^2.0.0", "logform": "^2.7.0", "one-time": "^1.0.0", "readable-stream": "^3.4.0", "safe-stable-stringify": "^2.3.1", "stack-trace": "0.0.x", "triple-beam": "^1.3.0", "winston-transport": "^4.9.0" } }, "sha512-NoBZauFNNWENgsnC9YpgyYwOVrl2m58PpQ8lNHjV3kosGs7KJ7Npk9pCUE+WJlawVSe8mykWDKWFSVfs3QO9ww=="],
 
     "winston-transport": ["winston-transport@4.9.0", "", { "dependencies": { "logform": "^2.7.0", "readable-stream": "^3.6.2", "triple-beam": "^1.3.0" } }, "sha512-8drMJ4rkgaPo1Me4zD/3WLfI/zPdA9o2IipKODunnGDcuqbHwjsbB79ylv04LCGGzU0xQ6vTznOMpQGaLhhm6A=="],
 
     "wrap-ansi": ["wrap-ansi@7.0.0", "", { "dependencies": { "ansi-styles": "^4.0.0", "string-width": "^4.1.0", "strip-ansi": "^6.0.0" } }, "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q=="],
 
-    "wrap-ansi-cjs": ["wrap-ansi@7.0.0", "", { "dependencies": { "ansi-styles": "^4.0.0", "string-width": "^4.1.0", "strip-ansi": "^6.0.0" } }, "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q=="],
-
     "wrappy": ["wrappy@1.0.2", "", {}, "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ=="],
 
     "ws": ["ws@8.18.3", "", { "peerDependencies": { "bufferutil": "^4.0.1", "utf-8-validate": ">=5.0.2" }, "optionalPeers": ["bufferutil", "utf-8-validate"] }, "sha512-PEIGCY5tSlUt50cqyMXfCzX+oOPqN0vuGqWzbcJ2xvnkzkq46oOpz7dQaTDBdfICb4N14+GARUDw2XV2N4tvzg=="],
 
-    "wsl-utils": ["wsl-utils@0.1.0", "", { "dependencies": { "is-wsl": "^3.1.0" } }, "sha512-h3Fbisa2nKGPxCpm89Hk33lBLsnaGBvctQopaBSOW/uIs6FTe1ATyAnKFJrzVs9vpGdsTe73WF3V4lIsk4Gacw=="],
+    "wsl-utils": ["wsl-utils@0.3.0", "", { "dependencies": { "is-wsl": "^3.1.0", "powershell-utils": "^0.1.0" } }, "sha512-3sFIGLiaDP7rTO4xh3g+b3AzhYDIUGGywE/WsmqzJWDxus5aJXVnPTNC/6L+r2WzrwXqVOdD262OaO+cEyPMSQ=="],
 
     "y18n": ["y18n@5.0.8", "", {}, "sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA=="],
 
     "yallist": ["yallist@3.1.1", "", {}, "sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g=="],
 
-    "yaml": ["yaml@2.8.1", "", { "bin": { "yaml": "bin.mjs" } }, "sha512-lcYcMxX2PO9XMGvAJkJ3OsNMw+/7FKes7/hgerGUYWIoWu5j/+YQqcZr5JnPZWzOsEBgMbSbiSTn/dv/69Mkpw=="],
+    "yaml": ["yaml@2.8.2", "", { "bin": { "yaml": "bin.mjs" } }, "sha512-mplynKqc1C2hTVYxd0PU2xQAc22TI1vShAYGksCCfxbn/dFwnHTNi1bvYsBTkhdUNtGIf5xNOg938rrSSYvS9A=="],
 
     "yargs": ["yargs@17.7.2", "", { "dependencies": { "cliui": "^8.0.1", "escalade": "^3.1.1", "get-caller-file": "^2.0.5", "require-directory": "^2.1.1", "string-width": "^4.2.3", "y18n": "^5.0.5", "yargs-parser": "^21.1.1" } }, "sha512-7dSzzRQ++CKnNI/krKnYRV7JKKPUXMEh61soaHKg9mrWEhzFWhFnxPxGl+69cD1Ou63C13NUPCnmIcrvqCuM6w=="],
 
@@ -1225,18 +1146,6 @@
 
     "@grpc/grpc-js/@grpc/proto-loader": ["@grpc/proto-loader@0.8.0", "", { "dependencies": { "lodash.camelcase": "^4.3.0", "long": "^5.0.0", "protobufjs": "^7.5.3", "yargs": "^17.7.2" }, "bin": { "proto-loader-gen-types": "build/bin/proto-loader-gen-types.js" } }, "sha512-rc1hOQtjIWGxcxpb9aHAfLpIctjEnsDehj0DAiVfBlmT84uvR0uUtN2hEi/ecvWVjXUGf5qPF4qEgiLOx1YIMQ=="],
 
-    "@isaacs/cliui/string-width": ["string-width@5.1.2", "", { "dependencies": { "eastasianwidth": "^0.2.0", "emoji-regex": "^9.2.2", "strip-ansi": "^7.0.1" } }, "sha512-HnLOCR3vjcY8beoNLtcjZ5/nxn2afmME6lhrDrebokqMap+XbeW8n9TXpPDOqdGK5qcI3oT0GKTW6wC7EMiVqA=="],
-
-    "@isaacs/cliui/strip-ansi": ["strip-ansi@7.1.2", "", { "dependencies": { "ansi-regex": "^6.0.1" } }, "sha512-gmBGslpoQJtgnMAvOVqGZpEz9dyoKTCzy2nfz/n8aIFhN/jCE/rCmcxabB6jOOHV+0WNnylOxaxBQPSvcWklhA=="],
-
-    "@isaacs/cliui/wrap-ansi": ["wrap-ansi@8.1.0", "", { "dependencies": { "ansi-styles": "^6.1.0", "string-width": "^5.0.1", "strip-ansi": "^7.0.1" } }, "sha512-si7QWI6zUMq56bESFvagtmzMdGOtoxfR+Sez11Mobfc7tm+VkUckk9bW2UeffTGVUbOksxmSw0AA2gs8g71NCQ=="],
-
-    "@npmcli/git/lru-cache": ["lru-cache@7.18.3", "", {}, "sha512-jumlc0BIUrS3qJGgIkWZsyfAM7NCWiBcCDhnd+3NNM5KbBmLTgHVfWBcg6W+rLUsIpzpERPsvwUP7CckAQSOoA=="],
-
-    "@npmcli/git/semver": ["semver@7.7.3", "", { "bin": { "semver": "bin/semver.js" } }, "sha512-SdsKMrI9TdgjdweUSR9MweHA4EJ8YxHn8DFaDisvhVlUOe4BF1tLD7GAj0lIqWVl+dPb/rExr0Btby5loQm20Q=="],
-
-    "@npmcli/package-json/semver": ["semver@7.7.3", "", { "bin": { "semver": "bin/semver.js" } }, "sha512-SdsKMrI9TdgjdweUSR9MweHA4EJ8YxHn8DFaDisvhVlUOe4BF1tLD7GAj0lIqWVl+dPb/rExr0Btby5loQm20Q=="],
-
     "@radix-ui/react-alert-dialog/@radix-ui/react-slot": ["@radix-ui/react-slot@1.2.3", "", { "dependencies": { "@radix-ui/react-compose-refs": "1.1.2" }, "peerDependencies": { "@types/react": "*", "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" }, "optionalPeers": ["@types/react"] }, "sha512-aeNmHnBxbi2St0au6VBVC7JXFlhLlOnvIIlePNniyUNAClzmtAUEY8/pBiK3iHjufOlwA+c20/8jngo7xcrg8A=="],
 
     "@radix-ui/react-collection/@radix-ui/react-slot": ["@radix-ui/react-slot@1.2.3", "", { "dependencies": { "@radix-ui/react-compose-refs": "1.1.2" }, "peerDependencies": { "@types/react": "*", "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" }, "optionalPeers": ["@types/react"] }, "sha512-aeNmHnBxbi2St0au6VBVC7JXFlhLlOnvIIlePNniyUNAClzmtAUEY8/pBiK3iHjufOlwA+c20/8jngo7xcrg8A=="],
@@ -1279,8 +1188,6 @@
 
     "ansi-styles/color-convert": ["color-convert@2.0.1", "", { "dependencies": { "color-name": "~1.1.4" } }, "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ=="],
 
-    "arkregex/@ark/util": ["@ark/util@0.53.0", "", {}, "sha512-TGn4gLlA6dJcQiqrtCtd88JhGb2XBHo6qIejsDre+nxpGuUVW4G3YZGVrwjNBTO0EyR+ykzIo4joHJzOj+/cpA=="],
-
     "basic-auth/safe-buffer": ["safe-buffer@5.1.2", "", {}, "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="],
 
     "body-parser/debug": ["debug@2.6.9", "", { "dependencies": { "ms": "2.0.0" } }, "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA=="],
@@ -1289,8 +1196,6 @@
 
     "compression/debug": ["debug@2.6.9", "", { "dependencies": { "ms": "2.0.0" } }, "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA=="],
 
-    "cross-spawn/which": ["which@2.0.2", "", { "dependencies": { "isexe": "^2.0.0" }, "bin": { "node-which": "./bin/node-which" } }, "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA=="],
-
     "express/cookie": ["cookie@0.7.1", "", {}, "sha512-6DnInpx7SJ2AK3+CTUE/ZM0vWTUboZCegxhC2xiIydHR9jNuTAASBrfEpHhiGOZw/nX51bHt6YQl8jsGo4y/0w=="],
 
     "express/debug": ["debug@2.6.9", "", { "dependencies": { "ms": "2.0.0" } }, "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA=="],
@@ -1299,26 +1204,14 @@
 
     "giget/pathe": ["pathe@2.0.3", "", {}, "sha512-WUjGcAqP1gQacoQe+OBJsFA7Ld4DyXuUIjZ5cc75cLHvJ7dtNsTugphxIADwspS+AraAUePCKrSVtPLFj/F88w=="],
 
-    "hosted-git-info/lru-cache": ["lru-cache@7.18.3", "", {}, "sha512-jumlc0BIUrS3qJGgIkWZsyfAM7NCWiBcCDhnd+3NNM5KbBmLTgHVfWBcg6W+rLUsIpzpERPsvwUP7CckAQSOoA=="],
-
     "mime-types/mime-db": ["mime-db@1.52.0", "", {}, "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg=="],
 
     "morgan/debug": ["debug@2.6.9", "", { "dependencies": { "ms": "2.0.0" } }, "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA=="],
 
     "morgan/on-finished": ["on-finished@2.3.0", "", { "dependencies": { "ee-first": "1.1.1" } }, "sha512-ikqdkGAAyf/X/gPhXGvfgAytDZtDbr+bkNUJ0N9h5MI/dmdgCs3l6hoHrcUv41sRKew3jIwrp4qQDXiK99Utww=="],
 
-    "normalize-package-data/semver": ["semver@7.7.3", "", { "bin": { "semver": "bin/semver.js" } }, "sha512-SdsKMrI9TdgjdweUSR9MweHA4EJ8YxHn8DFaDisvhVlUOe4BF1tLD7GAj0lIqWVl+dPb/rExr0Btby5loQm20Q=="],
-
-    "npm-install-checks/semver": ["semver@7.7.3", "", { "bin": { "semver": "bin/semver.js" } }, "sha512-SdsKMrI9TdgjdweUSR9MweHA4EJ8YxHn8DFaDisvhVlUOe4BF1tLD7GAj0lIqWVl+dPb/rExr0Btby5loQm20Q=="],
-
-    "npm-package-arg/semver": ["semver@7.7.3", "", { "bin": { "semver": "bin/semver.js" } }, "sha512-SdsKMrI9TdgjdweUSR9MweHA4EJ8YxHn8DFaDisvhVlUOe4BF1tLD7GAj0lIqWVl+dPb/rExr0Btby5loQm20Q=="],
-
-    "npm-pick-manifest/semver": ["semver@7.7.3", "", { "bin": { "semver": "bin/semver.js" } }, "sha512-SdsKMrI9TdgjdweUSR9MweHA4EJ8YxHn8DFaDisvhVlUOe4BF1tLD7GAj0lIqWVl+dPb/rExr0Btby5loQm20Q=="],
-
     "nypm/pathe": ["pathe@2.0.3", "", {}, "sha512-WUjGcAqP1gQacoQe+OBJsFA7Ld4DyXuUIjZ5cc75cLHvJ7dtNsTugphxIADwspS+AraAUePCKrSVtPLFj/F88w=="],
 
-    "path-scurry/lru-cache": ["lru-cache@10.4.3", "", {}, "sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ=="],
-
     "pkg-types/pathe": ["pathe@2.0.3", "", {}, "sha512-WUjGcAqP1gQacoQe+OBJsFA7Ld4DyXuUIjZ5cc75cLHvJ7dtNsTugphxIADwspS+AraAUePCKrSVtPLFj/F88w=="],
 
     "react-router-hono-server/@drizzle-team/brocli": ["@drizzle-team/brocli@0.11.0", "", {}, "sha512-hD3pekGiPg0WPCCGAZmusBBJsDqGUR66Y452YgQsZOnkdQ7ViEPKuyP4huUGEZQefp8g34RRodXYmJ2TbCH+tg=="],
@@ -1329,6 +1222,8 @@
 
     "vite-node/pathe": ["pathe@2.0.3", "", {}, "sha512-WUjGcAqP1gQacoQe+OBJsFA7Ld4DyXuUIjZ5cc75cLHvJ7dtNsTugphxIADwspS+AraAUePCKrSVtPLFj/F88w=="],
 
+    "vite-node/vite": ["vite@7.2.2", "", { "dependencies": { "esbuild": "^0.25.0", "fdir": "^6.5.0", "picomatch": "^4.0.3", "postcss": "^8.5.6", "rollup": "^4.43.0", "tinyglobby": "^0.2.15" }, "optionalDependencies": { "fsevents": "~2.3.3" }, "peerDependencies": { "@types/node": "^20.19.0 || >=22.12.0", "jiti": ">=1.21.0", "less": "^4.0.0", "lightningcss": "^1.21.0", "sass": "^1.70.0", "sass-embedded": "^1.70.0", "stylus": ">=0.54.8", "sugarss": "^5.0.0", "terser": "^5.16.0", "tsx": "^4.8.1", "yaml": "^2.4.2" }, "optionalPeers": ["@types/node", "jiti", "less", "lightningcss", "sass", "sass-embedded", "stylus", "sugarss", "terser", "tsx", "yaml"], "bin": { "vite": "bin/vite.js" } }, "sha512-BxAKBWmIbrDgrokdGZH1IgkIk/5mMHDreLDmCJ0qpyJaAteP8NvMhkwr/ZCQNqNH97bw/dANTE9PDzqwJghfMQ=="],
+
     "@esbuild-kit/core-utils/esbuild/@esbuild/android-arm": ["@esbuild/android-arm@0.18.20", "", { "os": "android", "cpu": "arm" }, "sha512-fyi7TDI/ijKKNZTUJAQqiG5T7YjJXgnzkURqmGj13C6dCqckZBLdl4h7bkhHt/t0WP+zO9/zwroDvANaOqO5Sw=="],
 
     "@esbuild-kit/core-utils/esbuild/@esbuild/android-arm64": ["@esbuild/android-arm64@0.18.20", "", { "os": "android", "cpu": "arm64" }, "sha512-Nz4rJcchGDtENV0eMKUNa6L12zz2zBDXuhj/Vjh18zGqB44Bi7MBMSXjgunJgjRhCmKOjnPuZp4Mb6OKqtMHLQ=="],
@@ -1373,12 +1268,6 @@
 
     "@esbuild-kit/core-utils/esbuild/@esbuild/win32-x64": ["@esbuild/win32-x64@0.18.20", "", { "os": "win32", "cpu": "x64" }, "sha512-kTdfRcSiDfQca/y9QIkng02avJ+NCaQvrMejlsB3RRv5sE9rRoeBPISaZpKxHELzRxZyLvNts1P27W3wV+8geQ=="],
 
-    "@isaacs/cliui/string-width/emoji-regex": ["emoji-regex@9.2.2", "", {}, "sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg=="],
-
-    "@isaacs/cliui/strip-ansi/ansi-regex": ["ansi-regex@6.2.2", "", {}, "sha512-Bq3SmSpyFHaWjPk8If9yc6svM8c56dB5BAtW4Qbw5jHTwwXXcTLoRMkpDJp6VL0XzlWaCHTXrkFURMYmD0sLqg=="],
-
-    "@isaacs/cliui/wrap-ansi/ansi-styles": ["ansi-styles@6.2.3", "", {}, "sha512-4Dj6M28JB+oAH8kFkTLUo+a2jwOFkuqb3yucU0CANcRRUbxS0cP0nZYCGjcc3BNXwRIsUVmDGgzawme7zvJHvg=="],
-
     "@types/ssh2/@types/node/undici-types": ["undici-types@5.26.5", "", {}, "sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA=="],
 
     "ansi-styles/color-convert/color-name": ["color-name@1.1.4", "", {}, "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="],
diff --git a/docker-compose.yml b/docker-compose.yml
index 2478d6bf..689f167b 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -41,3 +41,4 @@ services:
       - /var/lib/zerobyte:/var/lib/zerobyte:rshared
       - /run/docker/plugins:/run/docker/plugins
       - /var/run/docker.sock:/var/run/docker.sock
+      - ~/.config/rclone:/root/.config/rclone
diff --git a/package.json b/package.json
index 79bf8317..a7872574 100644
--- a/package.json
+++ b/package.json
@@ -2,14 +2,14 @@
 	"name": "zerobyte",
 	"private": true,
 	"type": "module",
-	"packageManager": "bun@1.3.1",
+	"packageManager": "bun@1.3.3",
 	"scripts": {
 		"build": "react-router build",
 		"dev": "bunx --bun vite",
 		"start": "bun ./dist/server/index.js",
 		"tsc": "react-router typegen && tsc",
 		"lint": "biome check .",
-		"lint:ci": "biome check . --ci",
+		"lint:ci": "biome ci . --changed --error-on-warnings --no-errors-on-unmatched",
 		"start:dev": "docker compose down && docker compose up --build zerobyte-dev",
 		"start:prod": "docker compose down && docker compose up --build zerobyte-prod",
 		"gen:api-client": "openapi-ts",
@@ -17,25 +17,25 @@
 		"studio": "drizzle-kit studio"
 	},
 	"dependencies": {
-		"@hono/standard-validator": "^0.1.5",
+		"@hono/standard-validator": "^0.2.0",
 		"@hookform/resolvers": "^5.2.2",
 		"@radix-ui/react-alert-dialog": "^1.1.15",
 		"@radix-ui/react-checkbox": "^1.3.3",
 		"@radix-ui/react-dialog": "^1.1.15",
-		"@radix-ui/react-label": "^2.1.7",
+		"@radix-ui/react-label": "^2.1.8",
 		"@radix-ui/react-progress": "^1.1.8",
 		"@radix-ui/react-scroll-area": "^1.2.10",
 		"@radix-ui/react-select": "^2.2.6",
-		"@radix-ui/react-separator": "^1.1.7",
-		"@radix-ui/react-slot": "^1.2.3",
+		"@radix-ui/react-separator": "^1.1.8",
+		"@radix-ui/react-slot": "^1.2.4",
 		"@radix-ui/react-switch": "^1.2.6",
 		"@radix-ui/react-tabs": "^1.1.13",
 		"@radix-ui/react-tooltip": "^1.2.8",
-		"@react-router/node": "^7.9.3",
-		"@react-router/serve": "^7.9.3",
-		"@scalar/hono-api-reference": "^0.9.24",
-		"@tanstack/react-query": "^5.90.2",
-		"arktype": "^2.1.26",
+		"@react-router/node": "^7.10.0",
+		"@react-router/serve": "^7.10.0",
+		"@scalar/hono-api-reference": "^0.9.25",
+		"@tanstack/react-query": "^5.90.11",
+		"arktype": "^2.1.28",
 		"class-variance-authority": "^0.7.1",
 		"clsx": "^2.1.1",
 		"cron-parser": "^5.4.0",
@@ -44,45 +44,45 @@
 		"dockerode": "^4.0.9",
 		"dotenv": "^17.2.3",
 		"drizzle-orm": "^0.44.7",
-		"es-toolkit": "^1.41.0",
-		"hono": "^4.10.5",
+		"es-toolkit": "^1.42.0",
+		"hono": "4.10.5",
 		"hono-openapi": "^1.1.1",
-		"http-errors-enhanced": "^3.0.2",
-		"isbot": "^5.1.31",
-		"lucide-react": "^0.546.0",
+		"http-errors-enhanced": "^4.0.2",
+		"isbot": "^5.1.32",
+		"lucide-react": "^0.555.0",
 		"next-themes": "^0.4.6",
 		"node-cron": "^4.2.1",
-		"react": "^19.2.0",
-		"react-dom": "^19.2.0",
-		"react-hook-form": "^7.63.0",
-		"react-router": "^7.9.3",
+		"react": "^19.2.1",
+		"react-dom": "^19.2.1",
+		"react-hook-form": "^7.68.0",
+		"react-router": "^7.10.0",
 		"react-router-hono-server": "^2.22.0",
-		"recharts": "3.2.1",
+		"recharts": "3.5.1",
 		"slugify": "^1.6.6",
 		"sonner": "^2.0.7",
-		"tailwind-merge": "^3.3.1",
+		"tailwind-merge": "^3.4.0",
 		"tiny-typed-emitter": "^2.1.0",
 		"winston": "^3.18.3",
-		"yaml": "^2.8.1"
+		"yaml": "^2.8.2"
 	},
 	"devDependencies": {
-		"@biomejs/biome": "^2.3.5",
-		"@hey-api/openapi-ts": "^0.87.4",
-		"@react-router/dev": "^7.9.3",
-		"@tailwindcss/vite": "^4.1.14",
-		"@tanstack/react-query-devtools": "^5.90.2",
-		"@types/bun": "^1.3.2",
-		"@types/dockerode": "^3.3.45",
-		"@types/node": "^24.6.2",
-		"@types/react": "^19.2.0",
-		"@types/react-dom": "^19.2.0",
-		"drizzle-kit": "^0.31.6",
+		"@biomejs/biome": "^2.3.8",
+		"@hey-api/openapi-ts": "^0.88.0",
+		"@react-router/dev": "^7.10.0",
+		"@tailwindcss/vite": "^4.1.17",
+		"@tanstack/react-query-devtools": "^5.91.1",
+		"@types/bun": "^1.3.3",
+		"@types/dockerode": "^3.3.47",
+		"@types/node": "^24.10.1",
+		"@types/react": "^19.2.7",
+		"@types/react-dom": "^19.2.3",
+		"drizzle-kit": "^0.31.7",
 		"lightningcss": "^1.30.2",
-		"tailwindcss": "^4.1.14",
+		"tailwindcss": "^4.1.17",
 		"tinyglobby": "^0.2.15",
 		"tw-animate-css": "^1.4.0",
 		"typescript": "^5.9.3",
-		"vite": "^7.1.9",
+		"vite": "^7.2.6",
 		"vite-bundle-analyzer": "^1.2.3",
 		"vite-tsconfig-paths": "^5.1.4"
 	}

From 764b64cc25aa90524483cc005ed62391fb7e245d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= <jakub.travnik@gmail.com>
Date: Wed, 17 Dec 2025 17:08:51 +0100
Subject: [PATCH 38/49] Merge remote-tracking branch 'upstream/main' into
 config-export-feature

---
 .dockerignore                                 |   2 +-
 .gitignore                                    |   1 +
 README.md                                     |   8 +-
 app/app.css                                   |   6 +
 .../api-client/@tanstack/react-query.gen.ts   |  21 +-
 app/client/api-client/client.gen.ts           |   2 +-
 app/client/api-client/sdk.gen.ts              |  16 +-
 app/client/api-client/types.gen.ts            |  22 +-
 app/client/components/sortable-card.tsx       |  34 +
 app/client/components/ui/secret-input.tsx     |  59 ++
 .../backups/components/backup-card.tsx        |  54 ++
 app/client/modules/backups/routes/backups.tsx | 141 +--
 .../components/create-notification-form.tsx   |  11 +-
 .../components/create-repository-form.tsx     |   7 +-
 .../azure-repository-form.tsx                 |   3 +-
 .../repository-forms/r2-repository-form.tsx   |   3 +-
 .../repository-forms/rest-repository-form.tsx |   3 +-
 .../repository-forms/s3-repository-form.tsx   |   3 +-
 .../components/volume-forms/smb-form.tsx      |   3 +-
 .../components/volume-forms/webdav-form.tsx   |   3 +-
 app/drizzle/0022_woozy_shen.sql               |   1 +
 app/drizzle/meta/0022_snapshot.json           | 831 ++++++++++++++++++
 app/drizzle/meta/_journal.json                |   7 +
 app/server/core/config.ts                     |   2 +
 app/server/db/schema.ts                       |   1 +
 app/server/index.ts                           |  26 +-
 .../modules/backends/smb/smb-backend.ts       |   2 +-
 .../modules/backends/webdav/webdav-backend.ts |   2 +-
 .../modules/backups/backups.controller.ts     |  10 +
 app/server/modules/backups/backups.dto.ts     |  31 +
 app/server/modules/backups/backups.service.ts |  34 +-
 .../notifications/notifications.service.ts    |  32 +-
 .../repositories/repositories.service.ts      |  16 +-
 app/server/modules/volumes/volume.service.ts  |   4 +-
 app/server/utils/backend-compatibility.ts     |  24 +-
 app/server/utils/crypto.ts                    | 124 ++-
 app/server/utils/fs.ts                        |   8 +
 app/server/utils/restic.ts                    |  20 +-
 bun.lock                                      |  11 +
 docker-compose.yml                            |   7 +
 openapi-ts.config.ts                          |   3 +-
 package.json                                  |   3 +
 42 files changed, 1453 insertions(+), 148 deletions(-)
 create mode 100644 app/client/components/sortable-card.tsx
 create mode 100644 app/client/components/ui/secret-input.tsx
 create mode 100644 app/client/modules/backups/components/backup-card.tsx
 create mode 100644 app/drizzle/0022_woozy_shen.sql
 create mode 100644 app/drizzle/meta/0022_snapshot.json
 create mode 100644 app/server/utils/fs.ts

diff --git a/.dockerignore b/.dockerignore
index 9980d983..d2d3fe67 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,4 +1,4 @@
-*
+**
 
 !turbo.json
 !bun.lock
diff --git a/.gitignore b/.gitignore
index 9f32df66..99880c84 100644
--- a/.gitignore
+++ b/.gitignore
@@ -12,3 +12,4 @@ CLAUDE.md
 
