npm - dbnexus - Versions diffs - 0.4.1 → 0.5.1 - Mend

dbnexus 0.4.1 → 0.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/README.md +304 -88
package/dist/api.js +1215 -728
package/dist/cli.js +97 -19
package/dist/web/assets/index-7CvgOfZU.js +536 -0
package/dist/web/index.html +1 -1
package/package.json +1 -1
package/dist/web/assets/index-Dc1NWltv.js +0 -517

package/dist/api.js CHANGED Viewed

@@ -114,7 +114,7 @@ var require_Reflect = __commonJS({
         var metadataProvider = CreateMetadataProvider(metadataRegistry);
         function decorate(decorators, target, propertyKey, attributes) {
           if (!IsUndefined(propertyKey)) {
-            if (!IsArray9(decorators))
+            if (!IsArray10(decorators))
               throw new TypeError();
             if (!IsObject(target))
               throw new TypeError();
@@ -125,7 +125,7 @@ var require_Reflect = __commonJS({
             propertyKey = ToPropertyKey(propertyKey);
             return DecorateProperty(decorators, target, propertyKey, attributes);
           } else {
-            if (!IsArray9(decorators))
+            if (!IsArray10(decorators))
               throw new TypeError();
             if (!IsConstructor(target))
               throw new TypeError();
@@ -438,7 +438,7 @@ var require_Reflect = __commonJS({
             return key;
           return ToString(key);
         }
-        function IsArray9(argument) {
+        function IsArray10(argument) {
           return Array.isArray ? Array.isArray(argument) : argument instanceof Object ? argument instanceof Array : Object.prototype.toString.call(argument) === "[object Array]";
         }
         function IsCallable(argument) {
@@ -1993,10 +1993,10 @@ var require_controller_decorator = __commonJS({
   "node_modules/.pnpm/@nestjs+common@10.4.22_class-transformer@0.5.1_class-validator@0.14.3_reflect-metadata@0.2.2_rxjs@7.8.2/node_modules/@nestjs/common/decorators/core/controller.decorator.js"(exports2) {
     "use strict";
     Object.defineProperty(exports2, "__esModule", { value: true });
-    exports2.Controller = Controller14;
+    exports2.Controller = Controller15;
     var constants_1 = require_constants2();
     var shared_utils_1 = require_shared_utils();
-    function Controller14(prefixOrOptions) {
+    function Controller15(prefixOrOptions) {
       const defaultPath = "/";
       const [path5, host, scopeOptions, versionOptions] = (0, shared_utils_1.isUndefined)(prefixOrOptions) ? [defaultPath, void 0, void 0, void 0] : (0, shared_utils_1.isString)(prefixOrOptions) || Array.isArray(prefixOrOptions) ? [prefixOrOptions, void 0, void 0, void 0] : [
         prefixOrOptions.path || defaultPath,
@@ -2416,9 +2416,9 @@ var require_module_decorator = __commonJS({
   "node_modules/.pnpm/@nestjs+common@10.4.22_class-transformer@0.5.1_class-validator@0.14.3_reflect-metadata@0.2.2_rxjs@7.8.2/node_modules/@nestjs/common/decorators/modules/module.decorator.js"(exports2) {
     "use strict";
     Object.defineProperty(exports2, "__esModule", { value: true });
-    exports2.Module = Module16;
+    exports2.Module = Module17;
     var validate_module_keys_util_1 = require_validate_module_keys_util();
-    function Module16(metadata) {
+    function Module17(metadata) {
       const propsKeys = Object.keys(metadata);
       (0, validate_module_keys_util_1.validateModuleKeys)(propsKeys);
       return (target) => {
@@ -2540,9 +2540,9 @@ var require_route_params_decorator = __commonJS({
     exports2.UploadedFile = UploadedFile2;
     exports2.UploadedFiles = UploadedFiles;
     exports2.Query = Query10;
-    exports2.Body = Body11;
+    exports2.Body = Body12;
     exports2.RawBody = RawBody;
-    exports2.Param = Param11;
+    exports2.Param = Param12;
     exports2.HostParam = HostParam;
     var constants_1 = require_constants2();
     var route_paramtypes_enum_1 = require_route_paramtypes_enum();
@@ -2591,13 +2591,13 @@ var require_route_params_decorator = __commonJS({
     function Query10(property, ...pipes) {
       return createPipesRouteParamDecorator(route_paramtypes_enum_1.RouteParamtypes.QUERY)(property, ...pipes);
     }
-    function Body11(property, ...pipes) {
+    function Body12(property, ...pipes) {
       return createPipesRouteParamDecorator(route_paramtypes_enum_1.RouteParamtypes.BODY)(property, ...pipes);
     }
     function RawBody(...pipes) {
       return createPipesRouteParamDecorator(route_paramtypes_enum_1.RouteParamtypes.RAW_BODY)(void 0, ...pipes);
     }
-    function Param11(property, ...pipes) {
+    function Param12(property, ...pipes) {
       return createPipesRouteParamDecorator(route_paramtypes_enum_1.RouteParamtypes.PARAM)(property, ...pipes);
     }
     function HostParam(property) {
@@ -3176,7 +3176,7 @@ var require_forbidden_exception = __commonJS({
     exports2.ForbiddenException = void 0;
     var http_status_enum_1 = require_http_status_enum();
     var http_exception_1 = require_http_exception();
-    var ForbiddenException3 = class extends http_exception_1.HttpException {
+    var ForbiddenException5 = class extends http_exception_1.HttpException {