 mutagen.yml.lock
 notes.md
+smb-password.txt
diff --git a/README.md b/README.md
index 87289812..f05ece02 100644
--- a/README.md
+++ b/README.md
@@ -40,7 +40,7 @@ In order to run Zerobyte, you need to have Docker and Docker Compose installed o
 ```yaml
 services:
   zerobyte:
-    image: ghcr.io/nicotsx/zerobyte:v0.18
+    image: ghcr.io/nicotsx/zerobyte:v0.19
     container_name: zerobyte
     restart: unless-stopped
     cap_add:
@@ -74,7 +74,7 @@ If you only need to back up locally mounted folders and don't require remote sha
 ```yaml
 services:
   zerobyte:
-    image: ghcr.io/nicotsx/zerobyte:v0.18
+    image: ghcr.io/nicotsx/zerobyte:v0.19
     container_name: zerobyte
     restart: unless-stopped
     ports:
@@ -106,7 +106,7 @@ If you want to track a local directory on the same server where Zerobyte is runn
 ```diff
 services:
   zerobyte:
-    image: ghcr.io/nicotsx/zerobyte:v0.18
+    image: ghcr.io/nicotsx/zerobyte:v0.19
     container_name: zerobyte
     restart: unless-stopped
     cap_add:
@@ -174,7 +174,7 @@ Zerobyte can use [rclone](https://rclone.org/) to support 40+ cloud storage prov
    ```diff
    services:
      zerobyte:
-       image: ghcr.io/nicotsx/zerobyte:v0.18
+       image: ghcr.io/nicotsx/zerobyte:v0.19
        container_name: zerobyte
        restart: unless-stopped
        cap_add:
diff --git a/app/app.css b/app/app.css
index c12eee55..c84370ed 100644
--- a/app/app.css
+++ b/app/app.css
@@ -173,3 +173,9 @@ body {
 		--chart-5: oklch(0.645 0.246 16.439);
 	}
 }
+
+/* Hide built-in password reveal/clear controls (notably in Edge on Windows) */
+[data-secret-input] input[type="password"]::-ms-reveal,
+[data-secret-input] input[type="password"]::-ms-clear {
+	display: none;
+}
diff --git a/app/client/api-client/@tanstack/react-query.gen.ts b/app/client/api-client/@tanstack/react-query.gen.ts
index 9ac74633..88863b10 100644
--- a/app/client/api-client/@tanstack/react-query.gen.ts
+++ b/app/client/api-client/@tanstack/react-query.gen.ts
@@ -3,8 +3,8 @@
 import { type DefaultError, queryOptions, type UseMutationOptions } from '@tanstack/react-query';
 
 import { client } from '../client.gen';
-import { browseFilesystem, changePassword, createBackupSchedule, createNotificationDestination, createRepository, createVolume, deleteBackupSchedule, deleteNotificationDestination, deleteRepository, deleteSnapshot, deleteVolume, doctorRepository, downloadResticPassword, exportFullConfig, getBackupSchedule, getBackupScheduleForVolume, getMe, getMirrorCompatibility, getNotificationDestination, getRepository, getScheduleMirrors, getScheduleNotifications, getSnapshotDetails, getStatus, getSystemInfo, getVolume, healthCheckVolume, listBackupSchedules, listFiles, listNotificationDestinations, listRcloneRemotes, listRepositories, listSnapshotFiles, listSnapshots, listVolumes, login, logout, mountVolume, type Options, register, restoreSnapshot, runBackupNow, runForget, stopBackup, testConnection, testNotificationDestination, unmountVolume, updateBackupSchedule, updateNotificationDestination, updateRepository, updateScheduleMirrors, updateScheduleNotifications, updateVolume } from '../sdk.gen';
-import type { BrowseFilesystemData, BrowseFilesystemResponse, ChangePasswordData, ChangePasswordResponse, CreateBackupScheduleData, CreateBackupScheduleResponse, CreateNotificationDestinationData, CreateNotificationDestinationResponse, CreateRepositoryData, CreateRepositoryResponse, CreateVolumeData, CreateVolumeResponse, DeleteBackupScheduleData, DeleteBackupScheduleResponse, DeleteNotificationDestinationData, DeleteNotificationDestinationResponse, DeleteRepositoryData, DeleteRepositoryResponse, DeleteSnapshotData, DeleteSnapshotResponse, DeleteVolumeData, DeleteVolumeResponse, DoctorRepositoryData, DoctorRepositoryResponse, DownloadResticPasswordData, DownloadResticPasswordResponse, ExportFullConfigData, ExportFullConfigError, ExportFullConfigResponse, GetBackupScheduleData, GetBackupScheduleForVolumeData, GetBackupScheduleForVolumeResponse, GetBackupScheduleResponse, GetMeData, GetMeResponse, GetMirrorCompatibilityData, GetMirrorCompatibilityResponse, GetNotificationDestinationData, GetNotificationDestinationResponse, GetRepositoryData, GetRepositoryResponse, GetScheduleMirrorsData, GetScheduleMirrorsResponse, GetScheduleNotificationsData, GetScheduleNotificationsResponse, GetSnapshotDetailsData, GetSnapshotDetailsResponse, GetStatusData, GetStatusResponse, GetSystemInfoData, GetSystemInfoResponse, GetVolumeData, GetVolumeResponse, HealthCheckVolumeData, HealthCheckVolumeResponse, ListBackupSchedulesData, ListBackupSchedulesResponse, ListFilesData, ListFilesResponse, ListNotificationDestinationsData, ListNotificationDestinationsResponse, ListRcloneRemotesData, ListRcloneRemotesResponse, ListRepositoriesData, ListRepositoriesResponse, ListSnapshotFilesData, ListSnapshotFilesResponse, ListSnapshotsData, ListSnapshotsResponse, ListVolumesData, ListVolumesResponse, LoginData, LoginResponse, LogoutData, LogoutResponse, MountVolumeData, MountVolumeResponse, RegisterData, RegisterResponse, RestoreSnapshotData, RestoreSnapshotResponse, RunBackupNowData, RunBackupNowResponse, RunForgetData, RunForgetResponse, StopBackupData, StopBackupResponse, TestConnectionData, TestConnectionResponse, TestNotificationDestinationData, TestNotificationDestinationResponse, UnmountVolumeData, UnmountVolumeResponse, UpdateBackupScheduleData, UpdateBackupScheduleResponse, UpdateNotificationDestinationData, UpdateNotificationDestinationResponse, UpdateRepositoryData, UpdateRepositoryResponse, UpdateScheduleMirrorsData, UpdateScheduleMirrorsResponse, UpdateScheduleNotificationsData, UpdateScheduleNotificationsResponse, UpdateVolumeData, UpdateVolumeResponse } from '../types.gen';
+import { browseFilesystem, changePassword, createBackupSchedule, createNotificationDestination, createRepository, createVolume, deleteBackupSchedule, deleteNotificationDestination, deleteRepository, deleteSnapshot, deleteVolume, doctorRepository, downloadResticPassword, exportFullConfig, getBackupSchedule, getBackupScheduleForVolume, getMe, getMirrorCompatibility, getNotificationDestination, getRepository, getScheduleMirrors, getScheduleNotifications, getSnapshotDetails, getStatus, getSystemInfo, getVolume, healthCheckVolume, listBackupSchedules, listFiles, listNotificationDestinations, listRcloneRemotes, listRepositories, listSnapshotFiles, listSnapshots, listVolumes, login, logout, mountVolume, type Options, register, reorderBackupSchedules, restoreSnapshot, runBackupNow, runForget, stopBackup, testConnection, testNotificationDestination, unmountVolume, updateBackupSchedule, updateNotificationDestination, updateRepository, updateScheduleMirrors, updateScheduleNotifications, updateVolume } from '../sdk.gen';
+import type { BrowseFilesystemData, BrowseFilesystemResponse, ChangePasswordData, ChangePasswordResponse, CreateBackupScheduleData, CreateBackupScheduleResponse, CreateNotificationDestinationData, CreateNotificationDestinationResponse, CreateRepositoryData, CreateRepositoryResponse, CreateVolumeData, CreateVolumeResponse, DeleteBackupScheduleData, DeleteBackupScheduleResponse, DeleteNotificationDestinationData, DeleteNotificationDestinationResponse, DeleteRepositoryData, DeleteRepositoryResponse, DeleteSnapshotData, DeleteSnapshotResponse, DeleteVolumeData, DeleteVolumeResponse, DoctorRepositoryData, DoctorRepositoryResponse, DownloadResticPasswordData, DownloadResticPasswordResponse, ExportFullConfigData, ExportFullConfigError, ExportFullConfigResponse, GetBackupScheduleData, GetBackupScheduleForVolumeData, GetBackupScheduleForVolumeResponse, GetBackupScheduleResponse, GetMeData, GetMeResponse, GetMirrorCompatibilityData, GetMirrorCompatibilityResponse, GetNotificationDestinationData, GetNotificationDestinationResponse, GetRepositoryData, GetRepositoryResponse, GetScheduleMirrorsData, GetScheduleMirrorsResponse, GetScheduleNotificationsData, GetScheduleNotificationsResponse, GetSnapshotDetailsData, GetSnapshotDetailsResponse, GetStatusData, GetStatusResponse, GetSystemInfoData, GetSystemInfoResponse, GetVolumeData, GetVolumeResponse, HealthCheckVolumeData, HealthCheckVolumeResponse, ListBackupSchedulesData, ListBackupSchedulesResponse, ListFilesData, ListFilesResponse, ListNotificationDestinationsData, ListNotificationDestinationsResponse, ListRcloneRemotesData, ListRcloneRemotesResponse, ListRepositoriesData, ListRepositoriesResponse, ListSnapshotFilesData, ListSnapshotFilesResponse, ListSnapshotsData, ListSnapshotsResponse, ListVolumesData, ListVolumesResponse, LoginData, LoginResponse, LogoutData, LogoutResponse, MountVolumeData, MountVolumeResponse, RegisterData, RegisterResponse, ReorderBackupSchedulesData, ReorderBackupSchedulesResponse, RestoreSnapshotData, RestoreSnapshotResponse, RunBackupNowData, RunBackupNowResponse, RunForgetData, RunForgetResponse, StopBackupData, StopBackupResponse, TestConnectionData, TestConnectionResponse, TestNotificationDestinationData, TestNotificationDestinationResponse, UnmountVolumeData, UnmountVolumeResponse, UpdateBackupScheduleData, UpdateBackupScheduleResponse, UpdateNotificationDestinationData, UpdateNotificationDestinationResponse, UpdateRepositoryData, UpdateRepositoryResponse, UpdateScheduleMirrorsData, UpdateScheduleMirrorsResponse, UpdateScheduleNotificationsData, UpdateScheduleNotificationsResponse, UpdateVolumeData, UpdateVolumeResponse } from '../types.gen';
 
 /**
  * Register a new user
@@ -790,6 +790,23 @@ export const getMirrorCompatibilityOptions = (options: Options<GetMirrorCompatib
     queryKey: getMirrorCompatibilityQueryKey(options)
 });
 
+/**
+ * Reorder backup schedules by providing an array of schedule IDs in the desired order
+ */
+export const reorderBackupSchedulesMutation = (options?: Partial<Options<ReorderBackupSchedulesData>>): UseMutationOptions<ReorderBackupSchedulesResponse, DefaultError, Options<ReorderBackupSchedulesData>> => {
+    const mutationOptions: UseMutationOptions<ReorderBackupSchedulesResponse, DefaultError, Options<ReorderBackupSchedulesData>> = {
+        mutationFn: async (fnOptions) => {
+            const { data } = await reorderBackupSchedules({
+                ...options,
+                ...fnOptions,
+                throwOnError: true
+            });
+            return data;
+        }
+    };
+    return mutationOptions;
+};
+
 export const listNotificationDestinationsQueryKey = (options?: Options<ListNotificationDestinationsData>) => createQueryKey("listNotificationDestinations", options);
 
 /**
diff --git a/app/client/api-client/client.gen.ts b/app/client/api-client/client.gen.ts
index 50c3a3f5..d648343f 100644
--- a/app/client/api-client/client.gen.ts
+++ b/app/client/api-client/client.gen.ts
@@ -14,5 +14,5 @@ import type { ClientOptions as ClientOptions2 } from './types.gen';
 export type CreateClientConfig<T extends ClientOptions = ClientOptions2> = (override?: Config<ClientOptions & T>) => Config<Required<ClientOptions> & T>;
 
 export const client = createClient(createConfig<ClientOptions2>({
-    baseUrl: 'http://192.168.2.42:4096'
+    baseUrl: 'http://localhost:4096'
 }));
diff --git a/app/client/api-client/sdk.gen.ts b/app/client/api-client/sdk.gen.ts
index 33f82659..a682452f 100644
--- a/app/client/api-client/sdk.gen.ts
+++ b/app/client/api-client/sdk.gen.ts
@@ -2,7 +2,7 @@
 
 import type { Client, Options as Options2, TDataShape } from './client';
 import { client } from './client.gen';
-import type { BrowseFilesystemData, BrowseFilesystemResponses, ChangePasswordData, ChangePasswordResponses, CreateBackupScheduleData, CreateBackupScheduleResponses, CreateNotificationDestinationData, CreateNotificationDestinationResponses, CreateRepositoryData, CreateRepositoryResponses, CreateVolumeData, CreateVolumeResponses, DeleteBackupScheduleData, DeleteBackupScheduleResponses, DeleteNotificationDestinationData, DeleteNotificationDestinationErrors, DeleteNotificationDestinationResponses, DeleteRepositoryData, DeleteRepositoryResponses, DeleteSnapshotData, DeleteSnapshotResponses, DeleteVolumeData, DeleteVolumeResponses, DoctorRepositoryData, DoctorRepositoryResponses, DownloadResticPasswordData, DownloadResticPasswordResponses, ExportFullConfigData, ExportFullConfigErrors, ExportFullConfigResponses, GetBackupScheduleData, GetBackupScheduleForVolumeData, GetBackupScheduleForVolumeResponses, GetBackupScheduleResponses, GetMeData, GetMeResponses, GetMirrorCompatibilityData, GetMirrorCompatibilityResponses, GetNotificationDestinationData, GetNotificationDestinationErrors, GetNotificationDestinationResponses, GetRepositoryData, GetRepositoryResponses, GetScheduleMirrorsData, GetScheduleMirrorsResponses, GetScheduleNotificationsData, GetScheduleNotificationsResponses, GetSnapshotDetailsData, GetSnapshotDetailsResponses, GetStatusData, GetStatusResponses, GetSystemInfoData, GetSystemInfoResponses, GetVolumeData, GetVolumeErrors, GetVolumeResponses, HealthCheckVolumeData, HealthCheckVolumeErrors, HealthCheckVolumeResponses, ListBackupSchedulesData, ListBackupSchedulesResponses, ListFilesData, ListFilesResponses, ListNotificationDestinationsData, ListNotificationDestinationsResponses, ListRcloneRemotesData, ListRcloneRemotesResponses, ListRepositoriesData, ListRepositoriesResponses, ListSnapshotFilesData, ListSnapshotFilesResponses, ListSnapshotsData, ListSnapshotsResponses, ListVolumesData, ListVolumesResponses, LoginData, LoginResponses, LogoutData, LogoutResponses, MountVolumeData, MountVolumeResponses, RegisterData, RegisterResponses, RestoreSnapshotData, RestoreSnapshotResponses, RunBackupNowData, RunBackupNowResponses, RunForgetData, RunForgetResponses, StopBackupData, StopBackupErrors, StopBackupResponses, TestConnectionData, TestConnectionResponses, TestNotificationDestinationData, TestNotificationDestinationErrors, TestNotificationDestinationResponses, UnmountVolumeData, UnmountVolumeResponses, UpdateBackupScheduleData, UpdateBackupScheduleResponses, UpdateNotificationDestinationData, UpdateNotificationDestinationErrors, UpdateNotificationDestinationResponses, UpdateRepositoryData, UpdateRepositoryErrors, UpdateRepositoryResponses, UpdateScheduleMirrorsData, UpdateScheduleMirrorsResponses, UpdateScheduleNotificationsData, UpdateScheduleNotificationsResponses, UpdateVolumeData, UpdateVolumeErrors, UpdateVolumeResponses } from './types.gen';
+import type { BrowseFilesystemData, BrowseFilesystemResponses, ChangePasswordData, ChangePasswordResponses, CreateBackupScheduleData, CreateBackupScheduleResponses, CreateNotificationDestinationData, CreateNotificationDestinationResponses, CreateRepositoryData, CreateRepositoryResponses, CreateVolumeData, CreateVolumeResponses, DeleteBackupScheduleData, DeleteBackupScheduleResponses, DeleteNotificationDestinationData, DeleteNotificationDestinationErrors, DeleteNotificationDestinationResponses, DeleteRepositoryData, DeleteRepositoryResponses, DeleteSnapshotData, DeleteSnapshotResponses, DeleteVolumeData, DeleteVolumeResponses, DoctorRepositoryData, DoctorRepositoryResponses, DownloadResticPasswordData, DownloadResticPasswordResponses, ExportFullConfigData, ExportFullConfigErrors, ExportFullConfigResponses, GetBackupScheduleData, GetBackupScheduleForVolumeData, GetBackupScheduleForVolumeResponses, GetBackupScheduleResponses, GetMeData, GetMeResponses, GetMirrorCompatibilityData, GetMirrorCompatibilityResponses, GetNotificationDestinationData, GetNotificationDestinationErrors, GetNotificationDestinationResponses, GetRepositoryData, GetRepositoryResponses, GetScheduleMirrorsData, GetScheduleMirrorsResponses, GetScheduleNotificationsData, GetScheduleNotificationsResponses, GetSnapshotDetailsData, GetSnapshotDetailsResponses, GetStatusData, GetStatusResponses, GetSystemInfoData, GetSystemInfoResponses, GetVolumeData, GetVolumeErrors, GetVolumeResponses, HealthCheckVolumeData, HealthCheckVolumeErrors, HealthCheckVolumeResponses, ListBackupSchedulesData, ListBackupSchedulesResponses, ListFilesData, ListFilesResponses, ListNotificationDestinationsData, ListNotificationDestinationsResponses, ListRcloneRemotesData, ListRcloneRemotesResponses, ListRepositoriesData, ListRepositoriesResponses, ListSnapshotFilesData, ListSnapshotFilesResponses, ListSnapshotsData, ListSnapshotsResponses, ListVolumesData, ListVolumesResponses, LoginData, LoginResponses, LogoutData, LogoutResponses, MountVolumeData, MountVolumeResponses, RegisterData, RegisterResponses, ReorderBackupSchedulesData, ReorderBackupSchedulesResponses, RestoreSnapshotData, RestoreSnapshotResponses, RunBackupNowData, RunBackupNowResponses, RunForgetData, RunForgetResponses, StopBackupData, StopBackupErrors, StopBackupResponses, TestConnectionData, TestConnectionResponses, TestNotificationDestinationData, TestNotificationDestinationErrors, TestNotificationDestinationResponses, UnmountVolumeData, UnmountVolumeResponses, UpdateBackupScheduleData, UpdateBackupScheduleResponses, UpdateNotificationDestinationData, UpdateNotificationDestinationErrors, UpdateNotificationDestinationResponses, UpdateRepositoryData, UpdateRepositoryErrors, UpdateRepositoryResponses, UpdateScheduleMirrorsData, UpdateScheduleMirrorsResponses, UpdateScheduleNotificationsData, UpdateScheduleNotificationsResponses, UpdateVolumeData, UpdateVolumeErrors, UpdateVolumeResponses } from './types.gen';
 
 export type Options<TData extends TDataShape = TDataShape, ThrowOnError extends boolean = boolean> = Options2<TData, ThrowOnError> & {
     /**
@@ -500,6 +500,20 @@ export const getMirrorCompatibility = <ThrowOnError extends boolean = false>(opt
     });
 };
 
+/**
+ * Reorder backup schedules by providing an array of schedule IDs in the desired order
+ */
+export const reorderBackupSchedules = <ThrowOnError extends boolean = false>(options?: Options<ReorderBackupSchedulesData, ThrowOnError>) => {
+    return (options?.client ?? client).post<ReorderBackupSchedulesResponses, unknown, ThrowOnError>({
+        url: '/api/v1/backups/reorder',
+        ...options,
+        headers: {
+            'Content-Type': 'application/json',
+            ...options?.headers
+        }
+    });
+};
+
 /**
  * List all notification destinations
  */
diff --git a/app/client/api-client/types.gen.ts b/app/client/api-client/types.gen.ts
index 9c04340a..83f4e884 100644
--- a/app/client/api-client/types.gen.ts
+++ b/app/client/api-client/types.gen.ts
@@ -1,7 +1,7 @@
 // This file is auto-generated by @hey-api/openapi-ts
 
 export type ClientOptions = {
-    baseUrl: 'http://192.168.2.42:4096' | (string & {});
+    baseUrl: 'http://localhost:4096' | (string & {});
 };
 
 export type RegisterData = {
@@ -2376,6 +2376,26 @@ export type GetMirrorCompatibilityResponses = {
 
 export type GetMirrorCompatibilityResponse = GetMirrorCompatibilityResponses[keyof GetMirrorCompatibilityResponses];
 
+export type ReorderBackupSchedulesData = {
+    body?: {
+        scheduleIds: Array<number>;
+    };
+    path?: never;
+    query?: never;
+    url: '/api/v1/backups/reorder';
+};
+
+export type ReorderBackupSchedulesResponses = {
+    /**
+     * Backup schedules reordered successfully
+     */
+    200: {
+        success: boolean;
+    };
+};
+
+export type ReorderBackupSchedulesResponse = ReorderBackupSchedulesResponses[keyof ReorderBackupSchedulesResponses];
+
 export type ListNotificationDestinationsData = {
     body?: never;
     path?: never;
diff --git a/app/client/components/sortable-card.tsx b/app/client/components/sortable-card.tsx
new file mode 100644
index 00000000..d5b8897d
--- /dev/null
+++ b/app/client/components/sortable-card.tsx
@@ -0,0 +1,34 @@
+import { useSortable } from "@dnd-kit/sortable";
+import { CSS } from "@dnd-kit/utilities";
+import { GripVertical } from "lucide-react";
+import type { PropsWithChildren } from "react";
+
+interface SortableBackupCardProps {
+	isDragging?: boolean;
+	uniqueId: number;
+}
+
+export function SortableCard({ isDragging, uniqueId, children }: PropsWithChildren<SortableBackupCardProps>) {
+	const { attributes, listeners, setNodeRef, transform, transition } = useSortable({
+		id: uniqueId,
+	});
+
+	const style = {
+		transform: CSS.Transform.toString(transform),
+		transition,
+		opacity: isDragging ? 0.5 : 1,
+	};
+
+	return (
+		<div ref={setNodeRef} style={style} className="relative group">
+			<div
+				{...attributes}
+				{...listeners}
+				className="absolute left-1/2 -translate-x-1/2 top-1 z-10 cursor-grab active:cursor-grabbing opacity-100 md:opacity-0 group-hover:opacity-100 transition-opacity p-1 rounded hover:bg-muted/50 bg-background/80 backdrop-blur-sm"
+			>
+				<GripVertical className="h-4 w-4 text-muted-foreground rotate-90" />
+			</div>
+			{children}
+		</div>
+	);
+}
diff --git a/app/client/components/ui/secret-input.tsx b/app/client/components/ui/secret-input.tsx
new file mode 100644
index 00000000..540f8f89
--- /dev/null
+++ b/app/client/components/ui/secret-input.tsx
@@ -0,0 +1,59 @@
+import { Eye, EyeOff } from "lucide-react";
+import type * as React from "react";
+import { useMemo, useState } from "react";
+
+import { cn } from "~/client/lib/utils";
+import { Button } from "./button";
+import { Input } from "./input";
+
+export const isStoredSecretValue = (value?: string): boolean => {
+	if (typeof value !== "string" || value.length === 0) {
+		return false;
+	}
+
+	return value.startsWith("env://") || value.startsWith("file://") || value.startsWith("encv1:");
+};
+
+type SecretInputProps = Omit<React.ComponentProps<typeof Input>, "type">
+
+export const SecretInput = ({ className, value, ...props }: SecretInputProps) => {
+	const [revealed, setRevealed] = useState(false);
+
+	const showAsPlaintext = useMemo(() => {
+		if (typeof value !== "string") {
+			return false;
+		}
+
+		return isStoredSecretValue(value);
+	}, [value]);
+
+	const type = useMemo(() => {
+		if (showAsPlaintext) {
+			return "text";
+		}
+		return revealed ? "text" : "password";
+	}, [showAsPlaintext, revealed]);
+
+	return (
+		<div className="relative" data-secret-input>
+			<Input
+				{...props}
+				value={value}
+				type={type}
+				className={cn(!showAsPlaintext && "pr-10", className)}
+			/>
+			{!showAsPlaintext && (
+				<Button
+					type="button"
+					variant="ghost"
+					size="icon"
+					className="absolute right-1 top-1/2 size-7 -translate-y-1/2"
+					onClick={() => setRevealed((v) => !v)}
+					aria-label={revealed ? "Hide secret" : "Show secret"}
+				>
+					{revealed ? <EyeOff className="size-4" /> : <Eye className="size-4" />}
+				</Button>
+			)}
+		</div>
+	);
+};
diff --git a/app/client/modules/backups/components/backup-card.tsx b/app/client/modules/backups/components/backup-card.tsx
new file mode 100644
index 00000000..85249704
--- /dev/null
+++ b/app/client/modules/backups/components/backup-card.tsx
@@ -0,0 +1,54 @@
+import { CalendarClock, Database, HardDrive } from "lucide-react";
+import { Link } from "react-router";
+import { Card, CardContent, CardDescription, CardHeader, CardTitle } from "~/client/components/ui/card";
+import type { BackupSchedule } from "~/client/lib/types";
+import { BackupStatusDot } from "./backup-status-dot";
+
+export const BackupCard = ({ schedule }: { schedule: BackupSchedule }) => {
+	return (
+		<Link key={schedule.id} to={`/backups/${schedule.id}`}>
+			<Card key={schedule.id} className="flex flex-col h-full">
+				<CardHeader className="pb-3 overflow-hidden">
+					<div className="flex items-center justify-between gap-2 w-full">
+						<div className="flex items-center gap-2 flex-1 min-w-0 w-0">
+							<CalendarClock className="h-5 w-5 text-muted-foreground shrink-0" />
+							<CardTitle className="text-lg truncate">{schedule.name}</CardTitle>
+						</div>
+						<BackupStatusDot
+							enabled={schedule.enabled}
+							hasError={!!schedule.lastBackupError}
+							isInProgress={schedule.lastBackupStatus === "in_progress"}
+						/>
+					</div>
+					<CardDescription className="ml-0.5 flex items-center gap-2 text-xs">
+						<HardDrive className="h-3.5 w-3.5" />
+						<span className="truncate">{schedule.volume.name}</span>
+						<span className="text-muted-foreground">→</span>
+						<Database className="h-3.5 w-3.5 text-strong-accent" />
+						<span className="truncate text-strong-accent">{schedule.repository.name}</span>
+					</CardDescription>
+				</CardHeader>
+				<CardContent className="flex-1 space-y-4">
+					<div className="space-y-2">
+						<div className="flex items-center justify-between text-sm">
+							<span className="text-muted-foreground">Schedule</span>
+							<code className="text-xs bg-muted px-2 py-1 rounded">{schedule.cronExpression}</code>
+						</div>
+						<div className="flex items-center justify-between text-sm">
+							<span className="text-muted-foreground">Last backup</span>
+							<span className="font-medium">
+								{schedule.lastBackupAt ? new Date(schedule.lastBackupAt).toLocaleDateString() : "Never"}
+							</span>
+						</div>
+						<div className="flex items-center justify-between text-sm">
+							<span className="text-muted-foreground">Next backup</span>
+							<span className="font-medium">
+								{schedule.nextBackupAt ? new Date(schedule.nextBackupAt).toLocaleDateString() : "N/A"}
+							</span>
+						</div>
+					</div>
+				</CardContent>
+			</Card>
+		</Link>
+	);
+};
diff --git a/app/client/modules/backups/routes/backups.tsx b/app/client/modules/backups/routes/backups.tsx
index 651c86f4..76f0c714 100644
--- a/app/client/modules/backups/routes/backups.tsx
+++ b/app/client/modules/backups/routes/backups.tsx
@@ -1,13 +1,28 @@
-import { useQuery } from "@tanstack/react-query";
-import { CalendarClock, Database, HardDrive, Plus } from "lucide-react";
+import { useMutation, useQuery } from "@tanstack/react-query";
+import {
+	DndContext,
+	closestCenter,
+	KeyboardSensor,
+	PointerSensor,
+	useSensor,
+	useSensors,
+	type DragEndEvent,
+} from "@dnd-kit/core";
+import { arrayMove, SortableContext, sortableKeyboardCoordinates, rectSortingStrategy } from "@dnd-kit/sortable";
+import { CalendarClock, Plus } from "lucide-react";
 import { Link } from "react-router";
-import { BackupStatusDot } from "../components/backup-status-dot";
+import { useState, useEffect } from "react";
 import { EmptyState } from "~/client/components/empty-state";
 import { Button } from "~/client/components/ui/button";
-import { Card, CardContent, CardDescription, CardHeader, CardTitle } from "~/client/components/ui/card";
+import { Card, CardContent } from "~/client/components/ui/card";
 import type { Route } from "./+types/backups";
 import { listBackupSchedules } from "~/client/api-client";
-import { listBackupSchedulesOptions } from "~/client/api-client/@tanstack/react-query.gen";
+import {
+	listBackupSchedulesOptions,
+	reorderBackupSchedulesMutation,
+} from "~/client/api-client/@tanstack/react-query.gen";
+import { SortableCard } from "~/client/components/sortable-card";
+import { BackupCard } from "../components/backup-card";
 
 export const handle = {
 	breadcrumb: () => [{ label: "Backups" }],
@@ -35,6 +50,41 @@ export default function Backups({ loaderData }: Route.ComponentProps) {
 		initialData: loaderData,
 	});
 
+	const [items, setItems] = useState(schedules?.map((s) => s.id) ?? []);
+	useEffect(() => {
+		if (schedules) {
+			setItems(schedules.map((s) => s.id));
+		}
+	}, [schedules]);
+
+	const sensors = useSensors(
+		useSensor(PointerSensor, {
+			activationConstraint: { distance: 8 },
+		}),
+		useSensor(KeyboardSensor, {
+			coordinateGetter: sortableKeyboardCoordinates,
+		}),
+	);
+
+	const reorderMutation = useMutation({
+		...reorderBackupSchedulesMutation(),
+	});
+
+	const handleDragEnd = (event: DragEndEvent) => {
+		const { active, over } = event;
+
+		if (over && active.id !== over.id) {
+			setItems((items) => {
+				const oldIndex = items.indexOf(active.id as number);
+				const newIndex = items.indexOf(over.id as number);
+				const newItems = arrayMove(items, oldIndex, newIndex);
+				reorderMutation.mutate({ body: { scheduleIds: newItems } });
+
+				return newItems;
+			});
+		}
+	};
+
 	if (isLoading) {
 		return (
 			<div className="flex items-center justify-center h-full">
@@ -61,64 +111,33 @@ export default function Backups({ loaderData }: Route.ComponentProps) {
 		);
 	}
 
+	const scheduleMap = new Map(schedules.map((s) => [s.id, s]));
+
 	return (
 		<div className="container mx-auto space-y-6">
-			<div className="grid gap-4 md:grid-cols-2 lg:grid-cols-3 auto-rows-fr">
-				{schedules.map((schedule) => (
-					<Link key={schedule.id} to={`/backups/${schedule.id}`}>
-						<Card key={schedule.id} className="flex flex-col h-full">
-							<CardHeader className="pb-3 overflow-hidden">
-								<div className="flex items-center justify-between gap-2 w-full">
-									<div className="flex items-center gap-2 flex-1 min-w-0 w-0">
-										<CalendarClock className="h-5 w-5 text-muted-foreground shrink-0" />
-										<CardTitle className="text-lg truncate">{schedule.name}</CardTitle>
-									</div>
-									<BackupStatusDot
-										enabled={schedule.enabled}
-										hasError={!!schedule.lastBackupError}
-										isInProgress={schedule.lastBackupStatus === "in_progress"}
-									/>
-								</div>
-								<CardDescription className="ml-0.5 flex items-center gap-2 text-xs">
-									<HardDrive className="h-3.5 w-3.5" />
-									<span className="truncate">{schedule.volume.name}</span>
-									<span className="text-muted-foreground">→</span>
-									<Database className="h-3.5 w-3.5 text-strong-accent" />
-									<span className="truncate text-strong-accent">{schedule.repository.name}</span>
-								</CardDescription>
-							</CardHeader>
-							<CardContent className="flex-1 space-y-4">
-								<div className="space-y-2">
-									<div className="flex items-center justify-between text-sm">
-										<span className="text-muted-foreground">Schedule</span>
-										<code className="text-xs bg-muted px-2 py-1 rounded">{schedule.cronExpression}</code>
-									</div>
-									<div className="flex items-center justify-between text-sm">
-										<span className="text-muted-foreground">Last backup</span>
-										<span className="font-medium">
-											{schedule.lastBackupAt ? new Date(schedule.lastBackupAt).toLocaleDateString() : "Never"}
-										</span>
-									</div>
-									<div className="flex items-center justify-between text-sm">
-										<span className="text-muted-foreground">Next backup</span>
-										<span className="font-medium">
-											{schedule.nextBackupAt ? new Date(schedule.nextBackupAt).toLocaleDateString() : "N/A"}
-										</span>
-									</div>
-								</div>
-							</CardContent>
-						</Card>
-					</Link>
-				))}
-				<Link to="/backups/create">
-					<Card className="flex flex-col items-center justify-center h-full hover:bg-muted/50 transition-colors cursor-pointer">
-						<CardContent className="flex flex-col items-center justify-center gap-2">
-							<Plus className="h-8 w-8 text-muted-foreground" />
-							<span className="text-sm font-medium text-muted-foreground">Create a backup job</span>
-						</CardContent>
-					</Card>
-				</Link>
-			</div>
+			<DndContext sensors={sensors} collisionDetection={closestCenter} onDragEnd={handleDragEnd}>
+				<SortableContext items={items} strategy={rectSortingStrategy}>
+					<div className="grid gap-4 md:grid-cols-2 lg:grid-cols-3 auto-rows-fr">
+						{items.map((id) => {
+							const schedule = scheduleMap.get(id);
+							if (!schedule) return null;
+							return (
+								<SortableCard uniqueId={id} key={schedule.id}>
+									<BackupCard schedule={schedule} />
+								</SortableCard>
+							);
+						})}
+						<Link to="/backups/create">
+							<Card className="flex flex-col items-center justify-center h-full hover:bg-muted/50 transition-colors cursor-pointer">
+								<CardContent className="flex flex-col items-center justify-center gap-2">
+									<Plus className="h-8 w-8 text-muted-foreground" />
+									<span className="text-sm font-medium text-muted-foreground">Create a backup job</span>
+								</CardContent>
+							</Card>
+						</Link>
+					</div>
+				</SortableContext>
+			</DndContext>
 		</div>
 	);
 }
diff --git a/app/client/modules/notifications/components/create-notification-form.tsx b/app/client/modules/notifications/components/create-notification-form.tsx
index dc89d550..2fd240cf 100644
--- a/app/client/modules/notifications/components/create-notification-form.tsx
+++ b/app/client/modules/notifications/components/create-notification-form.tsx
@@ -14,6 +14,7 @@ import {
 	FormMessage,
 } from "~/client/components/ui/form";
 import { Input } from "~/client/components/ui/input";
+import { SecretInput } from "~/client/components/ui/secret-input";
 import { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from "~/client/components/ui/select";
 import { Checkbox } from "~/client/components/ui/checkbox";
 import { notificationConfigSchema } from "~/schemas/notifications";
@@ -213,7 +214,7 @@ export const CreateNotificationForm = ({ onSubmit, mode = "create", initialValue
 								<FormItem>
 									<FormLabel>Password (Optional)</FormLabel>
 									<FormControl>
-										<Input {...field} type="password" placeholder="••••••••" />
+										<SecretInput {...field} placeholder="••••••••" />
 									</FormControl>
 									<FormMessage />
 								</FormItem>
@@ -415,7 +416,7 @@ export const CreateNotificationForm = ({ onSubmit, mode = "create", initialValue
 								<FormItem>
 									<FormLabel>App Token</FormLabel>
 									<FormControl>
-										<Input {...field} type="password" placeholder="••••••••" />
+										<SecretInput {...field} placeholder="••••••••" />
 									</FormControl>
 									<FormDescription>Application token from Gotify.</FormDescription>
 									<FormMessage />
@@ -510,7 +511,7 @@ export const CreateNotificationForm = ({ onSubmit, mode = "create", initialValue
 								<FormItem>
 									<FormLabel>Password (Optional)</FormLabel>
 									<FormControl>
-										<Input {...field} type="password" placeholder="••••••••" />
+										<SecretInput {...field} placeholder="••••••••" />
 									</FormControl>
 									<FormDescription>Password for server authentication, if required.</FormDescription>
 									<FormMessage />
@@ -567,7 +568,7 @@ export const CreateNotificationForm = ({ onSubmit, mode = "create", initialValue
 								<FormItem>
 									<FormLabel>API Token</FormLabel>
 									<FormControl>
-										<Input {...field} type="password" placeholder="••••••••" />
+										<SecretInput {...field} placeholder="••••••••" />
 									</FormControl>
 									<FormDescription>Application API token from your Pushover application.</FormDescription>
 									<FormMessage />
@@ -627,7 +628,7 @@ export const CreateNotificationForm = ({ onSubmit, mode = "create", initialValue
 								<FormItem>
 									<FormLabel>Bot Token</FormLabel>
 									<FormControl>
-										<Input {...field} type="password" placeholder="123456789:ABC-DEF1234ghIkl-zyx57W2v1u123ew11" />
+										<SecretInput {...field} placeholder="123456789:ABC-DEF1234ghIkl-zyx57W2v1u123ew11" />
 									</FormControl>
 									<FormDescription>
 										Telegram bot token. Get this from BotFather when you create your bot.
diff --git a/app/client/modules/repositories/components/create-repository-form.tsx b/app/client/modules/repositories/components/create-repository-form.tsx
index dc99c6d4..2f18a482 100644
--- a/app/client/modules/repositories/components/create-repository-form.tsx
+++ b/app/client/modules/repositories/components/create-repository-form.tsx
@@ -16,6 +16,7 @@ import {
 	FormMessage,
 } from "../../../components/ui/form";
 import { Input } from "../../../components/ui/input";
+import { SecretInput } from "../../../components/ui/secret-input";
 import { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from "../../../components/ui/select";
 import { Tooltip, TooltipContent, TooltipTrigger } from "../../../components/ui/tooltip";
 import { useSystemInfo } from "~/client/hooks/use-system-info";
@@ -241,7 +242,11 @@ export const CreateRepositoryForm = ({
 									<FormItem>
 										<FormLabel>Repository Password</FormLabel>
 										<FormControl>
-											<Input type="password" placeholder="Enter repository password" {...field} />
+											<SecretInput
+												placeholder="Enter repository password"
+												value={field.value ?? ""}
+												onChange={field.onChange}
+											/>
 										</FormControl>
 										<FormDescription>
 											The password used to encrypt this repository. It will be stored securely.
diff --git a/app/client/modules/repositories/components/repository-forms/azure-repository-form.tsx b/app/client/modules/repositories/components/repository-forms/azure-repository-form.tsx
index de2442fe..bdce82ee 100644
--- a/app/client/modules/repositories/components/repository-forms/azure-repository-form.tsx
+++ b/app/client/modules/repositories/components/repository-forms/azure-repository-form.tsx
@@ -8,6 +8,7 @@ import {
 	FormMessage,
 } from "../../../../components/ui/form";
 import { Input } from "../../../../components/ui/input";
+import { SecretInput } from "../../../../components/ui/secret-input";
 import type { RepositoryFormValues } from "../create-repository-form";
 
 type Props = {
@@ -52,7 +53,7 @@ export const AzureRepositoryForm = ({ form }: Props) => {
 					<FormItem>
 						<FormLabel>Account Key</FormLabel>
 						<FormControl>
-							<Input type="password" placeholder="••••••••" {...field} />
+							<SecretInput placeholder="••••••••" value={field.value ?? ""} onChange={field.onChange} />
 						</FormControl>
 						<FormDescription>Azure Storage account key for authentication.</FormDescription>
 						<FormMessage />
diff --git a/app/client/modules/repositories/components/repository-forms/r2-repository-form.tsx b/app/client/modules/repositories/components/repository-forms/r2-repository-form.tsx
index b4cfa242..94d480a6 100644
--- a/app/client/modules/repositories/components/repository-forms/r2-repository-form.tsx
+++ b/app/client/modules/repositories/components/repository-forms/r2-repository-form.tsx
@@ -8,6 +8,7 @@ import {
 	FormMessage,
 } from "../../../../components/ui/form";
 import { Input } from "../../../../components/ui/input";
+import { SecretInput } from "../../../../components/ui/secret-input";
 import type { RepositoryFormValues } from "../create-repository-form";
 
 type Props = {
@@ -68,7 +69,7 @@ export const R2RepositoryForm = ({ form }: Props) => {
 					<FormItem>
 						<FormLabel>Secret Access Key</FormLabel>
 						<FormControl>
-							<Input type="password" placeholder="••••••••" {...field} />
+							<SecretInput placeholder="••••••••" value={field.value ?? ""} onChange={field.onChange} />
 						</FormControl>
 						<FormDescription>R2 API token Secret Access Key (shown once when creating token).</FormDescription>
 						<FormMessage />
diff --git a/app/client/modules/repositories/components/repository-forms/rest-repository-form.tsx b/app/client/modules/repositories/components/repository-forms/rest-repository-form.tsx
index 5721c1db..401b099c 100644
--- a/app/client/modules/repositories/components/repository-forms/rest-repository-form.tsx
+++ b/app/client/modules/repositories/components/repository-forms/rest-repository-form.tsx
@@ -8,6 +8,7 @@ import {
 	FormMessage,
 } from "../../../../components/ui/form";
 import { Input } from "../../../../components/ui/input";
+import { SecretInput } from "../../../../components/ui/secret-input";
 import type { RepositoryFormValues } from "../create-repository-form";
 
 type Props = {
@@ -66,7 +67,7 @@ export const RestRepositoryForm = ({ form }: Props) => {
 					<FormItem>
 						<FormLabel>Password (Optional)</FormLabel>
 						<FormControl>
-							<Input type="password" placeholder="••••••••" {...field} />
+							<SecretInput placeholder="••••••••" value={field.value ?? ""} onChange={field.onChange} />
 						</FormControl>
 						<FormDescription>Password for REST server authentication.</FormDescription>
 						<FormMessage />
diff --git a/app/client/modules/repositories/components/repository-forms/s3-repository-form.tsx b/app/client/modules/repositories/components/repository-forms/s3-repository-form.tsx
index 16082434..40328c4a 100644
--- a/app/client/modules/repositories/components/repository-forms/s3-repository-form.tsx
+++ b/app/client/modules/repositories/components/repository-forms/s3-repository-form.tsx
@@ -8,6 +8,7 @@ import {
 	FormMessage,
 } from "../../../../components/ui/form";
 import { Input } from "../../../../components/ui/input";
+import { SecretInput } from "../../../../components/ui/secret-input";
 import type { RepositoryFormValues } from "../create-repository-form";
 
 type Props = {
@@ -66,7 +67,7 @@ export const S3RepositoryForm = ({ form }: Props) => {
 					<FormItem>
 						<FormLabel>Secret Access Key</FormLabel>
 						<FormControl>
-							<Input type="password" placeholder="••••••••" {...field} />
+							<SecretInput placeholder="••••••••" value={field.value ?? ""} onChange={field.onChange} />
 						</FormControl>
 						<FormDescription>S3 secret access key for authentication.</FormDescription>
 						<FormMessage />
diff --git a/app/client/modules/volumes/components/volume-forms/smb-form.tsx b/app/client/modules/volumes/components/volume-forms/smb-form.tsx
index 7f995c46..b46fcef3 100644
--- a/app/client/modules/volumes/components/volume-forms/smb-form.tsx
+++ b/app/client/modules/volumes/components/volume-forms/smb-form.tsx
@@ -9,6 +9,7 @@ import {
 	FormMessage,
 } from "../../../../components/ui/form";
 import { Input } from "../../../../components/ui/input";
+import { SecretInput } from "../../../../components/ui/secret-input";
 import { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from "../../../../components/ui/select";
 
 type Props = {
@@ -67,7 +68,7 @@ export const SMBForm = ({ form }: Props) => {
 					<FormItem>
 						<FormLabel>Password</FormLabel>
 						<FormControl>
-							<Input type="password" placeholder="••••••••" value={field.value} onChange={field.onChange} />
+							<SecretInput placeholder="••••••••" value={field.value ?? ""} onChange={field.onChange} />
 						</FormControl>
 						<FormDescription>Password for SMB authentication.</FormDescription>
 						<FormMessage />
diff --git a/app/client/modules/volumes/components/volume-forms/webdav-form.tsx b/app/client/modules/volumes/components/volume-forms/webdav-form.tsx
index 1a399ed7..3d43892b 100644
--- a/app/client/modules/volumes/components/volume-forms/webdav-form.tsx
+++ b/app/client/modules/volumes/components/volume-forms/webdav-form.tsx
@@ -9,6 +9,7 @@ import {
 	FormMessage,
 } from "../../../../components/ui/form";
 import { Input } from "../../../../components/ui/input";
+import { SecretInput } from "../../../../components/ui/secret-input";
 
 type Props = {
 	form: UseFormReturn<FormValues>;
@@ -66,7 +67,7 @@ export const WebDAVForm = ({ form }: Props) => {
 					<FormItem>
 						<FormLabel>Password (Optional)</FormLabel>
 						<FormControl>
-							<Input type="password" placeholder="••••••••" {...field} />
+							<SecretInput placeholder="••••••••" value={field.value ?? ""} onChange={field.onChange} />
 						</FormControl>
 						<FormDescription>Password for WebDAV authentication (optional).</FormDescription>
 						<FormMessage />
diff --git a/app/drizzle/0022_woozy_shen.sql b/app/drizzle/0022_woozy_shen.sql
new file mode 100644
index 00000000..df63c5aa
--- /dev/null
+++ b/app/drizzle/0022_woozy_shen.sql
@@ -0,0 +1 @@
+ALTER TABLE `backup_schedules_table` ADD `sort_order` integer DEFAULT 0 NOT NULL;
\ No newline at end of file
diff --git a/app/drizzle/meta/0022_snapshot.json b/app/drizzle/meta/0022_snapshot.json
new file mode 100644
index 00000000..ee9d34d9
--- /dev/null
+++ b/app/drizzle/meta/0022_snapshot.json
@@ -0,0 +1,831 @@
+{
+  "version": "6",
+  "dialect": "sqlite",
+  "id": "11c24867-3186-4578-b8dd-cee4c48a28d1",
+  "prevId": "e7c02f6c-e255-402e-9f18-d50a3fef8e4d",
+  "tables": {
+    "app_metadata": {
+      "name": "app_metadata",
+      "columns": {
+        "key": {
+          "name": "key",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "value": {
+          "name": "value",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "backup_schedule_mirrors_table": {
+      "name": "backup_schedule_mirrors_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": true
+        },
+        "schedule_id": {
+          "name": "schedule_id",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "repository_id": {
+          "name": "repository_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "enabled": {
+          "name": "enabled",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        },
+        "last_copy_at": {
+          "name": "last_copy_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_copy_status": {
+          "name": "last_copy_status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_copy_error": {
+          "name": "last_copy_error",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {
+        "backup_schedule_mirrors_table_schedule_id_repository_id_unique": {
+          "name": "backup_schedule_mirrors_table_schedule_id_repository_id_unique",
+          "columns": [
+            "schedule_id",
+            "repository_id"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {
+        "backup_schedule_mirrors_table_schedule_id_backup_schedules_table_id_fk": {
+          "name": "backup_schedule_mirrors_table_schedule_id_backup_schedules_table_id_fk",
+          "tableFrom": "backup_schedule_mirrors_table",
+          "tableTo": "backup_schedules_table",
+          "columnsFrom": [
+            "schedule_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "backup_schedule_mirrors_table_repository_id_repositories_table_id_fk": {
+          "name": "backup_schedule_mirrors_table_repository_id_repositories_table_id_fk",
+          "tableFrom": "backup_schedule_mirrors_table",
+          "tableTo": "repositories_table",
+          "columnsFrom": [
+            "repository_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "backup_schedule_notifications_table": {
+      "name": "backup_schedule_notifications_table",
+      "columns": {
+        "schedule_id": {
+          "name": "schedule_id",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "destination_id": {
+          "name": "destination_id",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "notify_on_start": {
+          "name": "notify_on_start",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": false
+        },
+        "notify_on_success": {
+          "name": "notify_on_success",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": false
+        },
+        "notify_on_warning": {
+          "name": "notify_on_warning",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        },
+        "notify_on_failure": {
+          "name": "notify_on_failure",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "backup_schedule_notifications_table_schedule_id_backup_schedules_table_id_fk": {
+          "name": "backup_schedule_notifications_table_schedule_id_backup_schedules_table_id_fk",
+          "tableFrom": "backup_schedule_notifications_table",
+          "tableTo": "backup_schedules_table",
+          "columnsFrom": [
+            "schedule_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "backup_schedule_notifications_table_destination_id_notification_destinations_table_id_fk": {
+          "name": "backup_schedule_notifications_table_destination_id_notification_destinations_table_id_fk",
+          "tableFrom": "backup_schedule_notifications_table",
+          "tableTo": "notification_destinations_table",
+          "columnsFrom": [
+            "destination_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {
+        "backup_schedule_notifications_table_schedule_id_destination_id_pk": {
+          "columns": [
+            "schedule_id",
+            "destination_id"
+          ],
+          "name": "backup_schedule_notifications_table_schedule_id_destination_id_pk"
+        }
+      },
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "backup_schedules_table": {
+      "name": "backup_schedules_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "volume_id": {
+          "name": "volume_id",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "repository_id": {
+          "name": "repository_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "enabled": {
+          "name": "enabled",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        },
+        "cron_expression": {
+          "name": "cron_expression",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "retention_policy": {
+          "name": "retention_policy",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "exclude_patterns": {
+          "name": "exclude_patterns",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "'[]'"
+        },
+        "exclude_if_present": {
+          "name": "exclude_if_present",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "'[]'"
+        },
+        "include_patterns": {
+          "name": "include_patterns",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "'[]'"
+        },
+        "last_backup_at": {
+          "name": "last_backup_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_backup_status": {
+          "name": "last_backup_status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_backup_error": {
+          "name": "last_backup_error",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "next_backup_at": {
+          "name": "next_backup_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "sort_order": {
+          "name": "sort_order",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": 0
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {
+        "backup_schedules_table_name_unique": {
+          "name": "backup_schedules_table_name_unique",
+          "columns": [
+            "name"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {
+        "backup_schedules_table_volume_id_volumes_table_id_fk": {
+          "name": "backup_schedules_table_volume_id_volumes_table_id_fk",
+          "tableFrom": "backup_schedules_table",
+          "tableTo": "volumes_table",
+          "columnsFrom": [
+            "volume_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "backup_schedules_table_repository_id_repositories_table_id_fk": {
+          "name": "backup_schedules_table_repository_id_repositories_table_id_fk",
+          "tableFrom": "backup_schedules_table",
+          "tableTo": "repositories_table",
+          "columnsFrom": [
+            "repository_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "notification_destinations_table": {
+      "name": "notification_destinations_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "enabled": {
+          "name": "enabled",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        },
+        "type": {
+          "name": "type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "config": {
+          "name": "config",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {
+        "notification_destinations_table_name_unique": {
+          "name": "notification_destinations_table_name_unique",
+          "columns": [
+            "name"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "repositories_table": {
+      "name": "repositories_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "short_id": {
+          "name": "short_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "type": {
+          "name": "type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "config": {
+          "name": "config",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "compression_mode": {
+          "name": "compression_mode",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "'auto'"
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "'unknown'"
+        },
+        "last_checked": {
+          "name": "last_checked",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_error": {
+          "name": "last_error",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {
+        "repositories_table_short_id_unique": {
+          "name": "repositories_table_short_id_unique",
+          "columns": [
+            "short_id"
+          ],
+          "isUnique": true
+        },
+        "repositories_table_name_unique": {
+          "name": "repositories_table_name_unique",
+          "columns": [
+            "name"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "sessions_table": {
+      "name": "sessions_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "expires_at": {
+          "name": "expires_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "sessions_table_user_id_users_table_id_fk": {
+          "name": "sessions_table_user_id_users_table_id_fk",
+          "tableFrom": "sessions_table",
+          "tableTo": "users_table",
+          "columnsFrom": [
+            "user_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "users_table": {
+      "name": "users_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": true
+        },
+        "username": {
+          "name": "username",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "password_hash": {
+          "name": "password_hash",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "has_downloaded_restic_password": {
+          "name": "has_downloaded_restic_password",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {
+        "users_table_username_unique": {
+          "name": "users_table_username_unique",
+          "columns": [
+            "username"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "volumes_table": {
+      "name": "volumes_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": true
+        },
+        "short_id": {
+          "name": "short_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "type": {
+          "name": "type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "'unmounted'"
+        },
+        "last_error": {
+          "name": "last_error",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_health_check": {
+          "name": "last_health_check",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "config": {
+          "name": "config",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "auto_remount": {
+          "name": "auto_remount",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        }
+      },
+      "indexes": {
+        "volumes_table_short_id_unique": {
+          "name": "volumes_table_short_id_unique",
+          "columns": [
+            "short_id"
+          ],
+          "isUnique": true
+        },
+        "volumes_table_name_unique": {
+          "name": "volumes_table_name_unique",
+          "columns": [
+            "name"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    }
+  },
+  "views": {},
+  "enums": {},
+  "_meta": {
+    "schemas": {},
+    "tables": {},
+    "columns": {}
+  },
+  "internal": {
+    "indexes": {}
+  }
+}
\ No newline at end of file
diff --git a/app/drizzle/meta/_journal.json b/app/drizzle/meta/_journal.json
index 004e9b77..2b034fbf 100644
--- a/app/drizzle/meta/_journal.json
+++ b/app/drizzle/meta/_journal.json
@@ -155,6 +155,13 @@
       "when": 1765307881092,
       "tag": "0021_steady_viper",
       "breakpoints": true
+    },
+    {
+      "idx": 22,
+      "version": "6",
+      "when": 1765794552191,
+      "tag": "0022_woozy_shen",
+      "breakpoints": true
     }
   ]
 }
\ No newline at end of file
diff --git a/app/server/core/config.ts b/app/server/core/config.ts
index bd138c4b..356b341f 100644
--- a/app/server/core/config.ts
+++ b/app/server/core/config.ts
@@ -3,9 +3,11 @@ import "dotenv/config";
 
 const envSchema = type({
 	NODE_ENV: type.enumerated("development", "production", "test").default("production"),
+	SERVER_IP: 'string = "localhost"',
 }).pipe((s) => ({
 	__prod__: s.NODE_ENV === "production",
 	environment: s.NODE_ENV,
+	serverIp: s.SERVER_IP,
 }));
 
 const parseConfig = (env: unknown) => {
diff --git a/app/server/db/schema.ts b/app/server/db/schema.ts
index 55c741c2..cb94d29b 100644
--- a/app/server/db/schema.ts
+++ b/app/server/db/schema.ts
@@ -92,6 +92,7 @@ export const backupSchedulesTable = sqliteTable("backup_schedules_table", {
 	lastBackupStatus: text("last_backup_status").$type<"success" | "error" | "in_progress" | "warning">(),
 	lastBackupError: text("last_backup_error"),
 	nextBackupAt: int("next_backup_at", { mode: "number" }),
+	sortOrder: int("sort_order", { mode: "number" }).notNull().default(0),
 	createdAt: int("created_at", { mode: "number" }).notNull().default(sql`(unixepoch() * 1000)`),
 	updatedAt: int("updated_at", { mode: "number" }).notNull().default(sql`(unixepoch() * 1000)`),
 });
diff --git a/app/server/index.ts b/app/server/index.ts
index db5b87db..669d84f4 100644
--- a/app/server/index.ts
+++ b/app/server/index.ts
@@ -20,6 +20,8 @@ import { shutdown } from "./modules/lifecycle/shutdown";
 import { REQUIRED_MIGRATIONS } from "./core/constants";
 import { validateRequiredMigrations } from "./modules/lifecycle/checkpoint";
 import { configExportController } from "./modules/lifecycle/config-export.controller";
+import { config } from "./core/config";
+
 
 export const generalDescriptor = (app: Hono) =>
 	openAPIRouteHandler(app, {
@@ -29,7 +31,7 @@ export const generalDescriptor = (app: Hono) =>
 				version: "1.0.0",
 				description: "API for managing volumes",
 			},
-			servers: [{ url: "http://192.168.2.42:4096", description: "Development Server" }],
+			servers: [{ url: `http://${config.serverIp}:4096`, description: "Development Server" }],
 		},
 	});
 
@@ -43,13 +45,21 @@ const app = new Hono()
 	.use(honoLogger())
 	.get("healthcheck", (c) => c.json({ status: "ok" }))
 	.route("/api/v1/auth", authController.basePath("/api/v1"))
-	.route("/api/v1/volumes", volumeController.use(requireAuth))
-	.route("/api/v1/repositories", repositoriesController.use(requireAuth))
-	.route("/api/v1/backups", backupScheduleController.use(requireAuth))
-	.route("/api/v1/notifications", notificationsController.use(requireAuth))
-	.route("/api/v1/system", systemController.use(requireAuth))
-	.route("/api/v1/events", eventsController.use(requireAuth))
-	.route("/api/v1/config", configExportController.use(requireAuth));
+	.use("/api/v1/volumes/*", requireAuth)
+	.use("/api/v1/repositories/*", requireAuth)
+	.use("/api/v1/backups/*", requireAuth)
+	.use("/api/v1/notifications/*", requireAuth)
+	.use("/api/v1/system/*", requireAuth)
+	.use("/api/v1/events/*", requireAuth)
+	.use("/api/v1/config/*", requireAuth)
+	.route("/api/v1/volumes", volumeController)
+	.route("/api/v1/repositories", repositoriesController)
+	.route("/api/v1/backups", backupScheduleController)
+	.route("/api/v1/notifications", notificationsController)
+	.route("/api/v1/system", systemController)
+	.route("/api/v1/events", eventsController)
+	.route("/api/v1/config", configExportController);
+
 
 app.get("/api/v1/openapi.json", generalDescriptor(app));
 app.get("/api/v1/docs", scalarDescriptor);
diff --git a/app/server/modules/backends/smb/smb-backend.ts b/app/server/modules/backends/smb/smb-backend.ts
index 774e10fd..f5500c29 100644
--- a/app/server/modules/backends/smb/smb-backend.ts
+++ b/app/server/modules/backends/smb/smb-backend.ts
@@ -34,7 +34,7 @@ const mount = async (config: BackendConfig, path: string) => {
 	const run = async () => {
 		await fs.mkdir(path, { recursive: true });
 
-		const password = await cryptoUtils.decrypt(config.password);
+		const password = await cryptoUtils.resolveSecret(config.password);
 
 		const source = `//${config.server}/${config.share}`;
 		const options = [
diff --git a/app/server/modules/backends/webdav/webdav-backend.ts b/app/server/modules/backends/webdav/webdav-backend.ts
index 2467736d..5de5f05d 100644
--- a/app/server/modules/backends/webdav/webdav-backend.ts
+++ b/app/server/modules/backends/webdav/webdav-backend.ts
@@ -50,7 +50,7 @@ const mount = async (config: BackendConfig, path: string) => {
 			: ["uid=1000", "gid=1000", "file_mode=0664", "dir_mode=0775"];
 
 		if (config.username && config.password) {
-			const password = await cryptoUtils.decrypt(config.password);
+			const password = await cryptoUtils.resolveSecret(config.password);
 			const secretsFile = "/etc/davfs2/secrets";
 			const secretsContent = `${source} ${config.username} ${password}\n`;
 			await fs.appendFile(secretsFile, secretsContent, { mode: 0o600 });
diff --git a/app/server/modules/backups/backups.controller.ts b/app/server/modules/backups/backups.controller.ts
index 0bcc93eb..653cd659 100644
--- a/app/server/modules/backups/backups.controller.ts
+++ b/app/server/modules/backups/backups.controller.ts
@@ -16,6 +16,8 @@ import {
 	updateScheduleMirrorsDto,
 	updateScheduleMirrorsBody,
 	getMirrorCompatibilityDto,
+	reorderBackupSchedulesDto,
+	reorderBackupSchedulesBody,
 	type CreateBackupScheduleDto,
 	type DeleteBackupScheduleDto,
 	type GetBackupScheduleDto,
@@ -28,6 +30,7 @@ import {
 	type GetScheduleMirrorsDto,
 	type UpdateScheduleMirrorsDto,
 	type GetMirrorCompatibilityDto,
+	type ReorderBackupSchedulesDto,
 } from "./backups.dto";
 import { backupsService } from "./backups.service";
 import {
@@ -139,4 +142,11 @@ export const backupScheduleController = new Hono()
 		const compatibility = await backupsService.getMirrorCompatibility(scheduleId);
 
 		return c.json<GetMirrorCompatibilityDto>(compatibility, 200);
+	})
+	.post("/reorder", reorderBackupSchedulesDto, validator("json", reorderBackupSchedulesBody), async (c) => {
+		const body = c.req.valid("json");
+
+		await backupsService.reorderSchedules(body.scheduleIds);
+
+		return c.json<ReorderBackupSchedulesDto>({ success: true }, 200);
 	});
diff --git a/app/server/modules/backups/backups.dto.ts b/app/server/modules/backups/backups.dto.ts
index fc771bf1..6173bd82 100644
--- a/app/server/modules/backups/backups.dto.ts
+++ b/app/server/modules/backups/backups.dto.ts
@@ -367,3 +367,34 @@ export const getMirrorCompatibilityDto = describeRoute({
 		},
 	},
 });
+
+/**
+ * Reorder backup schedules
+ */
+export const reorderBackupSchedulesBody = type({
+	scheduleIds: "number[]",
+});
+
+export type ReorderBackupSchedulesBody = typeof reorderBackupSchedulesBody.infer;
+
+export const reorderBackupSchedulesResponse = type({
+	success: "boolean",
+});
+
+export type ReorderBackupSchedulesDto = typeof reorderBackupSchedulesResponse.infer;
+
+export const reorderBackupSchedulesDto = describeRoute({
+	description: "Reorder backup schedules by providing an array of schedule IDs in the desired order",
+	operationId: "reorderBackupSchedules",
+	tags: ["Backups"],
+	responses: {
+		200: {
+			description: "Backup schedules reordered successfully",
+			content: {
+				"application/json": {
+					schema: resolver(reorderBackupSchedulesResponse),
+				},
+			},
+		},
+	},
+});
diff --git a/app/server/modules/backups/backups.service.ts b/app/server/modules/backups/backups.service.ts
index 9994e503..584fada7 100644
--- a/app/server/modules/backups/backups.service.ts
+++ b/app/server/modules/backups/backups.service.ts
@@ -1,4 +1,4 @@
-import { and, eq, ne } from "drizzle-orm";
+import { and, asc, eq, ne } from "drizzle-orm";
 import cron from "node-cron";
 import { CronExpressionParser } from "cron-parser";
 import { NotFoundError, BadRequestError, ConflictError } from "http-errors-enhanced";
@@ -38,6 +38,7 @@ const listSchedules = async () => {
 			volume: true,
 			repository: true,
 		},
+		orderBy: [asc(backupSchedulesTable.sortOrder), asc(backupSchedulesTable.id)],
 	});
 	return schedules;
 };
@@ -637,6 +638,36 @@ const getMirrorCompatibility = async (scheduleId: number) => {
 	return compatibility;
 };
 
+const reorderSchedules = async (scheduleIds: number[]) => {
+	const uniqueIds = new Set(scheduleIds);
+	if (uniqueIds.size !== scheduleIds.length) {
+		throw new BadRequestError("Duplicate schedule IDs in reorder request");
+	}
+
+	const existingSchedules = await db.query.backupSchedulesTable.findMany({
+		columns: { id: true },
+	});
+	const existingIds = new Set(existingSchedules.map((s) => s.id));
+
+	for (const id of scheduleIds) {
+		if (!existingIds.has(id)) {
+			throw new NotFoundError(`Backup schedule with ID ${id} not found`);
+		}
+	}
+
+	await db.transaction(async (tx) => {
+		const now = Date.now();
+		await Promise.all(
+			scheduleIds.map((scheduleId, index) =>
+				tx
+					.update(backupSchedulesTable)
+					.set({ sortOrder: index, updatedAt: now })
+					.where(eq(backupSchedulesTable.id, scheduleId)),
+			),
+		);
+	});
+};
+
 export const backupsService = {
 	listSchedules,
 	getSchedule,
@@ -651,4 +682,5 @@ export const backupsService = {
 	getMirrors,
 	updateMirrors,
 	getMirrorCompatibility,
+	reorderSchedules,
 };
diff --git a/app/server/modules/notifications/notifications.service.ts b/app/server/modules/notifications/notifications.service.ts
index b25b79f6..0b951a96 100644
--- a/app/server/modules/notifications/notifications.service.ts
+++ b/app/server/modules/notifications/notifications.service.ts
@@ -38,42 +38,42 @@ async function encryptSensitiveFields(config: NotificationConfig): Promise<Notif
 		case "email":
 			return {
 				...config,
-				password: config.password ? await cryptoUtils.encrypt(config.password) : undefined,
+				password: config.password ? await cryptoUtils.sealSecret(config.password) : undefined,
 			};
 		case "slack":
 			return {
 				...config,
-				webhookUrl: await cryptoUtils.encrypt(config.webhookUrl),
+				webhookUrl: await cryptoUtils.sealSecret(config.webhookUrl),
 			};
 		case "discord":
 			return {
 				...config,
-				webhookUrl: await cryptoUtils.encrypt(config.webhookUrl),
+				webhookUrl: await cryptoUtils.sealSecret(config.webhookUrl),
 			};
 		case "gotify":
 			return {
 				...config,
-				token: await cryptoUtils.encrypt(config.token),
+				token: await cryptoUtils.sealSecret(config.token),
 			};
 		case "ntfy":
 			return {
 				...config,
-				password: config.password ? await cryptoUtils.encrypt(config.password) : undefined,
+				password: config.password ? await cryptoUtils.sealSecret(config.password) : undefined,
 			};
 		case "pushover":
 			return {
 				...config,
-				apiToken: await cryptoUtils.encrypt(config.apiToken),
+				apiToken: await cryptoUtils.sealSecret(config.apiToken),
 			};
 		case "telegram":
 			return {
 				...config,
-				botToken: await cryptoUtils.encrypt(config.botToken),
+				botToken: await cryptoUtils.sealSecret(config.botToken),
 			};
 		case "custom":
 			return {
 				...config,
-				shoutrrrUrl: await cryptoUtils.encrypt(config.shoutrrrUrl),
+				shoutrrrUrl: await cryptoUtils.sealSecret(config.shoutrrrUrl),
 			};
 		default:
 			return config;
@@ -85,42 +85,42 @@ async function decryptSensitiveFields(config: NotificationConfig): Promise<Notif
 		case "email":
 			return {
 				...config,
-				password: config.password ? await cryptoUtils.decrypt(config.password) : undefined,
+				password: config.password ? await cryptoUtils.resolveSecret(config.password) : undefined,
 			};
 		case "slack":
 			return {
 				...config,
-				webhookUrl: await cryptoUtils.decrypt(config.webhookUrl),
+				webhookUrl: await cryptoUtils.resolveSecret(config.webhookUrl),
 			};
 		case "discord":
 			return {
 				...config,
-				webhookUrl: await cryptoUtils.decrypt(config.webhookUrl),
+				webhookUrl: await cryptoUtils.resolveSecret(config.webhookUrl),
 			};
 		case "gotify":
 			return {
 				...config,
-				token: await cryptoUtils.decrypt(config.token),
+				token: await cryptoUtils.resolveSecret(config.token),
 			};
 		case "ntfy":
 			return {
 				...config,
-				password: config.password ? await cryptoUtils.decrypt(config.password) : undefined,
+				password: config.password ? await cryptoUtils.resolveSecret(config.password) : undefined,
 			};
 		case "pushover":
 			return {
 				...config,
-				apiToken: await cryptoUtils.decrypt(config.apiToken),
+				apiToken: await cryptoUtils.resolveSecret(config.apiToken),
 			};
 		case "telegram":
 			return {
 				...config,
-				botToken: await cryptoUtils.decrypt(config.botToken),
+				botToken: await cryptoUtils.resolveSecret(config.botToken),
 			};
 		case "custom":
 			return {
 				...config,
-				shoutrrrUrl: await cryptoUtils.decrypt(config.shoutrrrUrl),
+				shoutrrrUrl: await cryptoUtils.resolveSecret(config.shoutrrrUrl),
 			};
 		default:
 			return config;
diff --git a/app/server/modules/repositories/repositories.service.ts b/app/server/modules/repositories/repositories.service.ts
index a06d8d58..6af84fd9 100644
--- a/app/server/modules/repositories/repositories.service.ts
+++ b/app/server/modules/repositories/repositories.service.ts
@@ -20,31 +20,31 @@ const encryptConfig = async (config: RepositoryConfig): Promise<RepositoryConfig
 	const encryptedConfig: Record<string, string | boolean | number> = { ...config };
 
 	if (config.customPassword) {
-		encryptedConfig.customPassword = await cryptoUtils.encrypt(config.customPassword);
+		encryptedConfig.customPassword = await cryptoUtils.sealSecret(config.customPassword);
 	}
 
 	switch (config.backend) {
 		case "s3":
 		case "r2":
-			encryptedConfig.accessKeyId = await cryptoUtils.encrypt(config.accessKeyId);
-			encryptedConfig.secretAccessKey = await cryptoUtils.encrypt(config.secretAccessKey);
+			encryptedConfig.accessKeyId = await cryptoUtils.sealSecret(config.accessKeyId);
+			encryptedConfig.secretAccessKey = await cryptoUtils.sealSecret(config.secretAccessKey);
 			break;
 		case "gcs":
-			encryptedConfig.credentialsJson = await cryptoUtils.encrypt(config.credentialsJson);
+			encryptedConfig.credentialsJson = await cryptoUtils.sealSecret(config.credentialsJson);
 			break;
 		case "azure":
-			encryptedConfig.accountKey = await cryptoUtils.encrypt(config.accountKey);
+			encryptedConfig.accountKey = await cryptoUtils.sealSecret(config.accountKey);
 			break;
 		case "rest":
 			if (config.username) {
-				encryptedConfig.username = await cryptoUtils.encrypt(config.username);
+				encryptedConfig.username = await cryptoUtils.sealSecret(config.username);
 			}
 			if (config.password) {
-				encryptedConfig.password = await cryptoUtils.encrypt(config.password);
+				encryptedConfig.password = await cryptoUtils.sealSecret(config.password);
 			}
 			break;
 		case "sftp":
-			encryptedConfig.privateKey = await cryptoUtils.encrypt(config.privateKey);
+			encryptedConfig.privateKey = await cryptoUtils.sealSecret(config.privateKey);
 			break;
 	}
 
diff --git a/app/server/modules/volumes/volume.service.ts b/app/server/modules/volumes/volume.service.ts
index 08ed9279..def5c51f 100644
--- a/app/server/modules/volumes/volume.service.ts
+++ b/app/server/modules/volumes/volume.service.ts
@@ -23,12 +23,12 @@ async function encryptSensitiveFields(config: BackendConfig): Promise<BackendCon
 		case "smb":
 			return {
 				...config,
-				password: await cryptoUtils.encrypt(config.password),
+				password: await cryptoUtils.sealSecret(config.password),
 			};
 		case "webdav":
 			return {
 				...config,
-				password: config.password ? await cryptoUtils.encrypt(config.password) : undefined,
+				password: config.password ? await cryptoUtils.sealSecret(config.password) : undefined,
 			};
 		default:
 			return config;
diff --git a/app/server/utils/backend-compatibility.ts b/app/server/utils/backend-compatibility.ts
index 329db412..b9b61f63 100644
--- a/app/server/utils/backend-compatibility.ts
+++ b/app/server/utils/backend-compatibility.ts
@@ -41,11 +41,11 @@ export const hasCompatibleCredentials = async (
 				(config1.backend === "s3" || config1.backend === "r2") &&
 				(config2.backend === "s3" || config2.backend === "r2")
 			) {
-				const accessKey1 = await cryptoUtils.decrypt(config1.accessKeyId);
-				const secretKey1 = await cryptoUtils.decrypt(config1.secretAccessKey);
+				const accessKey1 = await cryptoUtils.resolveSecret(config1.accessKeyId);
+				const secretKey1 = await cryptoUtils.resolveSecret(config1.secretAccessKey);
 
-				const accessKey2 = await cryptoUtils.decrypt(config2.accessKeyId);
-				const secretKey2 = await cryptoUtils.decrypt(config2.secretAccessKey);
+				const accessKey2 = await cryptoUtils.resolveSecret(config2.accessKeyId);
+				const secretKey2 = await cryptoUtils.resolveSecret(config2.secretAccessKey);
 
 				return accessKey1 === accessKey2 && secretKey1 === secretKey2;
 			}
@@ -53,8 +53,8 @@ export const hasCompatibleCredentials = async (
 		}
 		case "gcs": {
 			if (config1.backend === "gcs" && config2.backend === "gcs") {
-				const credentials1 = await cryptoUtils.decrypt(config1.credentialsJson);
-				const credentials2 = await cryptoUtils.decrypt(config2.credentialsJson);
+				const credentials1 = await cryptoUtils.resolveSecret(config1.credentialsJson);
+				const credentials2 = await cryptoUtils.resolveSecret(config2.credentialsJson);
 
 				return credentials1 === credentials2 && config1.projectId === config2.projectId;
 			}
@@ -62,8 +62,8 @@ export const hasCompatibleCredentials = async (
 		}
 		case "azure": {
 			if (config1.backend === "azure" && config2.backend === "azure") {
-				const config1Accountkey = await cryptoUtils.decrypt(config1.accountKey);
-				const config2Accountkey = await cryptoUtils.decrypt(config2.accountKey);
+				const config1Accountkey = await cryptoUtils.resolveSecret(config1.accountKey);
+				const config2Accountkey = await cryptoUtils.resolveSecret(config2.accountKey);
 
 				return config1.accountName === config2.accountName && config1Accountkey === config2Accountkey;
 			}
@@ -75,10 +75,10 @@ export const hasCompatibleCredentials = async (
 					return true;
 				}
 
-				const config1Username = await cryptoUtils.decrypt(config1.username || "");
-				const config1Password = await cryptoUtils.decrypt(config1.password || "");
-				const config2Username = await cryptoUtils.decrypt(config2.username || "");
-				const config2Password = await cryptoUtils.decrypt(config2.password || "");
+				const config1Username = await cryptoUtils.resolveSecret(config1.username || "");
+				const config1Password = await cryptoUtils.resolveSecret(config1.password || "");
+				const config2Username = await cryptoUtils.resolveSecret(config2.username || "");
+				const config2Password = await cryptoUtils.resolveSecret(config2.password || "");
 
 				return config1Username === config2Username && config1Password === config2Password;
 			}
diff --git a/app/server/utils/crypto.ts b/app/server/utils/crypto.ts
index 3b475913..34c3af98 100644
--- a/app/server/utils/crypto.ts
+++ b/app/server/utils/crypto.ts
@@ -1,9 +1,15 @@
 import crypto from "node:crypto";
+import fs from "node:fs/promises";
+import path from "node:path";
 import { RESTIC_PASS_FILE } from "../core/constants";
+import { isNodeJSErrnoException } from "./fs";
 
 const algorithm = "aes-256-gcm" as const;
 const keyLength = 32;
-const encryptionPrefix = "encv1";
+const encryptionPrefix = "encv1:";
+
+const envSecretPrefix = "env://";
+const fileSecretPrefix = "file://";
 
 /**
  * Checks if a given string is encrypted by looking for the encryption prefix.
@@ -12,6 +18,68 @@ const isEncrypted = (val?: string): boolean => {
 	return typeof val === "string" && val.startsWith(encryptionPrefix);
 };
 
+/**
+ * Checks if a string looks like a supported secret reference.
+ * - env://VAR_NAME -> reads process.env.VAR_NAME
+ * - file://name -> reads a file /run/secrets/name
+ */
+const isSecretReference = (val?: string): boolean => {
+	return typeof val === "string" && (val.startsWith(envSecretPrefix) || val.startsWith(fileSecretPrefix));
+};
+
+/**
+ * Resolves an environment variable secret reference.
+ */
+const resolveEnvSecret = (ref: string): string => {
+	const name = ref.slice(envSecretPrefix.length);
+	if (!name) {
+		throw new Error("env:// reference is missing variable name");
+	}
+
+	const value = process.env[name];
+	if (value === undefined) {
+		throw new Error(`Environment variable not set: ${name}`);
+	}
+
+	return value;
+};
+
+/**
+ * Resolves a file-based secret reference.
+ * Reads the secret from /run/secrets/{name}
+ */
+const resolveFileSecret = async (ref: string): Promise<string> => {
+	const secretName = ref.slice(fileSecretPrefix.length);
+	if (!secretName) {
+		throw new Error("file:// reference is missing secret name");
+	}
+
+	const normalizedName = secretName.replace(/^\/+/, "");
+	if (!normalizedName) {
+		throw new Error("file:// reference is missing secret name");
+	}
+	if (normalizedName.includes("\0") || normalizedName.includes("/") || normalizedName.includes("\\")) {
+		throw new Error("Invalid secret reference: secret name must be a single path segment");
+	}
+
+	const resolvedPath = path.join("/run/secrets", normalizedName);
+
+	try {
+		const content = await fs.readFile(resolvedPath, "utf-8");
+		return content.trimEnd();
+	} catch (error) {
+		if (isNodeJSErrnoException(error)) {
+			if (error.code === "ENOENT") {
+				throw new Error(`Secret file not found: ${resolvedPath}`);
+			}
+			if (error.code === "EACCES") {
+				throw new Error(`Permission denied reading secret file: ${resolvedPath}`);
+			}
+		}
+		throw new Error(`Failed to read secret file ${resolvedPath}: ${(error as Error).message}`);
+	}
+};
+
 /**
  * Given a string, encrypts it using a randomly generated salt.
  * Returns the input unchanged if it's empty or already encrypted.
@@ -35,7 +103,7 @@ const encrypt = async (data: string) => {
 	const encrypted = Buffer.concat([cipher.update(data), cipher.final()]);
 
 	const tag = cipher.getAuthTag();
-	return `${encryptionPrefix}:${salt.toString("hex")}:${iv.toString("hex")}:${encrypted.toString("hex")}:${tag.toString("hex")}`;
+	return `${encryptionPrefix}${salt.toString("hex")}:${iv.toString("hex")}:${encrypted.toString("hex")}:${tag.toString("hex")}`;
 };
 
 /**
@@ -68,8 +136,54 @@ const decrypt = async (encryptedData: string) => {
 	return decrypted.toString();
 };
 
+/**
+ * Resolves secret references and encrypted database values.
+ *
+ * - encv1:... -> decrypt
+ * - env://VAR -> read process.env.VAR
+ * - file://name -> read /run/secrets/name
+ * - otherwise returns value unchanged
+ */
+const resolveSecret = async (value: string): Promise<string> => {
+	if (!value) {
+		return value;
+	}
+
+	if (isEncrypted(value)) {
+		return decrypt(value);
+	}
+
+	if (value.startsWith(envSecretPrefix)) {
+		return resolveEnvSecret(value);
+	}
+
+	if (value.startsWith(fileSecretPrefix)) {
+		return resolveFileSecret(value);
+	}
+
+	return value;
+};
+
+/**
+ * Prepares a secret value for storage.
+ *
+ * - env://... and file://... are stored as-is (references)
+ * - encv1:... is stored as-is (already encrypted)
+ * - otherwise encrypt before storing
+ */
+const sealSecret = async (value: string): Promise<string> => {
+	if (!value) {
+		return value;
+	}
+
+	if (isEncrypted(value) || isSecretReference(value)) {
+		return value;
+	}
+
+	return encrypt(value);
+};
+
 export const cryptoUtils = {
-	encrypt,
-	decrypt,
-	isEncrypted,
+	resolveSecret,
+	sealSecret,
 };
diff --git a/app/server/utils/fs.ts b/app/server/utils/fs.ts
new file mode 100644
index 00000000..82bad477
--- /dev/null
+++ b/app/server/utils/fs.ts
@@ -0,0 +1,8 @@
+export const isNodeJSErrnoException = (error: unknown): error is NodeJS.ErrnoException => {
+	return (
+		typeof error === "object" &&
+		error !== null &&
+		"code" in error &&
+		typeof (error as NodeJS.ErrnoException).code === "string"
+	);
+};
diff --git a/app/server/utils/restic.ts b/app/server/utils/restic.ts
index a99d94dc..207bec99 100644
--- a/app/server/utils/restic.ts
+++ b/app/server/utils/restic.ts
@@ -106,7 +106,7 @@ const buildEnv = async (config: RepositoryConfig) => {
 	};
 
 	if (config.isExistingRepository && config.customPassword) {
-		const decryptedPassword = await cryptoUtils.decrypt(config.customPassword);
+		const decryptedPassword = await cryptoUtils.resolveSecret(config.customPassword);
 		const passwordFilePath = path.join("/tmp", `zerobyte-pass-${crypto.randomBytes(8).toString("hex")}.txt`);
 
 		await fs.writeFile(passwordFilePath, decryptedPassword, { mode: 0o600 });
@@ -117,17 +117,17 @@ const buildEnv = async (config: RepositoryConfig) => {
 
 	switch (config.backend) {
 		case "s3":
-			env.AWS_ACCESS_KEY_ID = await cryptoUtils.decrypt(config.accessKeyId);
-			env.AWS_SECRET_ACCESS_KEY = await cryptoUtils.decrypt(config.secretAccessKey);
+			env.AWS_ACCESS_KEY_ID = await cryptoUtils.resolveSecret(config.accessKeyId);
+			env.AWS_SECRET_ACCESS_KEY = await cryptoUtils.resolveSecret(config.secretAccessKey);
 			break;
 		case "r2":
-			env.AWS_ACCESS_KEY_ID = await cryptoUtils.decrypt(config.accessKeyId);
-			env.AWS_SECRET_ACCESS_KEY = await cryptoUtils.decrypt(config.secretAccessKey);
+			env.AWS_ACCESS_KEY_ID = await cryptoUtils.resolveSecret(config.accessKeyId);
+			env.AWS_SECRET_ACCESS_KEY = await cryptoUtils.resolveSecret(config.secretAccessKey);
 			env.AWS_REGION = "auto";
 			env.AWS_S3_FORCE_PATH_STYLE = "true";
 			break;
 		case "gcs": {
-			const decryptedCredentials = await cryptoUtils.decrypt(config.credentialsJson);
+			const decryptedCredentials = await cryptoUtils.resolveSecret(config.credentialsJson);
 			const credentialsPath = path.join("/tmp", `zerobyte-gcs-${crypto.randomBytes(8).toString("hex")}.json`);
 			await fs.writeFile(credentialsPath, decryptedCredentials, { mode: 0o600 });
 			env.GOOGLE_PROJECT_ID = config.projectId;
@@ -136,7 +136,7 @@ const buildEnv = async (config: RepositoryConfig) => {
 		}
 		case "azure": {
 			env.AZURE_ACCOUNT_NAME = config.accountName;
-			env.AZURE_ACCOUNT_KEY = await cryptoUtils.decrypt(config.accountKey);
+			env.AZURE_ACCOUNT_KEY = await cryptoUtils.resolveSecret(config.accountKey);
 			if (config.endpointSuffix) {
 				env.AZURE_ENDPOINT_SUFFIX = config.endpointSuffix;
 			}
@@ -144,15 +144,15 @@ const buildEnv = async (config: RepositoryConfig) => {
 		}
 		case "rest": {
 			if (config.username) {
-				env.RESTIC_REST_USERNAME = await cryptoUtils.decrypt(config.username);
+				env.RESTIC_REST_USERNAME = await cryptoUtils.resolveSecret(config.username);
 			}
 			if (config.password) {
-				env.RESTIC_REST_PASSWORD = await cryptoUtils.decrypt(config.password);
+				env.RESTIC_REST_PASSWORD = await cryptoUtils.resolveSecret(config.password);
 			}
 			break;
 		}
 		case "sftp": {
-			const decryptedKey = await cryptoUtils.decrypt(config.privateKey);
+			const decryptedKey = await cryptoUtils.resolveSecret(config.privateKey);
 			const keyPath = path.join("/tmp", `ironmount-ssh-${crypto.randomBytes(8).toString("hex")}`);
 
 			let normalizedKey = decryptedKey.replace(/\r\n/g, "\n");
diff --git a/bun.lock b/bun.lock
index dc0ac731..1668570b 100644
--- a/bun.lock
+++ b/bun.lock
@@ -4,6 +4,9 @@
   "workspaces": {
     "": {
       "dependencies": {
+        "@dnd-kit/core": "^6.3.1",
+        "@dnd-kit/sortable": "^10.0.0",
+        "@dnd-kit/utilities": "^3.2.2",
         "@hono/standard-validator": "^0.2.0",
         "@hookform/resolvers": "^5.2.2",
         "@radix-ui/react-alert-dialog": "^1.1.15",
@@ -156,6 +159,14 @@
 
     "@dabh/diagnostics": ["@dabh/diagnostics@2.0.8", "", { "dependencies": { "@so-ric/colorspace": "^1.1.6", "enabled": "2.0.x", "kuler": "^2.0.0" } }, "sha512-R4MSXTVnuMzGD7bzHdW2ZhhdPC/igELENcq5IjEverBvq5hn1SXCWcsi6eSsdWP0/Ur+SItRRjAktmdoX/8R/Q=="],
 
+    "@dnd-kit/accessibility": ["@dnd-kit/accessibility@3.1.1", "", { "dependencies": { "tslib": "^2.0.0" }, "peerDependencies": { "react": ">=16.8.0" } }, "sha512-2P+YgaXF+gRsIihwwY1gCsQSYnu9Zyj2py8kY5fFvUM1qm2WA2u639R6YNVfU4GWr+ZM5mqEsfHZZLoRONbemw=="],
+
+    "@dnd-kit/core": ["@dnd-kit/core@6.3.1", "", { "dependencies": { "@dnd-kit/accessibility": "^3.1.1", "@dnd-kit/utilities": "^3.2.2", "tslib": "^2.0.0" }, "peerDependencies": { "react": ">=16.8.0", "react-dom": ">=16.8.0" } }, "sha512-xkGBRQQab4RLwgXxoqETICr6S5JlogafbhNsidmrkVv2YRs5MLwpjoF2qpiGjQt8S9AoxtIV603s0GIUpY5eYQ=="],
+
+    "@dnd-kit/sortable": ["@dnd-kit/sortable@10.0.0", "", { "dependencies": { "@dnd-kit/utilities": "^3.2.2", "tslib": "^2.0.0" }, "peerDependencies": { "@dnd-kit/core": "^6.3.0", "react": ">=16.8.0" } }, "sha512-+xqhmIIzvAYMGfBYYnbKuNicfSsk4RksY2XdmJhT+HAC01nix6fHCztU68jooFiMUB01Ky3F0FyOvhG/BZrWkg=="],
+
+    "@dnd-kit/utilities": ["@dnd-kit/utilities@3.2.2", "", { "dependencies": { "tslib": "^2.0.0" }, "peerDependencies": { "react": ">=16.8.0" } }, "sha512-+MKAJEOfaBe5SmV6t34p80MMKhjvUz0vRrvVJbPT0WElzaOJ/1xs+D+KDv+tD/NE5ujfrChEcshd4fLn0wpiqg=="],
+
     "@drizzle-team/brocli": ["@drizzle-team/brocli@0.10.2", "", {}, "sha512-z33Il7l5dKjUgGULTqBsQBQwckHh5AbIuxhdsIxDDiZAzBOrZO6q9ogcWC65kU382AfynTfgNumVcNIjuIua6w=="],
 
     "@esbuild-kit/core-utils": ["@esbuild-kit/core-utils@3.3.2", "", { "dependencies": { "esbuild": "~0.18.20", "source-map-support": "^0.5.21" } }, "sha512-sPRAnw9CdSsRmEtnsl2WXWdyquogVpB3yZ3dgwJfe8zrOzTsV7cJvmwrKVa+0ma5BoiGJ+BoqkMvawbayKUsqQ=="],
diff --git a/docker-compose.yml b/docker-compose.yml
index 689f167b..5ac4eee7 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -12,8 +12,11 @@ services:
       - SYS_ADMIN
     environment:
       - NODE_ENV=development
+      # - SMB_PASSWORD=secret
     ports:
       - "4096:4096"
+    # secrets:
+    #   - smb-password
     volumes:
       - /etc/localtime:/etc/localtime:ro
       - /var/lib/zerobyte:/var/lib/zerobyte
@@ -42,3 +45,7 @@ services:
       - /run/docker/plugins:/run/docker/plugins
       - /var/run/docker.sock:/var/run/docker.sock
       - ~/.config/rclone:/root/.config/rclone
+
+# secrets:
+#   smb-password:
+#     file: ./smb-password.txt
diff --git a/openapi-ts.config.ts b/openapi-ts.config.ts
index 08a16687..1cde65df 100644
--- a/openapi-ts.config.ts
+++ b/openapi-ts.config.ts
@@ -1,7 +1,8 @@
 import { defaultPlugins, defineConfig } from "@hey-api/openapi-ts";
+import { config } from "./app/server/core/config.js";
 
 export default defineConfig({
-	input: "http://192.168.2.42:4096/api/v1/openapi.json",
+	input: `http://${config.serverIp}:4096/api/v1/openapi.json`,
 	output: {
 		path: "./app/client/api-client",
 		format: "biome",
diff --git a/package.json b/package.json
index e6d2fcb9..697d0fe4 100644
--- a/package.json
+++ b/package.json
@@ -17,6 +17,9 @@
 		"studio": "drizzle-kit studio"
 	},
 	"dependencies": {
+		"@dnd-kit/core": "^6.3.1",
+		"@dnd-kit/sortable": "^10.0.0",
+		"@dnd-kit/utilities": "^3.2.2",
 		"@hono/standard-validator": "^0.2.0",
 		"@hookform/resolvers": "^5.2.2",
 		"@radix-ui/react-alert-dialog": "^1.1.15",

From 1beaf406ccfbb75f773330fa5a9e2523ace2588b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= <jakub.travnik@gmail.com>
Date: Wed, 17 Dec 2025 17:52:18 +0100
Subject: [PATCH 39/49] missing README edits

---
 README.md | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/README.md b/README.md
index f05ece02..67954474 100644
--- a/README.md
+++ b/README.md
@@ -224,6 +224,26 @@ Zerobyte allows you to easily restore your data from backups. To restore data, n
 
 ![Preview](https://github.com/nicotsx/zerobyte/blob/main/screenshots/restoring.png?raw=true)
 
+## Exporting configuration
+
+Zerobyte allows you to export your configuration for backup, migration, or documentation purposes.
+
+To export, click the "Export" button in Settings. A dialog will appear with options to:
+
+- **Include metadata** - Include IDs, timestamps, and runtime state of entities
+- **Secrets handling**:
+  - **Exclude** - Remove sensitive fields like passwords and API keys
+  - **Keep encrypted** - Export secrets in encrypted form (requires the same recovery key to decrypt on import)
+  - **Decrypt** - Export secrets as plaintext (use with caution)
+- **Include recovery key** - Include the master encryption key for all repositories
+- **Include password hash** - Include the hashed user passwords for seamless migration
+
+Export requires password verification for security. You must enter your password to confirm your identity before any configuration can be exported.
+
+Export is downloaded as JSON file that can be used for reference or future import functionality.
+
+> **Sensitive data handling**: Some sensitive data from earlier versions may not be encrypted in the database. Additionally, nested configuration objects within config fields are exported as-is and not processed separately. Review exported data carefully before sharing, especially when using the "Decrypt" secrets option.
+
 ## Third-Party Software
 
 This project includes the following third-party software components:

From 34b9e4f6fb8cec9382d5c6d3b8129ef0ea0ad605 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= <jakub.travnik@gmail.com>
Date: Wed, 17 Dec 2025 17:59:06 +0100
Subject: [PATCH 40/49] import related clarification

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 67954474..21a1a176 100644
--- a/README.md
+++ b/README.md
@@ -236,7 +236,7 @@ To export, click the "Export" button in Settings. A dialog will appear with opti
   - **Keep encrypted** - Export secrets in encrypted form (requires the same recovery key to decrypt on import)
   - **Decrypt** - Export secrets as plaintext (use with caution)
 - **Include recovery key** - Include the master encryption key for all repositories
-- **Include password hash** - Include the hashed user passwords for seamless migration
+- **Include password hash** - Include the hashed user passwords (enables future import workflows)
 
 Export requires password verification for security. You must enter your password to confirm your identity before any configuration can be exported.
 

From 512bee535a6ad98d0dffd98231702ae15cc2b210 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= <jakub.travnik@gmail.com>
Date: Mon, 22 Dec 2025 17:00:59 +0100
Subject: [PATCH 41/49] Merge remote-tracking branch 'upstream/main' into
 config-export-feature

---
 .env.test                                     |   1 +
 .../actions/install-dependencies/action.yml   |  15 +
 .github/dependabot.yml                        |  18 +
 .github/workflows/ci.yml                      |  37 +
 .github/workflows/release.yml                 |  47 +-
 AGENTS.md                                     |  10 +
 Dockerfile                                    |  18 +-
 README.md                                     |  14 +
 .../api-client/core/serverSentEvents.gen.ts   |   2 +
 app/client/api-client/types.gen.ts            |   7 +
 app/client/components/app-sidebar.tsx         |  18 +-
 .../components/create-schedule-form.tsx       |  81 +-
 .../backups/components/schedule-summary.tsx   |   3 +-
 .../modules/backups/routes/backup-details.tsx |   9 +-
 .../modules/backups/routes/create-backup.tsx  |   8 +-
 .../components/create-notification-form.tsx   |   4 +-
 .../routes/notification-details.tsx           |  10 +-
 .../components/create-repository-form.tsx     |   4 +-
 .../volumes/components/create-volume-form.tsx |   4 +-
 app/drizzle/0023_special_thor.sql             |   2 +
 app/drizzle/0024_schedules-one-fs.sql         |   1 +
 app/drizzle/meta/0023_snapshot.json           | 839 ++++++++++++++++++
 app/drizzle/meta/0024_snapshot.json           | 839 ++++++++++++++++++
 app/drizzle/meta/_journal.json                |  14 +
 app/schemas/notifications.ts                  |   4 +-
 app/schemas/restic.ts                         |   4 +-
 app/schemas/volumes.ts                        |   8 +-
 app/server/app.ts                             |  90 ++
 .../core/__tests__/repository-mutex.test.ts   |  38 +
 app/server/core/constants.ts                  |   4 +-
 app/server/core/repository-mutex.ts           |   6 +-
 app/server/db/schema.ts                       |   4 +
 app/server/index.ts                           |  68 +-
 app/server/jobs/auto-remount.ts               |  28 +
 app/server/jobs/backup-execution.ts           |   5 +-
 app/server/jobs/cleanup-dangling.ts           |   2 +-
 app/server/jobs/repository-healthchecks.ts    |   6 -
 app/server/modules/auth/auth.controller.ts    |  70 +-
 .../modules/backends/nfs/nfs-backend.ts       |  37 +-
 .../modules/backends/rclone/rclone-backend.ts |  37 +-
 .../modules/backends/smb/smb-backend.ts       |  37 +-
 .../modules/backends/utils/backend-utils.ts   |   4 +-
 .../modules/backends/webdav/webdav-backend.ts |  52 +-
 .../__tests__/backups.controller.test.ts      | 126 +++
 .../__tests__/backups.patterns.test.ts        | 136 +++
 .../backups/__tests__/backups.service.test.ts | 176 ++++
 .../modules/backups/backups.controller.ts     |   4 +-
 app/server/modules/backups/backups.dto.ts     |   3 +
 app/server/modules/backups/backups.service.ts |  70 +-
 .../__tests__/events.controller.test.ts       |  53 ++
 app/server/modules/lifecycle/startup.ts       |  46 +-
 .../notifications.controller.test.ts          | 110 +++
 .../notifications/notifications.service.ts    |  14 +-
 .../__tests__/repositories.controller.test.ts | 105 +++
 .../repositories/repositories.service.ts      |  16 +-
 .../__tests__/system.controller.test.ts       |  89 ++
 .../__tests__/volumes.controller.test.ts      | 104 +++
 app/server/modules/volumes/volume.service.ts  |  10 +-
 app/server/utils/restic.ts                    |  99 ++-
 app/server/utils/spawn.ts                     |   4 +-
 app/test/helpers/auth.ts                      |  24 +
 app/test/helpers/backup.ts                    |  16 +
 app/test/helpers/repository.ts                |  20 +
 app/test/helpers/restic.ts                    |  18 +
 app/test/helpers/volume.ts                    |  21 +
 app/test/setup.ts                             |  19 +
 app/utils/utils.ts                            |  16 +-
 bun.lock                                      | 401 +++++----
 docker-compose.yml                            |  14 +-
 examples/README.md                            |  17 +
 examples/basic-docker-compose/.env.example    |   2 +
 examples/basic-docker-compose/README.md       |  25 +
 .../basic-docker-compose/docker-compose.yml   |  16 +
 examples/directory-bind-mount/.env.example    |   8 +
 examples/directory-bind-mount/README.md       |  34 +
 .../directory-bind-mount/docker-compose.yml   |  13 +
 examples/rclone-config-mount/.env.example     |   8 +
 examples/rclone-config-mount/README.md        |  41 +
 .../rclone-config-mount/docker-compose.yml    |  13 +
 examples/secrets-placeholders/.env.example    |   6 +
 examples/secrets-placeholders/.gitignore      |   5 +
 examples/secrets-placeholders/README.md       |  61 ++
 .../secrets-placeholders/docker-compose.yml   |  26 +
 .../simplified-docker-compose/.env.example    |   2 +
 examples/simplified-docker-compose/README.md  |  25 +
 .../docker-compose.yml                        |  12 +
 examples/tailscale-sidecar/.env.example       |  22 +
 examples/tailscale-sidecar/README.md          |  93 ++
 examples/tailscale-sidecar/docker-compose.yml |  51 ++
 package.json                                  |  17 +-
 vite.config.ts                                |   2 +-
 91 files changed, 4218 insertions(+), 504 deletions(-)
 create mode 100644 .env.test
 create mode 100644 .github/actions/install-dependencies/action.yml
 create mode 100644 .github/dependabot.yml
 create mode 100644 .github/workflows/ci.yml
 create mode 100644 app/drizzle/0023_special_thor.sql
 create mode 100644 app/drizzle/0024_schedules-one-fs.sql
 create mode 100644 app/drizzle/meta/0023_snapshot.json
 create mode 100644 app/drizzle/meta/0024_snapshot.json
 create mode 100644 app/server/app.ts
 create mode 100644 app/server/core/__tests__/repository-mutex.test.ts
 create mode 100644 app/server/jobs/auto-remount.ts
 create mode 100644 app/server/modules/backups/__tests__/backups.controller.test.ts
 create mode 100644 app/server/modules/backups/__tests__/backups.patterns.test.ts
 create mode 100644 app/server/modules/backups/__tests__/backups.service.test.ts
 create mode 100644 app/server/modules/events/__tests__/events.controller.test.ts
 create mode 100644 app/server/modules/notifications/__tests__/notifications.controller.test.ts
 create mode 100644 app/server/modules/repositories/__tests__/repositories.controller.test.ts
 create mode 100644 app/server/modules/system/__tests__/system.controller.test.ts
 create mode 100644 app/server/modules/volumes/__tests__/volumes.controller.test.ts
 create mode 100644 app/test/helpers/auth.ts
 create mode 100644 app/test/helpers/backup.ts
 create mode 100644 app/test/helpers/repository.ts
 create mode 100644 app/test/helpers/restic.ts
 create mode 100644 app/test/helpers/volume.ts
 create mode 100644 app/test/setup.ts
 create mode 100644 examples/README.md
 create mode 100644 examples/basic-docker-compose/.env.example
 create mode 100644 examples/basic-docker-compose/README.md
 create mode 100644 examples/basic-docker-compose/docker-compose.yml
 create mode 100644 examples/directory-bind-mount/.env.example
 create mode 100644 examples/directory-bind-mount/README.md
 create mode 100644 examples/directory-bind-mount/docker-compose.yml
 create mode 100644 examples/rclone-config-mount/.env.example
 create mode 100644 examples/rclone-config-mount/README.md
 create mode 100644 examples/rclone-config-mount/docker-compose.yml
 create mode 100644 examples/secrets-placeholders/.env.example
 create mode 100644 examples/secrets-placeholders/.gitignore
 create mode 100644 examples/secrets-placeholders/README.md
 create mode 100644 examples/secrets-placeholders/docker-compose.yml
 create mode 100644 examples/simplified-docker-compose/.env.example
 create mode 100644 examples/simplified-docker-compose/README.md
 create mode 100644 examples/simplified-docker-compose/docker-compose.yml
 create mode 100644 examples/tailscale-sidecar/.env.example
 create mode 100644 examples/tailscale-sidecar/README.md
 create mode 100644 examples/tailscale-sidecar/docker-compose.yml

diff --git a/.env.test b/.env.test
new file mode 100644
index 00000000..a8c805e0
--- /dev/null
+++ b/.env.test
@@ -0,0 +1 @@
+DATABASE_URL=:memory:
diff --git a/.github/actions/install-dependencies/action.yml b/.github/actions/install-dependencies/action.yml
new file mode 100644
index 00000000..36b4abec
--- /dev/null
+++ b/.github/actions/install-dependencies/action.yml
@@ -0,0 +1,15 @@
+name: Install dependencies
+
+description: Install dependencies
+
+runs:
+  using: "composite"
+  steps:
+    - uses: oven-sh/setup-bun@v2
+      name: Install Bun
+      with:
+        bun-version: "1.3.5"
+
+    - name: Install dependencies
+      shell: bash
+      run: bun install --frozen-lockfile
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 00000000..cd0c8146
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,18 @@
+version: 2
+updates:
+  - package-ecosystem: "bun"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    rebase-strategy: 'auto'
+    groups:
+      minor-patch:
+        update-types:
+          - minor
+          - patch
+
+  - package-ecosystem: 'github-actions'
+    directory: '/'
+    schedule:
+      interval: 'daily'
+    rebase-strategy: 'auto'
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 00000000..9a081d44
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,37 @@
+name: Checks
+
+permissions:
+  contents: read
+
+on:
+  pull_request:
+    branches:
+      - main
+  push:
+    branches:
+      - main
+
+jobs:
+  ci:
+    timeout-minutes: 15
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+
+      - name: Install dependencies
+        uses: "./.github/actions/install-dependencies"
+
+      - name: Run type checks
+        shell: bash
+        run: bun run tsc
+
+      - name: Run tests
+        shell: bash
+        run: bun run test --ci --coverage
+
+      - name: Build project
+        shell: bash
+        run: bun run build
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index dadfa1b3..326ffa0f 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -7,6 +7,11 @@ on:
       - "v*.*.*-beta.*"
       - "v*.*.*-alpha.*"
 
+permissions:
+  contents: write
+  packages: write
+  security-events: write
+
 jobs:
   determine-release-type:
     runs-on: ubuntu-latest
@@ -32,16 +37,23 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0
           ref: ${{ github.ref }}
 
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
+        with:
+          driver: cloud
+          endpoint: "meienberger/runtipi-builder"
+          install: true
 
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v3
@@ -50,6 +62,31 @@ jobs:
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
+      - name: Build docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          target: production
+          platforms: linux/amd64
+          push: false
+          load: true
+          tags: local/zerobyte:ci
+          build-args: |
+            APP_VERSION=${{ needs.determine-release-type.outputs.tagname }}
+
+      - name: Scan new image for vulnerabilities
+        uses: anchore/scan-action@v7
+        id: scan
+        with:
+          image: local/zerobyte:ci
+          fail-build: true
+          severity-cutoff: critical
+
+      - name: upload Anchore scan report
+        uses: github/codeql-action/upload-sarif@v4
+        with:
+          sarif_file: ${{ steps.scan.outputs.sarif }}
+
       - name: Docker meta
         id: meta
         uses: docker/metadata-action@v5
@@ -63,7 +100,7 @@ jobs:
           flavor: |
             latest=${{ needs.determine-release-type.outputs.release_type == 'release' }}
 
-      - name: Build and push images
+      - name: Push images to GitHub Container Registry
         uses: docker/build-push-action@v6
         with:
           context: .
@@ -74,8 +111,6 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
           build-args: |
             APP_VERSION=${{ needs.determine-release-type.outputs.tagname }}
-          cache-from: type=registry,ref=ghcr.io/nicotsx/zerobyte:buildcache
-          cache-to: type=registry,ref=ghcr.io/nicotsx/zerobyte:buildcache,mode=max
 
   publish-release:
     runs-on: ubuntu-latest
diff --git a/AGENTS.md b/AGENTS.md
index 6ba3fcd9..92f7ff18 100644
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -36,6 +36,16 @@ This is a unified application with the following structure:
 bun run tsc
 ```
 
+### Testing
+
+```bash
+# Run all tests
+bun run test
+
+# Run a specific test file
+bunx dotenv-cli -e .env.test -- bun test --preload ./app/test/setup.ts path/to/test.ts
+```
+
 ### Building
 
 ```bash
diff --git a/Dockerfile b/Dockerfile
index 206d294b..c95dab9f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,8 +1,9 @@
-ARG BUN_VERSION="1.3.3"
+ARG BUN_VERSION="1.3.5"
 
 FROM oven/bun:${BUN_VERSION}-alpine AS base
 
-RUN apk add --no-cache davfs2=1.6.1-r2 openssh-client fuse3
+RUN apk upgrade --no-cache && \
+    apk add --no-cache davfs2=1.6.1-r2 openssh-client fuse3
 
 
 # ------------------------------
@@ -14,7 +15,8 @@ WORKDIR /deps
 
 ARG TARGETARCH
 ARG RESTIC_VERSION="0.18.1"
-ARG SHOUTRRR_VERSION="0.12.1"
+ARG RCLONE_VERSION="1.72.1"
+ARG SHOUTRRR_VERSION="0.13.1"
 ENV TARGETARCH=${TARGETARCH}
 
 RUN apk add --no-cache curl bzip2 unzip tar
@@ -22,18 +24,18 @@ RUN apk add --no-cache curl bzip2 unzip tar
 RUN echo "Building for ${TARGETARCH}"
 RUN if [ "${TARGETARCH}" = "arm64" ]; then \
       curl -L -o restic.bz2 "https://github.com/restic/restic/releases/download/v$RESTIC_VERSION/restic_$RESTIC_VERSION"_linux_arm64.bz2; \
-      curl -O https://downloads.rclone.org/rclone-current-linux-arm64.zip; \
-      unzip rclone-current-linux-arm64.zip; \
+      curl -L -o rclone.zip "https://github.com/rclone/rclone/releases/download/v$RCLONE_VERSION/rclone-v$RCLONE_VERSION-linux-arm64.zip"; \
+      unzip rclone.zip; \
       curl -L -o shoutrrr.tar.gz "https://github.com/nicholas-fedor/shoutrrr/releases/download/v$SHOUTRRR_VERSION/shoutrrr_linux_arm64v8_${SHOUTRRR_VERSION}.tar.gz"; \
       elif [ "${TARGETARCH}" = "amd64" ]; then \
       curl -L -o restic.bz2 "https://github.com/restic/restic/releases/download/v$RESTIC_VERSION/restic_$RESTIC_VERSION"_linux_amd64.bz2; \
-      curl -O https://downloads.rclone.org/rclone-current-linux-amd64.zip; \
-      unzip rclone-current-linux-amd64.zip; \
+      curl -L -o rclone.zip "https://github.com/rclone/rclone/releases/download/v$RCLONE_VERSION/rclone-v$RCLONE_VERSION-linux-amd64.zip"; \
+      unzip rclone.zip; \
       curl -L -o shoutrrr.tar.gz "https://github.com/nicholas-fedor/shoutrrr/releases/download/v$SHOUTRRR_VERSION/shoutrrr_linux_amd64_${SHOUTRRR_VERSION}.tar.gz"; \
       fi
 
 RUN bzip2 -d restic.bz2 && chmod +x restic
-RUN mv rclone-*-linux-*/rclone /deps/rclone && chmod +x /deps/rclone
+RUN mv rclone-v*-linux-*/rclone /deps/rclone && chmod +x /deps/rclone
 RUN tar -xzf shoutrrr.tar.gz && chmod +x shoutrrr
 
 # ------------------------------
diff --git a/README.md b/README.md
index 21a1a176..63716acb 100644
--- a/README.md
+++ b/README.md
@@ -56,6 +56,9 @@ services:
       - /var/lib/zerobyte:/var/lib/zerobyte
 ```
 
+> [!WARNING]
+> It is highly discouraged to run Zerobyte on a server that is accessible from the internet (VPS or home server with port forwarding) If you do, make sure to change the port mapping to "127.0.0.1:4096:4096" and use a secure tunnel (SSH tunnel, Cloudflare Tunnel, etc.) with authentication.
+
 > [!WARNING]
 > Do not try to point `/var/lib/zerobyte` on a network share. You will face permission issues and strong performance degradation.
 
@@ -95,6 +98,10 @@ services:
 
 If you need remote mount capabilities, keep the original configuration with `cap_add: SYS_ADMIN` and `devices: /dev/fuse:/dev/fuse`.
 
+## Examples
+
+See [examples/README.md](examples/README.md) for runnable, copy/paste-friendly examples.
+
 ## Adding your first volume
 
 Zerobyte supports multiple volume backends including NFS, SMB, WebDAV, and local directories. A volume represents the source data you want to back up and monitor.
@@ -155,22 +162,27 @@ Zerobyte can use [rclone](https://rclone.org/) to support 40+ cloud storage prov
 **Setup instructions:**
 
 1. **Install rclone on your host system** (if not already installed):
+
    ```bash
    curl https://rclone.org/install.sh | sudo bash
    ```
 
 2. **Configure your cloud storage remote** using rclone's interactive config:
+
    ```bash
    rclone config
    ```
+
    Follow the prompts to set up your cloud storage provider. For OAuth providers (Google Drive, Dropbox, etc.), rclone will guide you through the authentication flow.
 
 3. **Verify your remote is configured**:
+
    ```bash
    rclone listremotes
    ```
 
 4. **Mount the rclone config into the Zerobyte container** by updating your `docker-compose.yml`:
+
    ```diff
    services:
      zerobyte:
@@ -192,6 +204,7 @@ Zerobyte can use [rclone](https://rclone.org/) to support 40+ cloud storage prov
    ```
 
 5. **Restart the Zerobyte container**:
+
    ```bash
    docker compose down
    docker compose up -d
@@ -209,6 +222,7 @@ For a complete list of supported providers, see the [rclone documentation](https
 Once you have added a volume and created a repository, you can create your first backup job. A backup job defines the schedule and parameters for backing up a specific volume to a designated repository.
 
 When creating a backup job, you can specify the following settings:
+
 - **Schedule**: Define how often the backup should run (e.g., daily, weekly)
 - **Retention Policy**: Set rules for how long backups should be retained (e.g., keep daily backups for 7 days, weekly backups for 4 weeks)
 - **Paths**: Specify which files or directories to include in the backup
diff --git a/app/client/api-client/core/serverSentEvents.gen.ts b/app/client/api-client/core/serverSentEvents.gen.ts
index f8fd78e2..343d25af 100644
--- a/app/client/api-client/core/serverSentEvents.gen.ts
+++ b/app/client/api-client/core/serverSentEvents.gen.ts
@@ -169,6 +169,8 @@ export const createSseClient = <TData = unknown>({
             const { done, value } = await reader.read();
             if (done) break;
             buffer += value;
+            // Normalize line endings: CRLF -> LF, then CR -> LF
+            buffer = buffer.replace(/\r\n/g, '\n').replace(/\r/g, '\n');
 
             const chunks = buffer.split('\n\n');
             buffer = chunks.pop() ?? '';
diff --git a/app/client/api-client/types.gen.ts b/app/client/api-client/types.gen.ts
index 83f4e884..ffbbce57 100644
--- a/app/client/api-client/types.gen.ts
+++ b/app/client/api-client/types.gen.ts
@@ -1305,6 +1305,7 @@ export type ListBackupSchedulesResponses = {
         lastBackupStatus: 'error' | 'in_progress' | 'success' | 'warning' | null;
         name: string;
         nextBackupAt: number | null;
+        oneFileSystem: boolean;
         repository: {
             compressionMode: 'auto' | 'max' | 'off' | null;
             config: {
@@ -1453,6 +1454,7 @@ export type CreateBackupScheduleData = {
         excludeIfPresent?: Array<string>;
         excludePatterns?: Array<string>;
         includePatterns?: Array<string>;
+        oneFileSystem?: boolean;
         retentionPolicy?: {
             keepDaily?: number;
             keepHourly?: number;
@@ -1486,6 +1488,7 @@ export type CreateBackupScheduleResponses = {
         lastBackupStatus: 'error' | 'in_progress' | 'success' | 'warning' | null;
         name: string;
         nextBackupAt: number | null;
+        oneFileSystem: boolean;
         repositoryId: string;
         retentionPolicy: {
             keepDaily?: number;
@@ -1549,6 +1552,7 @@ export type GetBackupScheduleResponses = {
         lastBackupStatus: 'error' | 'in_progress' | 'success' | 'warning' | null;
         name: string;
         nextBackupAt: number | null;
+        oneFileSystem: boolean;
         repository: {
             compressionMode: 'auto' | 'max' | 'off' | null;
             config: {
@@ -1696,6 +1700,7 @@ export type UpdateBackupScheduleData = {
         excludePatterns?: Array<string>;
         includePatterns?: Array<string>;
         name?: string;
+        oneFileSystem?: boolean;
         retentionPolicy?: {
             keepDaily?: number;
             keepHourly?: number;
@@ -1731,6 +1736,7 @@ export type UpdateBackupScheduleResponses = {
         lastBackupStatus: 'error' | 'in_progress' | 'success' | 'warning' | null;
         name: string;
         nextBackupAt: number | null;
+        oneFileSystem: boolean;
         repositoryId: string;
         retentionPolicy: {
             keepDaily?: number;
@@ -1774,6 +1780,7 @@ export type GetBackupScheduleForVolumeResponses = {
         lastBackupStatus: 'error' | 'in_progress' | 'success' | 'warning' | null;
         name: string;
         nextBackupAt: number | null;
+        oneFileSystem: boolean;
         repository: {
             compressionMode: 'auto' | 'max' | 'off' | null;
             config: {
diff --git a/app/client/components/app-sidebar.tsx b/app/client/components/app-sidebar.tsx
index 813115dc..7796b467 100644
--- a/app/client/components/app-sidebar.tsx
+++ b/app/client/components/app-sidebar.tsx
@@ -46,10 +46,15 @@ const items = [
 
 export function AppSidebar() {
 	const { state } = useSidebar();
+	const displayVersion = APP_VERSION.startsWith("v") || APP_VERSION === "dev" ? APP_VERSION : `v${APP_VERSION}`;
+	const releaseUrl =
+		APP_VERSION === "dev"
+			? "https://github.com/nicotsx/zerobyte"
+			: `https://github.com/nicotsx/zerobyte/releases/tag/${displayVersion}`;
 
 	return (
 		<Sidebar variant="inset" collapsible="icon" className="p-0">
-			<SidebarHeader className="bg-card-header border-b border-border/50 hidden md:flex h-[65px] flex-row items-center p-4">
+			<SidebarHeader className="bg-card-header border-b border-border/50 hidden md:flex h-16.25 flex-row items-center p-4">
 				<Link to="/volumes" className="flex items-center gap-3 font-semibold pl-2">
 					<img src="/images/zerobyte.png" alt="Zerobyte Logo" className={cn("h-8 w-8 shrink-0 object-contain -ml-2")} />
 					<span
@@ -93,13 +98,16 @@ export function AppSidebar() {
 				</SidebarGroup>
 			</SidebarContent>
 			<SidebarFooter className="p-4 border-r border-t border-border/50">
-				<div
-					className={cn("text-xs text-muted-foreground transition-all duration-200", {
+				<a
+					href={releaseUrl}
+					target="_blank"
+					rel="noreferrer"
+					className={cn("text-xs text-muted-foreground transition-all duration-200 hover:text-foreground", {
 						"opacity-0 w-0 overflow-hidden": state === "collapsed",
 					})}
 				>
-					{APP_VERSION}
-				</div>
+					{displayVersion}
+				</a>
 			</SidebarFooter>
 		</Sidebar>
 	);
diff --git a/app/client/modules/backups/components/create-schedule-form.tsx b/app/client/modules/backups/components/create-schedule-form.tsx
index 8f6de25c..adfaf820 100644
--- a/app/client/modules/backups/components/create-schedule-form.tsx
+++ b/app/client/modules/backups/components/create-schedule-form.tsx
@@ -1,4 +1,5 @@
 import { arktypeResolver } from "@hookform/resolvers/arktype";
+
 import { useQuery } from "@tanstack/react-query";
 import { type } from "arktype";
 import { useCallback, useState } from "react";
@@ -6,6 +7,7 @@ import { useForm } from "react-hook-form";
 import { listRepositoriesOptions } from "~/client/api-client/@tanstack/react-query.gen";
 import { RepositoryIcon } from "~/client/components/repository-icon";
 import { Card, CardContent, CardDescription, CardHeader, CardTitle } from "~/client/components/ui/card";
+import { Checkbox } from "~/client/components/ui/checkbox";
 import {
 	Form,
 	FormControl,
@@ -17,6 +19,7 @@ import {
 } from "~/client/components/ui/form";
 import { Input } from "~/client/components/ui/input";
 import { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from "~/client/components/ui/select";
+import { Button } from "~/client/components/ui/button";
 import { Textarea } from "~/client/components/ui/textarea";
 import { VolumeFileBrowser } from "~/client/components/volume-file-browser";
 import type { BackupSchedule, Volume } from "~/client/lib/types";
@@ -32,12 +35,14 @@ const internalFormSchema = type({
 	frequency: "string",
 	dailyTime: "string?",
 	weeklyDay: "string?",
+	monthlyDays: "string[]?",
 	keepLast: "number?",
 	keepHourly: "number?",
 	keepDaily: "number?",
 	keepWeekly: "number?",
 	keepMonthly: "number?",
 	keepYearly: "number?",
+	oneFileSystem: "boolean?",
 });
 const cleanSchema = type.pipe((d) => internalFormSchema(deepClean(d)));
 
@@ -76,15 +81,16 @@ const backupScheduleToFormValues = (schedule?: BackupSchedule): InternalFormValu
 	}
 
 	const parts = schedule.cronExpression.split(" ");
-	const [minutePart, hourPart, , , dayOfWeekPart] = parts;
+	const [minutePart, hourPart, dayOfMonthPart, , dayOfWeekPart] = parts;
 
 	const isHourly = hourPart === "*";
-	const isDaily = !isHourly && dayOfWeekPart === "*";
-	const frequency = isHourly ? "hourly" : isDaily ? "daily" : "weekly";
+	const isMonthly = !isHourly && dayOfMonthPart !== "*" && dayOfWeekPart === "*";
+	const isDaily = !isHourly && dayOfMonthPart === "*" && dayOfWeekPart === "*";
 
+	const frequency = isHourly ? "hourly" : isMonthly ? "monthly" : isDaily ? "daily" : "weekly";
 	const dailyTime = isHourly ? undefined : `${hourPart.padStart(2, "0")}:${minutePart.padStart(2, "0")}`;
-
 	const weeklyDay = frequency === "weekly" ? dayOfWeekPart : undefined;
+	const monthlyDays = isMonthly ? dayOfMonthPart.split(",") : undefined;
 
 	const patterns = schedule.includePatterns || [];
 	const isGlobPattern = (p: string) => /[*?[\]]/.test(p);
@@ -95,12 +101,14 @@ const backupScheduleToFormValues = (schedule?: BackupSchedule): InternalFormValu
 		name: schedule.name,
 		repositoryId: schedule.repositoryId,
 		frequency,
+		monthlyDays,
 		dailyTime,
 		weeklyDay,
 		includePatterns: fileBrowserPaths.length > 0 ? fileBrowserPaths : undefined,
 		includePatternsText: textPatterns.length > 0 ? textPatterns.join("\n") : undefined,
 		excludePatternsText: schedule.excludePatterns?.join("\n") || undefined,
 		excludeIfPresentText: schedule.excludeIfPresent?.join("\n") || undefined,
+		oneFileSystem: schedule.oneFileSystem ?? false,
 		...schedule.retentionPolicy,
 	};
 };
@@ -246,6 +254,7 @@ export const CreateScheduleForm = ({ initialValues, formId, onSubmit, volume }:
 													<SelectItem value="hourly">Hourly</SelectItem>
 													<SelectItem value="daily">Daily</SelectItem>
 													<SelectItem value="weekly">Weekly</SelectItem>
+													<SelectItem value="monthly">Specific days</SelectItem>
 												</SelectContent>
 											</Select>
 										</FormControl>
@@ -299,6 +308,42 @@ export const CreateScheduleForm = ({ initialValues, formId, onSubmit, volume }:
 									)}
 								/>
 							)}
+							{frequency === "monthly" && (
+								<FormField
+									control={form.control}
+									name="monthlyDays"
+									render={({ field }) => (
+										<FormItem className="md:col-span-2">
+											<FormLabel>Days of the month</FormLabel>
+											<FormControl>
+												<div className="grid grid-cols-7 gap-4 w-max">
+													{Array.from({ length: 31 }, (_, i) => {
+														const day = (i + 1).toString();
+														const isSelected = field.value?.includes(day);
+														return (
+															<Button
+																type="button"
+																key={day}
+																variant={isSelected ? "primary" : "secondary"}
+																size="icon"
+																onClick={() => {
+																	const current = field.value || [];
+																	const next = isSelected ? current.filter((d) => d !== day) : [...current, day];
+																	field.onChange(next);
+																}}
+															>
+																{day}
+															</Button>
+														);
+													})}
+												</div>
+											</FormControl>
+											<FormDescription>Select one or more days when the backup should run.</FormDescription>
+											<FormMessage />
+										</FormItem>
+									)}
+								/>
+							)}
 						</CardContent>
 					</Card>
 
@@ -318,7 +363,7 @@ export const CreateScheduleForm = ({ initialValues, formId, onSubmit, volume }:
 								onSelectionChange={handleSelectionChange}
 								withCheckboxes={true}
 								foldersOnly={false}
-								className="flex-1 border rounded-md bg-card p-2 min-h-[300px] max-h-[400px] overflow-auto"
+								className="flex-1 border rounded-md bg-card p-2 min-h-75 max-h-100 overflow-auto"
 							/>
 							{selectedPaths.size > 0 && (
 								<div className="mt-4">
@@ -342,7 +387,7 @@ export const CreateScheduleForm = ({ initialValues, formId, onSubmit, volume }:
 											<Textarea
 												{...field}
 												placeholder="/data/**&#10;/config/*.json&#10;*.db"
-												className="font-mono text-sm min-h-[100px]"
+												className="font-mono text-sm min-h-25"
 											/>
 										</FormControl>
 										<FormDescription>
@@ -375,7 +420,7 @@ export const CreateScheduleForm = ({ initialValues, formId, onSubmit, volume }:
 											<Textarea
 												{...field}
 												placeholder="*.tmp&#10;node_modules/**&#10;.cache/&#10;*.log"
-												className="font-mono text-sm min-h-[120px]"
+												className="font-mono text-sm min-h-30"
 											/>
 										</FormControl>
 										<FormDescription>
@@ -416,6 +461,24 @@ export const CreateScheduleForm = ({ initialValues, formId, onSubmit, volume }:
 									</FormItem>
 								)}
 							/>
+							<FormField
+								control={form.control}
+								name="oneFileSystem"
+								render={({ field }) => (
+									<FormItem className="flex flex-row items-start space-x-3 space-y-0 rounded-md border p-4 mt-6">
+										<FormControl>
+											<Checkbox checked={field.value} onCheckedChange={field.onChange} />
+										</FormControl>
+										<div className="space-y-1 leading-none">
+											<FormLabel>Stay on one file system</FormLabel>
+											<FormDescription>
+												Prevent Restic from crossing file system boundaries. This is useful to avoid backing up network
+												mounts or other partitions that might be mounted inside your backup source.
+											</FormDescription>
+										</div>
+									</FormItem>
+								)}
+							/>
 						</CardContent>
 					</Card>
 
@@ -629,6 +692,10 @@ export const CreateScheduleForm = ({ initialValues, formId, onSubmit, volume }:
 									</div>
 								</div>
 							)}
+							<div>
+								<p className="text-xs uppercase text-muted-foreground">One file system</p>
+								<p className="font-medium">{formValues.oneFileSystem ? "Enabled" : "Disabled"}</p>
+							</div>
 							<div>
 								<p className="text-xs uppercase text-muted-foreground">Retention</p>
 								<p className="font-medium">
diff --git a/app/client/modules/backups/components/schedule-summary.tsx b/app/client/modules/backups/components/schedule-summary.tsx
index 8bdd3b9d..87efda27 100644
--- a/app/client/modules/backups/components/schedule-summary.tsx
+++ b/app/client/modules/backups/components/schedule-summary.tsx
@@ -181,7 +181,8 @@ export const ScheduleSummary = (props: Props) => {
 						<div className="md:col-span-2 lg:col-span-4">
 							<p className="text-xs uppercase text-muted-foreground">Warning Details</p>
 							<p className="font-mono text-sm text-yellow-600 whitespace-pre-wrap break-all">
-								Last backup completed with warnings. Check your container logs for more details.
+								{schedule.lastBackupError ??
+									"Last backup completed with warnings. Check your container logs for more details."}
 							</p>
 						</div>
 					)}
diff --git a/app/client/modules/backups/routes/backup-details.tsx b/app/client/modules/backups/routes/backup-details.tsx
index 4804c4b7..6081a7a6 100644
--- a/app/client/modules/backups/routes/backup-details.tsx
+++ b/app/client/modules/backups/routes/backup-details.tsx
@@ -141,7 +141,12 @@ export default function ScheduleDetailsPage({ params, loaderData }: Route.Compon
 	const handleSubmit = (formValues: BackupScheduleFormValues) => {
 		if (!schedule) return;
 
-		const cronExpression = getCronExpression(formValues.frequency, formValues.dailyTime, formValues.weeklyDay);
+		const cronExpression = getCronExpression(
+			formValues.frequency,
+			formValues.dailyTime,
+			formValues.weeklyDay,
+			formValues.monthlyDays,
+		);
 
 		const retentionPolicy: Record<string, number> = {};
 		if (formValues.keepLast) retentionPolicy.keepLast = formValues.keepLast;
@@ -162,6 +167,7 @@ export default function ScheduleDetailsPage({ params, loaderData }: Route.Compon
 				includePatterns: formValues.includePatterns,
 				excludePatterns: formValues.excludePatterns,
 				excludeIfPresent: formValues.excludeIfPresent,
+				oneFileSystem: formValues.oneFileSystem,
 			},
 		});
 	};
@@ -177,6 +183,7 @@ export default function ScheduleDetailsPage({ params, loaderData }: Route.Compon
 				includePatterns: schedule.includePatterns || [],
 				excludePatterns: schedule.excludePatterns || [],
 				excludeIfPresent: schedule.excludeIfPresent || [],
+				oneFileSystem: schedule.oneFileSystem,
 			},
 		});
 	};
diff --git a/app/client/modules/backups/routes/create-backup.tsx b/app/client/modules/backups/routes/create-backup.tsx
index f0c47639..7b6484f5 100644
--- a/app/client/modules/backups/routes/create-backup.tsx
+++ b/app/client/modules/backups/routes/create-backup.tsx
@@ -71,7 +71,12 @@ export default function CreateBackup({ loaderData }: Route.ComponentProps) {
 	const handleSubmit = (formValues: BackupScheduleFormValues) => {
 		if (!selectedVolumeId) return;
 
-		const cronExpression = getCronExpression(formValues.frequency, formValues.dailyTime, formValues.weeklyDay);
+		const cronExpression = getCronExpression(
+			formValues.frequency,
+			formValues.dailyTime,
+			formValues.weeklyDay,
+			formValues.monthlyDays,
+		);
 
 		const retentionPolicy: Record<string, number> = {};
 		if (formValues.keepLast) retentionPolicy.keepLast = formValues.keepLast;
@@ -92,6 +97,7 @@ export default function CreateBackup({ loaderData }: Route.ComponentProps) {
 				includePatterns: formValues.includePatterns,
 				excludePatterns: formValues.excludePatterns,
 				excludeIfPresent: formValues.excludeIfPresent,
+				oneFileSystem: formValues.oneFileSystem,
 			},
 		});
 	};
diff --git a/app/client/modules/notifications/components/create-notification-form.tsx b/app/client/modules/notifications/components/create-notification-form.tsx
index 2fd240cf..01e8dc08 100644
--- a/app/client/modules/notifications/components/create-notification-form.tsx
+++ b/app/client/modules/notifications/components/create-notification-form.tsx
@@ -17,11 +17,11 @@ import { Input } from "~/client/components/ui/input";
 import { SecretInput } from "~/client/components/ui/secret-input";
 import { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from "~/client/components/ui/select";
 import { Checkbox } from "~/client/components/ui/checkbox";
-import { notificationConfigSchema } from "~/schemas/notifications";
+import { notificationConfigSchemaBase } from "~/schemas/notifications";
 
 export const formSchema = type({
 	name: "2<=string<=32",
-}).and(notificationConfigSchema);
+}).and(notificationConfigSchemaBase);
 const cleanSchema = type.pipe((d) => formSchema(deepClean(d)));
 
 export type NotificationFormValues = typeof formSchema.inferIn;
diff --git a/app/client/modules/notifications/routes/notification-details.tsx b/app/client/modules/notifications/routes/notification-details.tsx
index c6675360..1a29229c 100644
--- a/app/client/modules/notifications/routes/notification-details.tsx
+++ b/app/client/modules/notifications/routes/notification-details.tsx
@@ -172,7 +172,15 @@ export default function NotificationDetailsPage({ loaderData }: Route.ComponentP
 							</AlertDescription>
 						</Alert>
 					)}
-					<CreateNotificationForm mode="update" formId={formId} onSubmit={handleSubmit} initialValues={data.config} />
+					<CreateNotificationForm
+						mode="update"
+						formId={formId}
+						onSubmit={handleSubmit}
+						initialValues={{
+							...data.config,
+							name: data.name,
+						}}
+					/>
 					<div className="flex justify-end gap-2 pt-4 border-t">
 						<Button type="submit" form={formId} loading={updateDestination.isPending}>
 							<Save className="h-4 w-4 mr-2" />
diff --git a/app/client/modules/repositories/components/create-repository-form.tsx b/app/client/modules/repositories/components/create-repository-form.tsx
index 2f18a482..79b8e5d6 100644
--- a/app/client/modules/repositories/components/create-repository-form.tsx
+++ b/app/client/modules/repositories/components/create-repository-form.tsx
@@ -20,7 +20,7 @@ import { SecretInput } from "../../../components/ui/secret-input";
 import { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from "../../../components/ui/select";
 import { Tooltip, TooltipContent, TooltipTrigger } from "../../../components/ui/tooltip";
 import { useSystemInfo } from "~/client/hooks/use-system-info";
-import { COMPRESSION_MODES, repositoryConfigSchema } from "~/schemas/restic";
+import { COMPRESSION_MODES, repositoryConfigSchemaBase } from "~/schemas/restic";
 import { Checkbox } from "../../../components/ui/checkbox";
 import {
 	LocalRepositoryForm,
@@ -36,7 +36,7 @@ import {
 export const formSchema = type({
 	name: "2<=string<=32",
 	compressionMode: type.valueOf(COMPRESSION_MODES).optional(),
-}).and(repositoryConfigSchema);
+}).and(repositoryConfigSchemaBase);
 const cleanSchema = type.pipe((d) => formSchema(deepClean(d)));
 
 export type RepositoryFormValues = typeof formSchema.inferIn;
diff --git a/app/client/modules/volumes/components/create-volume-form.tsx b/app/client/modules/volumes/components/create-volume-form.tsx
index e4f05125..528e5fc7 100644
--- a/app/client/modules/volumes/components/create-volume-form.tsx
+++ b/app/client/modules/volumes/components/create-volume-form.tsx
@@ -18,7 +18,7 @@ import {
 } from "../../../components/ui/form";
 import { Input } from "../../../components/ui/input";
 import { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from "../../../components/ui/select";
-import { volumeConfigSchema } from "~/schemas/volumes";
+import { volumeConfigSchemaBase } from "~/schemas/volumes";
 import { testConnectionMutation } from "../../../api-client/@tanstack/react-query.gen";
 import { Tooltip, TooltipContent, TooltipTrigger } from "../../../components/ui/tooltip";
 import { useSystemInfo } from "~/client/hooks/use-system-info";
@@ -26,7 +26,7 @@ import { DirectoryForm, NFSForm, SMBForm, WebDAVForm, RcloneForm } from "./volum
 
 export const formSchema = type({
 	name: "2<=string<=32",
-}).and(volumeConfigSchema);
+}).and(volumeConfigSchemaBase);
 const cleanSchema = type.pipe((d) => formSchema(deepClean(d)));
 
 export type FormValues = typeof formSchema.inferIn;
diff --git a/app/drizzle/0023_special_thor.sql b/app/drizzle/0023_special_thor.sql
new file mode 100644
index 00000000..066219ad
--- /dev/null
+++ b/app/drizzle/0023_special_thor.sql
@@ -0,0 +1,2 @@
+ALTER TABLE `backup_schedules_table` ADD `one_file_system` integer DEFAULT false NOT NULL;--> statement-breakpoint
+UPDATE `backup_schedules_table` SET `one_file_system` = true;
diff --git a/app/drizzle/0024_schedules-one-fs.sql b/app/drizzle/0024_schedules-one-fs.sql
new file mode 100644
index 00000000..d9a74d70
--- /dev/null
+++ b/app/drizzle/0024_schedules-one-fs.sql
@@ -0,0 +1 @@
+UPDATE `backup_schedules_table` SET `one_file_system` = 1;
diff --git a/app/drizzle/meta/0023_snapshot.json b/app/drizzle/meta/0023_snapshot.json
new file mode 100644
index 00000000..0a2d13f9
--- /dev/null
+++ b/app/drizzle/meta/0023_snapshot.json
@@ -0,0 +1,839 @@
+{
+  "version": "6",
+  "dialect": "sqlite",
+  "id": "3e3841ca-67a8-493a-a061-9c2a780878ed",
+  "prevId": "11c24867-3186-4578-b8dd-cee4c48a28d1",
+  "tables": {
+    "app_metadata": {
+      "name": "app_metadata",
+      "columns": {
+        "key": {
+          "name": "key",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "value": {
+          "name": "value",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "backup_schedule_mirrors_table": {
+      "name": "backup_schedule_mirrors_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": true
+        },
+        "schedule_id": {
+          "name": "schedule_id",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "repository_id": {
+          "name": "repository_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "enabled": {
+          "name": "enabled",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        },
+        "last_copy_at": {
+          "name": "last_copy_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_copy_status": {
+          "name": "last_copy_status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_copy_error": {
+          "name": "last_copy_error",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {
+        "backup_schedule_mirrors_table_schedule_id_repository_id_unique": {
+          "name": "backup_schedule_mirrors_table_schedule_id_repository_id_unique",
+          "columns": [
+            "schedule_id",
+            "repository_id"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {
+        "backup_schedule_mirrors_table_schedule_id_backup_schedules_table_id_fk": {
+          "name": "backup_schedule_mirrors_table_schedule_id_backup_schedules_table_id_fk",
+          "tableFrom": "backup_schedule_mirrors_table",
+          "tableTo": "backup_schedules_table",
+          "columnsFrom": [
+            "schedule_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "backup_schedule_mirrors_table_repository_id_repositories_table_id_fk": {
+          "name": "backup_schedule_mirrors_table_repository_id_repositories_table_id_fk",
+          "tableFrom": "backup_schedule_mirrors_table",
+          "tableTo": "repositories_table",
+          "columnsFrom": [
+            "repository_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "backup_schedule_notifications_table": {
+      "name": "backup_schedule_notifications_table",
+      "columns": {
+        "schedule_id": {
+          "name": "schedule_id",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "destination_id": {
+          "name": "destination_id",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "notify_on_start": {
+          "name": "notify_on_start",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": false
+        },
+        "notify_on_success": {
+          "name": "notify_on_success",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": false
+        },
+        "notify_on_warning": {
+          "name": "notify_on_warning",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        },
+        "notify_on_failure": {
+          "name": "notify_on_failure",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "backup_schedule_notifications_table_schedule_id_backup_schedules_table_id_fk": {
+          "name": "backup_schedule_notifications_table_schedule_id_backup_schedules_table_id_fk",
+          "tableFrom": "backup_schedule_notifications_table",
+          "tableTo": "backup_schedules_table",
+          "columnsFrom": [
+            "schedule_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "backup_schedule_notifications_table_destination_id_notification_destinations_table_id_fk": {
+          "name": "backup_schedule_notifications_table_destination_id_notification_destinations_table_id_fk",
+          "tableFrom": "backup_schedule_notifications_table",
+          "tableTo": "notification_destinations_table",
+          "columnsFrom": [
+            "destination_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {
+        "backup_schedule_notifications_table_schedule_id_destination_id_pk": {
+          "columns": [
+            "schedule_id",
+            "destination_id"
+          ],
+          "name": "backup_schedule_notifications_table_schedule_id_destination_id_pk"
+        }
+      },
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "backup_schedules_table": {
+      "name": "backup_schedules_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "volume_id": {
+          "name": "volume_id",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "repository_id": {
+          "name": "repository_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "enabled": {
+          "name": "enabled",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        },
+        "cron_expression": {
+          "name": "cron_expression",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "retention_policy": {
+          "name": "retention_policy",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "exclude_patterns": {
+          "name": "exclude_patterns",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "'[]'"
+        },
+        "exclude_if_present": {
+          "name": "exclude_if_present",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "'[]'"
+        },
+        "include_patterns": {
+          "name": "include_patterns",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "'[]'"
+        },
+        "last_backup_at": {
+          "name": "last_backup_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_backup_status": {
+          "name": "last_backup_status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_backup_error": {
+          "name": "last_backup_error",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "next_backup_at": {
+          "name": "next_backup_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "one_file_system": {
+          "name": "one_file_system",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": false
+        },
+        "sort_order": {
+          "name": "sort_order",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": 0
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {
+        "backup_schedules_table_name_unique": {
+          "name": "backup_schedules_table_name_unique",
+          "columns": [
+            "name"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {
+        "backup_schedules_table_volume_id_volumes_table_id_fk": {
+          "name": "backup_schedules_table_volume_id_volumes_table_id_fk",
+          "tableFrom": "backup_schedules_table",
+          "tableTo": "volumes_table",
+          "columnsFrom": [
+            "volume_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "backup_schedules_table_repository_id_repositories_table_id_fk": {
+          "name": "backup_schedules_table_repository_id_repositories_table_id_fk",
+          "tableFrom": "backup_schedules_table",
+          "tableTo": "repositories_table",
+          "columnsFrom": [
+            "repository_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "notification_destinations_table": {
+      "name": "notification_destinations_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "enabled": {
+          "name": "enabled",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        },
+        "type": {
+          "name": "type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "config": {
+          "name": "config",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {
+        "notification_destinations_table_name_unique": {
+          "name": "notification_destinations_table_name_unique",
+          "columns": [
+            "name"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "repositories_table": {
+      "name": "repositories_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "short_id": {
+          "name": "short_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "type": {
+          "name": "type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "config": {
+          "name": "config",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "compression_mode": {
+          "name": "compression_mode",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "'auto'"
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "'unknown'"
+        },
+        "last_checked": {
+          "name": "last_checked",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_error": {
+          "name": "last_error",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {
+        "repositories_table_short_id_unique": {
+          "name": "repositories_table_short_id_unique",
+          "columns": [
+            "short_id"
+          ],
+          "isUnique": true
+        },
+        "repositories_table_name_unique": {
+          "name": "repositories_table_name_unique",
+          "columns": [
+            "name"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "sessions_table": {
+      "name": "sessions_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "expires_at": {
+          "name": "expires_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "sessions_table_user_id_users_table_id_fk": {
+          "name": "sessions_table_user_id_users_table_id_fk",
+          "tableFrom": "sessions_table",
+          "tableTo": "users_table",
+          "columnsFrom": [
+            "user_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "users_table": {
+      "name": "users_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": true
+        },
+        "username": {
+          "name": "username",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "password_hash": {
+          "name": "password_hash",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "has_downloaded_restic_password": {
+          "name": "has_downloaded_restic_password",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {
+        "users_table_username_unique": {
+          "name": "users_table_username_unique",
+          "columns": [
+            "username"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "volumes_table": {
+      "name": "volumes_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": true
+        },
+        "short_id": {
+          "name": "short_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "type": {
+          "name": "type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "'unmounted'"
+        },
+        "last_error": {
+          "name": "last_error",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_health_check": {
+          "name": "last_health_check",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "config": {
+          "name": "config",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "auto_remount": {
+          "name": "auto_remount",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        }
+      },
+      "indexes": {
+        "volumes_table_short_id_unique": {
+          "name": "volumes_table_short_id_unique",
+          "columns": [
+            "short_id"
+          ],
+          "isUnique": true
+        },
+        "volumes_table_name_unique": {
+          "name": "volumes_table_name_unique",
+          "columns": [
+            "name"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    }
+  },
+  "views": {},
+  "enums": {},
+  "_meta": {
+    "schemas": {},
+    "tables": {},
+    "columns": {}
+  },
+  "internal": {
+    "indexes": {}
+  }
+}
\ No newline at end of file
diff --git a/app/drizzle/meta/0024_snapshot.json b/app/drizzle/meta/0024_snapshot.json
new file mode 100644
index 00000000..73c62581
--- /dev/null
+++ b/app/drizzle/meta/0024_snapshot.json
@@ -0,0 +1,839 @@
+{
+  "id": "f19cb32f-2280-42dd-a86a-aba7c0409d9f",
+  "prevId": "3e3841ca-67a8-493a-a061-9c2a780878ed",
+  "version": "6",
+  "dialect": "sqlite",
+  "tables": {
+    "app_metadata": {
+      "name": "app_metadata",
+      "columns": {
+        "key": {
+          "name": "key",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "value": {
+          "name": "value",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "backup_schedule_mirrors_table": {
+      "name": "backup_schedule_mirrors_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": true
+        },
+        "schedule_id": {
+          "name": "schedule_id",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "repository_id": {
+          "name": "repository_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "enabled": {
+          "name": "enabled",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        },
+        "last_copy_at": {
+          "name": "last_copy_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_copy_status": {
+          "name": "last_copy_status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_copy_error": {
+          "name": "last_copy_error",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {
+        "backup_schedule_mirrors_table_schedule_id_repository_id_unique": {
+          "name": "backup_schedule_mirrors_table_schedule_id_repository_id_unique",
+          "columns": [
+            "schedule_id",
+            "repository_id"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {
+        "backup_schedule_mirrors_table_schedule_id_backup_schedules_table_id_fk": {
+          "name": "backup_schedule_mirrors_table_schedule_id_backup_schedules_table_id_fk",
+          "tableFrom": "backup_schedule_mirrors_table",
+          "columnsFrom": [
+            "schedule_id"
+          ],
+          "tableTo": "backup_schedules_table",
+          "columnsTo": [
+            "id"
+          ],
+          "onUpdate": "no action",
+          "onDelete": "cascade"
+        },
+        "backup_schedule_mirrors_table_repository_id_repositories_table_id_fk": {
+          "name": "backup_schedule_mirrors_table_repository_id_repositories_table_id_fk",
+          "tableFrom": "backup_schedule_mirrors_table",
+          "columnsFrom": [
+            "repository_id"
+          ],
+          "tableTo": "repositories_table",
+          "columnsTo": [
+            "id"
+          ],
+          "onUpdate": "no action",
+          "onDelete": "cascade"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "backup_schedule_notifications_table": {
+      "name": "backup_schedule_notifications_table",
+      "columns": {
+        "schedule_id": {
+          "name": "schedule_id",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "destination_id": {
+          "name": "destination_id",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "notify_on_start": {
+          "name": "notify_on_start",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": false
+        },
+        "notify_on_success": {
+          "name": "notify_on_success",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": false
+        },
+        "notify_on_warning": {
+          "name": "notify_on_warning",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        },
+        "notify_on_failure": {
+          "name": "notify_on_failure",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "backup_schedule_notifications_table_schedule_id_backup_schedules_table_id_fk": {
+          "name": "backup_schedule_notifications_table_schedule_id_backup_schedules_table_id_fk",
+          "tableFrom": "backup_schedule_notifications_table",
+          "columnsFrom": [
+            "schedule_id"
+          ],
+          "tableTo": "backup_schedules_table",
+          "columnsTo": [
+            "id"
+          ],
+          "onUpdate": "no action",
+          "onDelete": "cascade"
+        },
+        "backup_schedule_notifications_table_destination_id_notification_destinations_table_id_fk": {
+          "name": "backup_schedule_notifications_table_destination_id_notification_destinations_table_id_fk",
+          "tableFrom": "backup_schedule_notifications_table",
+          "columnsFrom": [
+            "destination_id"
+          ],
+          "tableTo": "notification_destinations_table",
+          "columnsTo": [
+            "id"
+          ],
+          "onUpdate": "no action",
+          "onDelete": "cascade"
+        }
+      },
+      "compositePrimaryKeys": {
+        "backup_schedule_notifications_table_schedule_id_destination_id_pk": {
+          "columns": [
+            "schedule_id",
+            "destination_id"
+          ],
+          "name": "backup_schedule_notifications_table_schedule_id_destination_id_pk"
+        }
+      },
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "backup_schedules_table": {
+      "name": "backup_schedules_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "volume_id": {
+          "name": "volume_id",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "repository_id": {
+          "name": "repository_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "enabled": {
+          "name": "enabled",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        },
+        "cron_expression": {
+          "name": "cron_expression",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "retention_policy": {
+          "name": "retention_policy",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "exclude_patterns": {
+          "name": "exclude_patterns",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "'[]'"
+        },
+        "exclude_if_present": {
+          "name": "exclude_if_present",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "'[]'"
+        },
+        "include_patterns": {
+          "name": "include_patterns",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "'[]'"
+        },
+        "last_backup_at": {
+          "name": "last_backup_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_backup_status": {
+          "name": "last_backup_status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_backup_error": {
+          "name": "last_backup_error",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "next_backup_at": {
+          "name": "next_backup_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "one_file_system": {
+          "name": "one_file_system",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": false
+        },
+        "sort_order": {
+          "name": "sort_order",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": 0
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {
+        "backup_schedules_table_name_unique": {
+          "name": "backup_schedules_table_name_unique",
+          "columns": [
+            "name"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {
+        "backup_schedules_table_volume_id_volumes_table_id_fk": {
+          "name": "backup_schedules_table_volume_id_volumes_table_id_fk",
+          "tableFrom": "backup_schedules_table",
+          "columnsFrom": [
+            "volume_id"
+          ],
+          "tableTo": "volumes_table",
+          "columnsTo": [
+            "id"
+          ],
+          "onUpdate": "no action",
+          "onDelete": "cascade"
+        },
+        "backup_schedules_table_repository_id_repositories_table_id_fk": {
+          "name": "backup_schedules_table_repository_id_repositories_table_id_fk",
+          "tableFrom": "backup_schedules_table",
+          "columnsFrom": [
+            "repository_id"
+          ],
+          "tableTo": "repositories_table",
+          "columnsTo": [
+            "id"
+          ],
+          "onUpdate": "no action",
+          "onDelete": "cascade"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "notification_destinations_table": {
+      "name": "notification_destinations_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "enabled": {
+          "name": "enabled",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        },
+        "type": {
+          "name": "type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "config": {
+          "name": "config",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {
+        "notification_destinations_table_name_unique": {
+          "name": "notification_destinations_table_name_unique",
+          "columns": [
+            "name"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "repositories_table": {
+      "name": "repositories_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "short_id": {
+          "name": "short_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "type": {
+          "name": "type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "config": {
+          "name": "config",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "compression_mode": {
+          "name": "compression_mode",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "'auto'"
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "'unknown'"
+        },
+        "last_checked": {
+          "name": "last_checked",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_error": {
+          "name": "last_error",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {
+        "repositories_table_short_id_unique": {
+          "name": "repositories_table_short_id_unique",
+          "columns": [
+            "short_id"
+          ],
+          "isUnique": true
+        },
+        "repositories_table_name_unique": {
+          "name": "repositories_table_name_unique",
+          "columns": [
+            "name"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "sessions_table": {
+      "name": "sessions_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "expires_at": {
+          "name": "expires_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "sessions_table_user_id_users_table_id_fk": {
+          "name": "sessions_table_user_id_users_table_id_fk",
+          "tableFrom": "sessions_table",
+          "columnsFrom": [
+            "user_id"
+          ],
+          "tableTo": "users_table",
+          "columnsTo": [
+            "id"
+          ],
+          "onUpdate": "no action",
+          "onDelete": "cascade"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "users_table": {
+      "name": "users_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": true
+        },
+        "username": {
+          "name": "username",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "password_hash": {
+          "name": "password_hash",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "has_downloaded_restic_password": {
+          "name": "has_downloaded_restic_password",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        }
+      },
+      "indexes": {
+        "users_table_username_unique": {
+          "name": "users_table_username_unique",
+          "columns": [
+            "username"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "volumes_table": {
+      "name": "volumes_table",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": true
+        },
+        "short_id": {
+          "name": "short_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "type": {
+          "name": "type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "'unmounted'"
+        },
+        "last_error": {
+          "name": "last_error",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_health_check": {
+          "name": "last_health_check",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(unixepoch() * 1000)"
+        },
+        "config": {
+          "name": "config",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "auto_remount": {
+          "name": "auto_remount",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        }
+      },
+      "indexes": {
+        "volumes_table_short_id_unique": {
+          "name": "volumes_table_short_id_unique",
+          "columns": [
+            "short_id"
+          ],
+          "isUnique": true
+        },
+        "volumes_table_name_unique": {
+          "name": "volumes_table_name_unique",
+          "columns": [
+            "name"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    }
+  },
+  "views": {},
+  "enums": {},
+  "_meta": {
+    "columns": {},
+    "schemas": {},
+    "tables": {}
+  },
+  "internal": {
+    "indexes": {}
+  }
+}
\ No newline at end of file
diff --git a/app/drizzle/meta/_journal.json b/app/drizzle/meta/_journal.json
index 2b034fbf..e368216c 100644
--- a/app/drizzle/meta/_journal.json
+++ b/app/drizzle/meta/_journal.json
@@ -162,6 +162,20 @@
       "when": 1765794552191,
       "tag": "0022_woozy_shen",
       "breakpoints": true
+    },
+    {
+      "idx": 23,
+      "version": "6",
+      "when": 1766320570509,
+      "tag": "0023_special_thor",
+      "breakpoints": true
+    },
+    {
+      "idx": 24,
+      "version": "6",
+      "when": 1766325504548,
+      "tag": "0024_schedules-one-fs",
+      "breakpoints": true
     }
   ]
 }
\ No newline at end of file
diff --git a/app/schemas/notifications.ts b/app/schemas/notifications.ts
index 6f170882..f9f5fcdc 100644
--- a/app/schemas/notifications.ts
+++ b/app/schemas/notifications.ts
@@ -76,7 +76,7 @@ export const customNotificationConfigSchema = type({
 	shoutrrrUrl: "string",
 });
 
-export const notificationConfigSchema = emailNotificationConfigSchema
+export const notificationConfigSchemaBase = emailNotificationConfigSchema
 	.or(slackNotificationConfigSchema)
 	.or(discordNotificationConfigSchema)
 	.or(gotifyNotificationConfigSchema)
@@ -85,6 +85,8 @@ export const notificationConfigSchema = emailNotificationConfigSchema
 	.or(telegramNotificationConfigSchema)
 	.or(customNotificationConfigSchema);
 
+export const notificationConfigSchema = notificationConfigSchemaBase.onUndeclaredKey("delete");
+
 export type NotificationConfig = typeof notificationConfigSchema.infer;
 
 export const NOTIFICATION_EVENTS = {
diff --git a/app/schemas/restic.ts b/app/schemas/restic.ts
index e83cf2a4..071b0b08 100644
--- a/app/schemas/restic.ts
+++ b/app/schemas/restic.ts
@@ -79,7 +79,7 @@ export const sftpRepositoryConfigSchema = type({
 	privateKey: "string",
 }).and(baseRepositoryConfigSchema);
 
-export const repositoryConfigSchema = s3RepositoryConfigSchema
+export const repositoryConfigSchemaBase = s3RepositoryConfigSchema
 	.or(r2RepositoryConfigSchema)
 	.or(localRepositoryConfigSchema)
 	.or(gcsRepositoryConfigSchema)
@@ -88,6 +88,8 @@ export const repositoryConfigSchema = s3RepositoryConfigSchema
 	.or(restRepositoryConfigSchema)
 	.or(sftpRepositoryConfigSchema);
 
+export const repositoryConfigSchema = repositoryConfigSchemaBase.onUndeclaredKey("delete");
+
 export type RepositoryConfig = typeof repositoryConfigSchema.infer;
 
 export const COMPRESSION_MODES = {
diff --git a/app/schemas/volumes.ts b/app/schemas/volumes.ts
index d0306075..c48a2548 100644
--- a/app/schemas/volumes.ts
+++ b/app/schemas/volumes.ts
@@ -55,7 +55,13 @@ export const rcloneConfigSchema = type({
 	readOnly: "boolean?",
 });
 
-export const volumeConfigSchema = nfsConfigSchema.or(smbConfigSchema).or(webdavConfigSchema).or(directoryConfigSchema).or(rcloneConfigSchema);
+export const volumeConfigSchemaBase = nfsConfigSchema
+	.or(smbConfigSchema)
+	.or(webdavConfigSchema)
+	.or(directoryConfigSchema)
+	.or(rcloneConfigSchema);
+
+export const volumeConfigSchema = volumeConfigSchemaBase.onUndeclaredKey("delete");
 
 export type BackendConfig = typeof volumeConfigSchema.infer;
 
diff --git a/app/server/app.ts b/app/server/app.ts
new file mode 100644
index 00000000..7831a2c1
--- /dev/null
+++ b/app/server/app.ts
@@ -0,0 +1,90 @@
+import { Scalar } from "@scalar/hono-api-reference";
+import { Hono } from "hono";
+import { logger as honoLogger } from "hono/logger";
+import { secureHeaders } from "hono/secure-headers";
+import { rateLimiter } from "hono-rate-limiter";
+import { openAPIRouteHandler } from "hono-openapi";
+import { authController } from "./modules/auth/auth.controller";
+import { requireAuth } from "./modules/auth/auth.middleware";
+import { repositoriesController } from "./modules/repositories/repositories.controller";
+import { systemController } from "./modules/system/system.controller";
+import { volumeController } from "./modules/volumes/volume.controller";
+import { backupScheduleController } from "./modules/backups/backups.controller";
+import { eventsController } from "./modules/events/events.controller";
+import { notificationsController } from "./modules/notifications/notifications.controller";
+import { configExportController } from "./modules/lifecycle/config-export.controller";
+import { handleServiceError } from "./utils/errors";
+import { logger } from "./utils/logger";
+import { config } from "./core/config";
+
+export const generalDescriptor = (app: Hono) =>
+	openAPIRouteHandler(app, {
+		documentation: {
+			info: {
+				title: "Zerobyte API",
+				version: "1.0.0",
+				description: "API for managing volumes",
+			},
+			servers: [{ url: `http://${config.serverIp}:4096`, description: "Development Server" }],
+		},
+	});
+
+export const scalarDescriptor = Scalar({
+	title: "Zerobyte API Docs",
+	pageTitle: "Zerobyte API Docs",
+	url: "/api/v1/openapi.json",
+});
+
+export const createApp = () => {
+	const app = new Hono();
+
+	if (config.environment !== "test") {
+		app.use(honoLogger());
+	}
+
+	app
+		.use(secureHeaders())
+		.use(
+			rateLimiter({
+				windowMs: 60 * 5 * 1000,
+				limit: 1000,
+				keyGenerator: (c) => c.req.header("x-forwarded-for") ?? "",
+				skip: () => {
+					return config.__prod__ === false;
+				},
+			}),
+		)
+		.get("healthcheck", (c) => c.json({ status: "ok" }))
+		.route("/api/v1/auth", authController)
+		.use("/api/v1/volumes/*", requireAuth)
+		.use("/api/v1/repositories/*", requireAuth)
+		.use("/api/v1/backups/*", requireAuth)
+		.use("/api/v1/notifications/*", requireAuth)
+		.use("/api/v1/system/*", requireAuth)
+		.use("/api/v1/events/*", requireAuth)
+		.use("/api/v1/config/*", requireAuth)
+		.route("/api/v1/volumes", volumeController)
+		.route("/api/v1/repositories", repositoriesController)
+		.route("/api/v1/backups", backupScheduleController)
+		.route("/api/v1/notifications", notificationsController)
+		.route("/api/v1/system", systemController)
+		.route("/api/v1/events", eventsController)
+		.route("/api/v1/config", configExportController);
+
+	app.get("/api/v1/openapi.json", generalDescriptor(app));
+	app.get("/api/v1/docs", requireAuth, scalarDescriptor);
+
+	app.onError((err, c) => {
+		logger.error(`${c.req.url}: ${err.message}`);
+
+		if (err.cause instanceof Error) {
+			logger.error(err.cause.message);
+		}
+
+		const { status, message } = handleServiceError(err);
+
+		return c.json({ message }, status);
+	});
+
+	return app;
+};
diff --git a/app/server/core/__tests__/repository-mutex.test.ts b/app/server/core/__tests__/repository-mutex.test.ts
new file mode 100644
index 00000000..623881e0
--- /dev/null
+++ b/app/server/core/__tests__/repository-mutex.test.ts
@@ -0,0 +1,38 @@
+import { test, describe, expect } from "bun:test";
+import { repoMutex } from "../repository-mutex";
+
+describe("RepositoryMutex", () => {
+	test("should prioritize waiting exclusive locks over new shared locks", async () => {
+		const repoId = "test-repo";
+		const results: string[] = [];
+
+		const releaseShared1 = await repoMutex.acquireShared(repoId, "backup-1");
+		results.push("acquired-shared-1");
+
+		const exclusivePromise = repoMutex.acquireExclusive(repoId, "unlock").then((release) => {
+			results.push("acquired-exclusive");
+			return release;
+		});
+
+		const shared2Promise = repoMutex.acquireShared(repoId, "backup-2").then((release) => {
+			results.push("acquired-shared-2");
+			return release;
+		});
+
+		await new Promise((resolve) => setTimeout(resolve, 50));
+
+		expect(results).toEqual(["acquired-shared-1"]);
+
+		releaseShared1();
+
+		const releaseExclusive = await exclusivePromise;
+		expect(results).toEqual(["acquired-shared-1", "acquired-exclusive"]);
+
+		releaseExclusive();
+
+		const releaseShared2 = await shared2Promise;
+		expect(results).toEqual(["acquired-shared-1", "acquired-exclusive", "acquired-shared-2"]);
+
+		releaseShared2();
+	});
+});
diff --git a/app/server/core/constants.ts b/app/server/core/constants.ts
index efc2b8c9..98a38724 100644
--- a/app/server/core/constants.ts
+++ b/app/server/core/constants.ts
@@ -1,7 +1,9 @@
 export const OPERATION_TIMEOUT = 5000;
 export const VOLUME_MOUNT_BASE = "/var/lib/zerobyte/volumes";
 export const REPOSITORY_BASE = "/var/lib/zerobyte/repositories";
-export const DATABASE_URL = "/var/lib/zerobyte/data/ironmount.db";
+export const DATABASE_URL = process.env.DATABASE_URL || "/var/lib/zerobyte/data/ironmount.db";
 export const RESTIC_PASS_FILE = "/var/lib/zerobyte/data/restic.pass";
 
+export const DEFAULT_EXCLUDES = [DATABASE_URL, RESTIC_PASS_FILE, REPOSITORY_BASE];
+
 export const REQUIRED_MIGRATIONS = ["v0.14.0"];
diff --git a/app/server/core/repository-mutex.ts b/app/server/core/repository-mutex.ts
index 4717c882..a1bb5ad4 100644
--- a/app/server/core/repository-mutex.ts
+++ b/app/server/core/repository-mutex.ts
@@ -49,7 +49,9 @@ class RepositoryMutex {
 	async acquireShared(repositoryId: string, operation: string): Promise<() => void> {
 		const state = this.getOrCreateState(repositoryId);
 
-		if (!state.exclusiveHolder) {
+		const hasExclusiveInQueue = state.waitQueue.some((item) => item.type === "exclusive");
+
+		if (!state.exclusiveHolder && !hasExclusiveInQueue) {
 			const lockId = this.generateLockId();
 			state.sharedHolders.set(lockId, {
 				id: lockId,
@@ -60,7 +62,7 @@ class RepositoryMutex {
 		}
 
 		logger.debug(
-			`[Mutex] Waiting for shared lock on repo ${repositoryId}: ${operation} (exclusive held by: ${state.exclusiveHolder.operation})`,
+			`[Mutex] Waiting for shared lock on repo ${repositoryId}: ${operation} (exclusive held by: ${state.exclusiveHolder?.operation ?? "none"}, queue: ${state.waitQueue.length})`,
 		);
 		const lockId = await new Promise<string>((resolve) => {
 			state.waitQueue.push({ type: "shared", operation, resolve });
diff --git a/app/server/db/schema.ts b/app/server/db/schema.ts
index cb94d29b..6942bd15 100644
--- a/app/server/db/schema.ts
+++ b/app/server/db/schema.ts
@@ -21,6 +21,7 @@ export const volumesTable = sqliteTable("volumes_table", {
 	autoRemount: int("auto_remount", { mode: "boolean" }).notNull().default(true),
 });
 export type Volume = typeof volumesTable.$inferSelect;
+export type VolumeInsert = typeof volumesTable.$inferInsert;
 
 /**
  * Users Table
@@ -61,6 +62,7 @@ export const repositoriesTable = sqliteTable("repositories_table", {
 	updatedAt: int("updated_at", { mode: "number" }).notNull().default(sql`(unixepoch() * 1000)`),
 });
 export type Repository = typeof repositoriesTable.$inferSelect;
+export type RepositoryInsert = typeof repositoriesTable.$inferInsert;
 
 /**
  * Backup Schedules Table
@@ -92,10 +94,12 @@ export const backupSchedulesTable = sqliteTable("backup_schedules_table", {
 	lastBackupStatus: text("last_backup_status").$type<"success" | "error" | "in_progress" | "warning">(),
 	lastBackupError: text("last_backup_error"),
 	nextBackupAt: int("next_backup_at", { mode: "number" }),
+	oneFileSystem: int("one_file_system", { mode: "boolean" }).notNull().default(false),
 	sortOrder: int("sort_order", { mode: "number" }).notNull().default(0),
 	createdAt: int("created_at", { mode: "number" }).notNull().default(sql`(unixepoch() * 1000)`),
 	updatedAt: int("updated_at", { mode: "number" }).notNull().default(sql`(unixepoch() * 1000)`),
 });
+export type BackupScheduleInsert = typeof backupSchedulesTable.$inferInsert;
 
 export const backupScheduleRelations = relations(backupSchedulesTable, ({ one, many }) => ({
 	volume: one(volumesTable, {
diff --git a/app/server/index.ts b/app/server/index.ts
index 5e573375..d1c32098 100644
--- a/app/server/index.ts
+++ b/app/server/index.ts
@@ -1,78 +1,14 @@
 import { createHonoServer } from "react-router-hono-server/bun";
-import { Scalar } from "@scalar/hono-api-reference";
-import { Hono } from "hono";
-import { logger as honoLogger } from "hono/logger";
-import { openAPIRouteHandler } from "hono-openapi";
 import { runDbMigrations } from "./db/db";
-import { authController } from "./modules/auth/auth.controller";
-import { requireAuth } from "./modules/auth/auth.middleware";
 import { startup } from "./modules/lifecycle/startup";
 import { migrateToShortIds } from "./modules/lifecycle/migration";
-import { repositoriesController } from "./modules/repositories/repositories.controller";
-import { systemController } from "./modules/system/system.controller";
-import { volumeController } from "./modules/volumes/volume.controller";
-import { backupScheduleController } from "./modules/backups/backups.controller";
-import { eventsController } from "./modules/events/events.controller";
-import { notificationsController } from "./modules/notifications/notifications.controller";
-import { configExportController } from "./modules/lifecycle/config-export.controller";
-import { handleServiceError } from "./utils/errors";
 import { logger } from "./utils/logger";
 import { shutdown } from "./modules/lifecycle/shutdown";
 import { REQUIRED_MIGRATIONS } from "./core/constants";
 import { validateRequiredMigrations } from "./modules/lifecycle/checkpoint";
-import { config } from "./core/config";
+import { createApp } from "./app";
 
-export const generalDescriptor = (app: Hono) =>
-	openAPIRouteHandler(app, {
-		documentation: {
-			info: {
-				title: "Zerobyte API",
-				version: "1.0.0",
-				description: "API for managing volumes",
-			},
-			servers: [{ url: `http://${config.serverIp}:4096`, description: "Development Server" }],
-		},
-	});
-
-export const scalarDescriptor = Scalar({
-	title: "Zerobyte API Docs",
-	pageTitle: "Zerobyte API Docs",
-	url: "/api/v1/openapi.json",
-});
-
-const app = new Hono()
-	.use(honoLogger())
-	.get("healthcheck", (c) => c.json({ status: "ok" }))
-	.route("/api/v1/auth", authController.basePath("/api/v1"))
-	.use("/api/v1/volumes/*", requireAuth)
-	.use("/api/v1/repositories/*", requireAuth)
-	.use("/api/v1/backups/*", requireAuth)
-	.use("/api/v1/notifications/*", requireAuth)
-	.use("/api/v1/system/*", requireAuth)
-	.use("/api/v1/events/*", requireAuth)
-	.use("/api/v1/config/*", requireAuth)
-	.route("/api/v1/volumes", volumeController)
-	.route("/api/v1/repositories", repositoriesController)
-	.route("/api/v1/backups", backupScheduleController)
-	.route("/api/v1/notifications", notificationsController)
-	.route("/api/v1/system", systemController)
-	.route("/api/v1/config", configExportController)
-	.route("/api/v1/events", eventsController);
-
-app.get("/api/v1/openapi.json", generalDescriptor(app));
-app.get("/api/v1/docs", scalarDescriptor);
-
-app.onError((err, c) => {
-	logger.error(`${c.req.url}: ${err.message}`);
-
-	if (err.cause instanceof Error) {
-		logger.error(err.cause.message);
-	}
-
-	const { status, message } = handleServiceError(err);
-
-	return c.json({ message }, status);
-});
+const app = createApp();
 
 runDbMigrations();
 
diff --git a/app/server/jobs/auto-remount.ts b/app/server/jobs/auto-remount.ts
new file mode 100644
index 00000000..6c86af9e
--- /dev/null
+++ b/app/server/jobs/auto-remount.ts
@@ -0,0 +1,28 @@
+import { Job } from "../core/scheduler";
+import { volumeService } from "../modules/volumes/volume.service";
+import { logger } from "../utils/logger";
+import { db } from "../db/db";
+import { eq } from "drizzle-orm";
+import { volumesTable } from "../db/schema";
+
+export class VolumeAutoRemountJob extends Job {
+	async run() {
+		logger.debug("Running auto-remount for all errored volumes...");
+
+		const volumes = await db.query.volumesTable.findMany({
+			where: eq(volumesTable.status, "error"),
+		});
+
+		for (const volume of volumes) {
+			if (volume.autoRemount) {
+				try {
+					await volumeService.mountVolume(volume.name);
+				} catch (err) {
+					logger.error(`Failed to auto-remount volume ${volume.name}:`, err);
+				}
+			}
+		}
+
+		return { done: true, timestamp: new Date() };
+	}
+}
diff --git a/app/server/jobs/backup-execution.ts b/app/server/jobs/backup-execution.ts
index 821333ef..c38947a6 100644
--- a/app/server/jobs/backup-execution.ts
+++ b/app/server/jobs/backup-execution.ts
@@ -1,6 +1,5 @@
 import { Job } from "../core/scheduler";
 import { backupsService } from "../modules/backups/backups.service";
-import { toMessage } from "../utils/errors";
 import { logger } from "../utils/logger";
 
 export class BackupExecutionJob extends Job {
@@ -17,8 +16,8 @@ export class BackupExecutionJob extends Job {
 		logger.info(`Found ${scheduleIds.length} backup schedule(s) to execute`);
 
 		for (const scheduleId of scheduleIds) {
-			backupsService.executeBackup(scheduleId).catch((error) => {
-				logger.error(`Failed to execute backup for schedule ${scheduleId}: ${toMessage(error)}`);
+			backupsService.executeBackup(scheduleId).catch((err) => {
+				logger.error(`Error executing backup for schedule ${scheduleId}:`, err);
 			});
 		}
 
diff --git a/app/server/jobs/cleanup-dangling.ts b/app/server/jobs/cleanup-dangling.ts
index 2051b027..858d8565 100644
--- a/app/server/jobs/cleanup-dangling.ts
+++ b/app/server/jobs/cleanup-dangling.ts
@@ -40,7 +40,7 @@ export class CleanupDanglingMountsJob extends Job {
 			if (!matchingVolume) {
 				const fullPath = path.join(VOLUME_MOUNT_BASE, dir);
 				logger.info(`Found dangling mount directory at ${fullPath}, attempting to remove...`);
-				await fs.rmdir(fullPath, { recursive: true }).catch((err) => {
+				await fs.rm(fullPath, { recursive: true, force: true }).catch((err) => {
 					logger.warn(`Failed to remove dangling mount directory ${fullPath}: ${toMessage(err)}`);
 				});
 			}
diff --git a/app/server/jobs/repository-healthchecks.ts b/app/server/jobs/repository-healthchecks.ts
index bc233903..1e600c9f 100644
--- a/app/server/jobs/repository-healthchecks.ts
+++ b/app/server/jobs/repository-healthchecks.ts
@@ -4,7 +4,6 @@ import { logger } from "../utils/logger";
 import { db } from "../db/db";
 import { eq, or } from "drizzle-orm";
 import { repositoriesTable } from "../db/schema";
-import { repoMutex } from "../core/repository-mutex";
 
 export class RepositoryHealthCheckJob extends Job {
 	async run() {
@@ -15,11 +14,6 @@ export class RepositoryHealthCheckJob extends Job {
 		});
 
 		for (const repository of repositories) {
-			if (repoMutex.isLocked(repository.id)) {
-				logger.debug(`Skipping health check for repository ${repository.name}: currently locked`);
-				continue;
-			}
-
 			try {
 				await repositoriesService.checkHealth(repository.id);
 			} catch (error) {
diff --git a/app/server/modules/auth/auth.controller.ts b/app/server/modules/auth/auth.controller.ts
index c78d2818..45ba5518 100644
--- a/app/server/modules/auth/auth.controller.ts
+++ b/app/server/modules/auth/auth.controller.ts
@@ -1,5 +1,5 @@
 import { validator } from "hono-openapi";
-
+import { rateLimiter } from "hono-rate-limiter";
 import { Hono } from "hono";
 import { deleteCookie, getCookie, setCookie } from "hono/cookie";
 import {
@@ -21,6 +21,7 @@ import {
 } from "./auth.dto";
 import { authService } from "./auth.service";
 import { toMessage } from "../../utils/errors";
+import { config } from "~/server/core/config";
 
 const COOKIE_NAME = "session_id";
 const COOKIE_OPTIONS = {
@@ -30,8 +31,17 @@ const COOKIE_OPTIONS = {
 	path: "/",
 };
 
+const authRateLimiter = rateLimiter({
+	windowMs: 15 * 60 * 1000,
+	limit: 20,
+	keyGenerator: (c) => c.req.header("x-forwarded-for") ?? "",
+	skip: () => {
+		return config.__prod__ === false;
+	},
+});
+
 export const authController = new Hono()
-	.post("/register", registerDto, validator("json", registerBodySchema), async (c) => {
+	.post("/register", authRateLimiter, registerDto, validator("json", registerBodySchema), async (c) => {
 		const body = c.req.valid("json");
 
 		try {
@@ -58,7 +68,7 @@ export const authController = new Hono()
 			return c.json<RegisterDto>({ success: false, message: toMessage(error) }, 400);
 		}
 	})
-	.post("/login", loginDto, validator("json", loginBodySchema), async (c) => {
+	.post("/login", authRateLimiter, loginDto, validator("json", loginBodySchema), async (c) => {
 		const body = c.req.valid("json");
 
 		try {
@@ -82,7 +92,7 @@ export const authController = new Hono()
 			return c.json<LoginDto>({ success: false, message: toMessage(error) }, 401);
 		}
 	})
-	.post("/logout", logoutDto, async (c) => {
+	.post("/logout", authRateLimiter, logoutDto, async (c) => {
 		const sessionId = getCookie(c, COOKIE_NAME);
 
 		if (sessionId) {
@@ -116,26 +126,32 @@ export const authController = new Hono()
 		const hasUsers = await authService.hasUsers();
 		return c.json<GetStatusDto>({ hasUsers });
 	})
-	.post("/change-password", changePasswordDto, validator("json", changePasswordBodySchema), async (c) => {
-		const sessionId = getCookie(c, COOKIE_NAME);
-
-		if (!sessionId) {
-			return c.json<ChangePasswordDto>({ success: false, message: "Not authenticated" }, 401);
-		}
-
-		const session = await authService.verifySession(sessionId);
-
-		if (!session) {
-			deleteCookie(c, COOKIE_NAME, COOKIE_OPTIONS);
-			return c.json<ChangePasswordDto>({ success: false, message: "Not authenticated" }, 401);
-		}
-
-		const body = c.req.valid("json");
-
-		try {
-			await authService.changePassword(session.user.id, body.currentPassword, body.newPassword);
-			return c.json<ChangePasswordDto>({ success: true, message: "Password changed successfully" });
-		} catch (error) {
-			return c.json<ChangePasswordDto>({ success: false, message: toMessage(error) }, 400);
-		}
-	});
+	.post(
+		"/change-password",
+		authRateLimiter,
+		changePasswordDto,
+		validator("json", changePasswordBodySchema),
+		async (c) => {
+			const sessionId = getCookie(c, COOKIE_NAME);
+
+			if (!sessionId) {
+				return c.json<ChangePasswordDto>({ success: false, message: "Not authenticated" }, 401);
+			}
+
+			const session = await authService.verifySession(sessionId);
+
+			if (!session) {
+				deleteCookie(c, COOKIE_NAME, COOKIE_OPTIONS);
+				return c.json<ChangePasswordDto>({ success: false, message: "Not authenticated" }, 401);
+			}
+
+			const body = c.req.valid("json");
+
+			try {
+				await authService.changePassword(session.user.id, body.currentPassword, body.newPassword);
+				return c.json<ChangePasswordDto>({ success: true, message: "Password changed successfully" });
+			} catch (error) {
+				return c.json<ChangePasswordDto>({ success: false, message: toMessage(error) }, 400);
+			}
+		},
+	);
diff --git a/app/server/modules/backends/nfs/nfs-backend.ts b/app/server/modules/backends/nfs/nfs-backend.ts
index ec1af0fb..314b2554 100644
--- a/app/server/modules/backends/nfs/nfs-backend.ts
+++ b/app/server/modules/backends/nfs/nfs-backend.ts
@@ -27,8 +27,10 @@ const mount = async (config: BackendConfig, path: string) => {
 		return { status: BACKEND_STATUS.mounted };
 	}
 
-	logger.debug(`Trying to unmount any existing mounts at ${path} before mounting...`);
-	await unmount(path);
+	if (status === "error") {
+		logger.debug(`Trying to unmount any existing mounts at ${path} before mounting...`);
+		await unmount(path);
+	}
 
 	const run = async () => {
 		await fs.mkdir(path, { recursive: true });
@@ -64,16 +66,15 @@ const unmount = async (path: string) => {
 	}
 
 	const run = async () => {
-		try {
-			await fs.access(path);
-		} catch {
-			logger.warn(`Path ${path} does not exist. Skipping unmount.`);
+		const mount = await getMountForPath(path);
+		if (!mount || mount.mountPoint !== path) {
+			logger.debug(`Path ${path} is not a mount point. Skipping unmount.`);
 			return { status: BACKEND_STATUS.unmounted };
 		}
 
 		await executeUnmount(path);
 
-		await fs.rmdir(path);
+		await fs.rmdir(path).catch(() => {});
 
 		logger.info(`NFS volume at ${path} unmounted successfully.`);
 		return { status: BACKEND_STATUS.unmounted };
@@ -89,13 +90,20 @@ const unmount = async (path: string) => {
 
 const checkHealth = async (path: string) => {
 	const run = async () => {
-		logger.debug(`Checking health of NFS volume at ${path}...`);
-		await fs.access(path);
+		try {
+			await fs.access(path);
+		} catch {
+			throw new Error("Volume is not mounted");
+		}
 
 		const mount = await getMountForPath(path);
 
-		if (!mount || !mount.fstype.startsWith("nfs")) {
-			throw new Error(`Path ${path} is not mounted as NFS.`);
+		if (!mount || mount.mountPoint !== path) {
+			throw new Error("Volume is not mounted");
+		}
+
+		if (!mount.fstype.startsWith("nfs")) {
+			throw new Error(`Path ${path} is not mounted as NFS (found ${mount.fstype}).`);
 		}
 
 		logger.debug(`NFS volume at ${path} is healthy and mounted.`);
@@ -105,8 +113,11 @@ const checkHealth = async (path: string) => {
 	try {
 		return await withTimeout(run(), OPERATION_TIMEOUT, "NFS health check");
 	} catch (error) {
-		logger.error("NFS volume health check failed:", toMessage(error));
-		return { status: BACKEND_STATUS.error, error: toMessage(error) };
+		const message = toMessage(error);
+		if (message !== "Volume is not mounted") {
+			logger.error("NFS volume health check failed:", message);
+		}
+		return { status: BACKEND_STATUS.error, error: message };
 	}
 };
 
diff --git a/app/server/modules/backends/rclone/rclone-backend.ts b/app/server/modules/backends/rclone/rclone-backend.ts
index 0fcffba8..7c1cdfd2 100644
--- a/app/server/modules/backends/rclone/rclone-backend.ts
+++ b/app/server/modules/backends/rclone/rclone-backend.ts
@@ -28,8 +28,10 @@ const mount = async (config: BackendConfig, path: string) => {
 		return { status: BACKEND_STATUS.mounted };
 	}
 
-	logger.debug(`Trying to unmount any existing mounts at ${path} before mounting...`);
-	await unmount(path);
+	if (status === "error") {
+		logger.debug(`Trying to unmount any existing mounts at ${path} before mounting...`);
+		await unmount(path);
+	}
 
 	const run = async () => {
 		await fs.mkdir(path, { recursive: true });
@@ -76,15 +78,14 @@ const unmount = async (path: string) => {
 	}
 
 	const run = async () => {
-		try {
-			await fs.access(path);
-		} catch (e) {
-			logger.warn(`Path ${path} does not exist. Skipping unmount.`, e);
+		const mount = await getMountForPath(path);
+		if (!mount || mount.mountPoint !== path) {
+			logger.debug(`Path ${path} is not a mount point. Skipping unmount.`);
 			return { status: BACKEND_STATUS.unmounted };
 		}
 
 		await executeUnmount(path);
-		await fs.rmdir(path);
+		await fs.rmdir(path).catch(() => {});
 
 		logger.info(`Rclone volume at ${path} unmounted successfully.`);
 		return { status: BACKEND_STATUS.unmounted };
@@ -100,13 +101,20 @@ const unmount = async (path: string) => {
 
 const checkHealth = async (path: string) => {
 	const run = async () => {
-		logger.debug(`Checking health of rclone volume at ${path}...`);
-		await fs.access(path);
+		try {
+			await fs.access(path);
+		} catch {
+			throw new Error("Volume is not mounted");
+		}
 
 		const mount = await getMountForPath(path);
 
-		if (!mount || mount.fstype !== "fuse.rclone") {
-			throw new Error(`Path ${path} is not mounted as rclone.`);
+		if (!mount || mount.mountPoint !== path) {
+			throw new Error("Volume is not mounted");
+		}
+
+		if (!mount.fstype.includes("rclone")) {
+			throw new Error(`Path ${path} is not mounted as rclone (found ${mount.fstype}).`);
 		}
 
 		logger.debug(`Rclone volume at ${path} is healthy and mounted.`);
@@ -116,8 +124,11 @@ const checkHealth = async (path: string) => {
 	try {
 		return await withTimeout(run(), OPERATION_TIMEOUT, "Rclone health check");
 	} catch (error) {
-		logger.error("Rclone volume health check failed:", toMessage(error));
-		return { status: BACKEND_STATUS.error, error: toMessage(error) };
+		const message = toMessage(error);
+		if (message !== "Volume is not mounted") {
+			logger.error("Rclone volume health check failed:", message);
+		}
+		return { status: BACKEND_STATUS.error, error: message };
 	}
 };
 
diff --git a/app/server/modules/backends/smb/smb-backend.ts b/app/server/modules/backends/smb/smb-backend.ts
index f5500c29..231bd089 100644
--- a/app/server/modules/backends/smb/smb-backend.ts
+++ b/app/server/modules/backends/smb/smb-backend.ts
@@ -28,8 +28,10 @@ const mount = async (config: BackendConfig, path: string) => {
 		return { status: BACKEND_STATUS.mounted };
 	}
 
-	logger.debug(`Trying to unmount any existing mounts at ${path} before mounting...`);
-	await unmount(path);
+	if (status === "error") {
+		logger.debug(`Trying to unmount any existing mounts at ${path} before mounting...`);
+		await unmount(path);
+	}
 
 	const run = async () => {
 		await fs.mkdir(path, { recursive: true });
@@ -80,16 +82,15 @@ const unmount = async (path: string) => {
 	}
 
 	const run = async () => {
-		try {
-			await fs.access(path);
-		} catch {
-			logger.warn(`Path ${path} does not exist. Skipping unmount.`);
+		const mount = await getMountForPath(path);
+		if (!mount || mount.mountPoint !== path) {
+			logger.debug(`Path ${path} is not a mount point. Skipping unmount.`);
 			return { status: BACKEND_STATUS.unmounted };
 		}
 
 		await executeUnmount(path);
 
-		await fs.rmdir(path);
+		await fs.rmdir(path).catch(() => {});
 
 		logger.info(`SMB volume at ${path} unmounted successfully.`);
 		return { status: BACKEND_STATUS.unmounted };
@@ -105,13 +106,20 @@ const unmount = async (path: string) => {
 
 const checkHealth = async (path: string) => {
 	const run = async () => {
-		logger.debug(`Checking health of SMB volume at ${path}...`);
-		await fs.access(path);
+		try {
+			await fs.access(path);
+		} catch {
+			throw new Error("Volume is not mounted");
+		}
 
 		const mount = await getMountForPath(path);
 
-		if (!mount || mount.fstype !== "cifs") {
-			throw new Error(`Path ${path} is not mounted as CIFS/SMB.`);
+		if (!mount || mount.mountPoint !== path) {
+			throw new Error("Volume is not mounted");
+		}
+
+		if (mount.fstype !== "cifs") {
+			throw new Error(`Path ${path} is not mounted as CIFS/SMB (found ${mount.fstype}).`);
 		}
 
 		logger.debug(`SMB volume at ${path} is healthy and mounted.`);
@@ -121,8 +129,11 @@ const checkHealth = async (path: string) => {
 	try {
 		return await withTimeout(run(), OPERATION_TIMEOUT, "SMB health check");
 	} catch (error) {
-		logger.error("SMB volume health check failed:", toMessage(error));
-		return { status: BACKEND_STATUS.error, error: toMessage(error) };
+		const message = toMessage(error);
+		if (message !== "Volume is not mounted") {
+			logger.error("SMB volume health check failed:", message);
+		}
+		return { status: BACKEND_STATUS.error, error: message };
 	}
 };
 
diff --git a/app/server/modules/backends/utils/backend-utils.ts b/app/server/modules/backends/utils/backend-utils.ts
index 637001fb..e610217d 100644
--- a/app/server/modules/backends/utils/backend-utils.ts
+++ b/app/server/modules/backends/utils/backend-utils.ts
@@ -7,6 +7,7 @@ import { $ } from "bun";
 export const executeMount = async (args: string[]): Promise<void> => {
 	let stderr: string | undefined;
 
+	logger.debug(`Executing mount ${args.join(" ")}`);
 	const result = await $`mount ${args}`.nothrow();
 	stderr = result.stderr.toString();
 
@@ -22,7 +23,8 @@ export const executeMount = async (args: string[]): Promise<void> => {
 export const executeUnmount = async (path: string): Promise<void> => {
 	let stderr: string | undefined;
 
-	const result = await $`umount -l -f ${path}`.nothrow();
+	logger.debug(`Executing umount -l ${path}`);
+	const result = await $`umount -l ${path}`.nothrow();
 	stderr = result.stderr.toString();
 
 	if (stderr?.trim()) {
diff --git a/app/server/modules/backends/webdav/webdav-backend.ts b/app/server/modules/backends/webdav/webdav-backend.ts
index 5de5f05d..ce7c0393 100644
--- a/app/server/modules/backends/webdav/webdav-backend.ts
+++ b/app/server/modules/backends/webdav/webdav-backend.ts
@@ -1,7 +1,5 @@
-import { execFile as execFileCb } from "node:child_process";
 import * as fs from "node:fs/promises";
 import * as os from "node:os";
-import { promisify } from "node:util";
 import { OPERATION_TIMEOUT } from "../../../core/constants";
 import { cryptoUtils } from "../../../utils/crypto";
 import { toMessage } from "../../../utils/errors";
@@ -12,8 +10,6 @@ import type { VolumeBackend } from "../backend";
 import { executeMount, executeUnmount } from "../utils/backend-utils";
 import { BACKEND_STATUS, type BackendConfig } from "~/schemas/volumes";
 
-const execFile = promisify(execFileCb);
-
 const mount = async (config: BackendConfig, path: string) => {
 	logger.debug(`Mounting WebDAV volume ${path}...`);
 
@@ -32,8 +28,10 @@ const mount = async (config: BackendConfig, path: string) => {
 		return { status: BACKEND_STATUS.mounted };
 	}
 
-	logger.debug(`Trying to unmount any existing mounts at ${path} before mounting...`);
-	await unmount(path);
+	if (status === "error") {
+		logger.debug(`Trying to unmount any existing mounts at ${path} before mounting...`);
+		await unmount(path);
+	}
 
 	const run = async () => {
 		await fs.mkdir(path, { recursive: true }).catch((err) => {
@@ -58,18 +56,9 @@ const mount = async (config: BackendConfig, path: string) => {
 
 		logger.debug(`Mounting WebDAV volume ${path}...`);
 
-		const args = ["-t", "davfs", source, path];
+		const args = ["-t", "davfs", "-o", options.join(","), source, path];
 		await executeMount(args);
 
-		const { stderr } = await execFile("mount", ["-t", "davfs", "-o", options.join(","), source, path], {
-			timeout: OPERATION_TIMEOUT,
-			maxBuffer: 1024 * 1024,
-		});
-
-		if (stderr?.trim()) {
-			logger.warn(stderr.trim());
-		}
-
 		logger.info(`WebDAV volume at ${path} mounted successfully.`);
 		return { status: BACKEND_STATUS.mounted };
 	};
@@ -113,16 +102,15 @@ const unmount = async (path: string) => {
 	}
 
 	const run = async () => {
-		try {
-			await fs.access(path);
-		} catch (e) {
-			logger.warn(`Path ${path} does not exist. Skipping unmount.`, e);
+		const mount = await getMountForPath(path);
+		if (!mount || mount.mountPoint !== path) {
+			logger.debug(`Path ${path} is not a mount point. Skipping unmount.`);
 			return { status: BACKEND_STATUS.unmounted };
 		}
 
 		await executeUnmount(path);
 
-		await fs.rmdir(path);
+		await fs.rmdir(path).catch(() => {});
 
 		logger.info(`WebDAV volume at ${path} unmounted successfully.`);
 		return { status: BACKEND_STATUS.unmounted };
@@ -138,13 +126,20 @@ const unmount = async (path: string) => {
 
 const checkHealth = async (path: string) => {
 	const run = async () => {
-		logger.debug(`Checking health of WebDAV volume at ${path}...`);
-		await fs.access(path);
+		try {
+			await fs.access(path);
+		} catch {
+			throw new Error("Volume is not mounted");
+		}
 
 		const mount = await getMountForPath(path);
 
-		if (!mount || mount.fstype !== "fuse") {
-			throw new Error(`Path ${path} is not mounted as WebDAV.`);
+		if (!mount || mount.mountPoint !== path) {
+			throw new Error("Volume is not mounted");
+		}
+
+		if (mount.fstype !== "fuse" && mount.fstype !== "davfs") {
+			throw new Error(`Path ${path} is not mounted as WebDAV (found ${mount.fstype}).`);
 		}
 
 		logger.debug(`WebDAV volume at ${path} is healthy and mounted.`);
@@ -154,8 +149,11 @@ const checkHealth = async (path: string) => {
 	try {
 		return await withTimeout(run(), OPERATION_TIMEOUT, "WebDAV health check");
 	} catch (error) {
-		logger.error("WebDAV volume health check failed:", toMessage(error));
-		return { status: BACKEND_STATUS.error, error: toMessage(error) };
+		const message = toMessage(error);
+		if (message !== "Volume is not mounted") {
+			logger.error("WebDAV volume health check failed:", message);
+		}
+		return { status: BACKEND_STATUS.error, error: message };
 	}
 };
 
diff --git a/app/server/modules/backups/__tests__/backups.controller.test.ts b/app/server/modules/backups/__tests__/backups.controller.test.ts
new file mode 100644
index 00000000..3c415004
--- /dev/null
+++ b/app/server/modules/backups/__tests__/backups.controller.test.ts
@@ -0,0 +1,126 @@
+import { test, describe, expect } from "bun:test";
+import { createApp } from "~/server/app";
+import { createTestSession } from "~/test/helpers/auth";
+
+const app = createApp();
+
+describe("backups security", () => {
+	test("should return 401 if no session cookie is provided", async () => {
+		const res = await app.request("/api/v1/backups");
+		expect(res.status).toBe(401);
+		const body = await res.json();
+		expect(body.message).toBe("Authentication required");
+	});
+
+	test("should return 401 if session is invalid", async () => {
+		const res = await app.request("/api/v1/backups", {
+			headers: {
+				Cookie: "session_id=invalid-session",
+			},
+		});
+		expect(res.status).toBe(401);
+		const body = await res.json();
+		expect(body.message).toBe("Invalid or expired session");
+
+		expect(res.headers.get("Set-Cookie")).toContain("session_id=;");
+	});
+
+	test("should return 200 if session is valid", async () => {
+		const { sessionId } = await createTestSession();
+
+		const res = await app.request("/api/v1/backups", {
+			headers: {
+				Cookie: `session_id=${sessionId}`,
+			},
+		});
+
+		expect(res.status).toBe(200);
+	});
+
+	describe("unauthenticated access", () => {
+		const endpoints: { method: string; path: string }[] = [
+			{ method: "GET", path: "/api/v1/backups" },
+			{ method: "GET", path: "/api/v1/backups/1" },
+			{ method: "GET", path: "/api/v1/backups/volume/1" },
+			{ method: "POST", path: "/api/v1/backups" },
+			{ method: "PATCH", path: "/api/v1/backups/1" },
+			{ method: "DELETE", path: "/api/v1/backups/1" },
+			{ method: "POST", path: "/api/v1/backups/1/run" },
+			{ method: "POST", path: "/api/v1/backups/1/stop" },
+			{ method: "POST", path: "/api/v1/backups/1/forget" },
+			{ method: "GET", path: "/api/v1/backups/1/notifications" },
+			{ method: "PUT", path: "/api/v1/backups/1/notifications" },
+			{ method: "GET", path: "/api/v1/backups/1/mirrors" },
+			{ method: "PUT", path: "/api/v1/backups/1/mirrors" },
+			{ method: "GET", path: "/api/v1/backups/1/mirrors/compatibility" },
+			{ method: "POST", path: "/api/v1/backups/reorder" },
+		];
+
+		for (const { method, path } of endpoints) {
+			test(`${method} ${path} should return 401`, async () => {
+				const res = await app.request(path, { method });
+				expect(res.status).toBe(401);
+				const body = await res.json();
+				expect(body.message).toBe("Authentication required");
+			});
+		}
+	});
+
+	describe("information disclosure", () => {
+		test("should not disclose if a schedule exists when unauthenticated", async () => {
+			const res = await app.request("/api/v1/backups/999999");
+			expect(res.status).toBe(401);
+			const body = await res.json();
+			expect(body.message).toBe("Authentication required");
+		});
+
+		test("should not disclose if a volume exists when unauthenticated", async () => {
+			const res = await app.request("/api/v1/backups/volume/999999");
+			expect(res.status).toBe(401);
+			const body = await res.json();
+			expect(body.message).toBe("Authentication required");
+		});
+	});
+
+	describe("input validation", () => {
+		test("should return 404 for malformed schedule ID", async () => {
+			const { sessionId } = await createTestSession();
+			const res = await app.request("/api/v1/backups/not-a-number", {
+				headers: {
+					Cookie: `session_id=${sessionId}`,
+				},
+			});
+
+			expect(res.status).toBe(404);
+		});
+
+		test("should return 404 for non-existent schedule ID", async () => {
+			const { sessionId } = await createTestSession();
+			const res = await app.request("/api/v1/backups/999999", {
+				headers: {
+					Cookie: `session_id=${sessionId}`,
+				},
+			});
+
+			expect(res.status).toBe(404);
+			const body = await res.json();
+			expect(body.message).toBe("Backup schedule not found");
+		});
+
+		test("should return 400 for invalid payload on create", async () => {
+			const { sessionId } = await createTestSession();
+			const res = await app.request("/api/v1/backups", {
+				method: "POST",
+				headers: {
+					Cookie: `session_id=${sessionId}`,
+					"Content-Type": "application/json",
+				},
+				body: JSON.stringify({
+					name: "Test",
+				}),
+			});
+
+			expect(res.status).toBe(400);
+		});
+	});
+});
diff --git a/app/server/modules/backups/__tests__/backups.patterns.test.ts b/app/server/modules/backups/__tests__/backups.patterns.test.ts
new file mode 100644
index 00000000..fafb9e6d
--- /dev/null
+++ b/app/server/modules/backups/__tests__/backups.patterns.test.ts
@@ -0,0 +1,136 @@
+import { test, describe, mock, expect, beforeEach, afterEach, spyOn } from "bun:test";
+import { backupsService } from "../backups.service";
+import { createTestVolume } from "~/test/helpers/volume";
+import { createTestBackupSchedule } from "~/test/helpers/backup";
+import { createTestRepository } from "~/test/helpers/repository";
+import { generateBackupOutput } from "~/test/helpers/restic";
+import { getVolumePath } from "../../volumes/helpers";
+import { restic } from "~/server/utils/restic";
+import path from "node:path";
+
+const backupMock = mock(() => Promise.resolve({ exitCode: 0, result: JSON.parse(generateBackupOutput()) }));
+
+beforeEach(() => {
+	backupMock.mockClear();
+	spyOn(restic, "backup").mockImplementation(backupMock);
+	spyOn(restic, "forget").mockImplementation(mock(() => Promise.resolve({ success: true })));
+});
+
+afterEach(() => {
+	mock.restore();
+});
+
+describe("executeBackup - include / exclude patterns", () => {
+	test("should correctly build include and exclude patterns", async () => {
+		// arrange
+		const volume = await createTestVolume();
+		const repository = await createTestRepository();
+		const volumePath = getVolumePath(volume);
+
+		const schedule = await createTestBackupSchedule({
+			volumeId: volume.id,
+			repositoryId: repository.id,
+			includePatterns: ["*.zip", "/Photos", "!/Temp", "!*.log"],
+			excludePatterns: [".DS_Store", "/Config", "!/Important", "!*.tmp"],
+			excludeIfPresent: [".nobackup"],
+		});
+
+		// act
+		await backupsService.executeBackup(schedule.id);
+
+		// assert
+		expect(backupMock).toHaveBeenCalledWith(
+			expect.anything(),
+			volumePath,
+			expect.objectContaining({
+				include: ["*.zip", path.join(volumePath, "Photos"), `!${path.join(volumePath, "Temp")}`, "!*.log"],
+				exclude: [".DS_Store", path.join(volumePath, "Config"), `!${path.join(volumePath, "Important")}`, "!*.tmp"],
+				excludeIfPresent: [".nobackup"],
+			}),
+		);
+	});
+
+	test("should not join with volume path if pattern already starts with it", async () => {
+		// arrange
+		const volume = await createTestVolume();
+		const volumePath = getVolumePath(volume);
+		const repository = await createTestRepository();
+
+		const alreadyJoinedInclude = path.join(volumePath, "already/joined");
+		const alreadyJoinedExclude = path.join(volumePath, "already/excluded");
+
+		const schedule = await createTestBackupSchedule({
+			volumeId: volume.id,
+			repositoryId: repository.id,
+			includePatterns: [alreadyJoinedInclude],
+			excludePatterns: [alreadyJoinedExclude],
+		});
+
+		// act
+		await backupsService.executeBackup(schedule.id);
+
+		// assert
+		expect(backupMock).toHaveBeenCalledWith(
+			expect.anything(),
+			volumePath,
+			expect.objectContaining({
+				include: [alreadyJoinedInclude],
+				exclude: [alreadyJoinedExclude],
+			}),
+		);
+	});
+
+	test("should correctly mix relative and absolute patterns", async () => {
+		// arrange
+		const volume = await createTestVolume();
+		const volumePath = getVolumePath(volume);
+		const repository = await createTestRepository();
+
+		const alreadyJoinedInclude = path.join(volumePath, "already/joined");
+		const relativeInclude = "relative/include";
+		const anchoredInclude = "/anchored/include";
+
+		const schedule = await createTestBackupSchedule({
+			volumeId: volume.id,
+			repositoryId: repository.id,
+			includePatterns: [alreadyJoinedInclude, relativeInclude, anchoredInclude],
+		});
+
+		// act
+		await backupsService.executeBackup(schedule.id);
+
+		// assert
+		expect(backupMock).toHaveBeenCalledWith(
+			expect.anything(),
+			volumePath,
+			expect.objectContaining({
+				include: [alreadyJoinedInclude, relativeInclude, path.join(volumePath, "anchored/include")],
+			}),
+		);
+	});
+
+	test("should handle empty include and exclude patterns", async () => {
+		// arrange
+		const volume = await createTestVolume();
+		const repository = await createTestRepository();
+		const schedule = await createTestBackupSchedule({
+			volumeId: volume.id,
+			repositoryId: repository.id,
+			includePatterns: [],
+			excludePatterns: [],
+		});
+
+		// act
+		await backupsService.executeBackup(schedule.id);
+
+		// assert
+		expect(backupMock).toHaveBeenCalledWith(
+			expect.anything(),
+			getVolumePath(volume),
+			expect.not.objectContaining({
+				include: expect.anything(),
+				exclude: expect.anything(),
+			}),
+		);
+	});
+});
diff --git a/app/server/modules/backups/__tests__/backups.service.test.ts b/app/server/modules/backups/__tests__/backups.service.test.ts
new file mode 100644
index 00000000..75933fc1
--- /dev/null
+++ b/app/server/modules/backups/__tests__/backups.service.test.ts
@@ -0,0 +1,176 @@
+import { test, describe, mock, expect, beforeEach, afterEach, spyOn } from "bun:test";
+import { backupsService } from "../backups.service";
+import { createTestVolume } from "~/test/helpers/volume";
+import { createTestBackupSchedule } from "~/test/helpers/backup";
+import { createTestRepository } from "~/test/helpers/repository";
+import { generateBackupOutput } from "~/test/helpers/restic";
+import { faker } from "@faker-js/faker";
+import * as spawnModule from "~/server/utils/spawn";
+
+const resticBackupMock = mock(() => Promise.resolve({ exitCode: 0, stdout: "", stderr: "" }));
+
+beforeEach(() => {
+	resticBackupMock.mockClear();
+	spyOn(spawnModule, "safeSpawn").mockImplementation(resticBackupMock);
+});
+
+afterEach(() => {
+	mock.restore();
+});
+
+describe("execute backup", () => {
+	test("should correctly set next backup time", async () => {
+		// arrange
+		const volume = await createTestVolume();
+		const repository = await createTestRepository();
+		const schedule = await createTestBackupSchedule({
+			volumeId: volume.id,
+			repositoryId: repository.id,
+			cronExpression: "*/5 * * * *",
+		});
+		expect(schedule.nextBackupAt).toBeNull();
+
+		resticBackupMock.mockImplementationOnce(() =>
+			Promise.resolve({ exitCode: 0, stdout: generateBackupOutput(), stderr: "" }),
+		);
+
+		// act
+		await backupsService.executeBackup(schedule.id);
+
+		// assert
+		const updatedSchedule = await backupsService.getSchedule(schedule.id);
+		expect(updatedSchedule.nextBackupAt).not.toBeNull();
+
+		const nextBackupAt = new Date(updatedSchedule.nextBackupAt ?? 0);
+		const now = new Date();
+
+		expect(nextBackupAt.getTime()).toBeGreaterThanOrEqual(now.getTime());
+		expect(nextBackupAt.getTime() - now.getTime()).toBeLessThanOrEqual(5 * 60 * 1000);
+	});
+
+	test("should skip backup if schedule is disabled", async () => {
+		// arrange
+		const volume = await createTestVolume();
+		const repository = await createTestRepository();
+		const schedule = await createTestBackupSchedule({
+			volumeId: volume.id,
+			repositoryId: repository.id,
+			enabled: false,
+		});
+
+		// act
+		await backupsService.executeBackup(schedule.id);
+
+		// assert
+		expect(resticBackupMock).not.toHaveBeenCalled();
+	});
+
+	test("should execute backup if schedule is disabled but the run is manual", async () => {
+		// arrange
+		const volume = await createTestVolume();
+		const repository = await createTestRepository();
+		const schedule = await createTestBackupSchedule({
+			volumeId: volume.id,
+			repositoryId: repository.id,
+			enabled: false,
+		});
+
+		resticBackupMock.mockImplementationOnce(() =>
+			Promise.resolve({ exitCode: 0, stdout: generateBackupOutput(), stderr: "" }),
+		);
+
+		// act
+		await backupsService.executeBackup(schedule.id, true);
+
+		// assert
+		expect(resticBackupMock).toHaveBeenCalled();
+	});
+
+	test("should skip the backup if the previous one is still running", async () => {
+		// arrange
+		const volume = await createTestVolume();
+		const repository = await createTestRepository();
+		const schedule = await createTestBackupSchedule({
+			volumeId: volume.id,
+			repositoryId: repository.id,
+		});
+
+		resticBackupMock.mockImplementation(async () => {
+			await new Promise((resolve) => setTimeout(resolve, 100));
+			return Promise.resolve({ exitCode: 0, stdout: generateBackupOutput(), stderr: "" });
+		});
+
+		// act
+		backupsService.executeBackup(schedule.id);
+		await new Promise((resolve) => setTimeout(resolve, 10));
+		await backupsService.executeBackup(schedule.id);
+
+		// assert
+		expect(resticBackupMock).toHaveBeenCalledTimes(1);
+	});
+
+	test("should set the backup status to failed if restic returns a 3 exit code", async () => {
+		// arrange
+		const volume = await createTestVolume();
+		const repository = await createTestRepository();
+		const schedule = await createTestBackupSchedule({
+			volumeId: volume.id,
+			repositoryId: repository.id,
+		});
+
+		resticBackupMock.mockImplementationOnce(() =>
+			Promise.resolve({ exitCode: 3, stdout: generateBackupOutput(), stderr: "Some error occurred" }),
+		);
+
+		// act
+		await backupsService.executeBackup(schedule.id);
+
+		// assert
+		const updatedSchedule = await backupsService.getSchedule(schedule.id);
+		expect(updatedSchedule.lastBackupStatus).toBe("warning");
+	});
+
+	test("should set the backup status to failed if restic returns a non zero exit code", async () => {
+		// arrange
+		const volume = await createTestVolume();
+		const repository = await createTestRepository();
+		const schedule = await createTestBackupSchedule({
+			volumeId: volume.id,
+			repositoryId: repository.id,
+		});
+
+		resticBackupMock.mockImplementationOnce(() =>
+			Promise.resolve({ exitCode: 1, stdout: generateBackupOutput(), stderr: "Some error occurred" }),
+		);
+
+		// act
+		await backupsService.executeBackup(schedule.id);
+
+		// assert
+		const updatedSchedule = await backupsService.getSchedule(schedule.id);
+		expect(updatedSchedule.lastBackupStatus).toBe("error");
+	});
+});
+
+describe("getSchedulesToExecute", () => {
+	test("should return schedules with NULL lastBackupStatus", async () => {
+		// arrange
+		const volume = await createTestVolume();
+		const repository = await createTestRepository();
+
+		const schedule = await createTestBackupSchedule({
+			volumeId: volume.id,
+			repositoryId: repository.id,
+			enabled: true,
+			cronExpression: "* * * * *",
+			lastBackupStatus: null,
+			nextBackupAt: faker.date.past().getTime(),
+		});
+
+		// act
+		const schedulesToExecute = await backupsService.getSchedulesToExecute();
+
+		// assert
+		expect(schedulesToExecute).toContain(schedule.id);
+	});
+});
diff --git a/app/server/modules/backups/backups.controller.ts b/app/server/modules/backups/backups.controller.ts
index 653cd659..e9fa9f7a 100644
--- a/app/server/modules/backups/backups.controller.ts
+++ b/app/server/modules/backups/backups.controller.ts
@@ -86,8 +86,8 @@ export const backupScheduleController = new Hono()
 	.post("/:scheduleId/run", runBackupNowDto, async (c) => {
 		const scheduleId = c.req.param("scheduleId");
 
-		backupsService.executeBackup(Number(scheduleId), true).catch((error) => {
-			console.error("Backup execution failed:", error);
+		backupsService.executeBackup(Number(scheduleId), true).catch((err) => {
+			console.error(`Error executing manual backup for schedule ${scheduleId}:`, err);
 		});
 
 		return c.json<RunBackupNowDto>({ success: true }, 200);
diff --git a/app/server/modules/backups/backups.dto.ts b/app/server/modules/backups/backups.dto.ts
index 6173bd82..1d6c14c1 100644
--- a/app/server/modules/backups/backups.dto.ts
+++ b/app/server/modules/backups/backups.dto.ts
@@ -26,6 +26,7 @@ const backupScheduleSchema = type({
 	excludePatterns: "string[] | null",
 	excludeIfPresent: "string[] | null",
 	includePatterns: "string[] | null",
+	oneFileSystem: "boolean",
 	lastBackupAt: "number | null",
 	lastBackupStatus: "'success' | 'error' | 'in_progress' | 'warning' | null",
 	lastBackupError: "string | null",
@@ -131,6 +132,7 @@ export const createBackupScheduleBody = type({
 	excludePatterns: "string[]?",
 	excludeIfPresent: "string[]?",
 	includePatterns: "string[]?",
+	oneFileSystem: "boolean?",
 	tags: "string[]?",
 });
 
@@ -168,6 +170,7 @@ export const updateBackupScheduleBody = type({
 	excludePatterns: "string[]?",
 	excludeIfPresent: "string[]?",
 	includePatterns: "string[]?",
+	oneFileSystem: "boolean?",
 	tags: "string[]?",
 });
 
diff --git a/app/server/modules/backups/backups.service.ts b/app/server/modules/backups/backups.service.ts
index 584fada7..120dc7cc 100644
--- a/app/server/modules/backups/backups.service.ts
+++ b/app/server/modules/backups/backups.service.ts
@@ -1,4 +1,4 @@
-import { and, asc, eq, ne } from "drizzle-orm";
+import { and, asc, eq, isNull, ne, or } from "drizzle-orm";
 import cron from "node-cron";
 import { CronExpressionParser } from "cron-parser";
 import { NotFoundError, BadRequestError, ConflictError } from "http-errors-enhanced";
@@ -13,6 +13,7 @@ import { serverEvents } from "../../core/events";
 import { notificationsService } from "../notifications/notifications.service";
 import { repoMutex } from "../../core/repository-mutex";
 import { checkMirrorCompatibility, getIncompatibleMirrorError } from "~/server/utils/backend-compatibility";
+import path from "node:path";
 
 const runningBackups = new Map<number, AbortController>();
 
@@ -32,6 +33,27 @@ const calculateNextRun = (cronExpression: string): number => {
 	}
 };
 
+const processPattern = (pattern: string, volumePath: string): string => {
+	let isNegated = false;
+	let p = pattern;
+
+	if (p.startsWith("!")) {
+		isNegated = true;
+		p = p.slice(1);
+	}
+
+	if (p.startsWith(volumePath)) {
+		return pattern;
+	}
+
+	if (p.startsWith("/")) {
+		const processed = path.join(volumePath, p.slice(1));
+		return isNegated ? `!${processed}` : processed;
+	}
+
+	return pattern;
+};
+
 const listSchedules = async () => {
 	const schedules = await db.query.backupSchedulesTable.findMany({
 		with: {
@@ -102,6 +124,7 @@ const createSchedule = async (data: CreateBackupScheduleBody) => {
 			excludePatterns: data.excludePatterns ?? [],
 			excludeIfPresent: data.excludeIfPresent ?? [],
 			includePatterns: data.includePatterns ?? [],
+			oneFileSystem: data.oneFileSystem,
 			nextBackupAt: nextBackupAt,
 		})
 		.returning();
@@ -251,14 +274,16 @@ const executeBackup = async (scheduleId: number, manual = false) => {
 			excludeIfPresent?: string[];
 			include?: string[];
 			tags?: string[];
+			oneFileSystem?: boolean;
 			signal?: AbortSignal;
 		} = {
 			tags: [schedule.id.toString()],
+			oneFileSystem: schedule.oneFileSystem,
 			signal: abortController.signal,
 		};
 
 		if (schedule.excludePatterns && schedule.excludePatterns.length > 0) {
-			backupOptions.exclude = schedule.excludePatterns;
+			backupOptions.exclude = schedule.excludePatterns.map((p) => processPattern(p, volumePath));
 		}
 
 		if (schedule.excludeIfPresent && schedule.excludeIfPresent.length > 0) {
@@ -266,7 +291,7 @@ const executeBackup = async (scheduleId: number, manual = false) => {
 		}
 
 		if (schedule.includePatterns && schedule.includePatterns.length > 0) {
-			backupOptions.include = schedule.includePatterns;
+			backupOptions.include = schedule.includePatterns.map((p) => processPattern(p, volumePath));
 		}
 
 		const releaseBackupLock = await repoMutex.acquireShared(repository.id, `backup:${volume.name}`);
@@ -363,8 +388,6 @@ const executeBackup = async (scheduleId: number, manual = false) => {
 			.catch((notifError) => {
 				logger.error(`Failed to send backup failure notification: ${toMessage(notifError)}`);
 			});
-
-		throw error;
 	} finally {
 		runningBackups.delete(scheduleId);
 	}
@@ -373,7 +396,10 @@ const executeBackup = async (scheduleId: number, manual = false) => {
 const getSchedulesToExecute = async () => {
 	const now = Date.now();
 	const schedules = await db.query.backupSchedulesTable.findMany({
-		where: and(eq(backupSchedulesTable.enabled, true), ne(backupSchedulesTable.lastBackupStatus, "in_progress")),
+		where: and(
+			eq(backupSchedulesTable.enabled, true),
+			or(ne(backupSchedulesTable.lastBackupStatus, "in_progress"), isNull(backupSchedulesTable.lastBackupStatus)),
+		),
 	});
 
 	const schedulesToRun: number[] = [];
@@ -405,23 +431,25 @@ const stopBackup = async (scheduleId: number) => {
 		throw new NotFoundError("Backup schedule not found");
 	}
 
-	await db
-		.update(backupSchedulesTable)
-		.set({
-			lastBackupStatus: "error",
-			lastBackupError: "Backup was stopped by user",
-			updatedAt: Date.now(),
-		})
-		.where(eq(backupSchedulesTable.id, scheduleId));
-
-	const abortController = runningBackups.get(scheduleId);
-	if (!abortController) {
-		throw new ConflictError("No backup is currently running for this schedule");
-	}
+	try {
+		const abortController = runningBackups.get(scheduleId);
+		if (!abortController) {
+			throw new ConflictError("No backup is currently running for this schedule");
+		}
 
-	logger.info(`Stopping backup for schedule ${scheduleId}`);
+		logger.info(`Stopping backup for schedule ${scheduleId}`);
 
-	abortController.abort();
+		abortController.abort();
+	} finally {
+		await db
+			.update(backupSchedulesTable)
+			.set({
+				lastBackupStatus: "warning",
+				lastBackupError: "Backup was stopped by user",
+				updatedAt: Date.now(),
+			})
+			.where(eq(backupSchedulesTable.id, scheduleId));
+	}
 };
 
 const runForget = async (scheduleId: number, repositoryId?: string) => {
diff --git a/app/server/modules/events/__tests__/events.controller.test.ts b/app/server/modules/events/__tests__/events.controller.test.ts
new file mode 100644
index 00000000..c40793fe
--- /dev/null
+++ b/app/server/modules/events/__tests__/events.controller.test.ts
@@ -0,0 +1,53 @@
+import { test, describe, expect } from "bun:test";
+import { createApp } from "~/server/app";
+import { createTestSession } from "~/test/helpers/auth";
+
+const app = createApp();
+
+describe("events security", () => {
+	test("should return 401 if no session cookie is provided", async () => {
+		const res = await app.request("/api/v1/events");
+		expect(res.status).toBe(401);
+		const body = await res.json();
+		expect(body.message).toBe("Authentication required");
+	});
+
+	test("should return 401 if session is invalid", async () => {
+		const res = await app.request("/api/v1/events", {
+			headers: {
+				Cookie: "session_id=invalid-session",
+			},
+		});
+		expect(res.status).toBe(401);
+		const body = await res.json();
+		expect(body.message).toBe("Invalid or expired session");
+
+		expect(res.headers.get("Set-Cookie")).toContain("session_id=;");
+	});
+
+	test("should return 200 if session is valid", async () => {
+		const { sessionId } = await createTestSession();
+
+		const res = await app.request("/api/v1/events", {
+			headers: {
+				Cookie: `session_id=${sessionId}`,
+			},
+		});
+
+		expect(res.status).toBe(200);
+		expect(res.headers.get("Content-Type")).toBe("text/event-stream");
+	});
+
+	describe("unauthenticated access", () => {
+		const endpoints: { method: string; path: string }[] = [{ method: "GET", path: "/api/v1/events" }];
+
+		for (const { method, path } of endpoints) {
+			test(`${method} ${path} should return 401`, async () => {
+				const res = await app.request(path, { method });
+				expect(res.status).toBe(401);
+				const body = await res.json();
+				expect(body.message).toBe("Authentication required");
+			});
+		}
+	});
+});
diff --git a/app/server/modules/lifecycle/startup.ts b/app/server/modules/lifecycle/startup.ts
index 105071a2..1bf3265a 100644
--- a/app/server/modules/lifecycle/startup.ts
+++ b/app/server/modules/lifecycle/startup.ts
@@ -1,7 +1,7 @@
 import { Scheduler } from "../../core/scheduler";
 import { and, eq, or } from "drizzle-orm";
 import { db } from "../../db/db";
-import { volumesTable } from "../../db/schema";
+import { backupSchedulesTable, volumesTable } from "../../db/schema";
 import { logger } from "../../utils/logger";
 import { restic } from "../../utils/restic";
 import { volumeService } from "../volumes/volume.service";
@@ -10,6 +10,35 @@ import { VolumeHealthCheckJob } from "../../jobs/healthchecks";
 import { RepositoryHealthCheckJob } from "../../jobs/repository-healthchecks";
 import { BackupExecutionJob } from "../../jobs/backup-execution";
 import { CleanupSessionsJob } from "../../jobs/cleanup-sessions";
+import { repositoriesService } from "../repositories/repositories.service";
+import { notificationsService } from "../notifications/notifications.service";
+import { VolumeAutoRemountJob } from "~/server/jobs/auto-remount";
+
+const ensureLatestConfigurationSchema = async () => {
+	const volumes = await db.query.volumesTable.findMany({});
+
+	for (const volume of volumes) {
+		await volumeService.updateVolume(volume.name, volume).catch((err) => {
+			logger.error(`Failed to update volume ${volume.name}: ${err}`);
+		});
+	}
+
+	const repositories = await db.query.repositoriesTable.findMany({});
+
+	for (const repo of repositories) {
+		await repositoriesService.updateRepository(repo.name, {}).catch((err) => {
+			logger.error(`Failed to update repository ${repo.name}: ${err}`);
+		});
+	}
+
+	const notifications = await db.query.notificationDestinationsTable.findMany({});
+
+	for (const notification of notifications) {
+		await notificationsService.updateDestination(notification.id, notification).catch((err) => {
+			logger.error(`Failed to update notification destination ${notification.id}: ${err}`);
+		});
+	}
+};
 
 export const startup = async () => {
 	await Scheduler.start();
@@ -19,6 +48,8 @@ export const startup = async () => {
 		logger.error(`Error ensuring restic passfile exists: ${err.message}`);
 	});
 
+	await ensureLatestConfigurationSchema();
+
 	const volumes = await db.query.volumesTable.findMany({
 		where: or(
 			eq(volumesTable.status, "mounted"),
@@ -32,9 +63,22 @@ export const startup = async () => {
 		});
 	}
 
+	await db
+		.update(backupSchedulesTable)
+		.set({
+			lastBackupStatus: "warning",
+			lastBackupError: "Zerobyte was restarted during the last scheduled backup",
+			updatedAt: Date.now(),
+		})
+		.where(eq(backupSchedulesTable.lastBackupStatus, "in_progress"))
+		.catch((err) => {
+			logger.error(`Failed to update stuck backup schedules on startup: ${err.message}`);
+		});
+
 	Scheduler.build(CleanupDanglingMountsJob).schedule("0 * * * *");
 	Scheduler.build(VolumeHealthCheckJob).schedule("*/30 * * * *");
 	Scheduler.build(RepositoryHealthCheckJob).schedule("50 12 * * *");
 	Scheduler.build(BackupExecutionJob).schedule("* * * * *");
 	Scheduler.build(CleanupSessionsJob).schedule("0 0 * * *");
+	Scheduler.build(VolumeAutoRemountJob).schedule("*/5 * * * *");
 };
diff --git a/app/server/modules/notifications/__tests__/notifications.controller.test.ts b/app/server/modules/notifications/__tests__/notifications.controller.test.ts
new file mode 100644
index 00000000..02834267
--- /dev/null
+++ b/app/server/modules/notifications/__tests__/notifications.controller.test.ts
@@ -0,0 +1,110 @@
+import { test, describe, expect } from "bun:test";
+import { createApp } from "~/server/app";
+import { createTestSession } from "~/test/helpers/auth";
+
+const app = createApp();
+
+describe("notifications security", () => {
+	test("should return 401 if no session cookie is provided", async () => {
+		const res = await app.request("/api/v1/notifications/destinations");
+		expect(res.status).toBe(401);
+		const body = await res.json();
+		expect(body.message).toBe("Authentication required");
+	});
+
+	test("should return 401 if session is invalid", async () => {
+		const res = await app.request("/api/v1/notifications/destinations", {
+			headers: {
+				Cookie: "session_id=invalid-session",
+			},
+		});
+		expect(res.status).toBe(401);
+		const body = await res.json();
+		expect(body.message).toBe("Invalid or expired session");
+
+		expect(res.headers.get("Set-Cookie")).toContain("session_id=;");
+	});
+
+	test("should return 200 if session is valid", async () => {
+		const { sessionId } = await createTestSession();
+
+		const res = await app.request("/api/v1/notifications/destinations", {
+			headers: {
+				Cookie: `session_id=${sessionId}`,
+			},
+		});
+
+		expect(res.status).toBe(200);
+	});
+
+	describe("unauthenticated access", () => {
+		const endpoints: { method: string; path: string }[] = [
+			{ method: "GET", path: "/api/v1/notifications/destinations" },
+			{ method: "POST", path: "/api/v1/notifications/destinations" },
+			{ method: "GET", path: "/api/v1/notifications/destinations/1" },
+			{ method: "PATCH", path: "/api/v1/notifications/destinations/1" },
+			{ method: "DELETE", path: "/api/v1/notifications/destinations/1" },
+			{ method: "POST", path: "/api/v1/notifications/destinations/1/test" },
+		];
+
+		for (const { method, path } of endpoints) {
+			test(`${method} ${path} should return 401`, async () => {
+				const res = await app.request(path, { method });
+				expect(res.status).toBe(401);
+				const body = await res.json();
+				expect(body.message).toBe("Authentication required");
+			});
+		}
+	});
+
+	describe("information disclosure", () => {
+		test("should not disclose if a destination exists when unauthenticated", async () => {
+			const res = await app.request("/api/v1/notifications/destinations/999999");
+			expect(res.status).toBe(401);
+			const body = await res.json();
+			expect(body.message).toBe("Authentication required");
+		});
+	});
+
+	describe("input validation", () => {
+		test("should return 404 for malformed destination ID", async () => {
+			const { sessionId } = await createTestSession();
+			const res = await app.request("/api/v1/notifications/destinations/not-a-number", {
+				headers: {
+					Cookie: `session_id=${sessionId}`,
+				},
+			});
+
+			expect(res.status).toBe(404);
+		});
+
+		test("should return 404 for non-existent destination ID", async () => {
+			const { sessionId } = await createTestSession();
+			const res = await app.request("/api/v1/notifications/destinations/999999", {
+				headers: {
+					Cookie: `session_id=${sessionId}`,
+				},
+			});
+
+			expect(res.status).toBe(404);
+			const body = await res.json();
+			expect(body.message).toBe("Notification destination not found");
+		});
+
+		test("should return 400 for invalid payload on create", async () => {
+			const { sessionId } = await createTestSession();
+			const res = await app.request("/api/v1/notifications/destinations", {
+				method: "POST",
+				headers: {
+					Cookie: `session_id=${sessionId}`,
+					"Content-Type": "application/json",
+				},
+				body: JSON.stringify({
+					name: "Test",
+				}),
+			});
+
+			expect(res.status).toBe(400);
+		});
+	});
+});
diff --git a/app/server/modules/notifications/notifications.service.ts b/app/server/modules/notifications/notifications.service.ts
index 0b951a96..0a7c150e 100644
--- a/app/server/modules/notifications/notifications.service.ts
+++ b/app/server/modules/notifications/notifications.service.ts
@@ -11,8 +11,9 @@ import { cryptoUtils } from "../../utils/crypto";
 import { logger } from "../../utils/logger";
 import { sendNotification } from "../../utils/shoutrrr";
 import { buildShoutrrrUrl } from "./builders";
-import type { NotificationConfig, NotificationEvent } from "~/schemas/notifications";
+import { notificationConfigSchema, type NotificationConfig, type NotificationEvent } from "~/schemas/notifications";
 import { toMessage } from "../../utils/errors";
+import { type } from "arktype";
 
 const listDestinations = async () => {
 	const destinations = await db.query.notificationDestinationsTable.findMany({
@@ -187,12 +188,15 @@ const updateDestination = async (
 		updateData.enabled = updates.enabled;
 	}
 
-	if (updates.config !== undefined) {
-		const encryptedConfig = await encryptSensitiveFields(updates.config);
-		updateData.config = encryptedConfig;
-		updateData.type = updates.config.type;
+	const newConfig = notificationConfigSchema(updates.config || existing.config);
+	if (newConfig instanceof type.errors) {
+		throw new InternalServerError("Invalid notification configuration");
 	}
 
+	const encryptedConfig = await encryptSensitiveFields(newConfig);
+	updateData.config = encryptedConfig;
+	updateData.type = newConfig.type;
+
 	const [updated] = await db
 		.update(notificationDestinationsTable)
 		.set(updateData)
diff --git a/app/server/modules/repositories/__tests__/repositories.controller.test.ts b/app/server/modules/repositories/__tests__/repositories.controller.test.ts
new file mode 100644
index 00000000..d7afc68d
--- /dev/null
+++ b/app/server/modules/repositories/__tests__/repositories.controller.test.ts
@@ -0,0 +1,105 @@
+import { test, describe, expect } from "bun:test";
+import { createApp } from "~/server/app";
+import { createTestSession } from "~/test/helpers/auth";
+
+const app = createApp();
+
+describe("repositories security", () => {
+	test("should return 401 if no session cookie is provided", async () => {
+		const res = await app.request("/api/v1/repositories");
+		expect(res.status).toBe(401);
+		const body = await res.json();
+		expect(body.message).toBe("Authentication required");
+	});
+
+	test("should return 401 if session is invalid", async () => {
+		const res = await app.request("/api/v1/repositories", {
+			headers: {
+				Cookie: "session_id=invalid-session",
+			},
+		});
+		expect(res.status).toBe(401);
+		const body = await res.json();
+		expect(body.message).toBe("Invalid or expired session");
+
+		expect(res.headers.get("Set-Cookie")).toContain("session_id=;");
+	});
+
+	test("should return 200 if session is valid", async () => {
+		const { sessionId } = await createTestSession();
+
+		const res = await app.request("/api/v1/repositories", {
+			headers: {
+				Cookie: `session_id=${sessionId}`,
+			},
+		});
+
+		expect(res.status).toBe(200);
+	});
+
+	describe("unauthenticated access", () => {
+		const endpoints: { method: string; path: string }[] = [
+			{ method: "GET", path: "/api/v1/repositories" },
+			{ method: "POST", path: "/api/v1/repositories" },
+			{ method: "GET", path: "/api/v1/repositories/rclone-remotes" },
+			{ method: "GET", path: "/api/v1/repositories/test-repo" },
+			{ method: "DELETE", path: "/api/v1/repositories/test-repo" },
+			{ method: "GET", path: "/api/v1/repositories/test-repo/snapshots" },
+			{ method: "GET", path: "/api/v1/repositories/test-repo/snapshots/test-snapshot" },
+			{ method: "GET", path: "/api/v1/repositories/test-repo/snapshots/test-snapshot/files" },
+			{ method: "POST", path: "/api/v1/repositories/test-repo/restore" },
+			{ method: "POST", path: "/api/v1/repositories/test-repo/doctor" },
+			{ method: "DELETE", path: "/api/v1/repositories/test-repo/snapshots/test-snapshot" },
+			{ method: "PATCH", path: "/api/v1/repositories/test-repo" },
+		];
+
+		for (const { method, path } of endpoints) {
+			test(`${method} ${path} should return 401`, async () => {
+				const res = await app.request(path, { method });
+				expect(res.status).toBe(401);
+				const body = await res.json();
+				expect(body.message).toBe("Authentication required");
+			});
+		}
+	});
+
+	describe("information disclosure", () => {
+		test("should not disclose if a repository exists when unauthenticated", async () => {
+			const res = await app.request("/api/v1/repositories/non-existent-repo");
+			expect(res.status).toBe(401);
+			const body = await res.json();
+			expect(body.message).toBe("Authentication required");
+		});
+	});
+
+	describe("input validation", () => {
+		test("should return 404 for non-existent repository", async () => {
+			const { sessionId } = await createTestSession();
+			const res = await app.request("/api/v1/repositories/non-existent-repo", {
+				headers: {
+					Cookie: `session_id=${sessionId}`,
+				},
+			});
+
+			expect(res.status).toBe(404);
+			const body = await res.json();
+			expect(body.message).toBe("Repository not found");
+		});
+
+		test("should return 400 for invalid payload on create", async () => {
+			const { sessionId } = await createTestSession();
+			const res = await app.request("/api/v1/repositories", {
+				method: "POST",
+				headers: {
+					Cookie: `session_id=${sessionId}`,
+					"Content-Type": "application/json",
+				},
+				body: JSON.stringify({
+					name: "Test",
+				}),
+			});
+
+			expect(res.status).toBe(400);
+		});
+	});
+});
diff --git a/app/server/modules/repositories/repositories.service.ts b/app/server/modules/repositories/repositories.service.ts
index 6af84fd9..4a94120d 100644
--- a/app/server/modules/repositories/repositories.service.ts
+++ b/app/server/modules/repositories/repositories.service.ts
@@ -9,7 +9,13 @@ import { generateShortId } from "../../utils/id";
 import { restic } from "../../utils/restic";
 import { cryptoUtils } from "../../utils/crypto";
 import { repoMutex } from "../../core/repository-mutex";
-import type { CompressionMode, OverwriteMode, RepositoryConfig } from "~/schemas/restic";
+import {
+	repositoryConfigSchema,
+	type CompressionMode,
+	type OverwriteMode,
+	type RepositoryConfig,
+} from "~/schemas/restic";
+import { type } from "arktype";
 
 const listRepositories = async () => {
 	const repositories = await db.query.repositoriesTable.findMany({});
@@ -424,6 +430,13 @@ const updateRepository = async (name: string, updates: { name?: string; compress
 		throw new ConflictError("Cannot rename an imported local repository");
 	}
 
+	const newConfig = repositoryConfigSchema(existing.config);
+	if (newConfig instanceof type.errors) {
+		throw new InternalServerError("Invalid repository configuration");
+	}
+
+	const encryptedConfig = await encryptConfig(newConfig);
+
 	let newName = existing.name;
 	if (updates.name !== undefined && updates.name !== existing.name) {
 		const newSlug = slugify(updates.name, { lower: true, strict: true });
@@ -445,6 +458,7 @@ const updateRepository = async (name: string, updates: { name?: string; compress
 			name: newName,
 			compressionMode: updates.compressionMode ?? existing.compressionMode,
 			updatedAt: Date.now(),
+			config: encryptedConfig,
 		})
 		.where(eq(repositoriesTable.id, existing.id))
 		.returning();
diff --git a/app/server/modules/system/__tests__/system.controller.test.ts b/app/server/modules/system/__tests__/system.controller.test.ts
new file mode 100644
index 00000000..5ce3d51e
--- /dev/null
+++ b/app/server/modules/system/__tests__/system.controller.test.ts
@@ -0,0 +1,89 @@
+import { test, describe, expect } from "bun:test";
+import { createApp } from "~/server/app";
+import { createTestSession } from "~/test/helpers/auth";
+
+const app = createApp();
+
+describe("system security", () => {
+	test("should return 401 if no session cookie is provided", async () => {
+		const res = await app.request("/api/v1/system/info");
+		expect(res.status).toBe(401);
+		const body = await res.json();
+		expect(body.message).toBe("Authentication required");
+	});
+
+	test("should return 401 if session is invalid", async () => {
+		const res = await app.request("/api/v1/system/info", {
+			headers: {
+				Cookie: "session_id=invalid-session",
+			},
+		});
+		expect(res.status).toBe(401);
+		const body = await res.json();
+		expect(body.message).toBe("Invalid or expired session");
+
+		expect(res.headers.get("Set-Cookie")).toContain("session_id=;");
+	});
+
+	test("should return 200 if session is valid", async () => {
+		const { sessionId } = await createTestSession();
+
+		const res = await app.request("/api/v1/system/info", {
+			headers: {
+				Cookie: `session_id=${sessionId}`,
+			},
+		});
+
+		expect(res.status).toBe(200);
+	});
+
+	describe("unauthenticated access", () => {
+		const endpoints: { method: string; path: string }[] = [
+			{ method: "GET", path: "/api/v1/system/info" },
+			{ method: "POST", path: "/api/v1/system/restic-password" },
+		];
+
+		for (const { method, path } of endpoints) {
+			test(`${method} ${path} should return 401`, async () => {
+				const res = await app.request(path, { method });
+				expect(res.status).toBe(401);
+				const body = await res.json();
+				expect(body.message).toBe("Authentication required");
+			});
+		}
+	});
+
+	describe("input validation", () => {
+		test("should return 400 for invalid payload on restic-password", async () => {
+			const { sessionId } = await createTestSession();
+			const res = await app.request("/api/v1/system/restic-password", {
+				method: "POST",
+				headers: {
+					Cookie: `session_id=${sessionId}`,
+					"Content-Type": "application/json",
+				},
+				body: JSON.stringify({}),
+			});
+
+			expect(res.status).toBe(400);
+		});
+
+		test("should return 401 for incorrect password on restic-password", async () => {
+			const { sessionId } = await createTestSession();
+			const res = await app.request("/api/v1/system/restic-password", {
+				method: "POST",
+				headers: {
+					Cookie: `session_id=${sessionId}`,
+					"Content-Type": "application/json",
+				},
+				body: JSON.stringify({
+					password: "wrong-password",
+				}),
+			});
+
+			expect(res.status).toBe(401);
+			const body = await res.json();
+			expect(body.message).toBe("Incorrect password");
+		});
+	});
+});
diff --git a/app/server/modules/volumes/__tests__/volumes.controller.test.ts b/app/server/modules/volumes/__tests__/volumes.controller.test.ts
new file mode 100644
index 00000000..04b05776
--- /dev/null
+++ b/app/server/modules/volumes/__tests__/volumes.controller.test.ts
@@ -0,0 +1,104 @@
+import { test, describe, expect } from "bun:test";
+import { createApp } from "~/server/app";
+import { createTestSession } from "~/test/helpers/auth";
+
+const app = createApp();
+
+describe("volumes security", () => {
+	test("should return 401 if no session cookie is provided", async () => {
+		const res = await app.request("/api/v1/volumes");
+		expect(res.status).toBe(401);
+		const body = await res.json();
+		expect(body.message).toBe("Authentication required");
+	});
+
+	test("should return 401 if session is invalid", async () => {
+		const res = await app.request("/api/v1/volumes", {
+			headers: {
+				Cookie: "session_id=invalid-session",
+			},
+		});
+		expect(res.status).toBe(401);
+		const body = await res.json();
+		expect(body.message).toBe("Invalid or expired session");
+
+		expect(res.headers.get("Set-Cookie")).toContain("session_id=;");
+	});
+
+	test("should return 200 if session is valid", async () => {
+		const { sessionId } = await createTestSession();
+
+		const res = await app.request("/api/v1/volumes", {
+			headers: {
+				Cookie: `session_id=${sessionId}`,
+			},
+		});
+
+		expect(res.status).toBe(200);
+	});
+
+	describe("unauthenticated access", () => {
+		const endpoints: { method: string; path: string }[] = [
+			{ method: "GET", path: "/api/v1/volumes" },
+			{ method: "POST", path: "/api/v1/volumes" },
+			{ method: "POST", path: "/api/v1/volumes/test-connection" },
+			{ method: "DELETE", path: "/api/v1/volumes/test-volume" },
+			{ method: "GET", path: "/api/v1/volumes/test-volume" },
+			{ method: "PUT", path: "/api/v1/volumes/test-volume" },
+			{ method: "POST", path: "/api/v1/volumes/test-volume/mount" },
+			{ method: "POST", path: "/api/v1/volumes/test-volume/unmount" },
+			{ method: "POST", path: "/api/v1/volumes/test-volume/health-check" },
+			{ method: "GET", path: "/api/v1/volumes/test-volume/files" },
+			{ method: "GET", path: "/api/v1/volumes/filesystem/browse" },
+		];
+
+		for (const { method, path } of endpoints) {
+			test(`${method} ${path} should return 401`, async () => {
+				const res = await app.request(path, { method });
+				expect(res.status).toBe(401);
+				const body = await res.json();
+				expect(body.message).toBe("Authentication required");
+			});
+		}
+	});
+
+	describe("information disclosure", () => {
+		test("should not disclose if a volume exists when unauthenticated", async () => {
+			const res = await app.request("/api/v1/volumes/non-existent-volume");
+			expect(res.status).toBe(401);
+			const body = await res.json();
+			expect(body.message).toBe("Authentication required");
+		});
+	});
+
+	describe("input validation", () => {
+		test("should return 404 for non-existent volume", async () => {
+			const { sessionId } = await createTestSession();
+			const res = await app.request("/api/v1/volumes/non-existent-volume", {
+				headers: {
+					Cookie: `session_id=${sessionId}`,
+				},
+			});
+
+			expect(res.status).toBe(404);
+			const body = await res.json();
+			expect(body.message).toBe("Volume not found");
+		});
+
+		test("should return 400 for invalid payload on create", async () => {
+			const { sessionId } = await createTestSession();
+			const res = await app.request("/api/v1/volumes", {
+				method: "POST",
+				headers: {
+					Cookie: `session_id=${sessionId}`,
+					"Content-Type": "application/json",
+				},
+				body: JSON.stringify({
+					name: "Test",
+				}),
+			});
+
+			expect(res.status).toBe(400);
+		});
+	});
+});
diff --git a/app/server/modules/volumes/volume.service.ts b/app/server/modules/volumes/volume.service.ts
index def5c51f..58e79159 100644
--- a/app/server/modules/volumes/volume.service.ts
+++ b/app/server/modules/volumes/volume.service.ts
@@ -16,7 +16,8 @@ import type { UpdateVolumeBody } from "./volume.dto";
 import { getVolumePath } from "./helpers";
 import { logger } from "../../utils/logger";
 import { serverEvents } from "../../core/events";
-import type { BackendConfig } from "~/schemas/volumes";
+import { volumeConfigSchema, type BackendConfig } from "~/schemas/volumes";
+import { type } from "arktype";
 
 async function encryptSensitiveFields(config: BackendConfig): Promise<BackendConfig> {
 	switch (config.backend) {
@@ -192,7 +193,12 @@ const updateVolume = async (name: string, volumeData: UpdateVolumeBody) => {
 		await backend.unmount();
 	}
 
-	const encryptedConfig = volumeData.config ? await encryptSensitiveFields(volumeData.config) : undefined;
+	const newConfig = volumeConfigSchema(volumeData.config || existing.config);
+	if (newConfig instanceof type.errors) {
+		throw new InternalServerError("Invalid volume configuration");
+	}
+
+	const encryptedConfig = await encryptSensitiveFields(newConfig);
 
 	const [updated] = await db
 		.update(volumesTable)
diff --git a/app/server/utils/restic.ts b/app/server/utils/restic.ts
index 207bec99..a324db31 100644
--- a/app/server/utils/restic.ts
+++ b/app/server/utils/restic.ts
@@ -4,8 +4,7 @@ import path from "node:path";
 import os from "node:os";
 import { throttle } from "es-toolkit";
 import { type } from "arktype";
-import { $ } from "bun";
-import { REPOSITORY_BASE, RESTIC_PASS_FILE } from "../core/constants";
+import { REPOSITORY_BASE, RESTIC_PASS_FILE, DEFAULT_EXCLUDES } from "../core/constants";
 import { logger } from "./logger";
 import { cryptoUtils } from "./crypto";
 import type { RetentionPolicy } from "../modules/backups/backups.dto";
@@ -29,6 +28,7 @@ const backupOutputSchema = type({
 	total_duration: "number",
 	snapshot_id: "string",
 });
+export type BackupOutput = typeof backupOutputSchema.infer;
 
 const snapshotInfoSchema = type({
 	gid: "number?",
@@ -176,6 +176,10 @@ const buildEnv = async (config: RepositoryConfig) => {
 				"UserKnownHostsFile=/dev/null",
 				"-o",
 				"LogLevel=VERBOSE",
+				"-o",
+				"ServerAliveInterval=60",
+				"-o",
+				"ServerAliveCountMax=240",
 				"-i",
 				keyPath,
 			];
@@ -205,12 +209,12 @@ const init = async (config: RepositoryConfig) => {
 	const args = ["init", "--repo", repoUrl];
 	addCommonArgs(args, env);
 
-	const res = await $`restic ${args}`.env(env).nothrow();
+	const res = await safeSpawn({ command: "restic", args, env });
 	await cleanupTemporaryKeys(config, env);
 
 	if (res.exitCode !== 0) {
 		logger.error(`Restic init failed: ${res.stderr}`);
-		return { success: false, error: res.stderr.toString() };
+		return { success: false, error: res.stderr };
 	}
 
 	logger.info(`Restic repository initialized: ${repoUrl}`);
@@ -238,6 +242,7 @@ const backup = async (
 		excludeIfPresent?: string[];
 		include?: string[];
 		tags?: string[];
+		oneFileSystem?: boolean;
 		compressionMode?: CompressionMode;
 		signal?: AbortSignal;
 		onProgress?: (progress: BackupProgress) => void;
@@ -246,14 +251,11 @@ const backup = async (
 	const repoUrl = buildRepoUrl(config);
 	const env = await buildEnv(config);
 
-	const args: string[] = [
-		"--repo",
-		repoUrl,
-		"backup",
-		"--one-file-system",
-		"--compression",
-		options?.compressionMode ?? "auto",
-	];
+	const args: string[] = ["--repo", repoUrl, "backup", "--compression", options?.compressionMode ?? "auto"];
+
+	if (options?.oneFileSystem) {
+		args.push("--one-file-system");
+	}
 
 	if (options?.tags && options.tags.length > 0) {
 		for (const tag of options.tags) {
@@ -266,19 +268,25 @@ const backup = async (
 		const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "zerobyte-restic-include-"));
 		includeFile = path.join(tmp, `include.txt`);
 
-		const includePaths = options.include.map((p) => path.join(source, p));
-
-		await fs.writeFile(includeFile, includePaths.join("\n"), "utf-8");
+		await fs.writeFile(includeFile, options.include.join("\n"), "utf-8");
 
 		args.push("--files-from", includeFile);
 	} else {
 		args.push(source);
 	}
 
+	for (const exclude of DEFAULT_EXCLUDES) {
+		args.push("--exclude", exclude);
+	}
+
+	let excludeFile: string | null = null;
 	if (options?.exclude && options.exclude.length > 0) {
-		for (const pattern of options.exclude) {
-			args.push("--exclude", pattern);
-		}
+		const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "zerobyte-restic-exclude-"));
+		excludeFile = path.join(tmp, `exclude.txt`);
+
+		await fs.writeFile(excludeFile, options.exclude.join("\n"), "utf-8");
+
+		args.push("--exclude-file", excludeFile);
 	}
 
 	if (options?.excludeIfPresent && options.excludeIfPresent.length > 0) {
@@ -325,22 +333,28 @@ const backup = async (
 		},
 		finally: async () => {
 			includeFile && (await fs.unlink(includeFile).catch(() => {}));
+			excludeFile && (await fs.unlink(excludeFile).catch(() => {}));
 			await cleanupTemporaryKeys(config, env);
 		},
 	});
 
+	if (options?.signal?.aborted) {
+		logger.warn("Restic backup was aborted by signal.");
+		return { result: null, exitCode: res.exitCode };
+	}
+
 	if (res.exitCode === 3) {
-		logger.error(`Restic backup encountered read errors: ${res.stderr.toString()}`);
+		logger.error(`Restic backup encountered read errors: ${res.stderr}`);
 	}
 
 	if (res.exitCode !== 0 && res.exitCode !== 3) {
-		logger.error(`Restic backup failed: ${res.stderr.toString()}`);
+		logger.error(`Restic backup failed: ${res.stderr}`);
 		logger.error(`Command executed: restic ${args.join(" ")}`);
 
-		throw new ResticError(res.exitCode, res.stderr.toString());
+		throw new ResticError(res.exitCode, res.stderr);
 	}
 
-	const lastLine = stdout.trim();
+	const lastLine = (stdout || res.stdout).trim();
 	let summaryLine = "";
 	try {
 		const resSummary = JSON.parse(lastLine ?? "{}");
@@ -416,16 +430,16 @@ const restore = async (
 	addCommonArgs(args, env);
 
 	logger.debug(`Executing: restic ${args.join(" ")}`);
-	const res = await $`restic ${args}`.env(env).nothrow();
+	const res = await safeSpawn({ command: "restic", args, env });
+
 	await cleanupTemporaryKeys(config, env);
 
 	if (res.exitCode !== 0) {
 		logger.error(`Restic restore failed: ${res.stderr}`);
-		throw new ResticError(res.exitCode, res.stderr.toString());
+		throw new ResticError(res.exitCode, res.stderr);
 	}
 
-	const stdout = res.text();
-	const outputLines = stdout.trim().split("\n");
+	const outputLines = res.stdout.trim().split("\n");
 	const lastLine = outputLines[outputLines.length - 1];
 
 	if (!lastLine) {
@@ -478,7 +492,7 @@ const snapshots = async (config: RepositoryConfig, options: { tags?: string[] }
 
 	addCommonArgs(args, env);
 
-	const res = await $`restic ${args}`.env(env).nothrow().quiet();
+	const res = await safeSpawn({ command: "restic", args, env });
 	await cleanupTemporaryKeys(config, env);
 
 	if (res.exitCode !== 0) {
@@ -486,7 +500,7 @@ const snapshots = async (config: RepositoryConfig, options: { tags?: string[] }
 		throw new Error(`Restic snapshots retrieval failed: ${res.stderr}`);
 	}
 
-	const result = snapshotInfoSchema.array()(res.json());
+	const result = snapshotInfoSchema.array()(JSON.parse(res.stdout));
 
 	if (result instanceof type.errors) {
 		logger.error(`Restic snapshots output validation failed: ${result}`);
@@ -527,12 +541,12 @@ const forget = async (config: RepositoryConfig, options: RetentionPolicy, extra:
 	args.push("--prune");
 	addCommonArgs(args, env);
 
-	const res = await $`restic ${args}`.env(env).nothrow();
+	const res = await safeSpawn({ command: "restic", args, env });
 	await cleanupTemporaryKeys(config, env);
 
 	if (res.exitCode !== 0) {
 		logger.error(`Restic forget failed: ${res.stderr}`);
-		throw new ResticError(res.exitCode, res.stderr.toString());
+		throw new ResticError(res.exitCode, res.stderr);
 	}
 
 	return { success: true };
@@ -545,12 +559,12 @@ const deleteSnapshot = async (config: RepositoryConfig, snapshotId: string) => {
 	const args: string[] = ["--repo", repoUrl, "forget", snapshotId, "--prune"];
 	addCommonArgs(args, env);
 
-	const res = await $`restic ${args}`.env(env).nothrow();
+	const res = await safeSpawn({ command: "restic", args, env });
 	await cleanupTemporaryKeys(config, env);
 
 	if (res.exitCode !== 0) {
 		logger.error(`Restic snapshot deletion failed: ${res.stderr}`);
-		throw new ResticError(res.exitCode, res.stderr.toString());
+		throw new ResticError(res.exitCode, res.stderr);
 	}
 
 	return { success: true };
@@ -600,7 +614,7 @@ const ls = async (config: RepositoryConfig, snapshotId: string, path?: string) =
 
 	if (res.exitCode !== 0) {
 		logger.error(`Restic ls failed: ${res.stderr}`);
-		throw new ResticError(res.exitCode, res.stderr.toString());
+		throw new ResticError(res.exitCode, res.stderr);
 	}
 
 	// The output is a stream of JSON objects, first is snapshot info, rest are file/dir nodes
@@ -646,12 +660,12 @@ const unlock = async (config: RepositoryConfig) => {
 	const args = ["unlock", "--repo", repoUrl, "--remove-all"];
 	addCommonArgs(args, env);
 
-	const res = await $`restic ${args}`.env(env).nothrow();
+	const res = await safeSpawn({ command: "restic", args, env });
 	await cleanupTemporaryKeys(config, env);
 
 	if (res.exitCode !== 0) {
 		logger.error(`Restic unlock failed: ${res.stderr}`);
-		throw new ResticError(res.exitCode, res.stderr.toString());
+		throw new ResticError(res.exitCode, res.stderr);
 	}
 
 	logger.info(`Restic unlock succeeded for repository: ${repoUrl}`);
@@ -670,11 +684,10 @@ const check = async (config: RepositoryConfig, options?: { readData?: boolean })
 
 	addCommonArgs(args, env);
 
-	const res = await $`restic ${args}`.env(env).nothrow();
+	const res = await safeSpawn({ command: "restic", args, env });
 	await cleanupTemporaryKeys(config, env);
 
-	const stdout = res.text();
-	const stderr = res.stderr.toString();
+	const { stdout, stderr } = res;
 
 	if (res.exitCode !== 0) {
 		logger.error(`Restic check failed: ${stderr}`);
@@ -704,11 +717,10 @@ const repairIndex = async (config: RepositoryConfig) => {
 	const args = ["repair", "index", "--repo", repoUrl];
 	addCommonArgs(args, env);
 
-	const res = await $`restic ${args}`.env(env).nothrow();
+	const res = await safeSpawn({ command: "restic", args, env });
 	await cleanupTemporaryKeys(config, env);
 
-	const stdout = res.text();
-	const stderr = res.stderr.toString();
+	const { stdout, stderr } = res;
 
 	if (res.exitCode !== 0) {
 		logger.error(`Restic repair index failed: ${stderr}`);
@@ -764,13 +776,12 @@ const copy = async (
 	logger.info(`Copying snapshots from ${sourceRepoUrl} to ${destRepoUrl}...`);
 	logger.debug(`Executing: restic ${args.join(" ")}`);
 
-	const res = await $`restic ${args}`.env(env).nothrow();
+	const res = await safeSpawn({ command: "restic", args, env });
 
 	await cleanupTemporaryKeys(sourceConfig, sourceEnv);
 	await cleanupTemporaryKeys(destConfig, destEnv);
 
-	const stdout = res.text();
-	const stderr = res.stderr.toString();
+	const { stdout, stderr } = res;
 
 	if (res.exitCode !== 0) {
 		logger.error(`Restic copy failed: ${stderr}`);
diff --git a/app/server/utils/spawn.ts b/app/server/utils/spawn.ts
index 6ef86cba..c2b9246b 100644
--- a/app/server/utils/spawn.ts
+++ b/app/server/utils/spawn.ts
@@ -1,6 +1,6 @@
 import { spawn } from "node:child_process";
 
-interface Params {
+export interface SafeSpawnParams {
 	command: string;
 	args: string[];
 	env?: NodeJS.ProcessEnv;
@@ -18,7 +18,7 @@ type SpawnResult = {
 	stderr: string;
 };
 
-export const safeSpawn = (params: Params) => {
+export const safeSpawn = (params: SafeSpawnParams) => {
 	const { command, args, env = {}, signal, ...callbacks } = params;
 
 	return new Promise<SpawnResult>((resolve) => {
diff --git a/app/test/helpers/auth.ts b/app/test/helpers/auth.ts
new file mode 100644
index 00000000..fba04ccf
--- /dev/null
+++ b/app/test/helpers/auth.ts
@@ -0,0 +1,24 @@
+import { authService } from "~/server/modules/auth/auth.service";
+import { db } from "~/server/db/db";
+import { usersTable, sessionsTable } from "~/server/db/schema";
+
+export async function createTestSession() {
+	const [existingUser] = await db.select().from(usersTable);
+
+	if (!existingUser) {
+		await authService.register("testadmin", "testpassword");
+	}
+
+	const [user] = await db.select().from(usersTable);
+
+	const sessionId = crypto.randomUUID();
+	const expiresAt = Date.now() + 1000 * 60 * 60 * 24; // 24 hours
+
+	await db.insert(sessionsTable).values({
+		id: sessionId,
+		userId: user.id,
+		expiresAt,
+	});
+
+	return { sessionId, user };
+}
diff --git a/app/test/helpers/backup.ts b/app/test/helpers/backup.ts
new file mode 100644
index 00000000..4e8be3fe
--- /dev/null
+++ b/app/test/helpers/backup.ts
@@ -0,0 +1,16 @@
+import { db } from "~/server/db/db";
+import { faker } from "@faker-js/faker";
+import { backupSchedulesTable, type BackupScheduleInsert } from "~/server/db/schema";
+
+export const createTestBackupSchedule = async (overrides: Partial<BackupScheduleInsert> = {}) => {
+	const backup: BackupScheduleInsert = {
+		name: faker.system.fileName(),
+		cronExpression: "0 0 * * *",
+		repositoryId: "repo_123",
+		volumeId: 1,
+		...overrides,
+	};
+
+	const data = await db.insert(backupSchedulesTable).values(backup).returning();
+	return data[0];
+};
diff --git a/app/test/helpers/repository.ts b/app/test/helpers/repository.ts
new file mode 100644
index 00000000..0a15c59e
--- /dev/null
+++ b/app/test/helpers/repository.ts
@@ -0,0 +1,20 @@
+import { db } from "~/server/db/db";
+import { faker } from "@faker-js/faker";
+import { repositoriesTable, type RepositoryInsert } from "~/server/db/schema";
+
+export const createTestRepository = async (overrides: Partial<RepositoryInsert> = {}) => {
+	const repository: RepositoryInsert = {
+		id: faker.string.alphanumeric(6),
+		name: faker.string.alphanumeric(10),
+		shortId: faker.string.alphanumeric(6),
+		config: {
+			name: "test-repo",
+			backend: "local",
+		},
+		type: "local",
+		...overrides,
+	};
+
+	const data = await db.insert(repositoriesTable).values(repository).returning();
+	return data[0];
+};
diff --git a/app/test/helpers/restic.ts b/app/test/helpers/restic.ts
new file mode 100644
index 00000000..b5732019
--- /dev/null
+++ b/app/test/helpers/restic.ts
@@ -0,0 +1,18 @@
+export const generateBackupOutput = () => {
+	return JSON.stringify({
+		message_type: "summary",
+		files_new: 10,
+		files_changed: 5,
+		files_unmodified: 85,
+		dirs_new: 2,
+		dirs_changed: 1,
+		dirs_unmodified: 17,
+		data_blobs: 20,
+		tree_blobs: 5,
+		data_added: 1048576,
+		total_files_processed: 100,
+		total_bytes_processed: 2097152,
+		total_duration: 12.34,
+		snapshot_id: "abcd1234",
+	});
+};
diff --git a/app/test/helpers/volume.ts b/app/test/helpers/volume.ts
new file mode 100644
index 00000000..0d63740d
--- /dev/null
+++ b/app/test/helpers/volume.ts
@@ -0,0 +1,21 @@
+import { db } from "~/server/db/db";
+import { faker } from "@faker-js/faker";
+import { volumesTable, type VolumeInsert } from "~/server/db/schema";
+
+export const createTestVolume = async (overrides: Partial<VolumeInsert> = {}) => {
+	const volume: VolumeInsert = {
+		name: faker.system.fileName(),
+		config: {
+			backend: "directory",
+			path: `/mnt/volumes/${faker.system.fileName()}`,
+		},
+		status: "mounted",
+		autoRemount: true,
+		shortId: faker.string.alphanumeric(6),
+		type: "directory",
+		...overrides,
+	};
+
+	const data = await db.insert(volumesTable).values(volume).returning();
+	return data[0];
+};
diff --git a/app/test/setup.ts b/app/test/setup.ts
new file mode 100644
index 00000000..8791d42c
--- /dev/null
+++ b/app/test/setup.ts
@@ -0,0 +1,19 @@
+import { beforeAll, mock } from "bun:test";
+import { migrate } from "drizzle-orm/bun-sqlite/migrator";
+import path from "node:path";
+import { cwd } from "node:process";
+import { db } from "~/server/db/db";
+
+mock.module("~/server/utils/logger", () => ({
+	logger: {
+		debug: () => {},
+		info: () => {},
+		warn: () => {},
+		error: () => {},
+	},
+}));
+
+beforeAll(async () => {
+	const migrationsFolder = path.join(cwd(), "app", "drizzle");
+	migrate(db, { migrationsFolder });
+});
diff --git a/app/utils/utils.ts b/app/utils/utils.ts
index dc5d3a29..9225e300 100644
--- a/app/utils/utils.ts
+++ b/app/utils/utils.ts
@@ -1,6 +1,11 @@
 import { intervalToDuration } from "date-fns";
 
-export const getCronExpression = (frequency: string, dailyTime?: string, weeklyDay?: string): string => {
+export const getCronExpression = (
+	frequency: string,
+	dailyTime?: string,
+	weeklyDay?: string,
+	monthlyDays?: string[],
+): string => {
 	if (frequency === "hourly") {
 		return "0 * * * *";
 	}
@@ -15,6 +20,15 @@ export const getCronExpression = (frequency: string, dailyTime?: string, weeklyD
 		return `${minutes} ${hours} * * *`;
 	}
 
+	if (frequency === "monthly") {
+		const sortedDays = (monthlyDays || [])
+			.map(Number)
+			.filter((day) => day >= 1 && day <= 31)
+			.sort((a, b) => a - b);
+		const days = sortedDays.length > 0 ? sortedDays.join(",") : "1";
+		return `${minutes} ${hours} ${days} * *`;
+	}
+
 	return `${minutes} ${hours} * * ${weeklyDay ?? "0"}`;
 };
 
diff --git a/bun.lock b/bun.lock
index 1668570b..63d08e3d 100644
--- a/bun.lock
+++ b/bun.lock
@@ -1,8 +1,9 @@
 {
   "lockfileVersion": 1,
-  "configVersion": 0,
+  "configVersion": 1,
   "workspaces": {
     "": {
+      "name": "zerobyte",
       "dependencies": {
         "@dnd-kit/core": "^6.3.1",
         "@dnd-kit/sortable": "^10.0.0",
@@ -36,6 +37,7 @@
         "es-toolkit": "^1.42.0",
         "hono": "4.10.5",
         "hono-openapi": "^1.1.1",
+        "hono-rate-limiter": "^0.5.0",
         "http-errors-enhanced": "^4.0.2",
         "isbot": "^5.1.32",
         "lucide-react": "^0.555.0",
@@ -56,14 +58,16 @@
       },
       "devDependencies": {
         "@biomejs/biome": "^2.3.8",
+        "@faker-js/faker": "^10.1.0",
         "@hey-api/openapi-ts": "^0.88.0",
         "@react-router/dev": "^7.10.0",
         "@tailwindcss/vite": "^4.1.17",
         "@tanstack/react-query-devtools": "^5.91.1",
-        "@types/bun": "^1.3.3",
-        "@types/node": "^24.10.1",
+        "@types/bun": "^1.3.4",
+        "@types/node": "^25.0.3",
         "@types/react": "^19.2.7",
         "@types/react-dom": "^19.2.3",
+        "dotenv-cli": "^11.0.0",
         "drizzle-kit": "^0.31.7",
         "lightningcss": "^1.30.2",
         "tailwindcss": "^4.1.17",
@@ -72,10 +76,13 @@
         "typescript": "^5.9.3",
         "vite": "^7.2.6",
         "vite-bundle-analyzer": "^1.2.3",
-        "vite-tsconfig-paths": "^5.1.4",
+        "vite-tsconfig-paths": "^6.0.3",
       },
     },
   },
+  "overrides": {
+    "esbuild": "^0.27.2",
+  },
   "packages": {
     "@ark/schema": ["@ark/schema@0.56.0", "", { "dependencies": { "@ark/util": "0.56.0" } }, "sha512-ECg3hox/6Z/nLajxXqNhgPtNdHWC9zNsDyskwO28WinoFEnWow4IsERNz9AnXRhTZJnYIlAJ4uGn3nlLk65vZA=="],
 
@@ -137,23 +144,23 @@
 
     "@babel/types": ["@babel/types@7.28.5", "", { "dependencies": { "@babel/helper-string-parser": "^7.27.1", "@babel/helper-validator-identifier": "^7.28.5" } }, "sha512-qQ5m48eI/MFLQ5PxQj4PFaprjyCTLI37ElWMmNs0K8Lk3dVeOdNpB3ks8jc7yM5CDmVC73eMVk/trk3fgmrUpA=="],
 
-    "@biomejs/biome": ["@biomejs/biome@2.3.8", "", { "optionalDependencies": { "@biomejs/cli-darwin-arm64": "2.3.8", "@biomejs/cli-darwin-x64": "2.3.8", "@biomejs/cli-linux-arm64": "2.3.8", "@biomejs/cli-linux-arm64-musl": "2.3.8", "@biomejs/cli-linux-x64": "2.3.8", "@biomejs/cli-linux-x64-musl": "2.3.8", "@biomejs/cli-win32-arm64": "2.3.8", "@biomejs/cli-win32-x64": "2.3.8" }, "bin": { "biome": "bin/biome" } }, "sha512-Qjsgoe6FEBxWAUzwFGFrB+1+M8y/y5kwmg5CHac+GSVOdmOIqsAiXM5QMVGZJ1eCUCLlPZtq4aFAQ0eawEUuUA=="],
+    "@biomejs/biome": ["@biomejs/biome@2.3.10", "", { "optionalDependencies": { "@biomejs/cli-darwin-arm64": "2.3.10", "@biomejs/cli-darwin-x64": "2.3.10", "@biomejs/cli-linux-arm64": "2.3.10", "@biomejs/cli-linux-arm64-musl": "2.3.10", "@biomejs/cli-linux-x64": "2.3.10", "@biomejs/cli-linux-x64-musl": "2.3.10", "@biomejs/cli-win32-arm64": "2.3.10", "@biomejs/cli-win32-x64": "2.3.10" }, "bin": { "biome": "bin/biome" } }, "sha512-/uWSUd1MHX2fjqNLHNL6zLYWBbrJeG412/8H7ESuK8ewoRoMPUgHDebqKrPTx/5n6f17Xzqc9hdg3MEqA5hXnQ=="],
 
-    "@biomejs/cli-darwin-arm64": ["@biomejs/cli-darwin-arm64@2.3.8", "", { "os": "darwin", "cpu": "arm64" }, "sha512-HM4Zg9CGQ3txTPflxD19n8MFPrmUAjaC7PQdLkugeeC0cQ+PiVrd7i09gaBS/11QKsTDBJhVg85CEIK9f50Qww=="],
+    "@biomejs/cli-darwin-arm64": ["@biomejs/cli-darwin-arm64@2.3.10", "", { "os": "darwin", "cpu": "arm64" }, "sha512-M6xUjtCVnNGFfK7HMNKa593nb7fwNm43fq1Mt71kpLpb+4mE7odO8W/oWVDyBVO4ackhresy1ZYO7OJcVo/B7w=="],
 
-    "@biomejs/cli-darwin-x64": ["@biomejs/cli-darwin-x64@2.3.8", "", { "os": "darwin", "cpu": "x64" }, "sha512-lUDQ03D7y/qEao7RgdjWVGCu+BLYadhKTm40HkpJIi6kn8LSv5PAwRlew/DmwP4YZ9ke9XXoTIQDO1vAnbRZlA=="],
+    "@biomejs/cli-darwin-x64": ["@biomejs/cli-darwin-x64@2.3.10", "", { "os": "darwin", "cpu": "x64" }, "sha512-Vae7+V6t/Avr8tVbFNjnFSTKZogZHFYl7MMH62P/J1kZtr0tyRQ9Fe0onjqjS2Ek9lmNLmZc/VR5uSekh+p1fg=="],
 
-    "@biomejs/cli-linux-arm64": ["@biomejs/cli-linux-arm64@2.3.8", "", { "os": "linux", "cpu": "arm64" }, "sha512-Uo1OJnIkJgSgF+USx970fsM/drtPcQ39I+JO+Fjsaa9ZdCN1oysQmy6oAGbyESlouz+rzEckLTF6DS7cWse95g=="],
+    "@biomejs/cli-linux-arm64": ["@biomejs/cli-linux-arm64@2.3.10", "", { "os": "linux", "cpu": "arm64" }, "sha512-hhPw2V3/EpHKsileVOFynuWiKRgFEV48cLe0eA+G2wO4SzlwEhLEB9LhlSrVeu2mtSn205W283LkX7Fh48CaxA=="],
 
-    "@biomejs/cli-linux-arm64-musl": ["@biomejs/cli-linux-arm64-musl@2.3.8", "", { "os": "linux", "cpu": "arm64" }, "sha512-PShR4mM0sjksUMyxbyPNMxoKFPVF48fU8Qe8Sfx6w6F42verbwRLbz+QiKNiDPRJwUoMG1nPM50OBL3aOnTevA=="],
+    "@biomejs/cli-linux-arm64-musl": ["@biomejs/cli-linux-arm64-musl@2.3.10", "", { "os": "linux", "cpu": "arm64" }, "sha512-B9DszIHkuKtOH2IFeeVkQmSMVUjss9KtHaNXquYYWCjH8IstNgXgx5B0aSBQNr6mn4RcKKRQZXn9Zu1rM3O0/A=="],
 
-    "@biomejs/cli-linux-x64": ["@biomejs/cli-linux-x64@2.3.8", "", { "os": "linux", "cpu": "x64" }, "sha512-QDPMD5bQz6qOVb3kiBui0zKZXASLo0NIQ9JVJio5RveBEFgDgsvJFUvZIbMbUZT3T00M/1wdzwWXk4GIh0KaAw=="],
+    "@biomejs/cli-linux-x64": ["@biomejs/cli-linux-x64@2.3.10", "", { "os": "linux", "cpu": "x64" }, "sha512-wwAkWD1MR95u+J4LkWP74/vGz+tRrIQvr8kfMMJY8KOQ8+HMVleREOcPYsQX82S7uueco60L58Wc6M1I9WA9Dw=="],
 
-    "@biomejs/cli-linux-x64-musl": ["@biomejs/cli-linux-x64-musl@2.3.8", "", { "os": "linux", "cpu": "x64" }, "sha512-YGLkqU91r1276uwSjiUD/xaVikdxgV1QpsicT0bIA1TaieM6E5ibMZeSyjQ/izBn4tKQthUSsVZacmoJfa3pDA=="],
+    "@biomejs/cli-linux-x64-musl": ["@biomejs/cli-linux-x64-musl@2.3.10", "", { "os": "linux", "cpu": "x64" }, "sha512-QTfHZQh62SDFdYc2nfmZFuTm5yYb4eO1zwfB+90YxUumRCR171tS1GoTX5OD0wrv4UsziMPmrePMtkTnNyYG3g=="],
 
-    "@biomejs/cli-win32-arm64": ["@biomejs/cli-win32-arm64@2.3.8", "", { "os": "win32", "cpu": "arm64" }, "sha512-H4IoCHvL1fXKDrTALeTKMiE7GGWFAraDwBYFquE/L/5r1927Te0mYIGseXi4F+lrrwhSWbSGt5qPFswNoBaCxg=="],
+    "@biomejs/cli-win32-arm64": ["@biomejs/cli-win32-arm64@2.3.10", "", { "os": "win32", "cpu": "arm64" }, "sha512-o7lYc9n+CfRbHvkjPhm8s9FgbKdYZu5HCcGVMItLjz93EhgJ8AM44W+QckDqLA9MKDNFrR8nPbO4b73VC5kGGQ=="],
 
-    "@biomejs/cli-win32-x64": ["@biomejs/cli-win32-x64@2.3.8", "", { "os": "win32", "cpu": "x64" }, "sha512-RguzimPoZWtBapfKhKjcWXBVI91tiSprqdBYu7tWhgN8pKRZhw24rFeNZTNf6UiBfjCYCi9eFQs/JzJZIhuK4w=="],
+    "@biomejs/cli-win32-x64": ["@biomejs/cli-win32-x64@2.3.10", "", { "os": "win32", "cpu": "x64" }, "sha512-pHEFgq7dUEsKnqG9mx9bXihxGI49X+ar+UBrEIj3Wqj3UCZp1rNgV+OoyjFgcXsjCWpuEAF4VJdkZr3TrWdCbQ=="],
 
     "@colors/colors": ["@colors/colors@1.6.0", "", {}, "sha512-Ir+AOibqzrIsL6ajt3Rz3LskB7OiMVHqltZmspbW/TJuTVuyOMirVqAkjfY6JISiLHgyNqicAC8AyHHGzNd/dA=="],
 
@@ -173,57 +180,59 @@
 
     "@esbuild-kit/esm-loader": ["@esbuild-kit/esm-loader@2.6.5", "", { "dependencies": { "@esbuild-kit/core-utils": "^3.3.2", "get-tsconfig": "^4.7.0" } }, "sha512-FxEMIkJKnodyA1OaCUoEvbYRkoZlLZ4d/eXFu9Fh8CbBBgP5EmZxrfTRyN0qpXZ4vOvqnE5YdRdcrmUUXuU+dA=="],
 
-    "@esbuild/aix-ppc64": ["@esbuild/aix-ppc64@0.25.12", "", { "os": "aix", "cpu": "ppc64" }, "sha512-Hhmwd6CInZ3dwpuGTF8fJG6yoWmsToE+vYgD4nytZVxcu1ulHpUQRAB1UJ8+N1Am3Mz4+xOByoQoSZf4D+CpkA=="],
+    "@esbuild/aix-ppc64": ["@esbuild/aix-ppc64@0.27.2", "", { "os": "aix", "cpu": "ppc64" }, "sha512-GZMB+a0mOMZs4MpDbj8RJp4cw+w1WV5NYD6xzgvzUJ5Ek2jerwfO2eADyI6ExDSUED+1X8aMbegahsJi+8mgpw=="],
+
+    "@esbuild/android-arm": ["@esbuild/android-arm@0.27.2", "", { "os": "android", "cpu": "arm" }, "sha512-DVNI8jlPa7Ujbr1yjU2PfUSRtAUZPG9I1RwW4F4xFB1Imiu2on0ADiI/c3td+KmDtVKNbi+nffGDQMfcIMkwIA=="],
 
-    "@esbuild/android-arm": ["@esbuild/android-arm@0.25.12", "", { "os": "android", "cpu": "arm" }, "sha512-VJ+sKvNA/GE7Ccacc9Cha7bpS8nyzVv0jdVgwNDaR4gDMC/2TTRc33Ip8qrNYUcpkOHUT5OZ0bUcNNVZQ9RLlg=="],
+    "@esbuild/android-arm64": ["@esbuild/android-arm64@0.27.2", "", { "os": "android", "cpu": "arm64" }, "sha512-pvz8ZZ7ot/RBphf8fv60ljmaoydPU12VuXHImtAs0XhLLw+EXBi2BLe3OYSBslR4rryHvweW5gmkKFwTiFy6KA=="],
 
-    "@esbuild/android-arm64": ["@esbuild/android-arm64@0.25.12", "", { "os": "android", "cpu": "arm64" }, "sha512-6AAmLG7zwD1Z159jCKPvAxZd4y/VTO0VkprYy+3N2FtJ8+BQWFXU+OxARIwA46c5tdD9SsKGZ/1ocqBS/gAKHg=="],
+    "@esbuild/android-x64": ["@esbuild/android-x64@0.27.2", "", { "os": "android", "cpu": "x64" }, "sha512-z8Ank4Byh4TJJOh4wpz8g2vDy75zFL0TlZlkUkEwYXuPSgX8yzep596n6mT7905kA9uHZsf/o2OJZubl2l3M7A=="],
 
-    "@esbuild/android-x64": ["@esbuild/android-x64@0.25.12", "", { "os": "android", "cpu": "x64" }, "sha512-5jbb+2hhDHx5phYR2By8GTWEzn6I9UqR11Kwf22iKbNpYrsmRB18aX/9ivc5cabcUiAT/wM+YIZ6SG9QO6a8kg=="],
+    "@esbuild/darwin-arm64": ["@esbuild/darwin-arm64@0.27.2", "", { "os": "darwin", "cpu": "arm64" }, "sha512-davCD2Zc80nzDVRwXTcQP/28fiJbcOwvdolL0sOiOsbwBa72kegmVU0Wrh1MYrbuCL98Omp5dVhQFWRKR2ZAlg=="],
 
-    "@esbuild/darwin-arm64": ["@esbuild/darwin-arm64@0.25.12", "", { "os": "darwin", "cpu": "arm64" }, "sha512-N3zl+lxHCifgIlcMUP5016ESkeQjLj/959RxxNYIthIg+CQHInujFuXeWbWMgnTo4cp5XVHqFPmpyu9J65C1Yg=="],
+    "@esbuild/darwin-x64": ["@esbuild/darwin-x64@0.27.2", "", { "os": "darwin", "cpu": "x64" }, "sha512-ZxtijOmlQCBWGwbVmwOF/UCzuGIbUkqB1faQRf5akQmxRJ1ujusWsb3CVfk/9iZKr2L5SMU5wPBi1UWbvL+VQA=="],
 
-    "@esbuild/darwin-x64": ["@esbuild/darwin-x64@0.25.12", "", { "os": "darwin", "cpu": "x64" }, "sha512-HQ9ka4Kx21qHXwtlTUVbKJOAnmG1ipXhdWTmNXiPzPfWKpXqASVcWdnf2bnL73wgjNrFXAa3yYvBSd9pzfEIpA=="],
+    "@esbuild/freebsd-arm64": ["@esbuild/freebsd-arm64@0.27.2", "", { "os": "freebsd", "cpu": "arm64" }, "sha512-lS/9CN+rgqQ9czogxlMcBMGd+l8Q3Nj1MFQwBZJyoEKI50XGxwuzznYdwcav6lpOGv5BqaZXqvBSiB/kJ5op+g=="],
 
-    "@esbuild/freebsd-arm64": ["@esbuild/freebsd-arm64@0.25.12", "", { "os": "freebsd", "cpu": "arm64" }, "sha512-gA0Bx759+7Jve03K1S0vkOu5Lg/85dou3EseOGUes8flVOGxbhDDh/iZaoek11Y8mtyKPGF3vP8XhnkDEAmzeg=="],
+    "@esbuild/freebsd-x64": ["@esbuild/freebsd-x64@0.27.2", "", { "os": "freebsd", "cpu": "x64" }, "sha512-tAfqtNYb4YgPnJlEFu4c212HYjQWSO/w/h/lQaBK7RbwGIkBOuNKQI9tqWzx7Wtp7bTPaGC6MJvWI608P3wXYA=="],
 
-    "@esbuild/freebsd-x64": ["@esbuild/freebsd-x64@0.25.12", "", { "os": "freebsd", "cpu": "x64" }, "sha512-TGbO26Yw2xsHzxtbVFGEXBFH0FRAP7gtcPE7P5yP7wGy7cXK2oO7RyOhL5NLiqTlBh47XhmIUXuGciXEqYFfBQ=="],
+    "@esbuild/linux-arm": ["@esbuild/linux-arm@0.27.2", "", { "os": "linux", "cpu": "arm" }, "sha512-vWfq4GaIMP9AIe4yj1ZUW18RDhx6EPQKjwe7n8BbIecFtCQG4CfHGaHuh7fdfq+y3LIA2vGS/o9ZBGVxIDi9hw=="],
 
-    "@esbuild/linux-arm": ["@esbuild/linux-arm@0.25.12", "", { "os": "linux", "cpu": "arm" }, "sha512-lPDGyC1JPDou8kGcywY0YILzWlhhnRjdof3UlcoqYmS9El818LLfJJc3PXXgZHrHCAKs/Z2SeZtDJr5MrkxtOw=="],
+    "@esbuild/linux-arm64": ["@esbuild/linux-arm64@0.27.2", "", { "os": "linux", "cpu": "arm64" }, "sha512-hYxN8pr66NsCCiRFkHUAsxylNOcAQaxSSkHMMjcpx0si13t1LHFphxJZUiGwojB1a/Hd5OiPIqDdXONia6bhTw=="],
 
-    "@esbuild/linux-arm64": ["@esbuild/linux-arm64@0.25.12", "", { "os": "linux", "cpu": "arm64" }, "sha512-8bwX7a8FghIgrupcxb4aUmYDLp8pX06rGh5HqDT7bB+8Rdells6mHvrFHHW2JAOPZUbnjUpKTLg6ECyzvas2AQ=="],
+    "@esbuild/linux-ia32": ["@esbuild/linux-ia32@0.27.2", "", { "os": "linux", "cpu": "ia32" }, "sha512-MJt5BRRSScPDwG2hLelYhAAKh9imjHK5+NE/tvnRLbIqUWa+0E9N4WNMjmp/kXXPHZGqPLxggwVhz7QP8CTR8w=="],
 
-    "@esbuild/linux-ia32": ["@esbuild/linux-ia32@0.25.12", "", { "os": "linux", "cpu": "ia32" }, "sha512-0y9KrdVnbMM2/vG8KfU0byhUN+EFCny9+8g202gYqSSVMonbsCfLjUO+rCci7pM0WBEtz+oK/PIwHkzxkyharA=="],
+    "@esbuild/linux-loong64": ["@esbuild/linux-loong64@0.27.2", "", { "os": "linux", "cpu": "none" }, "sha512-lugyF1atnAT463aO6KPshVCJK5NgRnU4yb3FUumyVz+cGvZbontBgzeGFO1nF+dPueHD367a2ZXe1NtUkAjOtg=="],
 
-    "@esbuild/linux-loong64": ["@esbuild/linux-loong64@0.25.12", "", { "os": "linux", "cpu": "none" }, "sha512-h///Lr5a9rib/v1GGqXVGzjL4TMvVTv+s1DPoxQdz7l/AYv6LDSxdIwzxkrPW438oUXiDtwM10o9PmwS/6Z0Ng=="],
+    "@esbuild/linux-mips64el": ["@esbuild/linux-mips64el@0.27.2", "", { "os": "linux", "cpu": "none" }, "sha512-nlP2I6ArEBewvJ2gjrrkESEZkB5mIoaTswuqNFRv/WYd+ATtUpe9Y09RnJvgvdag7he0OWgEZWhviS1OTOKixw=="],
 
-    "@esbuild/linux-mips64el": ["@esbuild/linux-mips64el@0.25.12", "", { "os": "linux", "cpu": "none" }, "sha512-iyRrM1Pzy9GFMDLsXn1iHUm18nhKnNMWscjmp4+hpafcZjrr2WbT//d20xaGljXDBYHqRcl8HnxbX6uaA/eGVw=="],
+    "@esbuild/linux-ppc64": ["@esbuild/linux-ppc64@0.27.2", "", { "os": "linux", "cpu": "ppc64" }, "sha512-C92gnpey7tUQONqg1n6dKVbx3vphKtTHJaNG2Ok9lGwbZil6DrfyecMsp9CrmXGQJmZ7iiVXvvZH6Ml5hL6XdQ=="],
 
-    "@esbuild/linux-ppc64": ["@esbuild/linux-ppc64@0.25.12", "", { "os": "linux", "cpu": "ppc64" }, "sha512-9meM/lRXxMi5PSUqEXRCtVjEZBGwB7P/D4yT8UG/mwIdze2aV4Vo6U5gD3+RsoHXKkHCfSxZKzmDssVlRj1QQA=="],
+    "@esbuild/linux-riscv64": ["@esbuild/linux-riscv64@0.27.2", "", { "os": "linux", "cpu": "none" }, "sha512-B5BOmojNtUyN8AXlK0QJyvjEZkWwy/FKvakkTDCziX95AowLZKR6aCDhG7LeF7uMCXEJqwa8Bejz5LTPYm8AvA=="],
 
-    "@esbuild/linux-riscv64": ["@esbuild/linux-riscv64@0.25.12", "", { "os": "linux", "cpu": "none" }, "sha512-Zr7KR4hgKUpWAwb1f3o5ygT04MzqVrGEGXGLnj15YQDJErYu/BGg+wmFlIDOdJp0PmB0lLvxFIOXZgFRrdjR0w=="],
+    "@esbuild/linux-s390x": ["@esbuild/linux-s390x@0.27.2", "", { "os": "linux", "cpu": "s390x" }, "sha512-p4bm9+wsPwup5Z8f4EpfN63qNagQ47Ua2znaqGH6bqLlmJ4bx97Y9JdqxgGZ6Y8xVTixUnEkoKSHcpRlDnNr5w=="],
 
-    "@esbuild/linux-s390x": ["@esbuild/linux-s390x@0.25.12", "", { "os": "linux", "cpu": "s390x" }, "sha512-MsKncOcgTNvdtiISc/jZs/Zf8d0cl/t3gYWX8J9ubBnVOwlk65UIEEvgBORTiljloIWnBzLs4qhzPkJcitIzIg=="],
+    "@esbuild/linux-x64": ["@esbuild/linux-x64@0.27.2", "", { "os": "linux", "cpu": "x64" }, "sha512-uwp2Tip5aPmH+NRUwTcfLb+W32WXjpFejTIOWZFw/v7/KnpCDKG66u4DLcurQpiYTiYwQ9B7KOeMJvLCu/OvbA=="],
 
-    "@esbuild/linux-x64": ["@esbuild/linux-x64@0.25.12", "", { "os": "linux", "cpu": "x64" }, "sha512-uqZMTLr/zR/ed4jIGnwSLkaHmPjOjJvnm6TVVitAa08SLS9Z0VM8wIRx7gWbJB5/J54YuIMInDquWyYvQLZkgw=="],
+    "@esbuild/netbsd-arm64": ["@esbuild/netbsd-arm64@0.27.2", "", { "os": "none", "cpu": "arm64" }, "sha512-Kj6DiBlwXrPsCRDeRvGAUb/LNrBASrfqAIok+xB0LxK8CHqxZ037viF13ugfsIpePH93mX7xfJp97cyDuTZ3cw=="],
 
-    "@esbuild/netbsd-arm64": ["@esbuild/netbsd-arm64@0.25.12", "", { "os": "none", "cpu": "arm64" }, "sha512-xXwcTq4GhRM7J9A8Gv5boanHhRa/Q9KLVmcyXHCTaM4wKfIpWkdXiMog/KsnxzJ0A1+nD+zoecuzqPmCRyBGjg=="],
+    "@esbuild/netbsd-x64": ["@esbuild/netbsd-x64@0.27.2", "", { "os": "none", "cpu": "x64" }, "sha512-HwGDZ0VLVBY3Y+Nw0JexZy9o/nUAWq9MlV7cahpaXKW6TOzfVno3y3/M8Ga8u8Yr7GldLOov27xiCnqRZf0tCA=="],
 
-    "@esbuild/netbsd-x64": ["@esbuild/netbsd-x64@0.25.12", "", { "os": "none", "cpu": "x64" }, "sha512-Ld5pTlzPy3YwGec4OuHh1aCVCRvOXdH8DgRjfDy/oumVovmuSzWfnSJg+VtakB9Cm0gxNO9BzWkj6mtO1FMXkQ=="],
+    "@esbuild/openbsd-arm64": ["@esbuild/openbsd-arm64@0.27.2", "", { "os": "openbsd", "cpu": "arm64" }, "sha512-DNIHH2BPQ5551A7oSHD0CKbwIA/Ox7+78/AWkbS5QoRzaqlev2uFayfSxq68EkonB+IKjiuxBFoV8ESJy8bOHA=="],
 
-    "@esbuild/openbsd-arm64": ["@esbuild/openbsd-arm64@0.25.12", "", { "os": "openbsd", "cpu": "arm64" }, "sha512-fF96T6KsBo/pkQI950FARU9apGNTSlZGsv1jZBAlcLL1MLjLNIWPBkj5NlSz8aAzYKg+eNqknrUJ24QBybeR5A=="],
+    "@esbuild/openbsd-x64": ["@esbuild/openbsd-x64@0.27.2", "", { "os": "openbsd", "cpu": "x64" }, "sha512-/it7w9Nb7+0KFIzjalNJVR5bOzA9Vay+yIPLVHfIQYG/j+j9VTH84aNB8ExGKPU4AzfaEvN9/V4HV+F+vo8OEg=="],
 
-    "@esbuild/openbsd-x64": ["@esbuild/openbsd-x64@0.25.12", "", { "os": "openbsd", "cpu": "x64" }, "sha512-MZyXUkZHjQxUvzK7rN8DJ3SRmrVrke8ZyRusHlP+kuwqTcfWLyqMOE3sScPPyeIXN/mDJIfGXvcMqCgYKekoQw=="],
+    "@esbuild/openharmony-arm64": ["@esbuild/openharmony-arm64@0.27.2", "", { "os": "none", "cpu": "arm64" }, "sha512-LRBbCmiU51IXfeXk59csuX/aSaToeG7w48nMwA6049Y4J4+VbWALAuXcs+qcD04rHDuSCSRKdmY63sruDS5qag=="],
 
-    "@esbuild/openharmony-arm64": ["@esbuild/openharmony-arm64@0.25.12", "", { "os": "none", "cpu": "arm64" }, "sha512-rm0YWsqUSRrjncSXGA7Zv78Nbnw4XL6/dzr20cyrQf7ZmRcsovpcRBdhD43Nuk3y7XIoW2OxMVvwuRvk9XdASg=="],
+    "@esbuild/sunos-x64": ["@esbuild/sunos-x64@0.27.2", "", { "os": "sunos", "cpu": "x64" }, "sha512-kMtx1yqJHTmqaqHPAzKCAkDaKsffmXkPHThSfRwZGyuqyIeBvf08KSsYXl+abf5HDAPMJIPnbBfXvP2ZC2TfHg=="],
 
-    "@esbuild/sunos-x64": ["@esbuild/sunos-x64@0.25.12", "", { "os": "sunos", "cpu": "x64" }, "sha512-3wGSCDyuTHQUzt0nV7bocDy72r2lI33QL3gkDNGkod22EsYl04sMf0qLb8luNKTOmgF/eDEDP5BFNwoBKH441w=="],
+    "@esbuild/win32-arm64": ["@esbuild/win32-arm64@0.27.2", "", { "os": "win32", "cpu": "arm64" }, "sha512-Yaf78O/B3Kkh+nKABUF++bvJv5Ijoy9AN1ww904rOXZFLWVc5OLOfL56W+C8F9xn5JQZa3UX6m+IktJnIb1Jjg=="],
 
-    "@esbuild/win32-arm64": ["@esbuild/win32-arm64@0.25.12", "", { "os": "win32", "cpu": "arm64" }, "sha512-rMmLrur64A7+DKlnSuwqUdRKyd3UE7oPJZmnljqEptesKM8wx9J8gx5u0+9Pq0fQQW8vqeKebwNXdfOyP+8Bsg=="],
+    "@esbuild/win32-ia32": ["@esbuild/win32-ia32@0.27.2", "", { "os": "win32", "cpu": "ia32" }, "sha512-Iuws0kxo4yusk7sw70Xa2E2imZU5HoixzxfGCdxwBdhiDgt9vX9VUCBhqcwY7/uh//78A1hMkkROMJq9l27oLQ=="],
 
-    "@esbuild/win32-ia32": ["@esbuild/win32-ia32@0.25.12", "", { "os": "win32", "cpu": "ia32" }, "sha512-HkqnmmBoCbCwxUKKNPBixiWDGCpQGVsrQfJoVGYLPT41XWF8lHuE5N6WhVia2n4o5QK5M4tYr21827fNhi4byQ=="],
+    "@esbuild/win32-x64": ["@esbuild/win32-x64@0.27.2", "", { "os": "win32", "cpu": "x64" }, "sha512-sRdU18mcKf7F+YgheI/zGf5alZatMUTKj/jNS6l744f9u3WFu4v7twcUI9vu4mknF4Y9aDlblIie0IM+5xxaqQ=="],
 
-    "@esbuild/win32-x64": ["@esbuild/win32-x64@0.25.12", "", { "os": "win32", "cpu": "x64" }, "sha512-alJC0uCZpTFrSL0CCDjcgleBXPnCrEAhTBILpeAp7M/OFgoqtAetfBzX0xM00MUsVVPpVjlPuMbREqnZCXaTnA=="],
+    "@faker-js/faker": ["@faker-js/faker@10.1.0", "", {}, "sha512-C3mrr3b5dRVlKPJdfrAXS8+dq+rq8Qm5SNRazca0JKgw1HQERFmrVb0towvMmw5uu8hHKNiQasMaR/tydf3Zsg=="],
 
     "@floating-ui/core": ["@floating-ui/core@1.7.3", "", { "dependencies": { "@floating-ui/utils": "^0.2.10" } }, "sha512-sGnvb5dmrJaKEZ+LDIpguvdX3bDlEllmv4/ClQ9awcmCZrlx5jQyyMWFM5kBI+EyNOCDDiKk8il0zeuX3Zlg/w=="],
 
@@ -235,15 +244,15 @@
 
     "@hey-api/codegen-core": ["@hey-api/codegen-core@0.3.3", "", { "peerDependencies": { "typescript": ">=5.5.3" } }, "sha512-vArVDtrvdzFewu1hnjUm4jX1NBITlSCeO81EdWq676MxQbyxsGcDPAgohaSA+Wvr4HjPSvsg2/1s2zYxUtXebg=="],
 
-    "@hey-api/json-schema-ref-parser": ["@hey-api/json-schema-ref-parser@1.2.1", "", { "dependencies": { "@jsdevtools/ono": "^7.1.3", "@types/json-schema": "^7.0.15", "js-yaml": "^4.1.0", "lodash": "^4.17.21" } }, "sha512-inPeksRLq+j3ArnuGOzQPQE//YrhezQG0+9Y9yizScBN2qatJ78fIByhEgKdNAbtguDCn4RPxmEhcrePwHxs4A=="],
+    "@hey-api/json-schema-ref-parser": ["@hey-api/json-schema-ref-parser@1.2.2", "", { "dependencies": { "@jsdevtools/ono": "^7.1.3", "@types/json-schema": "^7.0.15", "js-yaml": "^4.1.1", "lodash": "^4.17.21" } }, "sha512-oS+5yAdwnK20lSeFO1d53Ku+yaGCsY8PcrmSq2GtSs3bsBfRnHAbpPKSVzQcaxAOrzj5NB+f34WhZglVrNayBA=="],
 
-    "@hey-api/openapi-ts": ["@hey-api/openapi-ts@0.88.0", "", { "dependencies": { "@hey-api/codegen-core": "^0.3.3", "@hey-api/json-schema-ref-parser": "1.2.1", "ansi-colors": "4.1.3", "c12": "3.3.2", "color-support": "1.1.3", "commander": "14.0.2", "open": "11.0.0", "semver": "7.7.2" }, "peerDependencies": { "typescript": ">=5.5.3" }, "bin": { "openapi-ts": "bin/run.js" } }, "sha512-ZrvmDfmVf+N4ry786LAhS/DoH+xkIjIJIeDnj2aL1qnMTIDsdRIXXvr80EnAZVBgunzu1wTBbHb3H9OfyDQ2EQ=="],
+    "@hey-api/openapi-ts": ["@hey-api/openapi-ts@0.88.2", "", { "dependencies": { "@hey-api/codegen-core": "^0.3.3", "@hey-api/json-schema-ref-parser": "1.2.2", "ansi-colors": "4.1.3", "c12": "3.3.2", "color-support": "1.1.3", "commander": "14.0.2", "open": "11.0.0", "semver": "7.7.2" }, "peerDependencies": { "typescript": ">=5.5.3" }, "bin": { "openapi-ts": "bin/run.js" } }, "sha512-JMae1RJ8S8D8lVCFQnsrWaKY0CxrR4TUmZIoU1SuvaeZ+pkMPYuQoj8fO37R5d8juUfFVzCGYV5/Ro0vbDqBbA=="],
 
-    "@hono/node-server": ["@hono/node-server@1.19.6", "", { "peerDependencies": { "hono": "^4" } }, "sha512-Shz/KjlIeAhfiuE93NDKVdZ7HdBVLQAfdbaXEaoAVO3ic9ibRSLGIQGkcBbFyuLr+7/1D5ZCINM8B+6IvXeMtw=="],
+    "@hono/node-server": ["@hono/node-server@1.19.7", "", { "peerDependencies": { "hono": "^4" } }, "sha512-vUcD0uauS7EU2caukW8z5lJKtoGMokxNbJtBiwHgpqxEXokaHCBkQUmCHhjFB1VUTWdqj25QoMkMKzgjq+uhrw=="],
 
     "@hono/node-ws": ["@hono/node-ws@1.2.0", "", { "dependencies": { "ws": "^8.17.0" }, "peerDependencies": { "@hono/node-server": "^1.11.1", "hono": "^4.6.0" } }, "sha512-OBPQ8OSHBw29mj00wT/xGYtB6HY54j0fNSdVZ7gZM3TUeq0So11GXaWtFf1xWxQNfumKIsj0wRuLKWfVsO5GgQ=="],
 
-    "@hono/standard-validator": ["@hono/standard-validator@0.2.0", "", { "peerDependencies": { "@standard-schema/spec": "1.0.0", "hono": ">=3.9.0" } }, "sha512-pFq0UVAnjzXcDAgqFpDeVL3MOUPrlIh/kPqBDvbCYoThVhhS+Vf37VcdsakdOFFGiqoiYVxp3LifXFhGhp/rgQ=="],
+    "@hono/standard-validator": ["@hono/standard-validator@0.2.1", "", { "peerDependencies": { "@standard-schema/spec": "1.0.0", "hono": ">=3.9.0" } }, "sha512-uF1W7/iSWi0r5Mugj5ZzdlCVp/KeGatS6JYt+Eht9xKO0IDtdZbdaLApgjrzHINQQa+Wnxw2pcX6EfO+vgB+Wg=="],
 
     "@hono/vite-dev-server": ["@hono/vite-dev-server@0.23.0", "", { "dependencies": { "@hono/node-server": "^1.14.2", "minimatch": "^9.0.3" }, "peerDependencies": { "hono": "*", "miniflare": "*", "wrangler": "*" }, "optionalPeers": ["miniflare", "wrangler"] }, "sha512-tHV86xToed9Up0j/dubQW2PDP4aYNFDSfQrjcV6Ra7bqCGrxhtg/zZBmbgSco3aTxKOEPzDXKK+6seAAfsbIXw=="],
 
@@ -339,117 +348,119 @@
 
     "@radix-ui/rect": ["@radix-ui/rect@1.1.1", "", {}, "sha512-HPwpGIzkl28mWyZqG52jiqDJ12waP11Pa1lGoiyUkIEuMLBP0oeK/C89esbXrxsky5we7dfd8U58nm0SgAWpVw=="],
 
-    "@react-router/dev": ["@react-router/dev@7.10.0", "", { "dependencies": { "@babel/core": "^7.27.7", "@babel/generator": "^7.27.5", "@babel/parser": "^7.27.7", "@babel/plugin-syntax-jsx": "^7.27.1", "@babel/preset-typescript": "^7.27.1", "@babel/traverse": "^7.27.7", "@babel/types": "^7.27.7", "@react-router/node": "7.10.0", "@remix-run/node-fetch-server": "^0.9.0", "arg": "^5.0.1", "babel-dead-code-elimination": "^1.0.6", "chokidar": "^4.0.0", "dedent": "^1.5.3", "es-module-lexer": "^1.3.1", "exit-hook": "2.2.1", "isbot": "^5.1.11", "jsesc": "3.0.2", "lodash": "^4.17.21", "p-map": "^7.0.3", "pathe": "^1.1.2", "picocolors": "^1.1.1", "pkg-types": "^2.3.0", "prettier": "^3.6.2", "react-refresh": "^0.14.0", "semver": "^7.3.7", "tinyglobby": "^0.2.14", "valibot": "^1.1.0", "vite-node": "^3.2.2" }, "peerDependencies": { "@react-router/serve": "^7.10.0", "@vitejs/plugin-rsc": "*", "react-router": "^7.10.0", "typescript": "^5.1.0", "vite": "^5.1.0 || ^6.0.0 || ^7.0.0", "wrangler": "^3.28.2 || ^4.0.0" }, "optionalPeers": ["@react-router/serve", "@vitejs/plugin-rsc", "typescript", "wrangler"], "bin": { "react-router": "bin.js" } }, "sha512-3UgkV0N5lp3+Ol3q64L4ZHgPXv2XA4KHJ59MVLSK2prokrOrPaYvqbdx40r602M+hRZp/u04ln2A6cOfBW6kxA=="],
+    "@react-router/dev": ["@react-router/dev@7.11.0", "", { "dependencies": { "@babel/core": "^7.27.7", "@babel/generator": "^7.27.5", "@babel/parser": "^7.27.7", "@babel/plugin-syntax-jsx": "^7.27.1", "@babel/preset-typescript": "^7.27.1", "@babel/traverse": "^7.27.7", "@babel/types": "^7.27.7", "@react-router/node": "7.11.0", "@remix-run/node-fetch-server": "^0.9.0", "arg": "^5.0.1", "babel-dead-code-elimination": "^1.0.6", "chokidar": "^4.0.0", "dedent": "^1.5.3", "es-module-lexer": "^1.3.1", "exit-hook": "2.2.1", "isbot": "^5.1.11", "jsesc": "3.0.2", "lodash": "^4.17.21", "p-map": "^7.0.3", "pathe": "^1.1.2", "picocolors": "^1.1.1", "pkg-types": "^2.3.0", "prettier": "^3.6.2", "react-refresh": "^0.14.0", "semver": "^7.3.7", "tinyglobby": "^0.2.14", "valibot": "^1.2.0", "vite-node": "^3.2.2" }, "peerDependencies": { "@react-router/serve": "^7.11.0", "@vitejs/plugin-rsc": "~0.5.7", "react-router": "^7.11.0", "react-server-dom-webpack": "^19.2.3", "typescript": "^5.1.0", "vite": "^5.1.0 || ^6.0.0 || ^7.0.0", "wrangler": "^3.28.2 || ^4.0.0" }, "optionalPeers": ["@react-router/serve", "@vitejs/plugin-rsc", "react-server-dom-webpack", "typescript", "wrangler"], "bin": { "react-router": "bin.js" } }, "sha512-g1ou5Zw3r4mCU0L+EXH4vRtAiyt8qz1JOvL1k+PW4rZ4+71h5nBy/fLgD7cg5BnzQZmjRO1PzCgpF5BIrlKYxQ=="],
 
-    "@react-router/express": ["@react-router/express@7.10.0", "", { "dependencies": { "@react-router/node": "7.10.0" }, "peerDependencies": { "express": "^4.17.1 || ^5", "react-router": "7.10.0", "typescript": "^5.1.0" }, "optionalPeers": ["typescript"] }, "sha512-3cBJ2cyHn5J+wSNFn+XdNSpXVAlQ+nbj7CMa3OsiEpFb+d0GLthirvSESqRjX2Eid94xNHICqKpYS9bR4QqIxg=="],
+    "@react-router/express": ["@react-router/express@7.11.0", "", { "dependencies": { "@react-router/node": "7.11.0" }, "peerDependencies": { "express": "^4.17.1 || ^5", "react-router": "7.11.0", "typescript": "^5.1.0" }, "optionalPeers": ["typescript"] }, "sha512-o5DeO9tqUrZcUWAgmPGgK4I/S6iFpqnj/e20xMGA04trk+90b9KAx9eqmRMgHERubVKANTM9gTDPduobQjeH1A=="],
 
-    "@react-router/node": ["@react-router/node@7.10.0", "", { "dependencies": { "@mjackson/node-fetch-server": "^0.2.0" }, "peerDependencies": { "react-router": "7.10.0", "typescript": "^5.1.0" }, "optionalPeers": ["typescript"] }, "sha512-pff3Xz3gASrIUUX54QdlPzasdN9XRLnzoFEwUVsH5y2sZ6vijQdjZExLS6aQhPiuUr/uVPwN2WngO0Ryfrxulg=="],
+    "@react-router/node": ["@react-router/node@7.11.0", "", { "dependencies": { "@mjackson/node-fetch-server": "^0.2.0" }, "peerDependencies": { "react-router": "7.11.0", "typescript": "^5.1.0" }, "optionalPeers": ["typescript"] }, "sha512-11ha8EW+F7wTMmPz2pdi11LJxz2irtuksiCpunpZjtpPmYU37S+GGihG8vFeTa2xFPNunEaHNlfzKyzeYm570Q=="],
 
-    "@react-router/serve": ["@react-router/serve@7.10.0", "", { "dependencies": { "@mjackson/node-fetch-server": "^0.2.0", "@react-router/express": "7.10.0", "@react-router/node": "7.10.0", "compression": "^1.7.4", "express": "^4.19.2", "get-port": "5.1.1", "morgan": "^1.10.0", "source-map-support": "^0.5.21" }, "peerDependencies": { "react-router": "7.10.0" }, "bin": { "react-router-serve": "bin.js" } }, "sha512-tgdbw1lmDkzF3gCMj//iNklgUrYHUxz35rj0sbyLeti8K2gVsNxaZWyt5omanFgkeZ7WYfi0wzLHviqxl228eA=="],
+    "@react-router/serve": ["@react-router/serve@7.11.0", "", { "dependencies": { "@mjackson/node-fetch-server": "^0.2.0", "@react-router/express": "7.11.0", "@react-router/node": "7.11.0", "compression": "^1.8.1", "express": "^4.19.2", "get-port": "5.1.1", "morgan": "^1.10.1", "source-map-support": "^0.5.21" }, "peerDependencies": { "react-router": "7.11.0" }, "bin": { "react-router-serve": "bin.js" } }, "sha512-U5Ht9PmUYF4Ti1ssaWlddLY4ZCbXBtHDGFU/u1h3VsHqleSdHsFuGAFrr/ZEuqTuEWp1CLqn2npEDAmlV9IUKQ=="],
 
-    "@reduxjs/toolkit": ["@reduxjs/toolkit@2.10.1", "", { "dependencies": { "@standard-schema/spec": "^1.0.0", "@standard-schema/utils": "^0.3.0", "immer": "^10.2.0", "redux": "^5.0.1", "redux-thunk": "^3.1.0", "reselect": "^5.1.0" }, "peerDependencies": { "react": "^16.9.0 || ^17.0.0 || ^18 || ^19", "react-redux": "^7.2.1 || ^8.1.3 || ^9.0.0" }, "optionalPeers": ["react", "react-redux"] }, "sha512-/U17EXQ9Do9Yx4DlNGU6eVNfZvFJfYpUtRRdLf19PbPjdWBxNlxGZXywQZ1p1Nz8nMkWplTI7iD/23m07nolDA=="],
+    "@reduxjs/toolkit": ["@reduxjs/toolkit@2.11.2", "", { "dependencies": { "@standard-schema/spec": "^1.0.0", "@standard-schema/utils": "^0.3.0", "immer": "^11.0.0", "redux": "^5.0.1", "redux-thunk": "^3.1.0", "reselect": "^5.1.0" }, "peerDependencies": { "react": "^16.9.0 || ^17.0.0 || ^18 || ^19", "react-redux": "^7.2.1 || ^8.1.3 || ^9.0.0" }, "optionalPeers": ["react", "react-redux"] }, "sha512-Kd6kAHTA6/nUpp8mySPqj3en3dm0tdMIgbttnQ1xFMVpufoj+ADi8pXLBsd4xzTRHQa7t/Jv8W5UnCuW4kuWMQ=="],
 
     "@remix-run/node-fetch-server": ["@remix-run/node-fetch-server@0.9.0", "", {}, "sha512-SoLMv7dbH+njWzXnOY6fI08dFMI5+/dQ+vY3n8RnnbdG7MdJEgiP28Xj/xWlnRnED/aB6SFw56Zop+LbmaaKqA=="],
 
-    "@rollup/rollup-android-arm-eabi": ["@rollup/rollup-android-arm-eabi@4.53.2", "", { "os": "android", "cpu": "arm" }, "sha512-yDPzwsgiFO26RJA4nZo8I+xqzh7sJTZIWQOxn+/XOdPE31lAvLIYCKqjV+lNH/vxE2L2iH3plKxDCRK6i+CwhA=="],
+    "@rollup/rollup-android-arm-eabi": ["@rollup/rollup-android-arm-eabi@4.53.5", "", { "os": "android", "cpu": "arm" }, "sha512-iDGS/h7D8t7tvZ1t6+WPK04KD0MwzLZrG0se1hzBjSi5fyxlsiggoJHwh18PCFNn7tG43OWb6pdZ6Y+rMlmyNQ=="],
 
-    "@rollup/rollup-android-arm64": ["@rollup/rollup-android-arm64@4.53.2", "", { "os": "android", "cpu": "arm64" }, "sha512-k8FontTxIE7b0/OGKeSN5B6j25EuppBcWM33Z19JoVT7UTXFSo3D9CdU39wGTeb29NO3XxpMNauh09B+Ibw+9g=="],
+    "@rollup/rollup-android-arm64": ["@rollup/rollup-android-arm64@4.53.5", "", { "os": "android", "cpu": "arm64" }, "sha512-wrSAViWvZHBMMlWk6EJhvg8/rjxzyEhEdgfMMjREHEq11EtJ6IP6yfcCH57YAEca2Oe3FNCE9DSTgU70EIGmVw=="],
 
-    "@rollup/rollup-darwin-arm64": ["@rollup/rollup-darwin-arm64@4.53.2", "", { "os": "darwin", "cpu": "arm64" }, "sha512-A6s4gJpomNBtJ2yioj8bflM2oogDwzUiMl2yNJ2v9E7++sHrSrsQ29fOfn5DM/iCzpWcebNYEdXpaK4tr2RhfQ=="],
+    "@rollup/rollup-darwin-arm64": ["@rollup/rollup-darwin-arm64@4.53.5", "", { "os": "darwin", "cpu": "arm64" }, "sha512-S87zZPBmRO6u1YXQLwpveZm4JfPpAa6oHBX7/ghSiGH3rz/KDgAu1rKdGutV+WUI6tKDMbaBJomhnT30Y2t4VQ=="],
 
-    "@rollup/rollup-darwin-x64": ["@rollup/rollup-darwin-x64@4.53.2", "", { "os": "darwin", "cpu": "x64" }, "sha512-e6XqVmXlHrBlG56obu9gDRPW3O3hLxpwHpLsBJvuI8qqnsrtSZ9ERoWUXtPOkY8c78WghyPHZdmPhHLWNdAGEw=="],
+    "@rollup/rollup-darwin-x64": ["@rollup/rollup-darwin-x64@4.53.5", "", { "os": "darwin", "cpu": "x64" }, "sha512-YTbnsAaHo6VrAczISxgpTva8EkfQus0VPEVJCEaboHtZRIb6h6j0BNxRBOwnDciFTZLDPW5r+ZBmhL/+YpTZgA=="],
 
-    "@rollup/rollup-freebsd-arm64": ["@rollup/rollup-freebsd-arm64@4.53.2", "", { "os": "freebsd", "cpu": "arm64" }, "sha512-v0E9lJW8VsrwPux5Qe5CwmH/CF/2mQs6xU1MF3nmUxmZUCHazCjLgYvToOk+YuuUqLQBio1qkkREhxhc656ViA=="],
+    "@rollup/rollup-freebsd-arm64": ["@rollup/rollup-freebsd-arm64@4.53.5", "", { "os": "freebsd", "cpu": "arm64" }, "sha512-1T8eY2J8rKJWzaznV7zedfdhD1BqVs1iqILhmHDq/bqCUZsrMt+j8VCTHhP0vdfbHK3e1IQ7VYx3jlKqwlf+vw=="],
 
-    "@rollup/rollup-freebsd-x64": ["@rollup/rollup-freebsd-x64@4.53.2", "", { "os": "freebsd", "cpu": "x64" }, "sha512-ClAmAPx3ZCHtp6ysl4XEhWU69GUB1D+s7G9YjHGhIGCSrsg00nEGRRZHmINYxkdoJehde8VIsDC5t9C0gb6yqA=="],
+    "@rollup/rollup-freebsd-x64": ["@rollup/rollup-freebsd-x64@4.53.5", "", { "os": "freebsd", "cpu": "x64" }, "sha512-sHTiuXyBJApxRn+VFMaw1U+Qsz4kcNlxQ742snICYPrY+DDL8/ZbaC4DVIB7vgZmp3jiDaKA0WpBdP0aqPJoBQ=="],
 
-    "@rollup/rollup-linux-arm-gnueabihf": ["@rollup/rollup-linux-arm-gnueabihf@4.53.2", "", { "os": "linux", "cpu": "arm" }, "sha512-EPlb95nUsz6Dd9Qy13fI5kUPXNSljaG9FiJ4YUGU1O/Q77i5DYFW5KR8g1OzTcdZUqQQ1KdDqsTohdFVwCwjqg=="],
+    "@rollup/rollup-linux-arm-gnueabihf": ["@rollup/rollup-linux-arm-gnueabihf@4.53.5", "", { "os": "linux", "cpu": "arm" }, "sha512-dV3T9MyAf0w8zPVLVBptVlzaXxka6xg1f16VAQmjg+4KMSTWDvhimI/Y6mp8oHwNrmnmVl9XxJ/w/mO4uIQONA=="],
 
-    "@rollup/rollup-linux-arm-musleabihf": ["@rollup/rollup-linux-arm-musleabihf@4.53.2", "", { "os": "linux", "cpu": "arm" }, "sha512-BOmnVW+khAUX+YZvNfa0tGTEMVVEerOxN0pDk2E6N6DsEIa2Ctj48FOMfNDdrwinocKaC7YXUZ1pHlKpnkja/Q=="],
+    "@rollup/rollup-linux-arm-musleabihf": ["@rollup/rollup-linux-arm-musleabihf@4.53.5", "", { "os": "linux", "cpu": "arm" }, "sha512-wIGYC1x/hyjP+KAu9+ewDI+fi5XSNiUi9Bvg6KGAh2TsNMA3tSEs+Sh6jJ/r4BV/bx/CyWu2ue9kDnIdRyafcQ=="],
 
-    "@rollup/rollup-linux-arm64-gnu": ["@rollup/rollup-linux-arm64-gnu@4.53.2", "", { "os": "linux", "cpu": "arm64" }, "sha512-Xt2byDZ+6OVNuREgBXr4+CZDJtrVso5woFtpKdGPhpTPHcNG7D8YXeQzpNbFRxzTVqJf7kvPMCub/pcGUWgBjA=="],
+    "@rollup/rollup-linux-arm64-gnu": ["@rollup/rollup-linux-arm64-gnu@4.53.5", "", { "os": "linux", "cpu": "arm64" }, "sha512-Y+qVA0D9d0y2FRNiG9oM3Hut/DgODZbU9I8pLLPwAsU0tUKZ49cyV1tzmB/qRbSzGvY8lpgGkJuMyuhH7Ma+Vg=="],
 
-    "@rollup/rollup-linux-arm64-musl": ["@rollup/rollup-linux-arm64-musl@4.53.2", "", { "os": "linux", "cpu": "arm64" }, "sha512-+LdZSldy/I9N8+klim/Y1HsKbJ3BbInHav5qE9Iy77dtHC/pibw1SR/fXlWyAk0ThnpRKoODwnAuSjqxFRDHUQ=="],
+    "@rollup/rollup-linux-arm64-musl": ["@rollup/rollup-linux-arm64-musl@4.53.5", "", { "os": "linux", "cpu": "arm64" }, "sha512-juaC4bEgJsyFVfqhtGLz8mbopaWD+WeSOYr5E16y+1of6KQjc0BpwZLuxkClqY1i8sco+MdyoXPNiCkQou09+g=="],
 
-    "@rollup/rollup-linux-loong64-gnu": ["@rollup/rollup-linux-loong64-gnu@4.53.2", "", { "os": "linux", "cpu": "none" }, "sha512-8ms8sjmyc1jWJS6WdNSA23rEfdjWB30LH8Wqj0Cqvv7qSHnvw6kgMMXRdop6hkmGPlyYBdRPkjJnj3KCUHV/uQ=="],
+    "@rollup/rollup-linux-loong64-gnu": ["@rollup/rollup-linux-loong64-gnu@4.53.5", "", { "os": "linux", "cpu": "none" }, "sha512-rIEC0hZ17A42iXtHX+EPJVL/CakHo+tT7W0pbzdAGuWOt2jxDFh7A/lRhsNHBcqL4T36+UiAgwO8pbmn3dE8wA=="],
 
-    "@rollup/rollup-linux-ppc64-gnu": ["@rollup/rollup-linux-ppc64-gnu@4.53.2", "", { "os": "linux", "cpu": "ppc64" }, "sha512-3HRQLUQbpBDMmzoxPJYd3W6vrVHOo2cVW8RUo87Xz0JPJcBLBr5kZ1pGcQAhdZgX9VV7NbGNipah1omKKe23/g=="],
+    "@rollup/rollup-linux-ppc64-gnu": ["@rollup/rollup-linux-ppc64-gnu@4.53.5", "", { "os": "linux", "cpu": "ppc64" }, "sha512-T7l409NhUE552RcAOcmJHj3xyZ2h7vMWzcwQI0hvn5tqHh3oSoclf9WgTl+0QqffWFG8MEVZZP1/OBglKZx52Q=="],
 
-    "@rollup/rollup-linux-riscv64-gnu": ["@rollup/rollup-linux-riscv64-gnu@4.53.2", "", { "os": "linux", "cpu": "none" }, "sha512-fMjKi+ojnmIvhk34gZP94vjogXNNUKMEYs+EDaB/5TG/wUkoeua7p7VCHnE6T2Tx+iaghAqQX8teQzcvrYpaQA=="],
+    "@rollup/rollup-linux-riscv64-gnu": ["@rollup/rollup-linux-riscv64-gnu@4.53.5", "", { "os": "linux", "cpu": "none" }, "sha512-7OK5/GhxbnrMcxIFoYfhV/TkknarkYC1hqUw1wU2xUN3TVRLNT5FmBv4KkheSG2xZ6IEbRAhTooTV2+R5Tk0lQ=="],
 
-    "@rollup/rollup-linux-riscv64-musl": ["@rollup/rollup-linux-riscv64-musl@4.53.2", "", { "os": "linux", "cpu": "none" }, "sha512-XuGFGU+VwUUV5kLvoAdi0Wz5Xbh2SrjIxCtZj6Wq8MDp4bflb/+ThZsVxokM7n0pcbkEr2h5/pzqzDYI7cCgLQ=="],
+    "@rollup/rollup-linux-riscv64-musl": ["@rollup/rollup-linux-riscv64-musl@4.53.5", "", { "os": "linux", "cpu": "none" }, "sha512-GwuDBE/PsXaTa76lO5eLJTyr2k8QkPipAyOrs4V/KJufHCZBJ495VCGJol35grx9xryk4V+2zd3Ri+3v7NPh+w=="],
 
-    "@rollup/rollup-linux-s390x-gnu": ["@rollup/rollup-linux-s390x-gnu@4.53.2", "", { "os": "linux", "cpu": "s390x" }, "sha512-w6yjZF0P+NGzWR3AXWX9zc0DNEGdtvykB03uhonSHMRa+oWA6novflo2WaJr6JZakG2ucsyb+rvhrKac6NIy+w=="],
+    "@rollup/rollup-linux-s390x-gnu": ["@rollup/rollup-linux-s390x-gnu@4.53.5", "", { "os": "linux", "cpu": "s390x" }, "sha512-IAE1Ziyr1qNfnmiQLHBURAD+eh/zH1pIeJjeShleII7Vj8kyEm2PF77o+lf3WTHDpNJcu4IXJxNO0Zluro8bOw=="],
 
-    "@rollup/rollup-linux-x64-gnu": ["@rollup/rollup-linux-x64-gnu@4.53.2", "", { "os": "linux", "cpu": "x64" }, "sha512-yo8d6tdfdeBArzC7T/PnHd7OypfI9cbuZzPnzLJIyKYFhAQ8SvlkKtKBMbXDxe1h03Rcr7u++nFS7tqXz87Gtw=="],
+    "@rollup/rollup-linux-x64-gnu": ["@rollup/rollup-linux-x64-gnu@4.53.5", "", { "os": "linux", "cpu": "x64" }, "sha512-Pg6E+oP7GvZ4XwgRJBuSXZjcqpIW3yCBhK4BcsANvb47qMvAbCjR6E+1a/U2WXz1JJxp9/4Dno3/iSJLcm5auw=="],
 
-    "@rollup/rollup-linux-x64-musl": ["@rollup/rollup-linux-x64-musl@4.53.2", "", { "os": "linux", "cpu": "x64" }, "sha512-ah59c1YkCxKExPP8O9PwOvs+XRLKwh/mV+3YdKqQ5AMQ0r4M4ZDuOrpWkUaqO7fzAHdINzV9tEVu8vNw48z0lA=="],
+    "@rollup/rollup-linux-x64-musl": ["@rollup/rollup-linux-x64-musl@4.53.5", "", { "os": "linux", "cpu": "x64" }, "sha512-txGtluxDKTxaMDzUduGP0wdfng24y1rygUMnmlUJ88fzCCULCLn7oE5kb2+tRB+MWq1QDZT6ObT5RrR8HFRKqg=="],
 
-    "@rollup/rollup-openharmony-arm64": ["@rollup/rollup-openharmony-arm64@4.53.2", "", { "os": "none", "cpu": "arm64" }, "sha512-4VEd19Wmhr+Zy7hbUsFZ6YXEiP48hE//KPLCSVNY5RMGX2/7HZ+QkN55a3atM1C/BZCGIgqN+xrVgtdak2S9+A=="],
+    "@rollup/rollup-openharmony-arm64": ["@rollup/rollup-openharmony-arm64@4.53.5", "", { "os": "none", "cpu": "arm64" }, "sha512-3DFiLPnTxiOQV993fMc+KO8zXHTcIjgaInrqlG8zDp1TlhYl6WgrOHuJkJQ6M8zHEcntSJsUp1XFZSY8C1DYbg=="],
 
-    "@rollup/rollup-win32-arm64-msvc": ["@rollup/rollup-win32-arm64-msvc@4.53.2", "", { "os": "win32", "cpu": "arm64" }, "sha512-IlbHFYc/pQCgew/d5fslcy1KEaYVCJ44G8pajugd8VoOEI8ODhtb/j8XMhLpwHCMB3yk2J07ctup10gpw2nyMA=="],
+    "@rollup/rollup-win32-arm64-msvc": ["@rollup/rollup-win32-arm64-msvc@4.53.5", "", { "os": "win32", "cpu": "arm64" }, "sha512-nggc/wPpNTgjGg75hu+Q/3i32R00Lq1B6N1DO7MCU340MRKL3WZJMjA9U4K4gzy3dkZPXm9E1Nc81FItBVGRlA=="],
 
-    "@rollup/rollup-win32-ia32-msvc": ["@rollup/rollup-win32-ia32-msvc@4.53.2", "", { "os": "win32", "cpu": "ia32" }, "sha512-lNlPEGgdUfSzdCWU176ku/dQRnA7W+Gp8d+cWv73jYrb8uT7HTVVxq62DUYxjbaByuf1Yk0RIIAbDzp+CnOTFg=="],
+    "@rollup/rollup-win32-ia32-msvc": ["@rollup/rollup-win32-ia32-msvc@4.53.5", "", { "os": "win32", "cpu": "ia32" }, "sha512-U/54pTbdQpPLBdEzCT6NBCFAfSZMvmjr0twhnD9f4EIvlm9wy3jjQ38yQj1AGznrNO65EWQMgm/QUjuIVrYF9w=="],
 
-    "@rollup/rollup-win32-x64-gnu": ["@rollup/rollup-win32-x64-gnu@4.53.2", "", { "os": "win32", "cpu": "x64" }, "sha512-S6YojNVrHybQis2lYov1sd+uj7K0Q05NxHcGktuMMdIQ2VixGwAfbJ23NnlvvVV1bdpR2m5MsNBViHJKcA4ADw=="],
+    "@rollup/rollup-win32-x64-gnu": ["@rollup/rollup-win32-x64-gnu@4.53.5", "", { "os": "win32", "cpu": "x64" }, "sha512-2NqKgZSuLH9SXBBV2dWNRCZmocgSOx8OJSdpRaEcRlIfX8YrKxUT6z0F1NpvDVhOsl190UFTRh2F2WDWWCYp3A=="],
 
-    "@rollup/rollup-win32-x64-msvc": ["@rollup/rollup-win32-x64-msvc@4.53.2", "", { "os": "win32", "cpu": "x64" }, "sha512-k+/Rkcyx//P6fetPoLMb8pBeqJBNGx81uuf7iljX9++yNBVRDQgD04L+SVXmXmh5ZP4/WOp4mWF0kmi06PW2tA=="],
+    "@rollup/rollup-win32-x64-msvc": ["@rollup/rollup-win32-x64-msvc@4.53.5", "", { "os": "win32", "cpu": "x64" }, "sha512-JRpZUhCfhZ4keB5v0fe02gQJy05GqboPOaxvjugW04RLSYYoB/9t2lx2u/tMs/Na/1NXfY8QYjgRljRpN+MjTQ=="],
 
-    "@scalar/core": ["@scalar/core@0.3.23", "", { "dependencies": { "@scalar/types": "0.5.0" } }, "sha512-hop7LVR3MKB2VpS8dly3gmmbB3lBGxQRtL0pBaC77zFMRHoBv1DuB2bj8l4gxd5grzitJ1LsYduvywLAMY9F6g=="],
+    "@scalar/core": ["@scalar/core@0.3.28", "", { "dependencies": { "@scalar/types": "0.5.4" } }, "sha512-Ka+g5P3Fe4f9lsJcBxfI+XAgwMYeZRgzIBWw1/HBrDoRmH3rV/N//410MBKEYXUw7pWpS+dZPJANZRvU5jtxhw=="],
 
-    "@scalar/hono-api-reference": ["@scalar/hono-api-reference@0.9.25", "", { "dependencies": { "@scalar/core": "0.3.23" }, "peerDependencies": { "hono": "^4.10.3" } }, "sha512-ZEQAhvVU/FXdJs8+rVXdfWjwzkE+M6Zr+4W+zNhy8DF17BIpxFXfVL7i3OxK1V/4EtkTplkETjYGTR4ju3RFZw=="],
+    "@scalar/helpers": ["@scalar/helpers@0.2.4", "", {}, "sha512-G7oGybO2QXM+MIxa4OZLXaYsS9mxKygFgOcY4UOXO6xpVoY5+8rahdak9cPk7HNj8RZSt4m/BveoT8g5BtnXxg=="],
 
-    "@scalar/types": ["@scalar/types@0.5.0", "", { "dependencies": { "nanoid": "5.1.5", "type-fest": "5.0.0", "zod": "4.1.11" } }, "sha512-imDMuTieOc5kHM9/Kt/1lmiI5ZtusuaYlzsXTP99IsWvD8mJ7ivF73lPBRj4PKtg4vY+ta5CO/vJpvnCYandRg=="],
+    "@scalar/hono-api-reference": ["@scalar/hono-api-reference@0.9.30", "", { "dependencies": { "@scalar/core": "0.3.28" }, "peerDependencies": { "hono": "^4.10.3" } }, "sha512-a9cPluqfi1bgX2p7PJl/2O4jgPcoAl/ecSAe74TbPYIi27A0O0bkUBscO7WNRJhWJ1GVVxX8NvJTNlDxUNBlpg=="],
+
+    "@scalar/types": ["@scalar/types@0.5.4", "", { "dependencies": { "@scalar/helpers": "0.2.4", "nanoid": "5.1.5", "type-fest": "5.0.0", "zod": "^4.1.11" } }, "sha512-5FNQH/zx3tnERzxfpErscPHfRxLCuhncmhFYiaSz196Xi2iG1YI08BtxTV2slfT6of52epJ/MrKerarplKf9eg=="],
 
     "@so-ric/colorspace": ["@so-ric/colorspace@1.1.6", "", { "dependencies": { "color": "^5.0.2", "text-hex": "1.0.x" } }, "sha512-/KiKkpHNOBgkFJwu9sh48LkHSMYGyuTcSFK/qMBdnOAlrRJzRSXAOFB5qwzaVQuDl8wAvHVMkaASQDReTahxuw=="],
 
     "@standard-community/standard-json": ["@standard-community/standard-json@0.3.5", "", { "peerDependencies": { "@standard-schema/spec": "^1.0.0", "@types/json-schema": "^7.0.15", "@valibot/to-json-schema": "^1.3.0", "arktype": "^2.1.20", "effect": "^3.16.8", "quansync": "^0.2.11", "sury": "^10.0.0", "typebox": "^1.0.17", "valibot": "^1.1.0", "zod": "^3.25.0 || ^4.0.0", "zod-to-json-schema": "^3.24.5" }, "optionalPeers": ["@valibot/to-json-schema", "arktype", "effect", "sury", "typebox", "valibot", "zod", "zod-to-json-schema"] }, "sha512-4+ZPorwDRt47i+O7RjyuaxHRK/37QY/LmgxlGrRrSTLYoFatEOzvqIc85GTlM18SFZ5E91C+v0o/M37wZPpUHA=="],
 
-    "@standard-community/standard-openapi": ["@standard-community/standard-openapi@0.2.8", "", { "peerDependencies": { "@standard-community/standard-json": "^0.3.5", "@standard-schema/spec": "^1.0.0", "arktype": "^2.1.20", "effect": "^3.17.14", "openapi-types": "^12.1.3", "sury": "^10.0.0", "typebox": "^1.0.0", "valibot": "^1.1.0", "zod": "^3.25.0 || ^4.0.0", "zod-openapi": "^4" }, "optionalPeers": ["arktype", "effect", "sury", "typebox", "valibot", "zod", "zod-openapi"] }, "sha512-80ap74p5oy/SU4al5HkPwO5+NbN2wH/FBr6kwaE5ROq7AvcDFaxzUfTazewroNaCotbvdGcvzXb9oEoOIyfC/Q=="],
+    "@standard-community/standard-openapi": ["@standard-community/standard-openapi@0.2.9", "", { "peerDependencies": { "@standard-community/standard-json": "^0.3.5", "@standard-schema/spec": "^1.0.0", "arktype": "^2.1.20", "effect": "^3.17.14", "openapi-types": "^12.1.3", "sury": "^10.0.0", "typebox": "^1.0.0", "valibot": "^1.1.0", "zod": "^3.25.0 || ^4.0.0", "zod-openapi": "^4" }, "optionalPeers": ["arktype", "effect", "sury", "typebox", "valibot", "zod", "zod-openapi"] }, "sha512-htj+yldvN1XncyZi4rehbf9kLbu8os2Ke/rfqoZHCMHuw34kiF3LP/yQPdA0tQ940y8nDq3Iou8R3wG+AGGyvg=="],
 
-    "@standard-schema/spec": ["@standard-schema/spec@1.0.0", "", {}, "sha512-m2bOd0f2RT9k8QJx1JN85cZYyH1RqFBdlwtkSlf4tBDYLCiiZnv1fIIwacK6cqwXavOydf0NPToMQgpKq+dVlA=="],
+    "@standard-schema/spec": ["@standard-schema/spec@1.1.0", "", {}, "sha512-l2aFy5jALhniG5HgqrD6jXLi/rUWrKvqN/qJx6yoJsgKhblVd+iqqU4RCXavm/jPityDo5TCvKMnpjKnOriy0w=="],
 
     "@standard-schema/utils": ["@standard-schema/utils@0.3.0", "", {}, "sha512-e7Mew686owMaPJVNNLs55PUvgz371nKgwsc4vxE49zsODpJEnxgxRo2y/OKrqueavXgZNMDVj3DdHFlaSAeU8g=="],
 
-    "@tailwindcss/node": ["@tailwindcss/node@4.1.17", "", { "dependencies": { "@jridgewell/remapping": "^2.3.4", "enhanced-resolve": "^5.18.3", "jiti": "^2.6.1", "lightningcss": "1.30.2", "magic-string": "^0.30.21", "source-map-js": "^1.2.1", "tailwindcss": "4.1.17" } }, "sha512-csIkHIgLb3JisEFQ0vxr2Y57GUNYh447C8xzwj89U/8fdW8LhProdxvnVH6U8M2Y73QKiTIH+LWbK3V2BBZsAg=="],
+    "@tailwindcss/node": ["@tailwindcss/node@4.1.18", "", { "dependencies": { "@jridgewell/remapping": "^2.3.4", "enhanced-resolve": "^5.18.3", "jiti": "^2.6.1", "lightningcss": "1.30.2", "magic-string": "^0.30.21", "source-map-js": "^1.2.1", "tailwindcss": "4.1.18" } }, "sha512-DoR7U1P7iYhw16qJ49fgXUlry1t4CpXeErJHnQ44JgTSKMaZUdf17cfn5mHchfJ4KRBZRFA/Coo+MUF5+gOaCQ=="],
 
-    "@tailwindcss/oxide": ["@tailwindcss/oxide@4.1.17", "", { "optionalDependencies": { "@tailwindcss/oxide-android-arm64": "4.1.17", "@tailwindcss/oxide-darwin-arm64": "4.1.17", "@tailwindcss/oxide-darwin-x64": "4.1.17", "@tailwindcss/oxide-freebsd-x64": "4.1.17", "@tailwindcss/oxide-linux-arm-gnueabihf": "4.1.17", "@tailwindcss/oxide-linux-arm64-gnu": "4.1.17", "@tailwindcss/oxide-linux-arm64-musl": "4.1.17", "@tailwindcss/oxide-linux-x64-gnu": "4.1.17", "@tailwindcss/oxide-linux-x64-musl": "4.1.17", "@tailwindcss/oxide-wasm32-wasi": "4.1.17", "@tailwindcss/oxide-win32-arm64-msvc": "4.1.17", "@tailwindcss/oxide-win32-x64-msvc": "4.1.17" } }, "sha512-F0F7d01fmkQhsTjXezGBLdrl1KresJTcI3DB8EkScCldyKp3Msz4hub4uyYaVnk88BAS1g5DQjjF6F5qczheLA=="],
+    "@tailwindcss/oxide": ["@tailwindcss/oxide@4.1.18", "", { "optionalDependencies": { "@tailwindcss/oxide-android-arm64": "4.1.18", "@tailwindcss/oxide-darwin-arm64": "4.1.18", "@tailwindcss/oxide-darwin-x64": "4.1.18", "@tailwindcss/oxide-freebsd-x64": "4.1.18", "@tailwindcss/oxide-linux-arm-gnueabihf": "4.1.18", "@tailwindcss/oxide-linux-arm64-gnu": "4.1.18", "@tailwindcss/oxide-linux-arm64-musl": "4.1.18", "@tailwindcss/oxide-linux-x64-gnu": "4.1.18", "@tailwindcss/oxide-linux-x64-musl": "4.1.18", "@tailwindcss/oxide-wasm32-wasi": "4.1.18", "@tailwindcss/oxide-win32-arm64-msvc": "4.1.18", "@tailwindcss/oxide-win32-x64-msvc": "4.1.18" } }, "sha512-EgCR5tTS5bUSKQgzeMClT6iCY3ToqE1y+ZB0AKldj809QXk1Y+3jB0upOYZrn9aGIzPtUsP7sX4QQ4XtjBB95A=="],
 
-    "@tailwindcss/oxide-android-arm64": ["@tailwindcss/oxide-android-arm64@4.1.17", "", { "os": "android", "cpu": "arm64" }, "sha512-BMqpkJHgOZ5z78qqiGE6ZIRExyaHyuxjgrJ6eBO5+hfrfGkuya0lYfw8fRHG77gdTjWkNWEEm+qeG2cDMxArLQ=="],
+    "@tailwindcss/oxide-android-arm64": ["@tailwindcss/oxide-android-arm64@4.1.18", "", { "os": "android", "cpu": "arm64" }, "sha512-dJHz7+Ugr9U/diKJA0W6N/6/cjI+ZTAoxPf9Iz9BFRF2GzEX8IvXxFIi/dZBloVJX/MZGvRuFA9rqwdiIEZQ0Q=="],
 
-    "@tailwindcss/oxide-darwin-arm64": ["@tailwindcss/oxide-darwin-arm64@4.1.17", "", { "os": "darwin", "cpu": "arm64" }, "sha512-EquyumkQweUBNk1zGEU/wfZo2qkp/nQKRZM8bUYO0J+Lums5+wl2CcG1f9BgAjn/u9pJzdYddHWBiFXJTcxmOg=="],
+    "@tailwindcss/oxide-darwin-arm64": ["@tailwindcss/oxide-darwin-arm64@4.1.18", "", { "os": "darwin", "cpu": "arm64" }, "sha512-Gc2q4Qhs660bhjyBSKgq6BYvwDz4G+BuyJ5H1xfhmDR3D8HnHCmT/BSkvSL0vQLy/nkMLY20PQ2OoYMO15Jd0A=="],
 
-    "@tailwindcss/oxide-darwin-x64": ["@tailwindcss/oxide-darwin-x64@4.1.17", "", { "os": "darwin", "cpu": "x64" }, "sha512-gdhEPLzke2Pog8s12oADwYu0IAw04Y2tlmgVzIN0+046ytcgx8uZmCzEg4VcQh+AHKiS7xaL8kGo/QTiNEGRog=="],
+    "@tailwindcss/oxide-darwin-x64": ["@tailwindcss/oxide-darwin-x64@4.1.18", "", { "os": "darwin", "cpu": "x64" }, "sha512-FL5oxr2xQsFrc3X9o1fjHKBYBMD1QZNyc1Xzw/h5Qu4XnEBi3dZn96HcHm41c/euGV+GRiXFfh2hUCyKi/e+yw=="],
 
-    "@tailwindcss/oxide-freebsd-x64": ["@tailwindcss/oxide-freebsd-x64@4.1.17", "", { "os": "freebsd", "cpu": "x64" }, "sha512-hxGS81KskMxML9DXsaXT1H0DyA+ZBIbyG/sSAjWNe2EDl7TkPOBI42GBV3u38itzGUOmFfCzk1iAjDXds8Oh0g=="],
+    "@tailwindcss/oxide-freebsd-x64": ["@tailwindcss/oxide-freebsd-x64@4.1.18", "", { "os": "freebsd", "cpu": "x64" }, "sha512-Fj+RHgu5bDodmV1dM9yAxlfJwkkWvLiRjbhuO2LEtwtlYlBgiAT4x/j5wQr1tC3SANAgD+0YcmWVrj8R9trVMA=="],
 
-    "@tailwindcss/oxide-linux-arm-gnueabihf": ["@tailwindcss/oxide-linux-arm-gnueabihf@4.1.17", "", { "os": "linux", "cpu": "arm" }, "sha512-k7jWk5E3ldAdw0cNglhjSgv501u7yrMf8oeZ0cElhxU6Y2o7f8yqelOp3fhf7evjIS6ujTI3U8pKUXV2I4iXHQ=="],
+    "@tailwindcss/oxide-linux-arm-gnueabihf": ["@tailwindcss/oxide-linux-arm-gnueabihf@4.1.18", "", { "os": "linux", "cpu": "arm" }, "sha512-Fp+Wzk/Ws4dZn+LV2Nqx3IilnhH51YZoRaYHQsVq3RQvEl+71VGKFpkfHrLM/Li+kt5c0DJe/bHXK1eHgDmdiA=="],
 
-    "@tailwindcss/oxide-linux-arm64-gnu": ["@tailwindcss/oxide-linux-arm64-gnu@4.1.17", "", { "os": "linux", "cpu": "arm64" }, "sha512-HVDOm/mxK6+TbARwdW17WrgDYEGzmoYayrCgmLEw7FxTPLcp/glBisuyWkFz/jb7ZfiAXAXUACfyItn+nTgsdQ=="],
+    "@tailwindcss/oxide-linux-arm64-gnu": ["@tailwindcss/oxide-linux-arm64-gnu@4.1.18", "", { "os": "linux", "cpu": "arm64" }, "sha512-S0n3jboLysNbh55Vrt7pk9wgpyTTPD0fdQeh7wQfMqLPM/Hrxi+dVsLsPrycQjGKEQk85Kgbx+6+QnYNiHalnw=="],
 
-    "@tailwindcss/oxide-linux-arm64-musl": ["@tailwindcss/oxide-linux-arm64-musl@4.1.17", "", { "os": "linux", "cpu": "arm64" }, "sha512-HvZLfGr42i5anKtIeQzxdkw/wPqIbpeZqe7vd3V9vI3RQxe3xU1fLjss0TjyhxWcBaipk7NYwSrwTwK1hJARMg=="],
+    "@tailwindcss/oxide-linux-arm64-musl": ["@tailwindcss/oxide-linux-arm64-musl@4.1.18", "", { "os": "linux", "cpu": "arm64" }, "sha512-1px92582HkPQlaaCkdRcio71p8bc8i/ap5807tPRDK/uw953cauQBT8c5tVGkOwrHMfc2Yh6UuxaH4vtTjGvHg=="],
 
-    "@tailwindcss/oxide-linux-x64-gnu": ["@tailwindcss/oxide-linux-x64-gnu@4.1.17", "", { "os": "linux", "cpu": "x64" }, "sha512-M3XZuORCGB7VPOEDH+nzpJ21XPvK5PyjlkSFkFziNHGLc5d6g3di2McAAblmaSUNl8IOmzYwLx9NsE7bplNkwQ=="],
+    "@tailwindcss/oxide-linux-x64-gnu": ["@tailwindcss/oxide-linux-x64-gnu@4.1.18", "", { "os": "linux", "cpu": "x64" }, "sha512-v3gyT0ivkfBLoZGF9LyHmts0Isc8jHZyVcbzio6Wpzifg/+5ZJpDiRiUhDLkcr7f/r38SWNe7ucxmGW3j3Kb/g=="],
 
-    "@tailwindcss/oxide-linux-x64-musl": ["@tailwindcss/oxide-linux-x64-musl@4.1.17", "", { "os": "linux", "cpu": "x64" }, "sha512-k7f+pf9eXLEey4pBlw+8dgfJHY4PZ5qOUFDyNf7SI6lHjQ9Zt7+NcscjpwdCEbYi6FI5c2KDTDWyf2iHcCSyyQ=="],
+    "@tailwindcss/oxide-linux-x64-musl": ["@tailwindcss/oxide-linux-x64-musl@4.1.18", "", { "os": "linux", "cpu": "x64" }, "sha512-bhJ2y2OQNlcRwwgOAGMY0xTFStt4/wyU6pvI6LSuZpRgKQwxTec0/3Scu91O8ir7qCR3AuepQKLU/kX99FouqQ=="],
 
-    "@tailwindcss/oxide-wasm32-wasi": ["@tailwindcss/oxide-wasm32-wasi@4.1.17", "", { "dependencies": { "@emnapi/core": "^1.6.0", "@emnapi/runtime": "^1.6.0", "@emnapi/wasi-threads": "^1.1.0", "@napi-rs/wasm-runtime": "^1.0.7", "@tybys/wasm-util": "^0.10.1", "tslib": "^2.4.0" }, "cpu": "none" }, "sha512-cEytGqSSoy7zK4JRWiTCx43FsKP/zGr0CsuMawhH67ONlH+T79VteQeJQRO/X7L0juEUA8ZyuYikcRBf0vsxhg=="],
+    "@tailwindcss/oxide-wasm32-wasi": ["@tailwindcss/oxide-wasm32-wasi@4.1.18", "", { "dependencies": { "@emnapi/core": "^1.7.1", "@emnapi/runtime": "^1.7.1", "@emnapi/wasi-threads": "^1.1.0", "@napi-rs/wasm-runtime": "^1.1.0", "@tybys/wasm-util": "^0.10.1", "tslib": "^2.4.0" }, "cpu": "none" }, "sha512-LffYTvPjODiP6PT16oNeUQJzNVyJl1cjIebq/rWWBF+3eDst5JGEFSc5cWxyRCJ0Mxl+KyIkqRxk1XPEs9x8TA=="],
 
-    "@tailwindcss/oxide-win32-arm64-msvc": ["@tailwindcss/oxide-win32-arm64-msvc@4.1.17", "", { "os": "win32", "cpu": "arm64" }, "sha512-JU5AHr7gKbZlOGvMdb4722/0aYbU+tN6lv1kONx0JK2cGsh7g148zVWLM0IKR3NeKLv+L90chBVYcJ8uJWbC9A=="],
+    "@tailwindcss/oxide-win32-arm64-msvc": ["@tailwindcss/oxide-win32-arm64-msvc@4.1.18", "", { "os": "win32", "cpu": "arm64" }, "sha512-HjSA7mr9HmC8fu6bdsZvZ+dhjyGCLdotjVOgLA2vEqxEBZaQo9YTX4kwgEvPCpRh8o4uWc4J/wEoFzhEmjvPbA=="],
 
-    "@tailwindcss/oxide-win32-x64-msvc": ["@tailwindcss/oxide-win32-x64-msvc@4.1.17", "", { "os": "win32", "cpu": "x64" }, "sha512-SKWM4waLuqx0IH+FMDUw6R66Hu4OuTALFgnleKbqhgGU30DY20NORZMZUKgLRjQXNN2TLzKvh48QXTig4h4bGw=="],
+    "@tailwindcss/oxide-win32-x64-msvc": ["@tailwindcss/oxide-win32-x64-msvc@4.1.18", "", { "os": "win32", "cpu": "x64" }, "sha512-bJWbyYpUlqamC8dpR7pfjA0I7vdF6t5VpUGMWRkXVE3AXgIZjYUYAK7II1GNaxR8J1SSrSrppRar8G++JekE3Q=="],
 
-    "@tailwindcss/vite": ["@tailwindcss/vite@4.1.17", "", { "dependencies": { "@tailwindcss/node": "4.1.17", "@tailwindcss/oxide": "4.1.17", "tailwindcss": "4.1.17" }, "peerDependencies": { "vite": "^5.2.0 || ^6 || ^7" } }, "sha512-4+9w8ZHOiGnpcGI6z1TVVfWaX/koK7fKeSYF3qlYg2xpBtbteP2ddBxiarL+HVgfSJGeK5RIxRQmKm4rTJJAwA=="],
+    "@tailwindcss/vite": ["@tailwindcss/vite@4.1.18", "", { "dependencies": { "@tailwindcss/node": "4.1.18", "@tailwindcss/oxide": "4.1.18", "tailwindcss": "4.1.18" }, "peerDependencies": { "vite": "^5.2.0 || ^6 || ^7" } }, "sha512-jVA+/UpKL1vRLg6Hkao5jldawNmRo7mQYrZtNHMIVpLfLhDml5nMRUo/8MwoX2vNXvnaXNNMedrMfMugAVX1nA=="],
 
-    "@tanstack/query-core": ["@tanstack/query-core@5.90.11", "", {}, "sha512-f9z/nXhCgWDF4lHqgIE30jxLe4sYv15QodfdPDKYAk7nAEjNcndy4dHz3ezhdUaR23BpWa4I2EH4/DZ0//Uf8A=="],
+    "@tanstack/query-core": ["@tanstack/query-core@5.90.12", "", {}, "sha512-T1/8t5DhV/SisWjDnaiU2drl6ySvsHj1bHBCWNXd+/T+Hh1cf6JodyEYMd5sgwm+b/mETT4EV3H+zCVczCU5hg=="],
 
     "@tanstack/query-devtools": ["@tanstack/query-devtools@5.91.1", "", {}, "sha512-l8bxjk6BMsCaVQH6NzQEE/bEgFy1hAs5qbgXl0xhzezlaQbPk6Mgz9BqEg2vTLPOHD8N4k+w/gdgCbEzecGyNg=="],
 
-    "@tanstack/react-query": ["@tanstack/react-query@5.90.11", "", { "dependencies": { "@tanstack/query-core": "5.90.11" }, "peerDependencies": { "react": "^18 || ^19" } }, "sha512-3uyzz01D1fkTLXuxF3JfoJoHQMU2fxsfJwE+6N5hHy0dVNoZOvwKP8Z2k7k1KDeD54N20apcJnG75TBAStIrBA=="],
+    "@tanstack/react-query": ["@tanstack/react-query@5.90.12", "", { "dependencies": { "@tanstack/query-core": "5.90.12" }, "peerDependencies": { "react": "^18 || ^19" } }, "sha512-graRZspg7EoEaw0a8faiUASCyJrqjKPdqJ9EwuDRUF9mEYJ1YPczI9H+/agJ0mOJkPCJDk0lsz5QTrLZ/jQ2rg=="],
 
     "@tanstack/react-query-devtools": ["@tanstack/react-query-devtools@5.91.1", "", { "dependencies": { "@tanstack/query-devtools": "5.91.1" }, "peerDependencies": { "@tanstack/react-query": "^5.90.10", "react": "^18 || ^19" } }, "sha512-tRnJYwEbH0kAOuToy8Ew7bJw1lX3AjkkgSlf/vzb+NpnqmHPdWM+lA2DSdGQSLi1SU0PDRrrCI1vnZnci96CsQ=="],
 
-    "@types/bun": ["@types/bun@1.3.3", "", { "dependencies": { "bun-types": "1.3.3" } }, "sha512-ogrKbJ2X5N0kWLLFKeytG0eHDleBYtngtlbu9cyBKFtNL3cnpDZkNdQj8flVf6WTZUX5ulI9AY1oa7ljhSrp+g=="],
+    "@types/bun": ["@types/bun@1.3.5", "", { "dependencies": { "bun-types": "1.3.5" } }, "sha512-RnygCqNrd3srIPEWBd5LFeUYG7plCoH2Yw9WaZGyNmdTEei+gWaHqydbaIRkIkcbXwhBT94q78QljxN0Sk838w=="],
 
     "@types/d3-array": ["@types/d3-array@3.2.2", "", {}, "sha512-hOLWVbm7uRza0BYXpIIW5pxfrKe0W+D5lrFiAEYR+pb6w3N2SwSMaJbXdUfSEv+dT4MfHBLtn5js0LAWaO6otw=="],
 
@@ -473,7 +484,7 @@
 
     "@types/json-schema": ["@types/json-schema@7.0.15", "", {}, "sha512-5+fP8P8MFNC+AyZCDxrB2pkZFPGzqQWUzpSeuuVLvm8VMcorNYavBqoFcxK8bQz4Qsbn4oUEEem4wDLfcysGHA=="],
 
-    "@types/node": ["@types/node@24.10.1", "", { "dependencies": { "undici-types": "~7.16.0" } }, "sha512-GNWcUTRBgIRJD5zj+Tq0fKOJ5XZajIiBroOF0yvj2bSU1WvNdYS/dn9UxwsujGW4JX06dnHyjV2y9rRaybH0iQ=="],
+    "@types/node": ["@types/node@25.0.3", "", { "dependencies": { "undici-types": "~7.16.0" } }, "sha512-W609buLVRVmeW693xKfzHeIV6nJGGz98uCPfeXI1ELMLXVeKYZ9m15fAMSaUPBHYLGFsVRcMmSCksQOrZV9BYA=="],
 
     "@types/react": ["@types/react@19.2.7", "", { "dependencies": { "csstype": "^3.2.2" } }, "sha512-MWtvHrGZLFttgeEj28VXHxpmwYbor/ATPYbBfSFZEIRK0ecCFLl2Qo55z52Hss+UV9CRN7trSeq1zbgx7YDWWg=="],
 
@@ -487,37 +498,39 @@
 
     "ansi-colors": ["ansi-colors@4.1.3", "", {}, "sha512-/6w/C21Pm1A7aZitlI5Ni/2J6FFQN8i1Cvz3kHABAAbw93v/NlvKdVOqz7CCWz/3iv/JplRSEEZ83XION15ovw=="],
 
+    "anymatch": ["anymatch@3.1.3", "", { "dependencies": { "normalize-path": "^3.0.0", "picomatch": "^2.0.4" } }, "sha512-KMReFUr0B4t+D+OBkjR3KYqvocp2XaSzO55UcB6mgQMd3KbcE+mWTyvVV7D/zsdEbNnV6acZUutkiHQXvTr1Rw=="],
+
     "arg": ["arg@5.0.2", "", {}, "sha512-PYjyFOLKQ9y57JvQ6QLo8dAgNqswh8M1RMJYdQduT6xbWSgK36P/Z/v+p888pM69jMMfS8Xd8F6I1kQ/I9HUGg=="],
 
     "argparse": ["argparse@2.0.1", "", {}, "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q=="],
 
     "aria-hidden": ["aria-hidden@1.2.6", "", { "dependencies": { "tslib": "^2.0.0" } }, "sha512-ik3ZgC9dY/lYVVM++OISsaYDeg1tb0VtP5uL3ouh1koGOaUMDPpbFIei4JkFimWUFPn90sbMNMXQAIVOlnYKJA=="],
 
-    "arkregex": ["arkregex@0.0.4", "", { "dependencies": { "@ark/util": "0.56.0" } }, "sha512-biS/FkvSwQq59TZ453piUp8bxMui11pgOMV9WHAnli1F8o0ayNCZzUwQadL/bGIUic5TkS/QlPcyMuI8ZIwedQ=="],
+    "arkregex": ["arkregex@0.0.5", "", { "dependencies": { "@ark/util": "0.56.0" } }, "sha512-ncYjBdLlh5/QnVsAA8De16Tc9EqmYM7y/WU9j+236KcyYNUXogpz3sC4ATIZYzzLxwI+0sEOaQLEmLmRleaEXw=="],
 
-    "arktype": ["arktype@2.1.28", "", { "dependencies": { "@ark/schema": "0.56.0", "@ark/util": "0.56.0", "arkregex": "0.0.4" } }, "sha512-LVZqXl2zWRpNFnbITrtFmqeqNkPPo+KemuzbGSY6jvJwCb4v8NsDzrWOLHnQgWl26TkJeWWcUNUeBpq2Mst1/Q=="],
+    "arktype": ["arktype@2.1.29", "", { "dependencies": { "@ark/schema": "0.56.0", "@ark/util": "0.56.0", "arkregex": "0.0.5" } }, "sha512-jyfKk4xIOzvYNayqnD8ZJQqOwcrTOUbIU4293yrzAjA3O1dWh61j71ArMQ6tS/u4pD7vabSPe7nG3RCyoXW6RQ=="],
 
     "array-flatten": ["array-flatten@1.1.1", "", {}, "sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg=="],
 
     "async": ["async@3.2.6", "", {}, "sha512-htCUDlxyyCLMgaM3xXg0C0LW2xqfuQ6p05pCEIsXuyQ+a1koYKTuBMzRNwmybfLgvJDMd0r1LTn4+E0Ti6C2AA=="],
 
-    "babel-dead-code-elimination": ["babel-dead-code-elimination@1.0.10", "", { "dependencies": { "@babel/core": "^7.23.7", "@babel/parser": "^7.23.6", "@babel/traverse": "^7.23.7", "@babel/types": "^7.23.6" } }, "sha512-DV5bdJZTzZ0zn0DC24v3jD7Mnidh6xhKa4GfKCbq3sfW8kaWhDdZjP3i81geA8T33tdYqWKw4D3fVv0CwEgKVA=="],
+    "babel-dead-code-elimination": ["babel-dead-code-elimination@1.0.11", "", { "dependencies": { "@babel/core": "^7.23.7", "@babel/parser": "^7.23.6", "@babel/traverse": "^7.23.7", "@babel/types": "^7.23.6" } }, "sha512-mwq3W3e/pKSI6TG8lXMiDWvEi1VXYlSBlJlB3l+I0bAb5u1RNUl88udos85eOPNK3m5EXK9uO7d2g08pesTySQ=="],
 
     "balanced-match": ["balanced-match@1.0.2", "", {}, "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw=="],
 
-    "baseline-browser-mapping": ["baseline-browser-mapping@2.8.28", "", { "bin": { "baseline-browser-mapping": "dist/cli.js" } }, "sha512-gYjt7OIqdM0PcttNYP2aVrr2G0bMALkBaoehD4BuRGjAOtipg0b6wHg1yNL+s5zSnLZZrGHOw4IrND8CD+3oIQ=="],
+    "baseline-browser-mapping": ["baseline-browser-mapping@2.9.11", "", { "bin": { "baseline-browser-mapping": "dist/cli.js" } }, "sha512-Sg0xJUNDU1sJNGdfGWhVHX0kkZ+HWcvmVymJbj6NSgZZmW/8S9Y2HQ5euytnIgakgxN6papOAWiwDo1ctFDcoQ=="],
 
     "basic-auth": ["basic-auth@2.0.1", "", { "dependencies": { "safe-buffer": "5.1.2" } }, "sha512-NF+epuEdnUYVlGuhaxbbq+dvJttwLnGY+YixlXlME5KpQ5W3CnXA5cVTneY3SPbPDRkcjMbifrwmFYcClgOZeg=="],
 
-    "body-parser": ["body-parser@1.20.3", "", { "dependencies": { "bytes": "3.1.2", "content-type": "~1.0.5", "debug": "2.6.9", "depd": "2.0.0", "destroy": "1.2.0", "http-errors": "2.0.0", "iconv-lite": "0.4.24", "on-finished": "2.4.1", "qs": "6.13.0", "raw-body": "2.5.2", "type-is": "~1.6.18", "unpipe": "1.0.0" } }, "sha512-7rAxByjUMqQ3/bHJy7D6OGXvx/MMc4IqBn/X0fcM1QUcAItpZrBEYhWGem+tzXH90c+G01ypMcYJBO9Y30203g=="],
+    "body-parser": ["body-parser@1.20.4", "", { "dependencies": { "bytes": "~3.1.2", "content-type": "~1.0.5", "debug": "2.6.9", "depd": "2.0.0", "destroy": "~1.2.0", "http-errors": "~2.0.1", "iconv-lite": "~0.4.24", "on-finished": "~2.4.1", "qs": "~6.14.0", "raw-body": "~2.5.3", "type-is": "~1.6.18", "unpipe": "~1.0.0" } }, "sha512-ZTgYYLMOXY9qKU/57FAo8F+HA2dGX7bqGc71txDRC1rS4frdFI5R7NhluHxH6M0YItAP0sHB4uqAOcYKxO6uGA=="],
 
     "brace-expansion": ["brace-expansion@2.0.2", "", { "dependencies": { "balanced-match": "^1.0.0" } }, "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ=="],
 
-    "browserslist": ["browserslist@4.28.0", "", { "dependencies": { "baseline-browser-mapping": "^2.8.25", "caniuse-lite": "^1.0.30001754", "electron-to-chromium": "^1.5.249", "node-releases": "^2.0.27", "update-browserslist-db": "^1.1.4" }, "bin": { "browserslist": "cli.js" } }, "sha512-tbydkR/CxfMwelN0vwdP/pLkDwyAASZ+VfWm4EOwlB6SWhx1sYnWLqo8N5j0rAzPfzfRaxt0mM/4wPU/Su84RQ=="],
+    "browserslist": ["browserslist@4.28.1", "", { "dependencies": { "baseline-browser-mapping": "^2.9.0", "caniuse-lite": "^1.0.30001759", "electron-to-chromium": "^1.5.263", "node-releases": "^2.0.27", "update-browserslist-db": "^1.2.0" }, "bin": { "browserslist": "cli.js" } }, "sha512-ZC5Bd0LgJXgwGqUknZY/vkUQ04r8NXnJZ3yYi4vDmSiZmC/pdSN0NbNRPxZpbtO4uAfDUAFffO8IZoM3Gj8IkA=="],
 
     "buffer-from": ["buffer-from@1.1.2", "", {}, "sha512-E+XQCRwSbaaiChtv6k6Dwgc+bx+Bs6vuKJHHl5kox/BaKbhiXzqQOwK4cO22yElGp2OCmjwVhT3HmxgyPGnJfQ=="],
 
-    "bun-types": ["bun-types@1.3.3", "", { "dependencies": { "@types/node": "*" } }, "sha512-z3Xwlg7j2l9JY27x5Qn3Wlyos8YAp0kKRlrePAOjgjMGS5IG6E7Jnlx736vH9UVI4wUICwwhC9anYL++XeOgTQ=="],
+    "bun-types": ["bun-types@1.3.5", "", { "dependencies": { "@types/node": "*" } }, "sha512-inmAYe2PFLs0SUbFOWSVD24sg1jFlMPxOjOSSCYqUgn4Hsc3rDc7dFvfVYjFPNHtov6kgUeulV4SxbuIV/stPw=="],
 
     "bundle-name": ["bundle-name@4.1.0", "", { "dependencies": { "run-applescript": "^7.0.0" } }, "sha512-tjwM5exMg6BGRI+kNmTntNsvdZS1X8BFYS6tnJ2hdH0kVxM6/eVZ2xy+FqStSWvYmtfFMDLIxurorHwDKfDz5Q=="],
 
@@ -531,7 +544,7 @@
 
     "call-bound": ["call-bound@1.0.4", "", { "dependencies": { "call-bind-apply-helpers": "^1.0.2", "get-intrinsic": "^1.3.0" } }, "sha512-+ys997U96po4Kx/ABpBCqhA9EuxJaQWDQg7295H4hBphv3IZg0boBKuwYpt4YXp6MZ5AmZQnU/tyMTlRpaSejg=="],
 
-    "caniuse-lite": ["caniuse-lite@1.0.30001754", "", {}, "sha512-x6OeBXueoAceOmotzx3PO4Zpt4rzpeIFsSr6AAePTZxSkXiYDUmpypEl7e2+8NCd9bD7bXjqyef8CJYPC1jfxg=="],
+    "caniuse-lite": ["caniuse-lite@1.0.30001761", "", {}, "sha512-JF9ptu1vP2coz98+5051jZ4PwQgd2ni8A+gYSN7EA7dPKIMf0pDlSUxhdmVOaV3/fYK5uWBkgSXJaRLr4+3A6g=="],
 
     "chokidar": ["chokidar@4.0.3", "", { "dependencies": { "readdirp": "^4.0.1" } }, "sha512-Qgzu8kfBvo+cA4962jnP1KkS6Dop5NS6g7R5LFYJr4b8Ub94PPQXUksCw9PvXoeXPRRddRNC5C1JQUR2SMGtnA=="],
 
@@ -541,13 +554,13 @@
 
     "clsx": ["clsx@2.1.1", "", {}, "sha512-eYm0QWBtUrBWZWG0d386OGAw16Z995PiOVo2B7bjWSbHedGl5e0ZWaq65kOGgUSNesEIDkB9ISbTg/JK9dhCZA=="],
 
-    "color": ["color@5.0.2", "", { "dependencies": { "color-convert": "^3.0.1", "color-string": "^2.0.0" } }, "sha512-e2hz5BzbUPcYlIRHo8ieAhYgoajrJr+hWoceg6E345TPsATMUKqDgzt8fSXZJJbxfpiPzkWyphz8yn8At7q3fA=="],
+    "color": ["color@5.0.3", "", { "dependencies": { "color-convert": "^3.1.3", "color-string": "^2.1.3" } }, "sha512-ezmVcLR3xAVp8kYOm4GS45ZLLgIE6SPAFoduLr6hTDajwb3KZ2F46gulK3XpcwRFb5KKGCSezCBAY4Dw4HsyXA=="],
 
-    "color-convert": ["color-convert@3.1.2", "", { "dependencies": { "color-name": "^2.0.0" } }, "sha512-UNqkvCDXstVck3kdowtOTWROIJQwafjOfXSmddoDrXo4cewMKmusCeF22Q24zvjR8nwWib/3S/dfyzPItPEiJg=="],
+    "color-convert": ["color-convert@3.1.3", "", { "dependencies": { "color-name": "^2.0.0" } }, "sha512-fasDH2ont2GqF5HpyO4w0+BcewlhHEZOFn9c1ckZdHpJ56Qb7MHhH/IcJZbBGgvdtwdwNbLvxiBEdg336iA9Sg=="],
 
     "color-name": ["color-name@2.1.0", "", {}, "sha512-1bPaDNFm0axzE4MEAzKPuqKWeRaT43U/hyxKPBdqTfmPF+d6n7FSoTFxLVULUJOmiLp01KjhIPPH+HrXZJN4Rg=="],
 
-    "color-string": ["color-string@2.1.2", "", { "dependencies": { "color-name": "^2.0.0" } }, "sha512-RxmjYxbWemV9gKu4zPgiZagUxbH3RQpEIO77XoSSX0ivgABDZ+h8Zuash/EMFLTI4N9QgFPOJ6JQpPZKFxa+dA=="],
+    "color-string": ["color-string@2.1.4", "", { "dependencies": { "color-name": "^2.0.0" } }, "sha512-Bb6Cq8oq0IjDOe8wJmi4JeNn763Xs9cfrBcaylK1tPypWzyoy2G3l90v9k64kjphl/ZJjPIShFztenRomi8WTg=="],
 
     "color-support": ["color-support@1.1.3", "", { "bin": { "color-support": "bin.js" } }, "sha512-qiBjkpbMLO/HL68y+lh4q0/O1MZFj2RX6X/KmMa3+gJD3z+WwI1ZzDHysvqHGS3mP6mznPckpXmw1nI9cJjyRg=="],
 
@@ -567,12 +580,18 @@
 
     "convert-source-map": ["convert-source-map@2.0.0", "", {}, "sha512-Kvp459HrV2FEJ1CAsi1Ku+MY3kasH19TFykTz2xWmMeq6bk2NU3XXvfJ+Q61m0xktWwt+1HSYf3JZsTms3aRJg=="],
 
-    "cookie": ["cookie@1.0.2", "", {}, "sha512-9Kr/j4O16ISv8zBBhJoi4bXOYNTkFLOqSL3UDB0njXxCXNezjeyVrJyGOWtgfs/q2km1gwBcfH8q1yEGoMYunA=="],
+    "cookie": ["cookie@1.1.1", "", {}, "sha512-ei8Aos7ja0weRpFzJnEA9UHJ/7XQmqglbRwnf2ATjcB9Wq874VKH9kfjjirM6UhU2/E5fFYadylyhFldcqSidQ=="],
 
-    "cookie-signature": ["cookie-signature@1.0.6", "", {}, "sha512-QADzlaHc8icV8I7vbaJXJwod9HWYp8uCqf1xa4OfNu1T7JVxQIrUgOWtHdNDtPiywmFbiS12VjotIXLrKM3orQ=="],
+    "cookie-es": ["cookie-es@1.2.2", "", {}, "sha512-+W7VmiVINB+ywl1HGXJXmrqkOhpKrIiVZV6tQuV54ZyQC7MMuBt81Vc336GMLoHBq5hV/F9eXgt5Mnx0Rha5Fg=="],
+
+    "cookie-signature": ["cookie-signature@1.0.7", "", {}, "sha512-NXdYc3dLr47pBkpUCHtKSwIOQXLVn8dZEuywboCOJY/osA0wFSLlSawr3KN8qXJEyX66FcONTH8EIlVuK0yyFA=="],
 
     "cron-parser": ["cron-parser@5.4.0", "", { "dependencies": { "luxon": "^3.7.1" } }, "sha512-HxYB8vTvnQFx4dLsZpGRa0uHp6X3qIzS3ZJgJ9v6l/5TJMgeWQbLkR5yiJ5hOxGbc9+jCADDnydIe15ReLZnJA=="],
 
+    "cross-spawn": ["cross-spawn@7.0.6", "", { "dependencies": { "path-key": "^3.1.0", "shebang-command": "^2.0.0", "which": "^2.0.1" } }, "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA=="],
+
+    "crossws": ["crossws@0.3.5", "", { "dependencies": { "uncrypto": "^0.1.3" } }, "sha512-ojKiDvcmByhwa8YYqbQI/hg7MEU0NC03+pSdEq4ZUnZR9xXpwk7E43SMNGkn+JxJGPFtNvQ48+vV2p+P1ml5PA=="],
+
     "csstype": ["csstype@3.2.3", "", {}, "sha512-z1HGKcYy2xA8AGQfwrn0PAy+PB7X/GSj3UVJW9qKyn43xWa+gl5nXmU4qqLMRzWVLFC8KusUX8T/0kCiOYpAIQ=="],
 
     "d3-array": ["d3-array@3.2.4", "", { "dependencies": { "internmap": "1 - 2" } }, "sha512-tdQAmyA18i4J7wprpYq8ClcxZy3SC31QMeByyCFyRt7BVHdREQZ5lpzoe5mFEYZUWe+oq8HBvk9JjpibyEV4Jg=="],
@@ -603,11 +622,11 @@
 
     "decimal.js-light": ["decimal.js-light@2.5.1", "", {}, "sha512-qIMFpTMZmny+MMIitAB6D7iVPEorVw6YQRWkvarTkT4tBeSLLiHzcwj6q0MmYSFCiVpiqPJTJEYIrpcPzVEIvg=="],
 
-    "dedent": ["dedent@1.7.0", "", { "peerDependencies": { "babel-plugin-macros": "^3.1.0" }, "optionalPeers": ["babel-plugin-macros"] }, "sha512-HGFtf8yhuhGhqO07SV79tRp+br4MnbdjeVxotpn1QBl30pcLLCQjX5b2295ll0fv8RKDKsmWYrl05usHM9CewQ=="],
+    "dedent": ["dedent@1.7.1", "", { "peerDependencies": { "babel-plugin-macros": "^3.1.0" }, "optionalPeers": ["babel-plugin-macros"] }, "sha512-9JmrhGZpOlEgOLdQgSm0zxFaYoQon408V1v49aqTWuXENVlnCuY9JBZcXZiCsZQWDjTm5Qf/nIvAy77mXDAjEg=="],
 
     "default-browser": ["default-browser@5.4.0", "", { "dependencies": { "bundle-name": "^4.1.0", "default-browser-id": "^5.0.0" } }, "sha512-XDuvSq38Hr1MdN47EDvYtx3U0MTqpCEn+F6ft8z2vYDzMrvQhVp0ui9oQdqW3MvK3vqUETglt1tVGgjLuJ5izg=="],
 
-    "default-browser-id": ["default-browser-id@5.0.0", "", {}, "sha512-A6p/pu/6fyBcA1TRz/GqWYPViplrftcW2gZC9q79ngNCKAeR/X3gcEdXQHl4KNXV+3wgIJ1CPkJQ3IHM6lcsyA=="],
+    "default-browser-id": ["default-browser-id@5.0.1", "", {}, "sha512-x1VCxdX4t+8wVfd1so/9w+vQ4vx7lKd2Qp5tDRutErwmR85OgmfX7RlLRMWafRMY7hbEiXIbudNrjOAPa/hL8Q=="],
 
     "define-lazy-prop": ["define-lazy-prop@3.0.0", "", {}, "sha512-N+MeXYoqr3pOgn8xfyRPREN7gHakLYjhsHhWGT3fWAiL4IkAt0iDw14QiiEm2bE30c5XX5q0FtAA3CK5f9/BUg=="],
 
@@ -627,7 +646,11 @@
 
     "dotenv": ["dotenv@17.2.3", "", {}, "sha512-JVUnt+DUIzu87TABbhPmNfVdBDt18BLOWjMUFJMSi/Qqg7NTYtabbvSNJGOJ7afbRuv9D/lngizHtP7QyLQ+9w=="],
 
-    "drizzle-kit": ["drizzle-kit@0.31.7", "", { "dependencies": { "@drizzle-team/brocli": "^0.10.2", "@esbuild-kit/esm-loader": "^2.5.5", "esbuild": "^0.25.4", "esbuild-register": "^3.5.0" }, "bin": { "drizzle-kit": "bin.cjs" } }, "sha512-hOzRGSdyKIU4FcTSFYGKdXEjFsncVwHZ43gY3WU5Bz9j5Iadp6Rh6hxLSQ1IWXpKLBKt/d5y1cpSPcV+FcoQ1A=="],
+    "dotenv-cli": ["dotenv-cli@11.0.0", "", { "dependencies": { "cross-spawn": "^7.0.6", "dotenv": "^17.1.0", "dotenv-expand": "^12.0.0", "minimist": "^1.2.6" }, "bin": { "dotenv": "cli.js" } }, "sha512-r5pA8idbk7GFWuHEU7trSTflWcdBpQEK+Aw17UrSHjS6CReuhrrPcyC3zcQBPQvhArRHnBo/h6eLH1fkCvNlww=="],
+
+    "dotenv-expand": ["dotenv-expand@12.0.3", "", { "dependencies": { "dotenv": "^16.4.5" } }, "sha512-uc47g4b+4k/M/SeaW1y4OApx+mtLWl92l5LMPP0GNXctZqELk+YGgOPIIC5elYmUH4OuoK3JLhuRUYegeySiFA=="],
+
+    "drizzle-kit": ["drizzle-kit@0.31.8", "", { "dependencies": { "@drizzle-team/brocli": "^0.10.2", "@esbuild-kit/esm-loader": "^2.5.5", "esbuild": "^0.25.4", "esbuild-register": "^3.5.0" }, "bin": { "drizzle-kit": "bin.cjs" } }, "sha512-O9EC/miwdnRDY10qRxM8P3Pg8hXe3LyU4ZipReKOgTwn4OqANmftj8XJz1UPUAS6NMHf0E2htjsbQujUTkncCg=="],
 
     "drizzle-orm": ["drizzle-orm@0.44.7", "", { "peerDependencies": { "@aws-sdk/client-rds-data": ">=3", "@cloudflare/workers-types": ">=4", "@electric-sql/pglite": ">=0.2.0", "@libsql/client": ">=0.10.0", "@libsql/client-wasm": ">=0.10.0", "@neondatabase/serverless": ">=0.10.0", "@op-engineering/op-sqlite": ">=2", "@opentelemetry/api": "^1.4.1", "@planetscale/database": ">=1.13", "@prisma/client": "*", "@tidbcloud/serverless": "*", "@types/better-sqlite3": "*", "@types/pg": "*", "@types/sql.js": "*", "@upstash/redis": ">=1.34.7", "@vercel/postgres": ">=0.8.0", "@xata.io/client": "*", "better-sqlite3": ">=7", "bun-types": "*", "expo-sqlite": ">=14.0.0", "gel": ">=2", "knex": "*", "kysely": "*", "mysql2": ">=2", "pg": ">=8", "postgres": ">=3", "sql.js": ">=1", "sqlite3": ">=5" }, "optionalPeers": ["@aws-sdk/client-rds-data", "@cloudflare/workers-types", "@electric-sql/pglite", "@libsql/client", "@libsql/client-wasm", "@neondatabase/serverless", "@op-engineering/op-sqlite", "@opentelemetry/api", "@planetscale/database", "@prisma/client", "@tidbcloud/serverless", "@types/better-sqlite3", "@types/pg", "@types/sql.js", "@upstash/redis", "@vercel/postgres", "@xata.io/client", "better-sqlite3", "bun-types", "expo-sqlite", "gel", "knex", "kysely", "mysql2", "pg", "postgres", "sql.js", "sqlite3"] }, "sha512-quIpnYznjU9lHshEOAYLoZ9s3jweleHlZIAWR/jX9gAWNg/JhQ1wj0KGRf7/Zm+obRrYd9GjPVJg790QY9N5AQ=="],
 
@@ -635,13 +658,13 @@
 
     "ee-first": ["ee-first@1.1.1", "", {}, "sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow=="],
 
-    "electron-to-chromium": ["electron-to-chromium@1.5.250", "", {}, "sha512-/5UMj9IiGDMOFBnN4i7/Ry5onJrAGSbOGo3s9FEKmwobGq6xw832ccET0CE3CkkMBZ8GJSlUIesZofpyurqDXw=="],
+    "electron-to-chromium": ["electron-to-chromium@1.5.267", "", {}, "sha512-0Drusm6MVRXSOJpGbaSVgcQsuB4hEkMpHXaVstcPmhu5LIedxs1xNK/nIxmQIU/RPC0+1/o0AVZfBTkTNJOdUw=="],
 
     "enabled": ["enabled@2.0.0", "", {}, "sha512-AKrN98kuwOzMIdAizXGI86UFBoo26CL21UM763y1h/GMSJ4/OHU9k2YlsmBpyScFo/wbLzWQJBMCW4+IO3/+OQ=="],
 
     "encodeurl": ["encodeurl@2.0.0", "", {}, "sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg=="],
 
-    "enhanced-resolve": ["enhanced-resolve@5.18.3", "", { "dependencies": { "graceful-fs": "^4.2.4", "tapable": "^2.2.0" } }, "sha512-d4lC8xfavMeBjzGr2vECC3fsGXziXZQyJxD868h2M/mBI3PwAuODxAkLkq5HYuvrPYcUtiLzsTo8U3PgX3Ocww=="],
+    "enhanced-resolve": ["enhanced-resolve@5.18.4", "", { "dependencies": { "graceful-fs": "^4.2.4", "tapable": "^2.2.0" } }, "sha512-LgQMM4WXU3QI+SYgEc2liRgznaD5ojbmY3sb8LxyguVkIg5FxdpTkvk72te2R38/TGKxH634oLxXRGY6d7AP+Q=="],
 
     "es-define-property": ["es-define-property@1.0.1", "", {}, "sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g=="],
 
@@ -651,9 +674,9 @@
 
     "es-object-atoms": ["es-object-atoms@1.1.1", "", { "dependencies": { "es-errors": "^1.3.0" } }, "sha512-FGgH2h8zKNim9ljj7dankFPcICIK9Cp5bm+c2gQSYePhpaG5+esrLODihIorn+Pe6FGJzWhXQotPv73jTaldXA=="],
 
-    "es-toolkit": ["es-toolkit@1.42.0", "", {}, "sha512-SLHIyY7VfDJBM8clz4+T2oquwTQxEzu263AyhVK4jREOAwJ+8eebaa4wM3nlvnAqhDrMm2EsA6hWHaQsMPQ1nA=="],
+    "es-toolkit": ["es-toolkit@1.43.0", "", {}, "sha512-SKCT8AsWvYzBBuUqMk4NPwFlSdqLpJwmy6AP322ERn8W2YLIB6JBXnwMI2Qsh2gfphT3q7EKAxKb23cvFHFwKA=="],
 
-    "esbuild": ["esbuild@0.25.12", "", { "optionalDependencies": { "@esbuild/aix-ppc64": "0.25.12", "@esbuild/android-arm": "0.25.12", "@esbuild/android-arm64": "0.25.12", "@esbuild/android-x64": "0.25.12", "@esbuild/darwin-arm64": "0.25.12", "@esbuild/darwin-x64": "0.25.12", "@esbuild/freebsd-arm64": "0.25.12", "@esbuild/freebsd-x64": "0.25.12", "@esbuild/linux-arm": "0.25.12", "@esbuild/linux-arm64": "0.25.12", "@esbuild/linux-ia32": "0.25.12", "@esbuild/linux-loong64": "0.25.12", "@esbuild/linux-mips64el": "0.25.12", "@esbuild/linux-ppc64": "0.25.12", "@esbuild/linux-riscv64": "0.25.12", "@esbuild/linux-s390x": "0.25.12", "@esbuild/linux-x64": "0.25.12", "@esbuild/netbsd-arm64": "0.25.12", "@esbuild/netbsd-x64": "0.25.12", "@esbuild/openbsd-arm64": "0.25.12", "@esbuild/openbsd-x64": "0.25.12", "@esbuild/openharmony-arm64": "0.25.12", "@esbuild/sunos-x64": "0.25.12", "@esbuild/win32-arm64": "0.25.12", "@esbuild/win32-ia32": "0.25.12", "@esbuild/win32-x64": "0.25.12" }, "bin": { "esbuild": "bin/esbuild" } }, "sha512-bbPBYYrtZbkt6Os6FiTLCTFxvq4tt3JKall1vRwshA3fdVztsLAatFaZobhkBC8/BrPetoa0oksYoKXoG4ryJg=="],
+    "esbuild": ["esbuild@0.27.2", "", { "optionalDependencies": { "@esbuild/aix-ppc64": "0.27.2", "@esbuild/android-arm": "0.27.2", "@esbuild/android-arm64": "0.27.2", "@esbuild/android-x64": "0.27.2", "@esbuild/darwin-arm64": "0.27.2", "@esbuild/darwin-x64": "0.27.2", "@esbuild/freebsd-arm64": "0.27.2", "@esbuild/freebsd-x64": "0.27.2", "@esbuild/linux-arm": "0.27.2", "@esbuild/linux-arm64": "0.27.2", "@esbuild/linux-ia32": "0.27.2", "@esbuild/linux-loong64": "0.27.2", "@esbuild/linux-mips64el": "0.27.2", "@esbuild/linux-ppc64": "0.27.2", "@esbuild/linux-riscv64": "0.27.2", "@esbuild/linux-s390x": "0.27.2", "@esbuild/linux-x64": "0.27.2", "@esbuild/netbsd-arm64": "0.27.2", "@esbuild/netbsd-x64": "0.27.2", "@esbuild/openbsd-arm64": "0.27.2", "@esbuild/openbsd-x64": "0.27.2", "@esbuild/openharmony-arm64": "0.27.2", "@esbuild/sunos-x64": "0.27.2", "@esbuild/win32-arm64": "0.27.2", "@esbuild/win32-ia32": "0.27.2", "@esbuild/win32-x64": "0.27.2" }, "bin": { "esbuild": "bin/esbuild" } }, "sha512-HyNQImnsOC7X9PMNaCIeAm4ISCQXs5a5YasTXVliKv4uuBo1dKrG0A+uQS8M5eXjVMnLg3WgXaKvprHlFJQffw=="],
 
     "esbuild-register": ["esbuild-register@3.6.0", "", { "dependencies": { "debug": "^4.3.4" }, "peerDependencies": { "esbuild": ">=0.12 <1" } }, "sha512-H2/S7Pm8a9CL1uhp9OvjwrBh5Pvx0H8qVOxNu8Wed9Y7qv56MPtq+GGM8RJpq6glYJn9Wspr8uw7l55uyinNeg=="],
 
@@ -667,7 +690,7 @@
 
     "exit-hook": ["exit-hook@2.2.1", "", {}, "sha512-eNTPlAD67BmP31LDINZ3U7HSF8l57TxOY2PmBJ1shpCvpnxBF93mWCE8YHBnXs8qiUZJc9WDcWIeC3a2HIAMfw=="],
 
-    "express": ["express@4.21.2", "", { "dependencies": { "accepts": "~1.3.8", "array-flatten": "1.1.1", "body-parser": "1.20.3", "content-disposition": "0.5.4", "content-type": "~1.0.4", "cookie": "0.7.1", "cookie-signature": "1.0.6", "debug": "2.6.9", "depd": "2.0.0", "encodeurl": "~2.0.0", "escape-html": "~1.0.3", "etag": "~1.8.1", "finalhandler": "1.3.1", "fresh": "0.5.2", "http-errors": "2.0.0", "merge-descriptors": "1.0.3", "methods": "~1.1.2", "on-finished": "2.4.1", "parseurl": "~1.3.3", "path-to-regexp": "0.1.12", "proxy-addr": "~2.0.7", "qs": "6.13.0", "range-parser": "~1.2.1", "safe-buffer": "5.2.1", "send": "0.19.0", "serve-static": "1.16.2", "setprototypeof": "1.2.0", "statuses": "2.0.1", "type-is": "~1.6.18", "utils-merge": "1.0.1", "vary": "~1.1.2" } }, "sha512-28HqgMZAmih1Czt9ny7qr6ek2qddF4FclbMzwhCREB6OFfH+rXAnuNCwo1/wFvrtbgsQDb4kSbX9de9lFbrXnA=="],
+    "express": ["express@4.22.1", "", { "dependencies": { "accepts": "~1.3.8", "array-flatten": "1.1.1", "body-parser": "~1.20.3", "content-disposition": "~0.5.4", "content-type": "~1.0.4", "cookie": "~0.7.1", "cookie-signature": "~1.0.6", "debug": "2.6.9", "depd": "2.0.0", "encodeurl": "~2.0.0", "escape-html": "~1.0.3", "etag": "~1.8.1", "finalhandler": "~1.3.1", "fresh": "~0.5.2", "http-errors": "~2.0.0", "merge-descriptors": "1.0.3", "methods": "~1.1.2", "on-finished": "~2.4.1", "parseurl": "~1.3.3", "path-to-regexp": "~0.1.12", "proxy-addr": "~2.0.7", "qs": "~6.14.0", "range-parser": "~1.2.1", "safe-buffer": "5.2.1", "send": "~0.19.0", "serve-static": "~1.16.2", "setprototypeof": "1.2.0", "statuses": "~2.0.1", "type-is": "~1.6.18", "utils-merge": "1.0.1", "vary": "~1.1.2" } }, "sha512-F2X8g9P1X7uCPZMA3MVf9wcTqlyNp7IhH5qPCI0izhaOIYXaW9L535tGA3qmjRzpH+bZczqq7hVKxTR4NWnu+g=="],
 
     "exsolve": ["exsolve@1.0.8", "", {}, "sha512-LmDxfWXwcTArk8fUEnOfSZpHOJ6zOMUJKOtFLFqJLoKJetuQG874Uc7/Kki7zFLzYybmZhp1M7+98pfMqeX8yA=="],
 
@@ -675,7 +698,7 @@
 
     "fecha": ["fecha@4.2.3", "", {}, "sha512-OP2IUU6HeYKJi3i0z4A19kHMQoLVs4Hc+DPqqxI2h/DPZHTm/vjsfC6P0b4jCMy14XizLBqvndQ+UilD7707Jw=="],
 
-    "finalhandler": ["finalhandler@1.3.1", "", { "dependencies": { "debug": "2.6.9", "encodeurl": "~2.0.0", "escape-html": "~1.0.3", "on-finished": "2.4.1", "parseurl": "~1.3.3", "statuses": "2.0.1", "unpipe": "~1.0.0" } }, "sha512-6BN9trH7bp3qvnrRyzsBz+g3lZxTNZTbVO2EV1CS0WIcDbawYVdYvGflME/9QP0h0pYlCDBCTjYa9nZzMDpyxQ=="],
+    "finalhandler": ["finalhandler@1.3.2", "", { "dependencies": { "debug": "2.6.9", "encodeurl": "~2.0.0", "escape-html": "~1.0.3", "on-finished": "~2.4.1", "parseurl": "~1.3.3", "statuses": "~2.0.2", "unpipe": "~1.0.0" } }, "sha512-aA4RyPcd3badbdABGDuTXCMTtOneUCAYH/gxoYRTZlIJdF0YPWuGqiAsIrhNnnqdXGswYk6dGujem4w80UJFhg=="],
 
     "fn.name": ["fn.name@1.1.0", "", {}, "sha512-GRnmB5gPyJpAhTQdSZTSp9uaPSvl09KoYcMQtsB9rQoOmzs9dH6ffeccH+Z+cv6P68Hu5bC6JjRh4Ah/mHSNRw=="],
 
@@ -707,15 +730,19 @@
 
     "graceful-fs": ["graceful-fs@4.2.11", "", {}, "sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ=="],
 
+    "h3": ["h3@1.15.4", "", { "dependencies": { "cookie-es": "^1.2.2", "crossws": "^0.3.5", "defu": "^6.1.4", "destr": "^2.0.5", "iron-webcrypto": "^1.2.1", "node-mock-http": "^1.0.2", "radix3": "^1.1.2", "ufo": "^1.6.1", "uncrypto": "^0.1.3" } }, "sha512-z5cFQWDffyOe4vQ9xIqNfCZdV4p//vy6fBnr8Q1AWnVZ0teurKMG66rLj++TKwKPUP3u7iMUvrvKaEUiQw2QWQ=="],
+
     "has-symbols": ["has-symbols@1.1.0", "", {}, "sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ=="],
 
     "hasown": ["hasown@2.0.2", "", { "dependencies": { "function-bind": "^1.1.2" } }, "sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ=="],
 
     "hono": ["hono@4.10.5", "", {}, "sha512-h/MXuTkoAK8NG1EfDp0jI1YLf6yGdDnfkebRO2pwEh5+hE3RAJFXkCsnD0vamSiARK4ZrB6MY+o3E/hCnOyHrQ=="],
 
-    "hono-openapi": ["hono-openapi@1.1.1", "", { "peerDependencies": { "@hono/standard-validator": "^0.1.2", "@standard-community/standard-json": "^0.3.5", "@standard-community/standard-openapi": "^0.2.8", "@types/json-schema": "^7.0.15", "hono": "^4.8.3", "openapi-types": "^12.1.3" }, "optionalPeers": ["@hono/standard-validator", "hono"] }, "sha512-AC3HNhZYPHhnZdSy2Je7GDoTTNxPos6rKRQKVDBbSilY3cWJPqsxRnN6zA4pU7tfxmQEMTqkiLXbw6sAaemB8Q=="],
+    "hono-openapi": ["hono-openapi@1.1.2", "", { "peerDependencies": { "@hono/standard-validator": "^0.2.0", "@standard-community/standard-json": "^0.3.5", "@standard-community/standard-openapi": "^0.2.9", "@types/json-schema": "^7.0.15", "hono": "^4.8.3", "openapi-types": "^12.1.3" }, "optionalPeers": ["@hono/standard-validator", "hono"] }, "sha512-toUcO60MftRBxqcVyxsHNYs2m4vf4xkQaiARAucQx3TiBPDtMNNkoh+C4I1vAretQZiGyaLOZNWn1YxfSyUA5g=="],
+
+    "hono-rate-limiter": ["hono-rate-limiter@0.5.1", "", { "peerDependencies": { "hono": "^4.10.8", "unstorage": "^1.17.3" } }, "sha512-c3bUn6IRgFKjlouvRNBy+ZIPZ2CTyTt3fc0uat2bv3GiHmLM4jI0QJ6fHd3Tf4R6dO2sX2Uvl9Gtp+kny4KdXg=="],
 
-    "http-errors": ["http-errors@2.0.0", "", { "dependencies": { "depd": "2.0.0", "inherits": "2.0.4", "setprototypeof": "1.2.0", "statuses": "2.0.1", "toidentifier": "1.0.1" } }, "sha512-FtwrG/euBzaEjYeRqOgly7G0qviiXoJWnvEH2Z1plBdXgbyjv34pHTSb9zoeHMyDy33+DWy5Wt9Wo+TURtOYSQ=="],
+    "http-errors": ["http-errors@2.0.1", "", { "dependencies": { "depd": "~2.0.0", "inherits": "~2.0.4", "setprototypeof": "~1.2.0", "statuses": "~2.0.2", "toidentifier": "~1.0.1" } }, "sha512-4FbRdAX+bSdmo4AUFuS0WNiPz8NgFt+r8ThgNWmlrjQjt1Q7ZR9+zTlce2859x4KSXrwIsaeTqDoKQmtP8pLmQ=="],
 
     "http-errors-enhanced": ["http-errors-enhanced@4.0.2", "", {}, "sha512-5EXN1gmhJVvuWpNfz+RclWvLnnENEXNMPfww3gm30H9mQzPF4QSBj/MD5FRkVDxGIUhO/cR2GSLCd/6C6xpBcw=="],
 
@@ -729,6 +756,8 @@
 
     "ipaddr.js": ["ipaddr.js@1.9.1", "", {}, "sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g=="],
 
+    "iron-webcrypto": ["iron-webcrypto@1.2.1", "", {}, "sha512-feOM6FaSr6rEABp/eDfVseKyTMDt+KGpeB35SkVn9Tyn0CqvVsY3EwI0v5i8nMHyJnzCIQf7nsy3p41TPkJZhg=="],
+
     "is-docker": ["is-docker@3.0.0", "", { "bin": { "is-docker": "cli.js" } }, "sha512-eljcgEDlEns/7AXFosB5K/2nCM4P7FQPkGc/DWLy5rmFEWvZayGrik1d9/QIY5nJ4f9YsVvBkA6kJpHn9rISdQ=="],
 
     "is-in-ssh": ["is-in-ssh@1.0.0", "", {}, "sha512-jYa6Q9rH90kR1vKB6NM7qqd1mge3Fx4Dhw5TVlK1MUBqhEOuCagrEHMevNuCcbECmXZ0ThXkRm+Ymr51HwEPAw=="],
@@ -741,6 +770,8 @@
 
     "isbot": ["isbot@5.1.32", "", {}, "sha512-VNfjM73zz2IBZmdShMfAUg10prm6t7HFUQmNAEOAVS4YH92ZrZcvkMcGX6cIgBJAzWDzPent/EeAtYEHNPNPBQ=="],
 
+    "isexe": ["isexe@2.0.0", "", {}, "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw=="],
+
     "jiti": ["jiti@2.6.1", "", { "bin": { "jiti": "lib/jiti-cli.mjs" } }, "sha512-ekilCSN1jwRvIbgeg/57YFh8qQDNbwDb9xT/qu2DAHbFFZUicIl4ygVaAvzveMhMVr3LnpSKTNnwt8PoOfmKhQ=="],
 
     "js-tokens": ["js-tokens@4.0.0", "", {}, "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ=="],
@@ -781,7 +812,7 @@
 
     "logform": ["logform@2.7.0", "", { "dependencies": { "@colors/colors": "1.6.0", "@types/triple-beam": "^1.3.2", "fecha": "^4.2.0", "ms": "^2.1.1", "safe-stable-stringify": "^2.3.1", "triple-beam": "^1.3.0" } }, "sha512-TFYA4jnP7PVbmlBIfhlSe+WKxs9dklXMTEGcBCIvLhE/Tn3H6Gk1norupVW7m5Cnd4bLcr08AytbyV/xj7f/kQ=="],
 
-    "lru-cache": ["lru-cache@5.1.1", "", { "dependencies": { "yallist": "^3.0.2" } }, "sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w=="],
+    "lru-cache": ["lru-cache@10.4.3", "", {}, "sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ=="],
 
     "lucide-react": ["lucide-react@0.555.0", "", { "peerDependencies": { "react": "^16.5.1 || ^17.0.0 || ^18.0.0 || ^19.0.0" } }, "sha512-D8FvHUGbxWBRQM90NZeIyhAvkFfsh3u9ekrMvJ30Z6gnpBHS6HC6ldLg7tL45hwiIz/u66eKDtdA23gwwGsAHA=="],
 
@@ -805,6 +836,8 @@
 
     "minimatch": ["minimatch@9.0.5", "", { "dependencies": { "brace-expansion": "^2.0.1" } }, "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow=="],
 
+    "minimist": ["minimist@1.2.8", "", {}, "sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA=="],
+
     "morgan": ["morgan@1.10.1", "", { "dependencies": { "basic-auth": "~2.0.1", "debug": "2.6.9", "depd": "~2.0.0", "on-finished": "~2.3.0", "on-headers": "~1.1.0" } }, "sha512-223dMRJtI/l25dJKWpgij2cMtywuG/WiUKXdvwfbhGKBhy1puASqXwFzmWZ7+K73vUPoR7SS2Qz2cI/g9MKw0A=="],
 
     "ms": ["ms@2.1.3", "", {}, "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA=="],
@@ -819,12 +852,18 @@
 
     "node-fetch-native": ["node-fetch-native@1.6.7", "", {}, "sha512-g9yhqoedzIUm0nTnTqAQvueMPVOuIY16bqgAJJC8XOOubYFNwz6IER9qs0Gq2Xd0+CecCKFjtdDTMA4u4xG06Q=="],
 
+    "node-mock-http": ["node-mock-http@1.0.4", "", {}, "sha512-8DY+kFsDkNXy1sJglUfuODx1/opAGJGyrTuFqEoN90oRc2Vk0ZbD4K2qmKXBBEhZQzdKHIVfEJpDU8Ak2NJEvQ=="],
+
     "node-releases": ["node-releases@2.0.27", "", {}, "sha512-nmh3lCkYZ3grZvqcCH+fjmQ7X+H0OeZgP40OierEaAptX4XofMh5kwNbWh7lBduUzCcV/8kZ+NDLCwm2iorIlA=="],
 
+    "normalize-path": ["normalize-path@3.0.0", "", {}, "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA=="],
+
     "nypm": ["nypm@0.6.2", "", { "dependencies": { "citty": "^0.1.6", "consola": "^3.4.2", "pathe": "^2.0.3", "pkg-types": "^2.3.0", "tinyexec": "^1.0.1" }, "bin": { "nypm": "dist/cli.mjs" } }, "sha512-7eM+hpOtrKrBDCh7Ypu2lJ9Z7PNZBdi/8AT3AX8xoCj43BBVHD0hPSTEvMtkMpfs8FCqBGhxB+uToIQimA111g=="],
 
     "object-inspect": ["object-inspect@1.13.4", "", {}, "sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew=="],
 
+    "ofetch": ["ofetch@1.5.1", "", { "dependencies": { "destr": "^2.0.5", "node-fetch-native": "^1.6.7", "ufo": "^1.6.1" } }, "sha512-2W4oUZlVaqAPAil6FUg/difl6YhqhUR7x2eZY4bQCko22UXg3hptq9KLQdqFClV+Wu85UX7hNtdGTngi/1BxcA=="],
+
     "ohash": ["ohash@2.0.11", "", {}, "sha512-RdR9FQrFwNBNXAr4GixM8YaRZRJ5PUWbKYbE5eOsrwAjJW0q2REGcf79oYPsLyskQCZG1PLN+S/K1V00joZAoQ=="],
 
     "on-finished": ["on-finished@2.4.1", "", { "dependencies": { "ee-first": "1.1.1" } }, "sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg=="],
@@ -841,6 +880,8 @@
 
     "parseurl": ["parseurl@1.3.3", "", {}, "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ=="],
 
+    "path-key": ["path-key@3.1.1", "", {}, "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q=="],
+
     "path-to-regexp": ["path-to-regexp@0.1.12", "", {}, "sha512-RA1GjUVMnvYFxuqovrEqZoxxW5NUZqbwKtYz/Tt7nXerk0LbLblQmrsgdeOxV5SFHf0UDggjS/bSeOZwt1pmEQ=="],
 
     "pathe": ["pathe@1.1.2", "", {}, "sha512-whLdWMYL2TwI08hn8/ZqAbrVemu0LNaNNJZX73O6qaIdCTfXutsLhMkjdENX0qhsQ9uIimo4/aQOmXkoon2nDQ=="],
@@ -857,37 +898,39 @@
 
     "powershell-utils": ["powershell-utils@0.1.0", "", {}, "sha512-dM0jVuXJPsDN6DvRpea484tCUaMiXWjuCn++HGTqUWzGDjv5tZkEZldAJ/UMlqRYGFrD/etByo4/xOuC/snX2A=="],
 
-    "prettier": ["prettier@3.6.2", "", { "bin": { "prettier": "bin/prettier.cjs" } }, "sha512-I7AIg5boAr5R0FFtJ6rCfD+LFsWHp81dolrFD8S79U9tb8Az2nGrJncnMSnys+bpQJfRUzqs9hnA81OAA3hCuQ=="],
+    "prettier": ["prettier@3.7.4", "", { "bin": { "prettier": "bin/prettier.cjs" } }, "sha512-v6UNi1+3hSlVvv8fSaoUbggEM5VErKmmpGA7Pl3HF8V6uKY7rvClBOJlH6yNwQtfTueNkGVpOv/mtWL9L4bgRA=="],
 
     "proxy-addr": ["proxy-addr@2.0.7", "", { "dependencies": { "forwarded": "0.2.0", "ipaddr.js": "1.9.1" } }, "sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg=="],
 
-    "qs": ["qs@6.13.0", "", { "dependencies": { "side-channel": "^1.0.6" } }, "sha512-+38qI9SOr8tfZ4QmJNplMUxqjbe7LKvvZgWdExBOmd+egZTtjLB67Gu0HRX3u/XOq7UU2Nx6nsjvS16Z9uwfpg=="],
+    "qs": ["qs@6.14.0", "", { "dependencies": { "side-channel": "^1.1.0" } }, "sha512-YWWTjgABSKcvs/nWBi9PycY/JiPJqOD4JA6o9Sej2AtvSGarXxKC3OQSk4pAarbdQlKAh5D4FCQkJNkW+GAn3w=="],
 
     "quansync": ["quansync@0.2.11", "", {}, "sha512-AifT7QEbW9Nri4tAwR5M/uzpBuqfZf+zwaEM/QkzEjj7NBuFD2rBuy0K3dE+8wltbezDV7JMA0WfnCPYRSYbXA=="],
 
+    "radix3": ["radix3@1.1.2", "", {}, "sha512-b484I/7b8rDEdSDKckSSBA8knMpcdsXudlE/LNL639wFoHKwLbEkQFZHWEYwDC0wa0FKUcCY+GAF73Z7wxNVFA=="],
+
     "range-parser": ["range-parser@1.2.1", "", {}, "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg=="],
 
-    "raw-body": ["raw-body@2.5.2", "", { "dependencies": { "bytes": "3.1.2", "http-errors": "2.0.0", "iconv-lite": "0.4.24", "unpipe": "1.0.0" } }, "sha512-8zGqypfENjCIqGhgXToC8aB2r7YrBX+AQAfIPs/Mlk+BtPTztOvTS01NRW/3Eh60J+a48lt8qsCzirQ6loCVfA=="],
+    "raw-body": ["raw-body@2.5.3", "", { "dependencies": { "bytes": "~3.1.2", "http-errors": "~2.0.1", "iconv-lite": "~0.4.24", "unpipe": "~1.0.0" } }, "sha512-s4VSOf6yN0rvbRZGxs8Om5CWj6seneMwK3oDb4lWDH0UPhWcxwOWw5+qk24bxq87szX1ydrwylIOp2uG1ojUpA=="],
 
     "rc9": ["rc9@2.1.2", "", { "dependencies": { "defu": "^6.1.4", "destr": "^2.0.3" } }, "sha512-btXCnMmRIBINM2LDZoEmOogIZU7Qe7zn4BpomSKZ/ykbLObuBdvG+mFq11DL6fjH1DRwHhrlgtYWG96bJiC7Cg=="],
 
-    "react": ["react@19.2.1", "", {}, "sha512-DGrYcCWK7tvYMnWh79yrPHt+vdx9tY+1gPZa7nJQtO/p8bLTDaHp4dzwEhQB7pZ4Xe3ok4XKuEPrVuc+wlpkmw=="],
+    "react": ["react@19.2.3", "", {}, "sha512-Ku/hhYbVjOQnXDZFv2+RibmLFGwFdeeKHFcOTlrt7xplBnya5OGn/hIRDsqDiSUcfORsDC7MPxwork8jBwsIWA=="],
 
-    "react-dom": ["react-dom@19.2.1", "", { "dependencies": { "scheduler": "^0.27.0" }, "peerDependencies": { "react": "^19.2.1" } }, "sha512-ibrK8llX2a4eOskq1mXKu/TGZj9qzomO+sNfO98M6d9zIPOEhlBkMkBUBLd1vgS0gQsLDBzA+8jJBVXDnfHmJg=="],
+    "react-dom": ["react-dom@19.2.3", "", { "dependencies": { "scheduler": "^0.27.0" }, "peerDependencies": { "react": "^19.2.3" } }, "sha512-yELu4WmLPw5Mr/lmeEpox5rw3RETacE++JgHqQzd2dg+YbJuat3jH4ingc+WPZhxaoFzdv9y33G+F7Nl5O0GBg=="],
 
     "react-hook-form": ["react-hook-form@7.68.0", "", { "peerDependencies": { "react": "^16.8.0 || ^17 || ^18 || ^19" } }, "sha512-oNN3fjrZ/Xo40SWlHf1yCjlMK417JxoSJVUXQjGdvdRCU07NTFei1i1f8ApUAts+IVh14e4EdakeLEA+BEAs/Q=="],
 
-    "react-is": ["react-is@19.2.0", "", {}, "sha512-x3Ax3kNSMIIkyVYhWPyO09bu0uttcAIoecO/um/rKGQ4EltYWVYtyiGkS/3xMynrbVQdS69Jhlv8FXUEZehlzA=="],
+    "react-is": ["react-is@19.2.3", "", {}, "sha512-qJNJfu81ByyabuG7hPFEbXqNcWSU3+eVus+KJs+0ncpGfMyYdvSmxiJxbWR65lYi1I+/0HBcliO029gc4F+PnA=="],
 
     "react-redux": ["react-redux@9.2.0", "", { "dependencies": { "@types/use-sync-external-store": "^0.0.6", "use-sync-external-store": "^1.4.0" }, "peerDependencies": { "@types/react": "^18.2.25 || ^19", "react": "^18.0 || ^19", "redux": "^5.0.0" }, "optionalPeers": ["@types/react", "redux"] }, "sha512-ROY9fvHhwOD9ySfrF0wmvu//bKCQ6AeZZq1nJNtbDC+kk5DuSuNX/n6YWYF/SYy7bSba4D4FSz8DJeKY/S/r+g=="],
 
     "react-refresh": ["react-refresh@0.14.2", "", {}, "sha512-jCvmsr+1IUSMUyzOkRcvnVbX3ZYC6g9TDrDbFuFmRDq7PD4yaGbLKNQL6k2jnArV8hjYxh7hVhAZB6s9HDGpZA=="],
 
-    "react-remove-scroll": ["react-remove-scroll@2.7.1", "", { "dependencies": { "react-remove-scroll-bar": "^2.3.7", "react-style-singleton": "^2.2.3", "tslib": "^2.1.0", "use-callback-ref": "^1.3.3", "use-sidecar": "^1.1.3" }, "peerDependencies": { "@types/react": "*", "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0 || ^19.0.0-rc" }, "optionalPeers": ["@types/react"] }, "sha512-HpMh8+oahmIdOuS5aFKKY6Pyog+FNaZV/XyJOq7b4YFwsFHe5yYfdbIalI4k3vU2nSDql7YskmUseHsRrJqIPA=="],
+    "react-remove-scroll": ["react-remove-scroll@2.7.2", "", { "dependencies": { "react-remove-scroll-bar": "^2.3.7", "react-style-singleton": "^2.2.3", "tslib": "^2.1.0", "use-callback-ref": "^1.3.3", "use-sidecar": "^1.1.3" }, "peerDependencies": { "@types/react": "*", "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0 || ^19.0.0-rc" }, "optionalPeers": ["@types/react"] }, "sha512-Iqb9NjCCTt6Hf+vOdNIZGdTiH1QSqr27H/Ek9sv/a97gfueI/5h1s3yRi1nngzMUaOOToin5dI1dXKdXiF+u0Q=="],
 
     "react-remove-scroll-bar": ["react-remove-scroll-bar@2.3.8", "", { "dependencies": { "react-style-singleton": "^2.2.2", "tslib": "^2.0.0" }, "peerDependencies": { "@types/react": "*", "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0" }, "optionalPeers": ["@types/react"] }, "sha512-9r+yi9+mgU33AKcj6IbT9oRCO78WriSj6t/cF8DWBZJ9aOGPOTEDvdUDz1FwKim7QXWwmHqtdHnRJfhAxEG46Q=="],
 
-    "react-router": ["react-router@7.10.0", "", { "dependencies": { "cookie": "^1.0.1", "set-cookie-parser": "^2.6.0" }, "peerDependencies": { "react": ">=18", "react-dom": ">=18" }, "optionalPeers": ["react-dom"] }, "sha512-FVyCOH4IZ0eDDRycODfUqoN8ZSR2LbTvtx6RPsBgzvJ8xAXlMZNCrOFpu+jb8QbtZnpAd/cEki2pwE848pNGxw=="],
+    "react-router": ["react-router@7.11.0", "", { "dependencies": { "cookie": "^1.0.1", "set-cookie-parser": "^2.6.0" }, "peerDependencies": { "react": ">=18", "react-dom": ">=18" }, "optionalPeers": ["react-dom"] }, "sha512-uI4JkMmjbWCZc01WVP2cH7ZfSzH91JAZUDd7/nIprDgWxBV1TkkmLToFh7EbMTcMak8URFRa2YoBL/W8GWnCTQ=="],
 
     "react-router-hono-server": ["react-router-hono-server@2.22.0", "", { "dependencies": { "@drizzle-team/brocli": "^0.11.0", "@hono/node-server": "^1.19.5", "@hono/node-ws": "^1.2.0", "@hono/vite-dev-server": "^0.23.0", "hono": "^4.10.3" }, "peerDependencies": { "@cloudflare/workers-types": "^4.20250317.0", "@react-router/dev": "^7.9.0", "@types/react": "^19.0.0", "miniflare": "^3.20241205.0", "react-router": "^7.9.0", "vite": "^7.0.0", "wrangler": "^4.2.0" }, "optionalPeers": ["@cloudflare/workers-types", "miniflare", "wrangler"], "bin": { "react-router-hono-server": "dist/cli.js" } }, "sha512-XPJp1PQtkjHsFrneUdvmv22o7LPBGYEW11KtTDEmpXQINW5ViwpzUuwb0/eGjZ9E4RQh6AOKYsXA4+QIqXTkrQ=="],
 
@@ -907,7 +950,7 @@
 
     "resolve-pkg-maps": ["resolve-pkg-maps@1.0.0", "", {}, "sha512-seS2Tj26TBVOC2NIc2rOe2y2ZO7efxITtLZcGSOnHHNOQ7CkiUBfw0Iw2ck6xkIhPwLhKNLS8BO+hEpngQlqzw=="],
 
-    "rollup": ["rollup@4.53.2", "", { "dependencies": { "@types/estree": "1.0.8" }, "optionalDependencies": { "@rollup/rollup-android-arm-eabi": "4.53.2", "@rollup/rollup-android-arm64": "4.53.2", "@rollup/rollup-darwin-arm64": "4.53.2", "@rollup/rollup-darwin-x64": "4.53.2", "@rollup/rollup-freebsd-arm64": "4.53.2", "@rollup/rollup-freebsd-x64": "4.53.2", "@rollup/rollup-linux-arm-gnueabihf": "4.53.2", "@rollup/rollup-linux-arm-musleabihf": "4.53.2", "@rollup/rollup-linux-arm64-gnu": "4.53.2", "@rollup/rollup-linux-arm64-musl": "4.53.2", "@rollup/rollup-linux-loong64-gnu": "4.53.2", "@rollup/rollup-linux-ppc64-gnu": "4.53.2", "@rollup/rollup-linux-riscv64-gnu": "4.53.2", "@rollup/rollup-linux-riscv64-musl": "4.53.2", "@rollup/rollup-linux-s390x-gnu": "4.53.2", "@rollup/rollup-linux-x64-gnu": "4.53.2", "@rollup/rollup-linux-x64-musl": "4.53.2", "@rollup/rollup-openharmony-arm64": "4.53.2", "@rollup/rollup-win32-arm64-msvc": "4.53.2", "@rollup/rollup-win32-ia32-msvc": "4.53.2", "@rollup/rollup-win32-x64-gnu": "4.53.2", "@rollup/rollup-win32-x64-msvc": "4.53.2", "fsevents": "~2.3.2" }, "bin": { "rollup": "dist/bin/rollup" } }, "sha512-MHngMYwGJVi6Fmnk6ISmnk7JAHRNF0UkuucA0CUW3N3a4KnONPEZz+vUanQP/ZC/iY1Qkf3bwPWzyY84wEks1g=="],
+    "rollup": ["rollup@4.53.5", "", { "dependencies": { "@types/estree": "1.0.8" }, "optionalDependencies": { "@rollup/rollup-android-arm-eabi": "4.53.5", "@rollup/rollup-android-arm64": "4.53.5", "@rollup/rollup-darwin-arm64": "4.53.5", "@rollup/rollup-darwin-x64": "4.53.5", "@rollup/rollup-freebsd-arm64": "4.53.5", "@rollup/rollup-freebsd-x64": "4.53.5", "@rollup/rollup-linux-arm-gnueabihf": "4.53.5", "@rollup/rollup-linux-arm-musleabihf": "4.53.5", "@rollup/rollup-linux-arm64-gnu": "4.53.5", "@rollup/rollup-linux-arm64-musl": "4.53.5", "@rollup/rollup-linux-loong64-gnu": "4.53.5", "@rollup/rollup-linux-ppc64-gnu": "4.53.5", "@rollup/rollup-linux-riscv64-gnu": "4.53.5", "@rollup/rollup-linux-riscv64-musl": "4.53.5", "@rollup/rollup-linux-s390x-gnu": "4.53.5", "@rollup/rollup-linux-x64-gnu": "4.53.5", "@rollup/rollup-linux-x64-musl": "4.53.5", "@rollup/rollup-openharmony-arm64": "4.53.5", "@rollup/rollup-win32-arm64-msvc": "4.53.5", "@rollup/rollup-win32-ia32-msvc": "4.53.5", "@rollup/rollup-win32-x64-gnu": "4.53.5", "@rollup/rollup-win32-x64-msvc": "4.53.5", "fsevents": "~2.3.2" }, "bin": { "rollup": "dist/bin/rollup" } }, "sha512-iTNAbFSlRpcHeeWu73ywU/8KuU/LZmNCSxp6fjQkJBD3ivUb8tpDrXhIxEzA05HlYMEwmtaUnb3RP+YNv162OQ=="],
 
     "run-applescript": ["run-applescript@7.1.0", "", {}, "sha512-DPe5pVFaAsinSaV6QjQ6gdiedWDcRCbUuiQfQa2wmWV7+xC9bGulGI8+TdRmoFkAPaBXk8CrAbnlY2ISniJ47Q=="],
 
@@ -921,14 +964,18 @@
 
     "semver": ["semver@7.7.2", "", { "bin": { "semver": "bin/semver.js" } }, "sha512-RF0Fw+rO5AMf9MAyaRXI4AV0Ulj5lMHqVxxdSgiVbixSCXoEmmX/jk0CuJw4+3SqroYO9VoUh+HcuJivvtJemA=="],
 
-    "send": ["send@0.19.0", "", { "dependencies": { "debug": "2.6.9", "depd": "2.0.0", "destroy": "1.2.0", "encodeurl": "~1.0.2", "escape-html": "~1.0.3", "etag": "~1.8.1", "fresh": "0.5.2", "http-errors": "2.0.0", "mime": "1.6.0", "ms": "2.1.3", "on-finished": "2.4.1", "range-parser": "~1.2.1", "statuses": "2.0.1" } }, "sha512-dW41u5VfLXu8SJh5bwRmyYUbAoSB3c9uQh6L8h/KtsFREPWpbX1lrljJo186Jc4nmci/sGUZ9a0a0J2zgfq2hw=="],
+    "send": ["send@0.19.2", "", { "dependencies": { "debug": "2.6.9", "depd": "2.0.0", "destroy": "1.2.0", "encodeurl": "~2.0.0", "escape-html": "~1.0.3", "etag": "~1.8.1", "fresh": "~0.5.2", "http-errors": "~2.0.1", "mime": "1.6.0", "ms": "2.1.3", "on-finished": "~2.4.1", "range-parser": "~1.2.1", "statuses": "~2.0.2" } }, "sha512-VMbMxbDeehAxpOtWJXlcUS5E8iXh6QmN+BkRX1GARS3wRaXEEgzCcB10gTQazO42tpNIya8xIyNx8fll1OFPrg=="],
 
-    "serve-static": ["serve-static@1.16.2", "", { "dependencies": { "encodeurl": "~2.0.0", "escape-html": "~1.0.3", "parseurl": "~1.3.3", "send": "0.19.0" } }, "sha512-VqpjJZKadQB/PEbEwvFdO43Ax5dFBZ2UECszz8bQ7pi7wt//PWe1P6MN7eCnjsatYtBT6EuiClbjSWP2WrIoTw=="],
+    "serve-static": ["serve-static@1.16.3", "", { "dependencies": { "encodeurl": "~2.0.0", "escape-html": "~1.0.3", "parseurl": "~1.3.3", "send": "~0.19.1" } }, "sha512-x0RTqQel6g5SY7Lg6ZreMmsOzncHFU7nhnRWkKgWuMTu5NN0DR5oruckMqRvacAN9d5w6ARnRBXl9xhDCgfMeA=="],
 
     "set-cookie-parser": ["set-cookie-parser@2.7.2", "", {}, "sha512-oeM1lpU/UvhTxw+g3cIfxXHyJRc/uidd3yK1P242gzHds0udQBYzs3y8j4gCCW+ZJ7ad0yctld8RYO+bdurlvw=="],
 
     "setprototypeof": ["setprototypeof@1.2.0", "", {}, "sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw=="],
 
+    "shebang-command": ["shebang-command@2.0.0", "", { "dependencies": { "shebang-regex": "^3.0.0" } }, "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA=="],
+
+    "shebang-regex": ["shebang-regex@3.0.0", "", {}, "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A=="],
+
     "side-channel": ["side-channel@1.1.0", "", { "dependencies": { "es-errors": "^1.3.0", "object-inspect": "^1.13.3", "side-channel-list": "^1.0.0", "side-channel-map": "^1.0.1", "side-channel-weakmap": "^1.0.2" } }, "sha512-ZX99e6tRweoUXqR+VBrslhda51Nh5MTQwou5tnUDgbtyM0dBgmhEDtWGP/xbKn6hqfPRHujUNwz5fy/wbbhnpw=="],
 
     "side-channel-list": ["side-channel-list@1.0.0", "", { "dependencies": { "es-errors": "^1.3.0", "object-inspect": "^1.13.3" } }, "sha512-FCLHtRD/gnpCiCHEiJLOwdmFP+wzCmDEkc9y7NsYxeF4u7Btsn1ZuwgwJGxImImHicJArLP4R0yX4c2KCrMrTA=="],
@@ -949,7 +996,7 @@
 
     "stack-trace": ["stack-trace@0.0.10", "", {}, "sha512-KGzahc7puUKkzyMt+IqAep+TVNbKP+k2Lmwhub39m1AsTSkaDutx56aDCo+HLDzf/D26BIHTJWNiTG1KAJiQCg=="],
 
-    "statuses": ["statuses@2.0.1", "", {}, "sha512-RwNA9Z/7PrK06rYLIzFMlaF+l73iwpzsqRIFgbMLbTcLD6cOao82TaWefPXQvB2fOC4AjuYSEndS7N/mTCbkdQ=="],
+    "statuses": ["statuses@2.0.2", "", {}, "sha512-DvEy55V3DB7uknRo+4iOGT5fP1slR8wQohVdknigZPMpMstaKJQWhwiYBACJE3Ul2pTnATihhBYnRhZQHGBiRw=="],
 
     "string_decoder": ["string_decoder@1.3.0", "", { "dependencies": { "safe-buffer": "~5.2.0" } }, "sha512-hkRX8U1WjJFd8LsDJ2yQ/wWWxaopEsABU1XfkM8A+j0+85JAGppt16cr1Whg6KIbb4okU6Mql6BOj+uup/wKeA=="],
 
@@ -957,7 +1004,7 @@
 
     "tailwind-merge": ["tailwind-merge@3.4.0", "", {}, "sha512-uSaO4gnW+b3Y2aWoWfFpX62vn2sR3skfhbjsEnaBI81WD1wBLlHZe5sWf0AqjksNdYTbGBEd0UasQMT3SNV15g=="],
 
-    "tailwindcss": ["tailwindcss@4.1.17", "", {}, "sha512-j9Ee2YjuQqYT9bbRTfTZht9W/ytp5H+jJpZKiYdP/bpnXARAuELt9ofP0lPnmHjbga7SNQIxdTAXCmtKVYjN+Q=="],
+    "tailwindcss": ["tailwindcss@4.1.18", "", {}, "sha512-4+Z+0yiYyEtUVCScyfHCxOYP06L5Ne+JiHhY2IjR2KWMIWhJOYZKLSGZaP5HkZ8+bY0cxfzwDE5uOmzFXyIwxw=="],
 
     "tapable": ["tapable@2.3.0", "", {}, "sha512-g9ljZiwki/LfxmQADO3dEY1CbpmXT5Hm2fJ+QaGKwSXUylMybePR7/67YW7jOrrvjEgL1Fmz5kzyAjWVWLlucg=="],
 
@@ -987,11 +1034,17 @@
 
     "typescript": ["typescript@5.9.3", "", { "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" } }, "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw=="],
 
+    "ufo": ["ufo@1.6.1", "", {}, "sha512-9a4/uxlTWJ4+a5i0ooc1rU7C7YOw3wT+UGqdeNNHWnOF9qcMBgLRS+4IYUqbczewFx4mLEig6gawh7X6mFlEkA=="],
+
+    "uncrypto": ["uncrypto@0.1.3", "", {}, "sha512-Ql87qFHB3s/De2ClA9e0gsnS6zXG27SkTiSJwjCc9MebbfapQfuPzumMIUMi38ezPZVNFcHI9sUIepeQfw8J8Q=="],
+
     "undici-types": ["undici-types@7.16.0", "", {}, "sha512-Zz+aZWSj8LE6zoxD+xrjh4VfkIG8Ya6LvYkZqtUQGJPZjYl53ypCaUwWqo7eI0x66KBGeRo+mlBEkMSeSZ38Nw=="],
 
     "unpipe": ["unpipe@1.0.0", "", {}, "sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ=="],
 
-    "update-browserslist-db": ["update-browserslist-db@1.1.4", "", { "dependencies": { "escalade": "^3.2.0", "picocolors": "^1.1.1" }, "peerDependencies": { "browserslist": ">= 4.21.0" }, "bin": { "update-browserslist-db": "cli.js" } }, "sha512-q0SPT4xyU84saUX+tomz1WLkxUbuaJnR1xWt17M7fJtEJigJeWUNGUqrauFXsHnqev9y9JTRGwk13tFBuKby4A=="],
+    "unstorage": ["unstorage@1.17.3", "", { "dependencies": { "anymatch": "^3.1.3", "chokidar": "^4.0.3", "destr": "^2.0.5", "h3": "^1.15.4", "lru-cache": "^10.4.3", "node-fetch-native": "^1.6.7", "ofetch": "^1.5.1", "ufo": "^1.6.1" }, "peerDependencies": { "@azure/app-configuration": "^1.8.0", "@azure/cosmos": "^4.2.0", "@azure/data-tables": "^13.3.0", "@azure/identity": "^4.6.0", "@azure/keyvault-secrets": "^4.9.0", "@azure/storage-blob": "^12.26.0", "@capacitor/preferences": "^6.0.3 || ^7.0.0", "@deno/kv": ">=0.9.0", "@netlify/blobs": "^6.5.0 || ^7.0.0 || ^8.1.0 || ^9.0.0 || ^10.0.0", "@planetscale/database": "^1.19.0", "@upstash/redis": "^1.34.3", "@vercel/blob": ">=0.27.1", "@vercel/functions": "^2.2.12 || ^3.0.0", "@vercel/kv": "^1.0.1", "aws4fetch": "^1.0.20", "db0": ">=0.2.1", "idb-keyval": "^6.2.1", "ioredis": "^5.4.2", "uploadthing": "^7.4.4" }, "optionalPeers": ["@azure/app-configuration", "@azure/cosmos", "@azure/data-tables", "@azure/identity", "@azure/keyvault-secrets", "@azure/storage-blob", "@capacitor/preferences", "@deno/kv", "@netlify/blobs", "@planetscale/database", "@upstash/redis", "@vercel/blob", "@vercel/functions", "@vercel/kv", "aws4fetch", "db0", "idb-keyval", "ioredis", "uploadthing"] }, "sha512-i+JYyy0DoKmQ3FximTHbGadmIYb8JEpq7lxUjnjeB702bCPum0vzo6oy5Mfu0lpqISw7hCyMW2yj4nWC8bqJ3Q=="],
+
+    "update-browserslist-db": ["update-browserslist-db@1.2.3", "", { "dependencies": { "escalade": "^3.2.0", "picocolors": "^1.1.1" }, "peerDependencies": { "browserslist": ">= 4.21.0" }, "bin": { "update-browserslist-db": "cli.js" } }, "sha512-Js0m9cx+qOgDxo0eMiFGEueWztz+d4+M3rGlmKPT+T4IS/jP4ylw3Nwpu6cpTTP8R1MAC1kF4VbdLt3ARf209w=="],
 
     "use-callback-ref": ["use-callback-ref@1.3.3", "", { "dependencies": { "tslib": "^2.0.0" }, "peerDependencies": { "@types/react": "*", "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0 || ^19.0.0-rc" }, "optionalPeers": ["@types/react"] }, "sha512-jQL3lRnocaFtu3V00JToYz/4QkNWswxijDaCVNZRiRTO3HQDLsdu1ZtmIUvV4yPp+rvWm5j0y0TG/S61cuijTg=="],
 
@@ -1003,21 +1056,23 @@
 
     "utils-merge": ["utils-merge@1.0.1", "", {}, "sha512-pMZTvIkT1d+TFGvDOqodOclx0QWkkgi6Tdoa8gC8ffGAAqz9pzPTZWAybbsHHoED/ztMtkv/VoYTYyShUn81hA=="],
 
-    "valibot": ["valibot@1.1.0", "", { "peerDependencies": { "typescript": ">=5" }, "optionalPeers": ["typescript"] }, "sha512-Nk8lX30Qhu+9txPYTwM0cFlWLdPFsFr6LblzqIySfbZph9+BFsAHsNvHOymEviUepeIW6KFHzpX8TKhbptBXXw=="],
+    "valibot": ["valibot@1.2.0", "", { "peerDependencies": { "typescript": ">=5" }, "optionalPeers": ["typescript"] }, "sha512-mm1rxUsmOxzrwnX5arGS+U4T25RdvpPjPN4yR0u9pUBov9+zGVtO84tif1eY4r6zWxVxu3KzIyknJy3rxfRZZg=="],
 
     "vary": ["vary@1.1.2", "", {}, "sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg=="],
 
     "victory-vendor": ["victory-vendor@37.3.6", "", { "dependencies": { "@types/d3-array": "^3.0.3", "@types/d3-ease": "^3.0.0", "@types/d3-interpolate": "^3.0.1", "@types/d3-scale": "^4.0.2", "@types/d3-shape": "^3.1.0", "@types/d3-time": "^3.0.0", "@types/d3-timer": "^3.0.0", "d3-array": "^3.1.6", "d3-ease": "^3.0.1", "d3-interpolate": "^3.0.1", "d3-scale": "^4.0.2", "d3-shape": "^3.1.0", "d3-time": "^3.0.0", "d3-timer": "^3.0.1" } }, "sha512-SbPDPdDBYp+5MJHhBCAyI7wKM3d5ivekigc2Dk2s7pgbZ9wIgIBYGVw4zGHBml/qTFbexrofXW6Gu4noGxrOwQ=="],
 
-    "vite": ["vite@7.2.6", "", { "dependencies": { "esbuild": "^0.25.0", "fdir": "^6.5.0", "picomatch": "^4.0.3", "postcss": "^8.5.6", "rollup": "^4.43.0", "tinyglobby": "^0.2.15" }, "optionalDependencies": { "fsevents": "~2.3.3" }, "peerDependencies": { "@types/node": "^20.19.0 || >=22.12.0", "jiti": ">=1.21.0", "less": "^4.0.0", "lightningcss": "^1.21.0", "sass": "^1.70.0", "sass-embedded": "^1.70.0", "stylus": ">=0.54.8", "sugarss": "^5.0.0", "terser": "^5.16.0", "tsx": "^4.8.1", "yaml": "^2.4.2" }, "optionalPeers": ["@types/node", "jiti", "less", "lightningcss", "sass", "sass-embedded", "stylus", "sugarss", "terser", "tsx", "yaml"], "bin": { "vite": "bin/vite.js" } }, "sha512-tI2l/nFHC5rLh7+5+o7QjKjSR04ivXDF4jcgV0f/bTQ+OJiITy5S6gaynVsEM+7RqzufMnVbIon6Sr5x1SDYaQ=="],
+    "vite": ["vite@7.3.0", "", { "dependencies": { "esbuild": "^0.27.0", "fdir": "^6.5.0", "picomatch": "^4.0.3", "postcss": "^8.5.6", "rollup": "^4.43.0", "tinyglobby": "^0.2.15" }, "optionalDependencies": { "fsevents": "~2.3.3" }, "peerDependencies": { "@types/node": "^20.19.0 || >=22.12.0", "jiti": ">=1.21.0", "less": "^4.0.0", "lightningcss": "^1.21.0", "sass": "^1.70.0", "sass-embedded": "^1.70.0", "stylus": ">=0.54.8", "sugarss": "^5.0.0", "terser": "^5.16.0", "tsx": "^4.8.1", "yaml": "^2.4.2" }, "optionalPeers": ["@types/node", "jiti", "less", "lightningcss", "sass", "sass-embedded", "stylus", "sugarss", "terser", "tsx", "yaml"], "bin": { "vite": "bin/vite.js" } }, "sha512-dZwN5L1VlUBewiP6H9s2+B3e3Jg96D0vzN+Ry73sOefebhYr9f94wwkMNN/9ouoU8pV1BqA1d1zGk8928cx0rg=="],
 
-    "vite-bundle-analyzer": ["vite-bundle-analyzer@1.2.3", "", { "bin": { "analyze": "dist/bin.js" } }, "sha512-8nhwDGHWMKKgg6oegAOpDgTT7/yzTVzeYzLF4y8WBJoYu9gO7h29UpHiQnXD2rAvfQzDy5Wqe/Za5cgqhnxi5g=="],
+    "vite-bundle-analyzer": ["vite-bundle-analyzer@1.3.2", "", { "bin": { "analyze": "dist/bin.js" } }, "sha512-Od4ILUKRvBV3LuO/E+S+c1XULlxdkRZPSf6Vzzu+UAXG0D3hZYUu9imZIkSj/PU4e1FB14yB+av8g3KiljH8zQ=="],
 
     "vite-node": ["vite-node@3.2.4", "", { "dependencies": { "cac": "^6.7.14", "debug": "^4.4.1", "es-module-lexer": "^1.7.0", "pathe": "^2.0.3", "vite": "^5.0.0 || ^6.0.0 || ^7.0.0-0" }, "bin": { "vite-node": "vite-node.mjs" } }, "sha512-EbKSKh+bh1E1IFxeO0pg1n4dvoOTt0UDiXMd/qn++r98+jPO1xtJilvXldeuQ8giIB5IkpjCgMleHMNEsGH6pg=="],
 
-    "vite-tsconfig-paths": ["vite-tsconfig-paths@5.1.4", "", { "dependencies": { "debug": "^4.1.1", "globrex": "^0.1.2", "tsconfck": "^3.0.3" }, "peerDependencies": { "vite": "*" }, "optionalPeers": ["vite"] }, "sha512-cYj0LRuLV2c2sMqhqhGpaO3LretdtMn/BVX4cPLanIZuwwrkVl+lK84E/miEXkCHWXuq65rhNN4rXsBcOB3S4w=="],
+    "vite-tsconfig-paths": ["vite-tsconfig-paths@6.0.3", "", { "dependencies": { "debug": "^4.1.1", "globrex": "^0.1.2", "tsconfck": "^3.0.3" }, "peerDependencies": { "vite": "*" }, "optionalPeers": ["vite"] }, "sha512-7bL7FPX/DSviaZGYUKowWF1AiDVWjMjxNbE8lyaVGDezkedWqfGhlnQ4BZXre0ZN5P4kAgIJfAlgFDVyjrCIyg=="],
 
-    "winston": ["winston@3.18.3", "", { "dependencies": { "@colors/colors": "^1.6.0", "@dabh/diagnostics": "^2.0.8", "async": "^3.2.3", "is-stream": "^2.0.0", "logform": "^2.7.0", "one-time": "^1.0.0", "readable-stream": "^3.4.0", "safe-stable-stringify": "^2.3.1", "stack-trace": "0.0.x", "triple-beam": "^1.3.0", "winston-transport": "^4.9.0" } }, "sha512-NoBZauFNNWENgsnC9YpgyYwOVrl2m58PpQ8lNHjV3kosGs7KJ7Npk9pCUE+WJlawVSe8mykWDKWFSVfs3QO9ww=="],
+    "which": ["which@2.0.2", "", { "dependencies": { "isexe": "^2.0.0" }, "bin": { "node-which": "./bin/node-which" } }, "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA=="],
+
+    "winston": ["winston@3.19.0", "", { "dependencies": { "@colors/colors": "^1.6.0", "@dabh/diagnostics": "^2.0.8", "async": "^3.2.3", "is-stream": "^2.0.0", "logform": "^2.7.0", "one-time": "^1.0.0", "readable-stream": "^3.4.0", "safe-stable-stringify": "^2.3.1", "stack-trace": "0.0.x", "triple-beam": "^1.3.0", "winston-transport": "^4.9.0" } }, "sha512-LZNJgPzfKR+/J3cHkxcpHKpKKvGfDZVPS4hfJCc4cCG0CgYzvlD6yE/S3CIL/Yt91ak327YCpiF/0MyeZHEHKA=="],
 
     "winston-transport": ["winston-transport@4.9.0", "", { "dependencies": { "logform": "^2.7.0", "readable-stream": "^3.6.2", "triple-beam": "^1.3.0" } }, "sha512-8drMJ4rkgaPo1Me4zD/3WLfI/zPdA9o2IipKODunnGDcuqbHwjsbB79ylv04LCGGzU0xQ6vTznOMpQGaLhhm6A=="],
 
@@ -1029,16 +1084,16 @@
 
     "yaml": ["yaml@2.8.2", "", { "bin": { "yaml": "bin.mjs" } }, "sha512-mplynKqc1C2hTVYxd0PU2xQAc22TI1vShAYGksCCfxbn/dFwnHTNi1bvYsBTkhdUNtGIf5xNOg938rrSSYvS9A=="],
 
-    "zod": ["zod@4.1.11", "", {}, "sha512-WPsqwxITS2tzx1bzhIKsEs19ABD5vmCVa4xBo2tq/SrV4RNZtfws1EnCWQXM6yh8bD08a1idvkB5MZSBiZsjwg=="],
+    "zod": ["zod@4.2.1", "", {}, "sha512-0wZ1IRqGGhMP76gLqz8EyfBXKk0J2qo2+H3fi4mcUP/KtTocoX08nmIAHl1Z2kJIZbZee8KOpBCSNPRgauucjw=="],
 
     "@babel/core/semver": ["semver@6.3.1", "", { "bin": { "semver": "bin/semver.js" } }, "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA=="],
 
+    "@babel/helper-compilation-targets/lru-cache": ["lru-cache@5.1.1", "", { "dependencies": { "yallist": "^3.0.2" } }, "sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w=="],
+
     "@babel/helper-compilation-targets/semver": ["semver@6.3.1", "", { "bin": { "semver": "bin/semver.js" } }, "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA=="],
 
     "@babel/helper-create-class-features-plugin/semver": ["semver@6.3.1", "", { "bin": { "semver": "bin/semver.js" } }, "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA=="],
 
-    "@esbuild-kit/core-utils/esbuild": ["esbuild@0.18.20", "", { "optionalDependencies": { "@esbuild/android-arm": "0.18.20", "@esbuild/android-arm64": "0.18.20", "@esbuild/android-x64": "0.18.20", "@esbuild/darwin-arm64": "0.18.20", "@esbuild/darwin-x64": "0.18.20", "@esbuild/freebsd-arm64": "0.18.20", "@esbuild/freebsd-x64": "0.18.20", "@esbuild/linux-arm": "0.18.20", "@esbuild/linux-arm64": "0.18.20", "@esbuild/linux-ia32": "0.18.20", "@esbuild/linux-loong64": "0.18.20", "@esbuild/linux-mips64el": "0.18.20", "@esbuild/linux-ppc64": "0.18.20", "@esbuild/linux-riscv64": "0.18.20", "@esbuild/linux-s390x": "0.18.20", "@esbuild/linux-x64": "0.18.20", "@esbuild/netbsd-x64": "0.18.20", "@esbuild/openbsd-x64": "0.18.20", "@esbuild/sunos-x64": "0.18.20", "@esbuild/win32-arm64": "0.18.20", "@esbuild/win32-ia32": "0.18.20", "@esbuild/win32-x64": "0.18.20" }, "bin": { "esbuild": "bin/esbuild" } }, "sha512-ceqxoedUrcayh7Y7ZX6NdbbDzGROiyVBgC4PriJThBKSVPWnnFHZAkfI1lJT8QFkOwH4qOS2SJkS4wvpGl8BpA=="],
-
     "@radix-ui/react-alert-dialog/@radix-ui/react-slot": ["@radix-ui/react-slot@1.2.3", "", { "dependencies": { "@radix-ui/react-compose-refs": "1.1.2" }, "peerDependencies": { "@types/react": "*", "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" }, "optionalPeers": ["@types/react"] }, "sha512-aeNmHnBxbi2St0au6VBVC7JXFlhLlOnvIIlePNniyUNAClzmtAUEY8/pBiK3iHjufOlwA+c20/8jngo7xcrg8A=="],
 
     "@radix-ui/react-collection/@radix-ui/react-slot": ["@radix-ui/react-slot@1.2.3", "", { "dependencies": { "@radix-ui/react-compose-refs": "1.1.2" }, "peerDependencies": { "@types/react": "*", "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" }, "optionalPeers": ["@types/react"] }, "sha512-aeNmHnBxbi2St0au6VBVC7JXFlhLlOnvIIlePNniyUNAClzmtAUEY8/pBiK3iHjufOlwA+c20/8jngo7xcrg8A=="],
@@ -1059,17 +1114,17 @@
 
     "@radix-ui/react-tooltip/@radix-ui/react-slot": ["@radix-ui/react-slot@1.2.3", "", { "dependencies": { "@radix-ui/react-compose-refs": "1.1.2" }, "peerDependencies": { "@types/react": "*", "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" }, "optionalPeers": ["@types/react"] }, "sha512-aeNmHnBxbi2St0au6VBVC7JXFlhLlOnvIIlePNniyUNAClzmtAUEY8/pBiK3iHjufOlwA+c20/8jngo7xcrg8A=="],
 
-    "@react-router/dev/semver": ["semver@7.7.3", "", { "bin": { "semver": "bin/semver.js" } }, "sha512-SdsKMrI9TdgjdweUSR9MweHA4EJ8YxHn8DFaDisvhVlUOe4BF1tLD7GAj0lIqWVl+dPb/rExr0Btby5loQm20Q=="],
+    "@reduxjs/toolkit/immer": ["immer@11.0.1", "", {}, "sha512-naDCyggtcBWANtIrjQEajhhBEuL9b0Zg4zmlWK2CzS6xCWSE39/vvf4LqnMjUAWHBhot4m9MHCM/Z+mfWhUkiA=="],
 
     "@scalar/types/nanoid": ["nanoid@5.1.5", "", { "bin": { "nanoid": "bin/nanoid.js" } }, "sha512-Ir/+ZpE9fDsNH0hQ3C68uyThDXzYcim2EqcZ8zn8Chtt1iylPT9xXJB0kPCnqzgcEGikO9RxSrh63MsmVCU7Fw=="],
 
-    "@tailwindcss/oxide-wasm32-wasi/@emnapi/core": ["@emnapi/core@1.7.0", "", { "dependencies": { "@emnapi/wasi-threads": "1.1.0", "tslib": "^2.4.0" }, "bundled": true }, "sha512-pJdKGq/1iquWYtv1RRSljZklxHCOCAJFJrImO5ZLKPJVJlVUcs8yFwNQlqS0Lo8xT1VAXXTCZocF9n26FWEKsw=="],
+    "@tailwindcss/oxide-wasm32-wasi/@emnapi/core": ["@emnapi/core@1.7.1", "", { "dependencies": { "@emnapi/wasi-threads": "1.1.0", "tslib": "^2.4.0" }, "bundled": true }, "sha512-o1uhUASyo921r2XtHYOHy7gdkGLge8ghBEQHMWmyJFoXlpU58kIrhhN3w26lpQb6dspetweapMn2CSNwQ8I4wg=="],
 
-    "@tailwindcss/oxide-wasm32-wasi/@emnapi/runtime": ["@emnapi/runtime@1.7.0", "", { "dependencies": { "tslib": "^2.4.0" }, "bundled": true }, "sha512-oAYoQnCYaQZKVS53Fq23ceWMRxq5EhQsE0x0RdQ55jT7wagMu5k+fS39v1fiSLrtrLQlXwVINenqhLMtTrV/1Q=="],
+    "@tailwindcss/oxide-wasm32-wasi/@emnapi/runtime": ["@emnapi/runtime@1.7.1", "", { "dependencies": { "tslib": "^2.4.0" }, "bundled": true }, "sha512-PVtJr5CmLwYAU9PZDMITZoR5iAOShYREoR45EyyLrbntV50mdePTgUn4AmOw90Ifcj+x2kRjdzr1HP3RrNiHGA=="],
 
     "@tailwindcss/oxide-wasm32-wasi/@emnapi/wasi-threads": ["@emnapi/wasi-threads@1.1.0", "", { "dependencies": { "tslib": "^2.4.0" }, "bundled": true }, "sha512-WI0DdZ8xFSbgMjR1sFsKABJ/C5OnRrjT06JXbZKexJGrDuPTzZdDYfFlsgcCXCyf+suG5QU2e/y1Wo2V/OapLQ=="],
 
-    "@tailwindcss/oxide-wasm32-wasi/@napi-rs/wasm-runtime": ["@napi-rs/wasm-runtime@1.0.7", "", { "dependencies": { "@emnapi/core": "^1.5.0", "@emnapi/runtime": "^1.5.0", "@tybys/wasm-util": "^0.10.1" }, "bundled": true }, "sha512-SeDnOO0Tk7Okiq6DbXmmBODgOAb9dp9gjlphokTUxmt8U3liIP1ZsozBahH69j/RJv+Rfs6IwUKHTgQYJ/HBAw=="],
+    "@tailwindcss/oxide-wasm32-wasi/@napi-rs/wasm-runtime": ["@napi-rs/wasm-runtime@1.1.0", "", { "dependencies": { "@emnapi/core": "^1.7.1", "@emnapi/runtime": "^1.7.1", "@tybys/wasm-util": "^0.10.1" }, "bundled": true }, "sha512-Fq6DJW+Bb5jaWE69/qOE0D1TUN9+6uWhCeZpdnSBk14pjLcCWR7Q8n49PTSPHazM37JqrsdpEthXy2xn6jWWiA=="],
 
     "@tailwindcss/oxide-wasm32-wasi/@tybys/wasm-util": ["@tybys/wasm-util@0.10.1", "", { "dependencies": { "tslib": "^2.4.0" }, "bundled": true }, "sha512-9tTaPJLSiejZKx+Bmog4uSubteqTvFrVrURwkmHixBo0G4seD0zUxp98E1DzUBJxLQ3NPwXrGKDiVjwx/DpPsg=="],
 
@@ -1077,15 +1132,21 @@
 
     "accepts/negotiator": ["negotiator@0.6.3", "", {}, "sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg=="],
 
+    "anymatch/picomatch": ["picomatch@2.3.1", "", {}, "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA=="],
+
     "basic-auth/safe-buffer": ["safe-buffer@5.1.2", "", {}, "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="],
 
     "body-parser/debug": ["debug@2.6.9", "", { "dependencies": { "ms": "2.0.0" } }, "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA=="],
 
+    "bun-types/@types/node": ["@types/node@24.10.4", "", { "dependencies": { "undici-types": "~7.16.0" } }, "sha512-vnDVpYPMzs4wunl27jHrfmwojOGKya0xyM3sH+UE5iv5uPS6vX7UIoh6m+vQc5LGBq52HBKPIn/zcSZVzeDEZg=="],
+
     "c12/pathe": ["pathe@2.0.3", "", {}, "sha512-WUjGcAqP1gQacoQe+OBJsFA7Ld4DyXuUIjZ5cc75cLHvJ7dtNsTugphxIADwspS+AraAUePCKrSVtPLFj/F88w=="],
 
     "compression/debug": ["debug@2.6.9", "", { "dependencies": { "ms": "2.0.0" } }, "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA=="],
 
-    "express/cookie": ["cookie@0.7.1", "", {}, "sha512-6DnInpx7SJ2AK3+CTUE/ZM0vWTUboZCegxhC2xiIydHR9jNuTAASBrfEpHhiGOZw/nX51bHt6YQl8jsGo4y/0w=="],
+    "dotenv-expand/dotenv": ["dotenv@16.6.1", "", {}, "sha512-uBq4egWHTcTt33a72vpSG0z3HnPuIl6NqYcTrKEg2azoEyl2hpW0zqlxysq2pK9HlDIHyHyakeYaYnSAwd8bow=="],
+
+    "express/cookie": ["cookie@0.7.2", "", {}, "sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w=="],
 
     "express/debug": ["debug@2.6.9", "", { "dependencies": { "ms": "2.0.0" } }, "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA=="],
 
@@ -1107,56 +1168,8 @@
 
     "send/debug": ["debug@2.6.9", "", { "dependencies": { "ms": "2.0.0" } }, "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA=="],
 
-    "send/encodeurl": ["encodeurl@1.0.2", "", {}, "sha512-TPJXq8JqFaVYm2CWmPvnP2Iyo4ZSM7/QKcSmuMLDObfpH5fi7RUGmd/rTDf+rut/saiDiQEeVTNgAmJEdAOx0w=="],
-
     "vite-node/pathe": ["pathe@2.0.3", "", {}, "sha512-WUjGcAqP1gQacoQe+OBJsFA7Ld4DyXuUIjZ5cc75cLHvJ7dtNsTugphxIADwspS+AraAUePCKrSVtPLFj/F88w=="],
 
-    "vite-node/vite": ["vite@7.2.2", "", { "dependencies": { "esbuild": "^0.25.0", "fdir": "^6.5.0", "picomatch": "^4.0.3", "postcss": "^8.5.6", "rollup": "^4.43.0", "tinyglobby": "^0.2.15" }, "optionalDependencies": { "fsevents": "~2.3.3" }, "peerDependencies": { "@types/node": "^20.19.0 || >=22.12.0", "jiti": ">=1.21.0", "less": "^4.0.0", "lightningcss": "^1.21.0", "sass": "^1.70.0", "sass-embedded": "^1.70.0", "stylus": ">=0.54.8", "sugarss": "^5.0.0", "terser": "^5.16.0", "tsx": "^4.8.1", "yaml": "^2.4.2" }, "optionalPeers": ["@types/node", "jiti", "less", "lightningcss", "sass", "sass-embedded", "stylus", "sugarss", "terser", "tsx", "yaml"], "bin": { "vite": "bin/vite.js" } }, "sha512-BxAKBWmIbrDgrokdGZH1IgkIk/5mMHDreLDmCJ0qpyJaAteP8NvMhkwr/ZCQNqNH97bw/dANTE9PDzqwJghfMQ=="],
-
-    "@esbuild-kit/core-utils/esbuild/@esbuild/android-arm": ["@esbuild/android-arm@0.18.20", "", { "os": "android", "cpu": "arm" }, "sha512-fyi7TDI/ijKKNZTUJAQqiG5T7YjJXgnzkURqmGj13C6dCqckZBLdl4h7bkhHt/t0WP+zO9/zwroDvANaOqO5Sw=="],
-
-    "@esbuild-kit/core-utils/esbuild/@esbuild/android-arm64": ["@esbuild/android-arm64@0.18.20", "", { "os": "android", "cpu": "arm64" }, "sha512-Nz4rJcchGDtENV0eMKUNa6L12zz2zBDXuhj/Vjh18zGqB44Bi7MBMSXjgunJgjRhCmKOjnPuZp4Mb6OKqtMHLQ=="],
-
-    "@esbuild-kit/core-utils/esbuild/@esbuild/android-x64": ["@esbuild/android-x64@0.18.20", "", { "os": "android", "cpu": "x64" }, "sha512-8GDdlePJA8D6zlZYJV/jnrRAi6rOiNaCC/JclcXpB+KIuvfBN4owLtgzY2bsxnx666XjJx2kDPUmnTtR8qKQUg=="],
-
-    "@esbuild-kit/core-utils/esbuild/@esbuild/darwin-arm64": ["@esbuild/darwin-arm64@0.18.20", "", { "os": "darwin", "cpu": "arm64" }, "sha512-bxRHW5kHU38zS2lPTPOyuyTm+S+eobPUnTNkdJEfAddYgEcll4xkT8DB9d2008DtTbl7uJag2HuE5NZAZgnNEA=="],
-
-    "@esbuild-kit/core-utils/esbuild/@esbuild/darwin-x64": ["@esbuild/darwin-x64@0.18.20", "", { "os": "darwin", "cpu": "x64" }, "sha512-pc5gxlMDxzm513qPGbCbDukOdsGtKhfxD1zJKXjCCcU7ju50O7MeAZ8c4krSJcOIJGFR+qx21yMMVYwiQvyTyQ=="],
-
-    "@esbuild-kit/core-utils/esbuild/@esbuild/freebsd-arm64": ["@esbuild/freebsd-arm64@0.18.20", "", { "os": "freebsd", "cpu": "arm64" }, "sha512-yqDQHy4QHevpMAaxhhIwYPMv1NECwOvIpGCZkECn8w2WFHXjEwrBn3CeNIYsibZ/iZEUemj++M26W3cNR5h+Tw=="],
-
-    "@esbuild-kit/core-utils/esbuild/@esbuild/freebsd-x64": ["@esbuild/freebsd-x64@0.18.20", "", { "os": "freebsd", "cpu": "x64" }, "sha512-tgWRPPuQsd3RmBZwarGVHZQvtzfEBOreNuxEMKFcd5DaDn2PbBxfwLcj4+aenoh7ctXcbXmOQIn8HI6mCSw5MQ=="],
-
-    "@esbuild-kit/core-utils/esbuild/@esbuild/linux-arm": ["@esbuild/linux-arm@0.18.20", "", { "os": "linux", "cpu": "arm" }, "sha512-/5bHkMWnq1EgKr1V+Ybz3s1hWXok7mDFUMQ4cG10AfW3wL02PSZi5kFpYKrptDsgb2WAJIvRcDm+qIvXf/apvg=="],
-
-    "@esbuild-kit/core-utils/esbuild/@esbuild/linux-arm64": ["@esbuild/linux-arm64@0.18.20", "", { "os": "linux", "cpu": "arm64" }, "sha512-2YbscF+UL7SQAVIpnWvYwM+3LskyDmPhe31pE7/aoTMFKKzIc9lLbyGUpmmb8a8AixOL61sQ/mFh3jEjHYFvdA=="],
-
-    "@esbuild-kit/core-utils/esbuild/@esbuild/linux-ia32": ["@esbuild/linux-ia32@0.18.20", "", { "os": "linux", "cpu": "ia32" }, "sha512-P4etWwq6IsReT0E1KHU40bOnzMHoH73aXp96Fs8TIT6z9Hu8G6+0SHSw9i2isWrD2nbx2qo5yUqACgdfVGx7TA=="],
-
-    "@esbuild-kit/core-utils/esbuild/@esbuild/linux-loong64": ["@esbuild/linux-loong64@0.18.20", "", { "os": "linux", "cpu": "none" }, "sha512-nXW8nqBTrOpDLPgPY9uV+/1DjxoQ7DoB2N8eocyq8I9XuqJ7BiAMDMf9n1xZM9TgW0J8zrquIb/A7s3BJv7rjg=="],
-
-    "@esbuild-kit/core-utils/esbuild/@esbuild/linux-mips64el": ["@esbuild/linux-mips64el@0.18.20", "", { "os": "linux", "cpu": "none" }, "sha512-d5NeaXZcHp8PzYy5VnXV3VSd2D328Zb+9dEq5HE6bw6+N86JVPExrA6O68OPwobntbNJ0pzCpUFZTo3w0GyetQ=="],
-
-    "@esbuild-kit/core-utils/esbuild/@esbuild/linux-ppc64": ["@esbuild/linux-ppc64@0.18.20", "", { "os": "linux", "cpu": "ppc64" }, "sha512-WHPyeScRNcmANnLQkq6AfyXRFr5D6N2sKgkFo2FqguP44Nw2eyDlbTdZwd9GYk98DZG9QItIiTlFLHJHjxP3FA=="],
-
-    "@esbuild-kit/core-utils/esbuild/@esbuild/linux-riscv64": ["@esbuild/linux-riscv64@0.18.20", "", { "os": "linux", "cpu": "none" }, "sha512-WSxo6h5ecI5XH34KC7w5veNnKkju3zBRLEQNY7mv5mtBmrP/MjNBCAlsM2u5hDBlS3NGcTQpoBvRzqBcRtpq1A=="],
-
-    "@esbuild-kit/core-utils/esbuild/@esbuild/linux-s390x": ["@esbuild/linux-s390x@0.18.20", "", { "os": "linux", "cpu": "s390x" }, "sha512-+8231GMs3mAEth6Ja1iK0a1sQ3ohfcpzpRLH8uuc5/KVDFneH6jtAJLFGafpzpMRO6DzJ6AvXKze9LfFMrIHVQ=="],
-
-    "@esbuild-kit/core-utils/esbuild/@esbuild/linux-x64": ["@esbuild/linux-x64@0.18.20", "", { "os": "linux", "cpu": "x64" }, "sha512-UYqiqemphJcNsFEskc73jQ7B9jgwjWrSayxawS6UVFZGWrAAtkzjxSqnoclCXxWtfwLdzU+vTpcNYhpn43uP1w=="],
-
-    "@esbuild-kit/core-utils/esbuild/@esbuild/netbsd-x64": ["@esbuild/netbsd-x64@0.18.20", "", { "os": "none", "cpu": "x64" }, "sha512-iO1c++VP6xUBUmltHZoMtCUdPlnPGdBom6IrO4gyKPFFVBKioIImVooR5I83nTew5UOYrk3gIJhbZh8X44y06A=="],
-
-    "@esbuild-kit/core-utils/esbuild/@esbuild/openbsd-x64": ["@esbuild/openbsd-x64@0.18.20", "", { "os": "openbsd", "cpu": "x64" }, "sha512-e5e4YSsuQfX4cxcygw/UCPIEP6wbIL+se3sxPdCiMbFLBWu0eiZOJ7WoD+ptCLrmjZBK1Wk7I6D/I3NglUGOxg=="],
-
-    "@esbuild-kit/core-utils/esbuild/@esbuild/sunos-x64": ["@esbuild/sunos-x64@0.18.20", "", { "os": "sunos", "cpu": "x64" }, "sha512-kDbFRFp0YpTQVVrqUd5FTYmWo45zGaXe0X8E1G/LKFC0v8x0vWrhOWSLITcCn63lmZIxfOMXtCfti/RxN/0wnQ=="],
-
-    "@esbuild-kit/core-utils/esbuild/@esbuild/win32-arm64": ["@esbuild/win32-arm64@0.18.20", "", { "os": "win32", "cpu": "arm64" }, "sha512-ddYFR6ItYgoaq4v4JmQQaAI5s7npztfV4Ag6NrhiaW0RrnOXqBkgwZLofVTlq1daVTQNhtI5oieTvkRPfZrePg=="],
-
-    "@esbuild-kit/core-utils/esbuild/@esbuild/win32-ia32": ["@esbuild/win32-ia32@0.18.20", "", { "os": "win32", "cpu": "ia32" }, "sha512-Wv7QBi3ID/rROT08SABTS7eV4hX26sVduqDOTe1MvGMjNd3EjOz4b7zeexIR62GTIEKrfJXKL9LFxTYgkyeu7g=="],
-
-    "@esbuild-kit/core-utils/esbuild/@esbuild/win32-x64": ["@esbuild/win32-x64@0.18.20", "", { "os": "win32", "cpu": "x64" }, "sha512-kTdfRcSiDfQca/y9QIkng02avJ+NCaQvrMejlsB3RRv5sE9rRoeBPISaZpKxHELzRxZyLvNts1P27W3wV+8geQ=="],
-
     "body-parser/debug/ms": ["ms@2.0.0", "", {}, "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A=="],
 
     "compression/debug/ms": ["ms@2.0.0", "", {}, "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A=="],
diff --git a/docker-compose.yml b/docker-compose.yml
index 5ac4eee7..90a43015 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -12,19 +12,13 @@ services:
       - SYS_ADMIN
     environment:
       - NODE_ENV=development
-      # - SMB_PASSWORD=secret
     ports:
       - "4096:4096"
-    # secrets:
-    #   - smb-password
     volumes:
       - /etc/localtime:/etc/localtime:ro
       - /var/lib/zerobyte:/var/lib/zerobyte
-
       - ./app:/app/app
       - ~/.config/rclone:/root/.config/rclone
-      # - /run/docker/plugins:/run/docker/plugins
-      # - /var/run/docker.sock:/var/run/docker.sock
 
   zerobyte-prod:
     build:
@@ -41,11 +35,5 @@ services:
       - "4096:4096"
     volumes:
       - /etc/localtime:/etc/localtime:ro
-      - /var/lib/zerobyte:/var/lib/zerobyte:rshared
-      - /run/docker/plugins:/run/docker/plugins
-      - /var/run/docker.sock:/var/run/docker.sock
+      - /var/lib/zerobyte:/var/lib/zerobyte
       - ~/.config/rclone:/root/.config/rclone
-
-# secrets:
-#   smb-password:
-#     file: ./smb-password.txt
diff --git a/examples/README.md b/examples/README.md
new file mode 100644
index 00000000..8d2e7657
--- /dev/null
+++ b/examples/README.md
@@ -0,0 +1,17 @@
+# Examples
+
+This folder contains runnable, copy/paste-friendly examples for running Zerobyte in different setups.
+
+## Table of contents
+
+### Basic usage
+
+- [Basic Docker Compose](basic-docker-compose/README.md) — standard deployment with remote mount support (includes `SYS_ADMIN` + `/dev/fuse`).
+- [Simplified Docker Compose (no remote mounts)](simplified-docker-compose/README.md) — reduced-privilege deployment (no `SYS_ADMIN`, no `/dev/fuse`).
+- [Bind-mount a local directory](directory-bind-mount/README.md) — back up a host folder by mounting it into the container.
+- [Mount an rclone config](rclone-config-mount/README.md) — use rclone-based repository backends by mounting your rclone config.
+- [Secret placeholders + Docker secrets](secrets-placeholders/README.md) — keep secrets out of the DB using `env://...` and `file://...` references.
+
+### Advanced setups
+
+- [Tailscale sidecar](tailscale-sidecar/README.md) — run Zerobyte behind a Tailscale sidecar using shared networking.
diff --git a/examples/basic-docker-compose/.env.example b/examples/basic-docker-compose/.env.example
new file mode 100644
index 00000000..50409532
--- /dev/null
+++ b/examples/basic-docker-compose/.env.example
@@ -0,0 +1,2 @@
+# Timezone used by the container
+TZ=UTC
diff --git a/examples/basic-docker-compose/README.md b/examples/basic-docker-compose/README.md
new file mode 100644
index 00000000..4b326066
--- /dev/null
+++ b/examples/basic-docker-compose/README.md
@@ -0,0 +1,25 @@
+# Basic Docker Compose
+
+Minimal "standard" deployment for Zerobyte.
+
+This setup enables remote mount backends (NFS/SMB/WebDAV) from inside the container by granting the required capability and FUSE device.
+
+## Prerequisites
+
+- Docker + Docker Compose
+
+## Setup
+
+```bash
+cp .env.example .env
+docker compose up -d
+```
+
+## Access
+
+- UI/API: `http://<host>:4096`
+
+## Notes
+
+- This example uses `cap_add: SYS_ADMIN` and `/dev/fuse` to support mounting remote volumes.
+- Do not place `/var/lib/zerobyte` on a network share.
diff --git a/examples/basic-docker-compose/docker-compose.yml b/examples/basic-docker-compose/docker-compose.yml
new file mode 100644
index 00000000..0f34772a
--- /dev/null
+++ b/examples/basic-docker-compose/docker-compose.yml
@@ -0,0 +1,16 @@
+services:
+  zerobyte:
+    image: ghcr.io/nicotsx/zerobyte:latest
+    container_name: zerobyte
+    restart: unless-stopped
+    cap_add:
+      - SYS_ADMIN
+    devices:
+      - /dev/fuse:/dev/fuse
+    ports:
+      - "4096:4096"
+    environment:
+      - TZ=${TZ:-UTC}
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - /var/lib/zerobyte:/var/lib/zerobyte
diff --git a/examples/directory-bind-mount/.env.example b/examples/directory-bind-mount/.env.example
new file mode 100644
index 00000000..03946fe6
--- /dev/null
+++ b/examples/directory-bind-mount/.env.example
@@ -0,0 +1,8 @@
+# Timezone used by the container
+TZ=UTC
+
+# Absolute path on the Docker host to back up.
+# Examples:
+# - /srv/data
+# - /mnt/storage/photos
+HOST_DATA_DIR=/path/to/your/directory
diff --git a/examples/directory-bind-mount/README.md b/examples/directory-bind-mount/README.md
new file mode 100644
index 00000000..51d500f7
--- /dev/null
+++ b/examples/directory-bind-mount/README.md
@@ -0,0 +1,34 @@
+# Bind-mount a local directory
+
+This example shows how to back up a host directory by bind-mounting it into the Zerobyte container.
+
+It uses the simplified setup (no remote mounts).
+
+## Prerequisites
+
+- Docker + Docker Compose
+
+## Setup
+
+1. Copy the env file:
+
+```bash
+cp .env.example .env
+```
+
+2. Edit `.env` and set `HOST_DATA_DIR` to the directory you want to back up.
+
+3. Start the stack:
+
+```bash
+docker compose up -d
+```
+
+## Use in Zerobyte
+
+- Create a new volume of type **Directory**
+- Select the mounted path shown in the compose file: `/mydata`
+
+## Access
+
+- UI/API: `http://<host>:4096`
diff --git a/examples/directory-bind-mount/docker-compose.yml b/examples/directory-bind-mount/docker-compose.yml
new file mode 100644
index 00000000..e050d4c1
--- /dev/null
+++ b/examples/directory-bind-mount/docker-compose.yml
@@ -0,0 +1,13 @@
+services:
+  zerobyte:
+    image: ghcr.io/nicotsx/zerobyte:latest
+    container_name: zerobyte
+    restart: unless-stopped
+    ports:
+      - "4096:4096"
+    environment:
+      - TZ=${TZ:-UTC}
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - /var/lib/zerobyte:/var/lib/zerobyte
+      - ${HOST_DATA_DIR:?HOST_DATA_DIR must be set}:/mydata
diff --git a/examples/rclone-config-mount/.env.example b/examples/rclone-config-mount/.env.example
new file mode 100644
index 00000000..15bb93fa
--- /dev/null
+++ b/examples/rclone-config-mount/.env.example
@@ -0,0 +1,8 @@
+# Timezone used by the container
+TZ=UTC
+
+# Absolute path on the Docker host to your rclone config directory.
+# Common locations:
+# - Linux: /home/<user>/.config/rclone
+# - Linux (root): /root/.config/rclone
+RCLONE_CONFIG_DIR=/path/to/rclone/config
diff --git a/examples/rclone-config-mount/README.md b/examples/rclone-config-mount/README.md
new file mode 100644
index 00000000..e1c86790
--- /dev/null
+++ b/examples/rclone-config-mount/README.md
@@ -0,0 +1,41 @@
+# Mount an rclone config (for rclone repositories)
+
+This example shows how to make an existing rclone configuration available inside the Zerobyte container.
+
+Use this if you want to use **rclone** as a repository backend (Dropbox/Google Drive/OneDrive/etc.).
+
+## Prerequisites
+
+- Docker + Docker Compose
+- An existing rclone config directory on the Docker host
+
+If you don't have one yet:
+
+```bash
+rclone config
+```
+
+## Setup
+
+1. Copy the env file:
+
+```bash
+cp .env.example .env
+```
+
+2. Edit `.env` and set `RCLONE_CONFIG_DIR` to the absolute path of your host rclone config directory.
+
+3. Start the stack:
+
+```bash
+docker compose up -d
+```
+
+## Access
+
+- UI/API: `http://<host>:4096`
+
+## Notes
+
+- This setup does not require `SYS_ADMIN` or `/dev/fuse`.
+- The rclone config is mounted read-only into `/root/.config/rclone`.
diff --git a/examples/rclone-config-mount/docker-compose.yml b/examples/rclone-config-mount/docker-compose.yml
new file mode 100644
index 00000000..b1f167c2
--- /dev/null
+++ b/examples/rclone-config-mount/docker-compose.yml
@@ -0,0 +1,13 @@
+services:
+  zerobyte:
+    image: ghcr.io/nicotsx/zerobyte:latest
+    container_name: zerobyte
+    restart: unless-stopped
+    ports:
+      - "4096:4096"
+    environment:
+      - TZ=${TZ:-UTC}
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - /var/lib/zerobyte:/var/lib/zerobyte
+      - ${RCLONE_CONFIG_DIR}:/root/.config/rclone:ro
diff --git a/examples/secrets-placeholders/.env.example b/examples/secrets-placeholders/.env.example
new file mode 100644
index 00000000..e1ed0423
--- /dev/null
+++ b/examples/secrets-placeholders/.env.example
@@ -0,0 +1,6 @@
+# Timezone used by the container
+TZ=UTC
+
+# Optional example secret injected via environment variable.
+# Use it in Zerobyte config fields as: env://ZEROBYTE_SMB_PASSWORD
+ZEROBYTE_SMB_PASSWORD=
diff --git a/examples/secrets-placeholders/.gitignore b/examples/secrets-placeholders/.gitignore
new file mode 100644
index 00000000..55d6353f
--- /dev/null
+++ b/examples/secrets-placeholders/.gitignore
@@ -0,0 +1,5 @@
+# Secret files - do not commit
+smb-password.txt
+*-password.txt
+*.secret
+*.key
diff --git a/examples/secrets-placeholders/README.md b/examples/secrets-placeholders/README.md
new file mode 100644
index 00000000..dac55772
--- /dev/null
+++ b/examples/secrets-placeholders/README.md
@@ -0,0 +1,61 @@
+# Secret placeholders (env:// and file://) + Docker secrets
+
+Zerobyte supports **secret placeholders** in many configuration fields (repositories, volumes, notifications).
+Instead of storing raw secrets in the database, you can store a reference that gets resolved at runtime.
+
+Supported formats:
+
+- `env://VAR_NAME` → reads `process.env.VAR_NAME`
+- `file://name` → reads `/run/secrets/name` (Docker Compose / Docker secrets)
+
+This example shows how to run Zerobyte with:
+
+- an environment variable you can reference via `env://...`
+- a Docker secret you can reference via `file://...`
+
+## Prerequisites
+
+- Docker + Docker Compose
+
+This example includes `SYS_ADMIN` and `/dev/fuse` because it’s intended for SMB volumes (remote mounts).
+
+## Setup
+
+1. Copy the env file:
+
+```bash
+cp .env.example .env
+```
+
+2. Create a Docker secret file.
+
+	⚠️ **Important**: never commit real credentials. This folder includes a `.gitignore` to help prevent accidentally committing secret files.
+
+```bash
+printf "your-smb-password" > smb-password.txt
+```
+
+3. Start Zerobyte:
+
+```bash
+docker compose up -d
+```
+
+## Using placeholders in Zerobyte
+
+You can now use the placeholders for example in these Zerobyte configuration fields:
+
+| UI section | Type | Field | Example value |
+| --- | --- | --- | --- |
+| Volumes → Create volume | SMB | Password | `file://smb_password` or `env://ZEROBYTE_SMB_PASSWORD` |
+| Volumes → Create volume | WebDAV | Password | `file://webdav_password` or `env://ZEROBYTE_WEBDAV_PASSWORD` |
+| Repositories → Create repository | S3 | Secret access key | `file://aws_secret_access_key` or `env://AWS_SECRET_ACCESS_KEY` |
+| Repositories → Create repository | SFTP | SSH Private key | `file://sftp_private_key` or `env://SFTP_PRIVATE_KEY` |
+| Notifications → Create notification | Telegram | Bot token | `file://telegram_bot_token` or `env://TELEGRAM_BOT_TOKEN` |
+
+Notes:
+
+- Placeholder names used in these examples are arbitrary; you can choose any valid name.
+- Placeholder names are case-sensitive.
+- With `file://...`, the secret name must be a single path segment (no `/` or `\\`).
+- You can still paste a raw secret, but placeholders can be considered safer and easier to rotate.
diff --git a/examples/secrets-placeholders/docker-compose.yml b/examples/secrets-placeholders/docker-compose.yml
new file mode 100644
index 00000000..96f3d86d
--- /dev/null
+++ b/examples/secrets-placeholders/docker-compose.yml
@@ -0,0 +1,26 @@
+services:
+  zerobyte:
+    image: ghcr.io/nicotsx/zerobyte:latest
+    container_name: zerobyte
+    restart: unless-stopped
+    # Required for mounting remote volumes (SMB/NFS/WebDAV) from inside the container
+    cap_add:
+      - SYS_ADMIN
+    devices:
+      - /dev/fuse:/dev/fuse
+    ports:
+      - "4096:4096"
+    environment:
+      - TZ=${TZ:-UTC}
+      # Example env-backed secret (refer to it in Zerobyte as env://ZEROBYTE_SMB_PASSWORD)
+      - ZEROBYTE_SMB_PASSWORD=${ZEROBYTE_SMB_PASSWORD:-}
+    secrets:
+      # Example file-backed secret (refer to it in Zerobyte as file://smb_password)
+      - smb_password
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - /var/lib/zerobyte:/var/lib/zerobyte
+
+secrets:
+  smb_password:
+    file: ./smb-password.txt
diff --git a/examples/simplified-docker-compose/.env.example b/examples/simplified-docker-compose/.env.example
new file mode 100644
index 00000000..50409532
--- /dev/null
+++ b/examples/simplified-docker-compose/.env.example
@@ -0,0 +1,2 @@
+# Timezone used by the container
+TZ=UTC
diff --git a/examples/simplified-docker-compose/README.md b/examples/simplified-docker-compose/README.md
new file mode 100644
index 00000000..0388af4c
--- /dev/null
+++ b/examples/simplified-docker-compose/README.md
@@ -0,0 +1,25 @@
+# Simplified Docker Compose (no remote mounts)
+
+A reduced-privilege setup for Zerobyte when you do **not** need to mount NFS/SMB/WebDAV from inside the container.
+
+## Prerequisites
+
+- Docker + Docker Compose
+
+## Setup
+
+```bash
+cp .env.example .env
+docker compose up -d
+```
+
+## Access
+
+- UI/API: `http://<host>:4096`
+
+## Trade-offs
+
+- ✅ No `SYS_ADMIN`
+- ✅ No `/dev/fuse`
+- ✅ Still supports all repository backends (local, S3, GCS, Azure, rclone)
+- ❌ Cannot mount remote shares from inside Zerobyte
diff --git a/examples/simplified-docker-compose/docker-compose.yml b/examples/simplified-docker-compose/docker-compose.yml
new file mode 100644
index 00000000..69df9689
--- /dev/null
+++ b/examples/simplified-docker-compose/docker-compose.yml
@@ -0,0 +1,12 @@
+services:
+  zerobyte:
+    image: ghcr.io/nicotsx/zerobyte:latest
+    container_name: zerobyte
+    restart: unless-stopped
+    ports:
+      - "4096:4096"
+    environment:
+      - TZ=${TZ:-UTC}
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - /var/lib/zerobyte:/var/lib/zerobyte
diff --git a/examples/tailscale-sidecar/.env.example b/examples/tailscale-sidecar/.env.example
new file mode 100644
index 00000000..5d831079
--- /dev/null
+++ b/examples/tailscale-sidecar/.env.example
@@ -0,0 +1,22 @@
+# --- Zerobyte ---
+TZ=UTC
+
+# --- Tailscale ---
+# Create an auth key in the Tailscale admin console.
+# Recommended: ephemeral + pre-approved (or tagged) key.
+TS_AUTHKEY=tskey-auth-xxxxxxxxxxxxxxxxxxxx
+
+# How this node should appear in your tailnet.
+TS_HOSTNAME=zerobyte
+
+# Kernel-mode (false) vs userspace-mode (true).
+# - false: requires /dev/net/tun on the host
+# - true: works on Docker Desktop / hosts without TUN, but you must also remove
+#   the /dev/net/tun device mapping from docker-compose.yml
+TS_USERSPACE=false
+
+# Optional extra args passed to `tailscale up`.
+# Examples:
+# TS_EXTRA_ARGS=--accept-dns=true
+# TS_EXTRA_ARGS=--advertise-tags=tag:backup --accept-routes
+TS_EXTRA_ARGS=
diff --git a/examples/tailscale-sidecar/README.md b/examples/tailscale-sidecar/README.md
new file mode 100644
index 00000000..2d128cb4
--- /dev/null
+++ b/examples/tailscale-sidecar/README.md
@@ -0,0 +1,93 @@
+# Zerobyte + Tailscale sidecar (Docker Compose)
+
+This example runs Zerobyte behind a Tailscale sidecar container so the Zerobyte web UI/API can be reached over your tailnet and Zerobyte can access other devices on your tailnet (based on the ACLs/tags you configure in Tailscale).
+
+It uses a common “sidecar networking” pattern:
+
+- The `tailscale` container brings up a Tailscale node
+- The `zerobyte` container shares the `tailscale` network namespace (`network_mode: service:tailscale`)
+
+## About Tailscale
+
+Tailscale is a mesh VPN built on WireGuard. It connects devices and containers into a private network (“tailnet”) without opening inbound ports on your router or exposing services directly to the public internet.
+
+In this example, Tailscale acts as a secure access layer in front of Zerobyte:
+
+- You reach Zerobyte using the node’s tailnet IP/DNS name.
+- Access can be restricted using Tailscale ACLs/tags.
+
+## Prerequisites
+
+- Docker + Docker Compose
+- A Tailscale account and an auth key
+
+This example supports two Tailscale modes:
+
+- **Kernel mode** (`TS_USERSPACE=false`, default):
+  - requires `/dev/net/tun` on the host
+  - requires `NET_ADMIN`
+  - may require `SYS_MODULE` on some hosts (kept commented out in the compose file)
+
+- **Userspace mode** (`TS_USERSPACE=true`):
+  - does **not** require `/dev/net/tun`
+  - works better on Docker Desktop / restricted hosts
+  - requires a small edit in the compose file (see Troubleshooting)
+
+## Setup
+
+1. Copy the env file and fill in your auth key:
+
+   ```bash
+   cp .env.example .env
+   ```
+
+2. Start the stack:
+
+   ```bash
+   docker compose up -d
+   ```
+
+3. In the Tailscale admin console, confirm the node is present (and approved if your policy requires it).
+
+## Access
+
+- Over Tailscale: `http://<tailscale-ip>:4096` or `http://<tailscale-name>:4096` (if MagicDNS is enabled)
+- Locally (optional): the example publishes `4096:4096` on the host
+
+If you want Zerobyte to be reachable only via Tailscale, remove the `ports:` section from the `tailscale` service in [docker-compose.yml](docker-compose.yml). Zerobyte will still be able to access the internet and other resources outside the tailnet, but UI will only be accessible over Tailscale with possibility to further restrict access to it with ACLs/tags.
+
+## Notes
+
+- `network_mode: service:tailscale` makes Zerobyte share the Tailscale container’s *entire* network namespace (interfaces + routing table).
+- Traffic to tailnet IPs (typically `100.x.y.z`) goes over `tailscale0` and is governed by Tailscale ACLs; traffic to your LAN/Internet may still go over the normal network interface depending on routes and host firewall.
+- If `--accept-routes` is used, the Tailscale container may add routes to your routing table that Zerobyte will also use and be able to access remote networks.
+- If `--accept-dns` is used, Zerobyte will also use Tailscale’s DNS servers.
+- Zerobyte still needs `SYS_ADMIN` and `/dev/fuse` if you intend to mount NFS/SMB/WebDAV volumes from inside the container.
+
+The example uses these environment variables (see [.env.example](.env.example)):
+
+- `TS_AUTHKEY` (required)
+- `TS_HOSTNAME` (optional)
+- `TS_EXTRA_ARGS` (optional; passed to `tailscale up`)
+- `TS_USERSPACE` (optional; set to `true` to use userspace mode)
+- `TZ` (optional)
+
+## Troubleshooting
+
+- If the `tailscale` container can’t start due to missing TUN support, ensure your host has `/dev/net/tun` available and that Docker is allowed to use it.
+- If your tailnet uses ACLs/tags, set `TS_EXTRA_ARGS` accordingly (for example `--advertise-tags=tag:backup`).
+- If the `tailscale` container fails due to Docker Desktop / missing TUN support: set `TS_USERSPACE=true` in your `.env`, remove the `/dev/net/tun:/dev/net/tun` device mapping in [docker-compose.yml](docker-compose.yml), and keep `SYS_MODULE` disabled (commented out).
+
+To confirm the tailnet address of the container:
+
+```bash
+docker exec zerobyte-tailscale tailscale status
+docker exec zerobyte-tailscale tailscale ip -4
+```
+
+To confirm received routes when `--accept-routes` is used in kernel mode:
+(Missing routes could be due to ACLs or because `--accept-routes` is not set or not supported in userspace mode)
+```bash
+docker exec zerobyte-tailscale ip route
+docker exec zerobyte-tailscale ip route show table 52
+```
\ No newline at end of file
diff --git a/examples/tailscale-sidecar/docker-compose.yml b/examples/tailscale-sidecar/docker-compose.yml
new file mode 100644
index 00000000..40f4cfd1
--- /dev/null
+++ b/examples/tailscale-sidecar/docker-compose.yml
@@ -0,0 +1,51 @@
+services:
+  tailscale:
+    image: tailscale/tailscale:stable
+    container_name: zerobyte-tailscale
+    hostname: ${TS_HOSTNAME:-zerobyte}
+    restart: unless-stopped
+    cap_add:
+      - NET_ADMIN
+      # Optional: Some hosts require this for kernel-mode Tailscale.
+      # If it causes issues (common on Docker Desktop), keep it commented out (disabled as shown here).
+      # - SYS_MODULE
+    # Kernel-mode Tailscale (TS_USERSPACE=false) requires /dev/net/tun.
+    # If you switch to userspace mode (TS_USERSPACE=true), you MUST remove this
+    # devices section (or at least this mapping), otherwise the container may
+    # fail to start or hit runtime errors on some hosts.
+    devices:
+      - /dev/net/tun:/dev/net/tun
+    environment:
+      - TS_AUTHKEY=${TS_AUTHKEY}
+      - TS_STATE_DIR=/var/lib/tailscale
+      # Kernel-mode (false) vs userspace-mode (true).
+      - TS_USERSPACE=${TS_USERSPACE:-false}
+      # Optional flags passed to `tailscale up`.
+      # Examples:
+      # - --advertise-tags=tag:zerobyte
+      # - --accept-dns=true --accept-routes
+      - TS_EXTRA_ARGS=${TS_EXTRA_ARGS:-}
+    volumes:
+      - /var/lib/tailscale:/var/lib/tailscale
+    # If you only want access over Tailscale (not from the local network), remove this.
+    ports:
+      - "4096:4096"
+
+  zerobyte:
+    image: ghcr.io/nicotsx/zerobyte:latest
+    container_name: zerobyte
+    restart: unless-stopped
+    # Uncomment if you need to mount NFS/SMB/WebDAV volumes:
+    # cap_add:
+    #   - SYS_ADMIN
+    # devices:
+    #   - /dev/fuse:/dev/fuse
+    # Share the Tailscale network namespace (sidecar pattern)
+    network_mode: service:tailscale
+    depends_on:
+      - tailscale
+    environment:
+      - TZ=${TZ:-UTC}
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - /var/lib/zerobyte:/var/lib/zerobyte
diff --git a/package.json b/package.json
index 697d0fe4..4f3c2416 100644
--- a/package.json
+++ b/package.json
@@ -2,7 +2,7 @@
 	"name": "zerobyte",
 	"private": true,
 	"type": "module",
-	"packageManager": "bun@1.3.3",
+	"packageManager": "bun@1.3.5",
 	"scripts": {
 		"build": "react-router build",
 		"dev": "bunx --bun vite",
@@ -14,7 +14,11 @@
 		"start:prod": "docker compose down && docker compose up --build zerobyte-prod",
 		"gen:api-client": "openapi-ts",
 		"gen:migrations": "drizzle-kit generate",
-		"studio": "drizzle-kit studio"
+		"studio": "drizzle-kit studio",
+		"test": "dotenv -e .env.test -- bun test --preload ./app/test/setup.ts"
+	},
+	"overrides": {
+		"esbuild": "^0.27.2"
 	},
 	"dependencies": {
 		"@dnd-kit/core": "^6.3.1",
@@ -49,6 +53,7 @@
 		"es-toolkit": "^1.42.0",
 		"hono": "4.10.5",
 		"hono-openapi": "^1.1.1",
+		"hono-rate-limiter": "^0.5.0",
 		"http-errors-enhanced": "^4.0.2",
 		"isbot": "^5.1.32",
 		"lucide-react": "^0.555.0",
@@ -69,14 +74,16 @@
 	},
 	"devDependencies": {
 		"@biomejs/biome": "^2.3.8",
+		"@faker-js/faker": "^10.1.0",
 		"@hey-api/openapi-ts": "^0.88.0",
 		"@react-router/dev": "^7.10.0",
 		"@tailwindcss/vite": "^4.1.17",
 		"@tanstack/react-query-devtools": "^5.91.1",
-		"@types/bun": "^1.3.3",
-		"@types/node": "^24.10.1",
+		"@types/bun": "^1.3.4",
+		"@types/node": "^25.0.3",
 		"@types/react": "^19.2.7",
 		"@types/react-dom": "^19.2.3",
+		"dotenv-cli": "^11.0.0",
 		"drizzle-kit": "^0.31.7",
 		"lightningcss": "^1.30.2",
 		"tailwindcss": "^4.1.17",
@@ -85,6 +92,6 @@
 		"typescript": "^5.9.3",
 		"vite": "^7.2.6",
 		"vite-bundle-analyzer": "^1.2.3",
-		"vite-tsconfig-paths": "^5.1.4"
+		"vite-tsconfig-paths": "^6.0.3"
 	}
 }
diff --git a/vite.config.ts b/vite.config.ts
index e55ab311..a21be80a 100644
--- a/vite.config.ts
+++ b/vite.config.ts
@@ -8,7 +8,7 @@ export default defineConfig({
 	plugins: [reactRouterHonoServer({ runtime: "bun" }), reactRouter(), tailwindcss(), tsconfigPaths()],
 	build: {
 		outDir: "dist",
-		sourcemap: true,
+		sourcemap: false,
 		rollupOptions: {
 			external: ["bun"],
 		},

From 535e5c7e7d95e5a8baa6c71e37528fb39d47fa91 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= <jakub.travnik@gmail.com>
Date: Mon, 22 Dec 2025 17:18:43 +0100
Subject: [PATCH 42/49] Expose isEncrypted and decrypt functions in cryptoUtils
 for export controller

---
 app/server/utils/crypto.ts | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/app/server/utils/crypto.ts b/app/server/utils/crypto.ts
index 34c3af98..d3105e97 100644
--- a/app/server/utils/crypto.ts
+++ b/app/server/utils/crypto.ts
@@ -186,4 +186,6 @@ const sealSecret = async (value: string): Promise<string> => {
 export const cryptoUtils = {
 	resolveSecret,
 	sealSecret,
+	isEncrypted,
+	decrypt,
 };

From dc5c88efcdc3719b5a36fa4eebbcbcf5f93df24e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= <jakub.travnik@gmail.com>
Date: Tue, 23 Dec 2025 00:26:37 +0100
Subject: [PATCH 43/49] feat(auth): add authentication middleware to export
 controller

---
 .../modules/lifecycle/config-export.controller.ts   | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/app/server/modules/lifecycle/config-export.controller.ts b/app/server/modules/lifecycle/config-export.controller.ts
index cb2547c6..858eced3 100644
--- a/app/server/modules/lifecycle/config-export.controller.ts
+++ b/app/server/modules/lifecycle/config-export.controller.ts
@@ -18,6 +18,7 @@ import {
 	type SecretsMode,
 	type FullExportBody,
 } from "./config-export.dto";
+import { requireAuth } from "../auth/auth.middleware";
 
 const COOKIE_NAME = "session_id";
 const COOKIE_OPTIONS = {
@@ -175,11 +176,13 @@ function transformBackupSchedules(
 	});
 }
 
-export const configExportController = new Hono().post(
-	"/export",
-	fullExportDto,
-	validator("json", fullExportBodySchema),
-	async (c) => {
+export const configExportController = new Hono()
+	.use(requireAuth)
+	.post(
+		"/export",
+		fullExportDto,
+		validator("json", fullExportBodySchema),
+		async (c) => {
 		try {
 			const body = c.req.valid("json") as FullExportBody;
 

From 62df1b1241d7cb1c93a13222b981d935cbd7df2f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= <jakub.travnik@gmail.com>
Date: Tue, 23 Dec 2025 00:45:50 +0100
Subject: [PATCH 44/49] refactor(config-export): simplify auth and add mirrors
 support

- Use authenticated context from requireAuth middleware instead of
  duplicating session verification logic
- Remove unused cookie imports and constants (COOKIE_NAME, COOKIE_OPTIONS)
- Add backupScheduleMirrorsTable to export for complete backup config
- Include mirror-specific metadata keys (lastCopyAt, lastCopyStatus, lastCopyError)
---
 .../lifecycle/config-export.controller.ts     | 47 +++++++++----------
 1 file changed, 22 insertions(+), 25 deletions(-)

diff --git a/app/server/modules/lifecycle/config-export.controller.ts b/app/server/modules/lifecycle/config-export.controller.ts
index 858eced3..f6ad1c0c 100644
--- a/app/server/modules/lifecycle/config-export.controller.ts
+++ b/app/server/modules/lifecycle/config-export.controller.ts
@@ -1,8 +1,7 @@
 import { validator } from "hono-openapi";
 import { Hono } from "hono";
 import type { Context } from "hono";
-import { deleteCookie, getCookie } from "hono/cookie";
-import { backupSchedulesTable, backupScheduleNotificationsTable, usersTable } from "../../db/schema";
+import { backupSchedulesTable, backupScheduleNotificationsTable, backupScheduleMirrorsTable, usersTable } from "../../db/schema";
 import { db } from "../../db/db";
 import { logger } from "../../utils/logger";
 import { RESTIC_PASS_FILE } from "../../core/constants";
@@ -20,14 +19,6 @@ import {
 } from "./config-export.dto";
 import { requireAuth } from "../auth/auth.middleware";
 
-const COOKIE_NAME = "session_id";
-const COOKIE_OPTIONS = {
-	httpOnly: true,
-	secure: false,
-	sameSite: "lax" as const,
-	path: "/",
-};
-
 type ExportParams = {
 	includeMetadata: boolean;
 	secretsMode: SecretsMode;
@@ -36,8 +27,8 @@ type ExportParams = {
 // Keys to exclude when metadata is not included
 const METADATA_KEYS = {
 	ids: ["id", "volumeId", "repositoryId", "scheduleId", "destinationId"],
-	timestamps: ["createdAt", "updatedAt", "lastBackupAt", "nextBackupAt", "lastHealthCheck", "lastChecked"],
-	runtimeState: ["status", "lastError", "lastBackupStatus", "lastBackupError", "hasDownloadedResticPassword"],
+	timestamps: ["createdAt", "updatedAt", "lastBackupAt", "nextBackupAt", "lastHealthCheck", "lastChecked", "lastCopyAt"],
+	runtimeState: ["status", "lastError", "lastBackupStatus", "lastBackupError", "hasDownloadedResticPassword", "lastCopyStatus", "lastCopyError"],
 };
 
 const ALL_METADATA_KEYS = [...METADATA_KEYS.ids, ...METADATA_KEYS.timestamps, ...METADATA_KEYS.runtimeState];
@@ -66,29 +57,24 @@ function parseExportParamsFromBody(body: {
 
 /**
  * Verify password for export operation.
- * All exports require password verification for security.
+ * Requires requireAuth middleware to have already validated the session.
  */
 async function verifyExportPassword(
 	c: Context,
 	password: string
 ): Promise<{ valid: true; userId: number } | { valid: false; error: string }> {
-	const sessionId = getCookie(c, COOKIE_NAME);
-	if (!sessionId) {
+	// requireAuth middleware ensures c.get('user') exists
+	const user = c.get("user");
+	if (!user) {
 		return { valid: false, error: "Not authenticated" };
 	}
 
-	const session = await authService.verifySession(sessionId);
-	if (!session) {
-		deleteCookie(c, COOKIE_NAME, COOKIE_OPTIONS);
-		return { valid: false, error: "Session expired" };
-	}
-
-	const isValid = await authService.verifyPassword(session.user.id, password);
+	const isValid = await authService.verifyPassword(user.id, password);
 	if (!isValid) {
 		return { valid: false, error: "Incorrect password" };
 	}
 
-	return { valid: true, userId: session.user.id };
+	return { valid: true, userId: user.id };
 }
 
 /**
@@ -150,10 +136,11 @@ async function exportEntities<T extends Record<string, unknown>>(
 	return Promise.all(entities.map((e) => exportEntity(e as Record<string, unknown>, params)));
 }
 
-/** Transform backup schedules with resolved names and notifications */
+/** Transform backup schedules with resolved names, notifications, and mirrors */
 function transformBackupSchedules(
 	schedules: (typeof backupSchedulesTable.$inferSelect)[],
 	scheduleNotifications: (typeof backupScheduleNotificationsTable.$inferSelect)[],
+	scheduleMirrors: (typeof backupScheduleMirrorsTable.$inferSelect)[],
 	volumeMap: Map<number, string>,
 	repoMap: Map<string, string>,
 	notificationMap: Map<number, string>,
@@ -167,11 +154,19 @@ function transformBackupSchedules(
 				name: notificationMap.get(sn.destinationId) ?? null,
 			}));
 
+		const mirrors = scheduleMirrors
+			.filter((sm) => sm.scheduleId === schedule.id)
+			.map((sm) => ({
+				...filterMetadataOut(sm as unknown as Record<string, unknown>, params.includeMetadata),
+				repository: repoMap.get(sm.repositoryId) ?? null,
+			}));
+
 		return {
 			...filterMetadataOut(schedule as Record<string, unknown>, params.includeMetadata),
 			volume: volumeMap.get(schedule.volumeId) ?? null,
 			repository: repoMap.get(schedule.repositoryId) ?? null,
 			notifications: assignments,
+			mirrors,
 		};
 	});
 }
@@ -197,13 +192,14 @@ export const configExportController = new Hono()
 			const includePasswordHash = body.includePasswordHash === true;
 
 			// Use services to fetch data
-			const [volumes, repositories, backupSchedulesRaw, notifications, scheduleNotifications, users] =
+			const [volumes, repositories, backupSchedulesRaw, notifications, scheduleNotifications, scheduleMirrors, users] =
 				await Promise.all([
 					volumeService.listVolumes(),
 					repositoriesService.listRepositories(),
 					backupsService.listSchedules(),
 					notificationsService.listDestinations(),
 					db.select().from(backupScheduleNotificationsTable),
+					db.select().from(backupScheduleMirrorsTable),
 					db.select().from(usersTable),
 				]);
 
@@ -214,6 +210,7 @@ export const configExportController = new Hono()
 			const backupSchedules = transformBackupSchedules(
 				backupSchedulesRaw,
 				scheduleNotifications,
+				scheduleMirrors,
 				volumeMap,
 				repoMap,
 				notificationMap,

From 375cd10fea2373776269b971b1bc264ae22bfc99 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= <jakub.travnik@gmail.com>
Date: Tue, 23 Dec 2025 11:09:49 +0100
Subject: [PATCH 45/49] fix(export): add missing keys to metadata exclusion
 list

---
 app/server/modules/lifecycle/config-export.controller.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/server/modules/lifecycle/config-export.controller.ts b/app/server/modules/lifecycle/config-export.controller.ts
index f6ad1c0c..12b6089a 100644
--- a/app/server/modules/lifecycle/config-export.controller.ts
+++ b/app/server/modules/lifecycle/config-export.controller.ts
@@ -26,9 +26,9 @@ type ExportParams = {
 
 // Keys to exclude when metadata is not included
 const METADATA_KEYS = {
-	ids: ["id", "volumeId", "repositoryId", "scheduleId", "destinationId"],
+	ids: ["id", "shortId", "volumeId", "repositoryId", "scheduleId", "destinationId"],
 	timestamps: ["createdAt", "updatedAt", "lastBackupAt", "nextBackupAt", "lastHealthCheck", "lastChecked", "lastCopyAt"],
-	runtimeState: ["status", "lastError", "lastBackupStatus", "lastBackupError", "hasDownloadedResticPassword", "lastCopyStatus", "lastCopyError"],
+	runtimeState: ["status", "lastError", "lastBackupStatus", "lastBackupError", "hasDownloadedResticPassword", "lastCopyStatus", "lastCopyError", "sortOrder"],
 };
 
 const ALL_METADATA_KEYS = [...METADATA_KEYS.ids, ...METADATA_KEYS.timestamps, ...METADATA_KEYS.runtimeState];

From ce714f7bfce7223246db81c307106dc1fbf99b81 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= <jakub.travnik@gmail.com>
Date: Tue, 30 Dec 2025 00:06:49 +0100
Subject: [PATCH 46/49] refactor: clean up imports and improve formatting in
 export dialog and settings components

---
 app/client/components/export-dialog.tsx       | 31 +++------
 .../modules/settings/routes/settings.tsx      |  4 +-
 .../lifecycle/config-export.controller.ts     | 68 ++++++++++---------
 3 files changed, 48 insertions(+), 55 deletions(-)

diff --git a/app/client/components/export-dialog.tsx b/app/client/components/export-dialog.tsx
index 00db200b..89dd2ef5 100644
--- a/app/client/components/export-dialog.tsx
+++ b/app/client/components/export-dialog.tsx
@@ -16,13 +16,7 @@ import {
 } from "~/client/components/ui/dialog";
 import { Input } from "~/client/components/ui/input";
 import { Label } from "~/client/components/ui/label";
-import {
-	Select,
-	SelectContent,
-	SelectItem,
-	SelectTrigger,
-	SelectValue,
-} from "~/client/components/ui/select";
+import { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from "~/client/components/ui/select";
 
 type SecretsMode = "exclude" | "encrypted" | "cleartext";
 
@@ -88,9 +82,7 @@ export function ExportDialog({
 
 	const handleExportError = (error: unknown) => {
 		const message =
-			error && typeof error === "object" && "error" in error
-				? (error as { error: string }).error
-				: "Unknown error";
+			error && typeof error === "object" && "error" in error ? (error as { error: string }).error : "Unknown error";
 		toast.error("Export failed", {
 			description: message,
 		});
@@ -134,9 +126,7 @@ export function ExportDialog({
 				className="flex flex-col items-center justify-center gap-2 cursor-pointer h-full w-full border-0 bg-transparent p-0 hover:opacity-80 transition-opacity"
 			>
 				<Download className="h-8 w-8 text-muted-foreground" />
-				<span className="text-sm font-medium text-muted-foreground">
-					{triggerLabel ?? "Export Config"}
-				</span>
+				<span className="text-sm font-medium text-muted-foreground">{triggerLabel ?? "Export Config"}</span>
 			</button>
 		) : (
 			<Button variant={variant} size={size}>
@@ -152,9 +142,7 @@ export function ExportDialog({
 				<form onSubmit={handleExport}>
 					<DialogHeader>
 						<DialogTitle>Export Full Configuration</DialogTitle>
-						<DialogDescription>
-							Export the complete Zerobyte configuration.
-						</DialogDescription>
+						<DialogDescription>Export the complete Zerobyte configuration.</DialogDescription>
 					</DialogHeader>
 
 					<div className="space-y-4 py-4">
@@ -169,7 +157,7 @@ export function ExportDialog({
 							</Label>
 						</div>
 						<p className="text-xs text-muted-foreground ml-7">
-							Include database IDs, timestamps, and runtime state (status, health checks, last backup	info).
+							Include database IDs, timestamps, and runtime state (status, health checks, last backup info).
 						</p>
 
 						<div className="flex items-center justify-between pt-2 border-t">
@@ -208,9 +196,8 @@ export function ExportDialog({
 							</Label>
 						</div>
 						<p className="text-xs text-muted-foreground ml-7">
-							<span className="text-yellow-600 font-medium">⚠️ Security sensitive:</span> The recovery
-							key is the master encryption key for all repositories. Keep this export secure and never
-							share it.
+							<span className="text-yellow-600 font-medium">⚠️ Security sensitive:</span> The recovery key is the master
+							encryption key for all repositories. Keep this export secure and never share it.
 						</p>
 
 						<div className="flex items-center space-x-3">
@@ -224,8 +211,8 @@ export function ExportDialog({
 							</Label>
 						</div>
 						<p className="text-xs text-muted-foreground ml-7">
-							Include the hashed user passwords for seamless migration. The passwords are already securely
-							hashed (argon2).
+							Include the hashed user passwords for seamless migration. The passwords are already securely hashed
+							(argon2).
 						</p>
 
 						<div className="space-y-2 pt-2 border-t">
diff --git a/app/client/modules/settings/routes/settings.tsx b/app/client/modules/settings/routes/settings.tsx
index 2999b722..d83510c2 100644
--- a/app/client/modules/settings/routes/settings.tsx
+++ b/app/client/modules/settings/routes/settings.tsx
@@ -276,8 +276,8 @@ export default function Settings({ loaderData }: Route.ComponentProps) {
 			</div>
 			<CardContent className="p-6 space-y-4">
 				<p className="text-sm text-muted-foreground max-w-2xl">
-					Export all your volumes, repositories, backup schedules, and notification settings to a JSON file.
-					This can be used to restore your configuration on a new instance or as a backup of your settings.
+					Export all your volumes, repositories, backup schedules, and notification settings to a JSON file. This can be
+					used to restore your configuration on a new instance or as a backup of your settings.
 				</p>
 				<ExportDialog triggerLabel="Export Configuration" />
 			</CardContent>
diff --git a/app/server/modules/lifecycle/config-export.controller.ts b/app/server/modules/lifecycle/config-export.controller.ts
index 12b6089a..eec97684 100644
--- a/app/server/modules/lifecycle/config-export.controller.ts
+++ b/app/server/modules/lifecycle/config-export.controller.ts
@@ -1,7 +1,12 @@
 import { validator } from "hono-openapi";
 import { Hono } from "hono";
 import type { Context } from "hono";
-import { backupSchedulesTable, backupScheduleNotificationsTable, backupScheduleMirrorsTable, usersTable } from "../../db/schema";
+import {
+	type backupSchedulesTable,
+	backupScheduleNotificationsTable,
+	backupScheduleMirrorsTable,
+	usersTable,
+} from "../../db/schema";
 import { db } from "../../db/db";
 import { logger } from "../../utils/logger";
 import { RESTIC_PASS_FILE } from "../../core/constants";
@@ -11,12 +16,7 @@ import { volumeService } from "../volumes/volume.service";
 import { repositoriesService } from "../repositories/repositories.service";
 import { notificationsService } from "../notifications/notifications.service";
 import { backupsService } from "../backups/backups.service";
-import {
-	fullExportBodySchema,
-	fullExportDto,
-	type SecretsMode,
-	type FullExportBody,
-} from "./config-export.dto";
+import { fullExportBodySchema, fullExportDto, type SecretsMode, type FullExportBody } from "./config-export.dto";
 import { requireAuth } from "../auth/auth.middleware";
 
 type ExportParams = {
@@ -27,8 +27,25 @@ type ExportParams = {
 // Keys to exclude when metadata is not included
 const METADATA_KEYS = {
 	ids: ["id", "shortId", "volumeId", "repositoryId", "scheduleId", "destinationId"],
-	timestamps: ["createdAt", "updatedAt", "lastBackupAt", "nextBackupAt", "lastHealthCheck", "lastChecked", "lastCopyAt"],
-	runtimeState: ["status", "lastError", "lastBackupStatus", "lastBackupError", "hasDownloadedResticPassword", "lastCopyStatus", "lastCopyError", "sortOrder"],
+	timestamps: [
+		"createdAt",
+		"updatedAt",
+		"lastBackupAt",
+		"nextBackupAt",
+		"lastHealthCheck",
+		"lastChecked",
+		"lastCopyAt",
+	],
+	runtimeState: [
+		"status",
+		"lastError",
+		"lastBackupStatus",
+		"lastBackupError",
+		"hasDownloadedResticPassword",
+		"lastCopyStatus",
+		"lastCopyError",
+		"sortOrder",
+	],
 };
 
 const ALL_METADATA_KEYS = [...METADATA_KEYS.ids, ...METADATA_KEYS.timestamps, ...METADATA_KEYS.runtimeState];
@@ -46,10 +63,7 @@ function filterMetadataOut<T extends Record<string, unknown>>(obj: T, includeMet
 }
 
 /** Parse export params from request body */
-function parseExportParamsFromBody(body: {
-	includeMetadata?: boolean;
-	secretsMode?: SecretsMode;
-}): ExportParams {
+function parseExportParamsFromBody(body: { includeMetadata?: boolean; secretsMode?: SecretsMode }): ExportParams {
 	const includeMetadata = body.includeMetadata === true;
 	const secretsMode: SecretsMode = body.secretsMode ?? "exclude";
 	return { includeMetadata, secretsMode };
@@ -61,7 +75,7 @@ function parseExportParamsFromBody(body: {
  */
 async function verifyExportPassword(
 	c: Context,
-	password: string
+	password: string,
 ): Promise<{ valid: true; userId: number } | { valid: false; error: string }> {
 	// requireAuth middleware ensures c.get('user') exists
 	const user = c.get("user");
@@ -83,7 +97,7 @@ async function verifyExportPassword(
  */
 async function processSecrets(
 	obj: Record<string, unknown>,
-	secretsMode: SecretsMode
+	secretsMode: SecretsMode,
 ): Promise<Record<string, unknown>> {
 	if (secretsMode === "encrypted") {
 		return obj;
@@ -108,8 +122,8 @@ async function processSecrets(
 				value.map(async (item) =>
 					item && typeof item === "object" && !Array.isArray(item)
 						? processSecrets(item as Record<string, unknown>, secretsMode)
-						: item
-				)
+						: item,
+				),
 			);
 		} else if (value && typeof value === "object") {
 			result[key] = await processSecrets(value as Record<string, unknown>, secretsMode);
@@ -120,10 +134,7 @@ async function processSecrets(
 }
 
 /** Clean and process an entity for export */
-async function exportEntity(
-	entity: Record<string, unknown>,
-	params: ExportParams
-): Promise<Record<string, unknown>> {
+async function exportEntity(entity: Record<string, unknown>, params: ExportParams): Promise<Record<string, unknown>> {
 	const cleaned = filterMetadataOut(entity, params.includeMetadata);
 	return processSecrets(cleaned, params.secretsMode);
 }
@@ -131,7 +142,7 @@ async function exportEntity(
 /** Export multiple entities */
 async function exportEntities<T extends Record<string, unknown>>(
 	entities: T[],
-	params: ExportParams
+	params: ExportParams,
 ): Promise<Record<string, unknown>[]> {
 	return Promise.all(entities.map((e) => exportEntity(e as Record<string, unknown>, params)));
 }
@@ -144,7 +155,7 @@ function transformBackupSchedules(
 	volumeMap: Map<number, string>,
 	repoMap: Map<string, string>,
 	notificationMap: Map<number, string>,
-	params: ExportParams
+	params: ExportParams,
 ) {
 	return schedules.map((schedule) => {
 		const assignments = scheduleNotifications
@@ -173,11 +184,7 @@ function transformBackupSchedules(
 
 export const configExportController = new Hono()
 	.use(requireAuth)
-	.post(
-		"/export",
-		fullExportDto,
-		validator("json", fullExportBodySchema),
-		async (c) => {
+	.post("/export", fullExportDto, validator("json", fullExportBodySchema), async (c) => {
 		try {
 			const body = c.req.valid("json") as FullExportBody;
 
@@ -214,7 +221,7 @@ export const configExportController = new Hono()
 				volumeMap,
 				repoMap,
 				notificationMap,
-				params
+				params,
 			);
 
 			const [exportVolumes, exportRepositories, exportNotifications] = await Promise.all([
@@ -255,5 +262,4 @@ export const configExportController = new Hono()
 			logger.error(`Config export failed: ${err instanceof Error ? err.message : String(err)}`);
 			return c.json({ error: err instanceof Error ? err.message : "Failed to export config" }, 500);
 		}
-	}
-);
+	});

From 4090d5caa686dd375c141eeacc9ad294f82952e7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= <jakub.travnik@gmail.com>
Date: Tue, 30 Dec 2025 14:23:47 +0100
Subject: [PATCH 47/49] feat: add isExistingRepository flag to repository
 configs for import compatibility

---
 .../modules/lifecycle/config-export.controller.ts     | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/app/server/modules/lifecycle/config-export.controller.ts b/app/server/modules/lifecycle/config-export.controller.ts
index eec97684..9df9d3c3 100644
--- a/app/server/modules/lifecycle/config-export.controller.ts
+++ b/app/server/modules/lifecycle/config-export.controller.ts
@@ -224,12 +224,21 @@ export const configExportController = new Hono()
 				params,
 			);
 
-			const [exportVolumes, exportRepositories, exportNotifications] = await Promise.all([
+			const [exportVolumes, exportRepositoriesRaw, exportNotifications] = await Promise.all([
 				exportEntities(volumes, params),
 				exportEntities(repositories, params),
 				exportEntities(notifications, params),
 			]);
 
+			// Add isExistingRepository flag to all repository configs for import compatibility
+			const exportRepositories = exportRepositoriesRaw.map((repo) => ({
+				...repo,
+				config:
+					repo.config && typeof repo.config === "object"
+						? { ...(repo.config as Record<string, unknown>), isExistingRepository: true }
+						: repo.config,
+			}));
+
 			let recoveryKey: string | undefined;
 			if (includeRecoveryKey) {
 				try {

From 0859fba431e14d8f58d5a032149171049ea20667 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= <jakub.travnik@gmail.com>
Date: Tue, 30 Dec 2025 14:33:53 +0100
Subject: [PATCH 48/49] feat: enhance repository export by adding
 isExistingRepository flag and computing path for local repos

---
 .../lifecycle/config-export.controller.ts     | 26 ++++++++++++-------
 1 file changed, 17 insertions(+), 9 deletions(-)

diff --git a/app/server/modules/lifecycle/config-export.controller.ts b/app/server/modules/lifecycle/config-export.controller.ts
index 9df9d3c3..58ecb6ab 100644
--- a/app/server/modules/lifecycle/config-export.controller.ts
+++ b/app/server/modules/lifecycle/config-export.controller.ts
@@ -9,7 +9,7 @@ import {
 } from "../../db/schema";
 import { db } from "../../db/db";
 import { logger } from "../../utils/logger";
-import { RESTIC_PASS_FILE } from "../../core/constants";
+import { RESTIC_PASS_FILE, REPOSITORY_BASE } from "../../core/constants";
 import { cryptoUtils } from "../../utils/crypto";
 import { authService } from "../auth/auth.service";
 import { volumeService } from "../volumes/volume.service";
@@ -230,14 +230,22 @@ export const configExportController = new Hono()
 				exportEntities(notifications, params),
 			]);
 
-			// Add isExistingRepository flag to all repository configs for import compatibility
-			const exportRepositories = exportRepositoriesRaw.map((repo) => ({
-				...repo,
-				config:
-					repo.config && typeof repo.config === "object"
-						? { ...(repo.config as Record<string, unknown>), isExistingRepository: true }
-						: repo.config,
-			}));
+			// Add isExistingRepository flag and path to all repository configs for import compatibility
+			const exportRepositories = exportRepositoriesRaw.map((repo) => {
+				if (!repo.config || typeof repo.config !== "object") {
+					return repo;
+				}
+
+				const config = repo.config as Record<string, unknown>;
+				const updatedConfig: Record<string, unknown> = { ...config, isExistingRepository: true };
+
+				// For local repos, compute and add the full path if not already present
+				if (config.backend === "local" && !config.path && typeof config.name === "string") {
+					updatedConfig.path = `${REPOSITORY_BASE}/${config.name}`;
+				}
+
+				return { ...repo, config: updatedConfig };
+			});
 
 			let recoveryKey: string | undefined;
 			if (includeRecoveryKey) {

From 378878f4395fae3c8a55ba71d7813255e77c08c4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= <jakub.travnik@gmail.com>
Date: Wed, 31 Dec 2025 23:35:13 +0100
Subject: [PATCH 49/49] do not consider shortId as metadata

---
 app/server/modules/lifecycle/config-export.controller.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/server/modules/lifecycle/config-export.controller.ts b/app/server/modules/lifecycle/config-export.controller.ts
index 58ecb6ab..f7e70d8c 100644
--- a/app/server/modules/lifecycle/config-export.controller.ts
+++ b/app/server/modules/lifecycle/config-export.controller.ts
@@ -26,7 +26,7 @@ type ExportParams = {
 
 // Keys to exclude when metadata is not included
 const METADATA_KEYS = {
-	ids: ["id", "shortId", "volumeId", "repositoryId", "scheduleId", "destinationId"],
+	ids: ["id", "volumeId", "repositoryId", "scheduleId", "destinationId"],
 	timestamps: [
 		"createdAt",
 		"updatedAt",