       /**
        * Instantiate a `ForbiddenException` Exception.
        *
@@ -3206,7 +3206,7 @@ var require_forbidden_exception = __commonJS({
         super(http_exception_1.HttpException.createBody(objectOrError, description, http_status_enum_1.HttpStatus.FORBIDDEN), http_status_enum_1.HttpStatus.FORBIDDEN, httpExceptionOptions);
       }
     };
-    exports2.ForbiddenException = ForbiddenException3;
+    exports2.ForbiddenException = ForbiddenException5;
   }
 });
@@ -5062,8 +5062,8 @@ var require_generate_options_injection_token_util = __commonJS({
     exports2.generateOptionsInjectionToken = generateOptionsInjectionToken;
     var random_string_generator_util_1 = require_random_string_generator_util();
     function generateOptionsInjectionToken() {
-      const hash2 = (0, random_string_generator_util_1.randomStringGenerator)();
-      return `CONFIGURABLE_MODULE_OPTIONS[${hash2}]`;
+      const hash = (0, random_string_generator_util_1.randomStringGenerator)();
+      return `CONFIGURABLE_MODULE_OPTIONS[${hash}]`;
     }
   }
 });
@@ -17613,8 +17613,8 @@ var require_isHash = __commonJS({
     };
     function isHash(str, algorithm) {
       (0, _assertString.default)(str);
-      var hash2 = new RegExp("^[a-fA-F0-9]{".concat(lengths[algorithm], "}$"));
-      return hash2.test(str);
+      var hash = new RegExp("^[a-fA-F0-9]{".concat(lengths[algorithm], "}$"));
+      return hash.test(str);
     }
     module2.exports = exports2.default;
     module2.exports.default = exports2.default;
@@ -22948,7 +22948,7 @@ var require_IsBoolean = __commonJS({
       return value instanceof Boolean || typeof value === "boolean";
     }
     exports2.isBoolean = isBoolean;
-    function IsBoolean13(validationOptions) {
+    function IsBoolean14(validationOptions) {
       return (0, ValidateBy_1.ValidateBy)({
         name: exports2.IS_BOOLEAN,
         validator: {
@@ -22957,7 +22957,7 @@ var require_IsBoolean = __commonJS({
         }
       }, validationOptions);
     }
-    exports2.IsBoolean = IsBoolean13;
+    exports2.IsBoolean = IsBoolean14;
   }
 });
@@ -23122,7 +23122,7 @@ var require_IsArray = __commonJS({
       return Array.isArray(value);
     }
     exports2.isArray = isArray;
-    function IsArray9(validationOptions) {
+    function IsArray10(validationOptions) {
       return (0, ValidateBy_1.ValidateBy)({
         name: exports2.IS_ARRAY,
         validator: {
@@ -23131,7 +23131,7 @@ var require_IsArray = __commonJS({
         }
       }, validationOptions);
     }
-    exports2.IsArray = IsArray9;
+    exports2.IsArray = IsArray10;
   }
 });
@@ -29614,9 +29614,9 @@ var require_distinctUntilKeyChanged = __commonJS({
     Object.defineProperty(exports2, "__esModule", { value: true });
     exports2.distinctUntilKeyChanged = void 0;
     var distinctUntilChanged_1 = require_distinctUntilChanged();
-    function distinctUntilKeyChanged(key, compare2) {
+    function distinctUntilKeyChanged(key, compare) {
       return distinctUntilChanged_1.distinctUntilChanged(function(x, y) {
-        return compare2 ? compare2(x[key], y[key]) : x[key] === y[key];
+        return compare ? compare(x[key], y[key]) : x[key] === y[key];
       });
     }
     exports2.distinctUntilKeyChanged = distinctUntilKeyChanged;
@@ -39191,9 +39191,9 @@ var require_module_token_factory = __commonJS({
         if (this.moduleTokenCache.has(key)) {
           return this.moduleTokenCache.get(key);
         }
-        const hash2 = this.hashString(key);
-        this.moduleTokenCache.set(key, hash2);
-        return hash2;
+        const hash = this.hashString(key);
+        this.moduleTokenCache.set(key, hash);
+        return hash;
       }
       getStringifiedOpaqueToken(opaqueToken) {
         return opaqueToken ? (0, fast_safe_stringify_1.default)(opaqueToken, this.replacer) : "";
@@ -39402,7 +39402,7 @@ var require_module = __commonJS({
     var constants_2 = require_constants5();
     var instance_wrapper_1 = require_instance_wrapper();
     var module_ref_1 = require_module_ref();
-    var Module16 = class {
+    var Module17 = class {
       constructor(_metatype, container) {
         this._metatype = _metatype;
         this.container = container;
@@ -39796,7 +39796,7 @@ var require_module = __commonJS({
         return (0, get_class_scope_1.getClassScope)(provider) === interfaces_1.Scope.TRANSIENT;
       }
     };
-    exports2.Module = Module16;
+    exports2.Module = Module17;
   }
 });
@@ -44883,12 +44883,12 @@ var require_debug = __commonJS({
     exports2.formatters = {};
     var prevTime;
     function selectColor(namespace) {
-      var hash2 = 0, i;
+      var hash = 0, i;
       for (i in namespace) {
-        hash2 = (hash2 << 5) - hash2 + namespace.charCodeAt(i);
-        hash2 |= 0;
+        hash = (hash << 5) - hash + namespace.charCodeAt(i);
+        hash |= 0;
       }
-      return exports2.colors[Math.abs(hash2) % exports2.colors.length];
+      return exports2.colors[Math.abs(hash) % exports2.colors.length];
     }
     function createDebug(namespace) {
       function debug() {
@@ -62882,9 +62882,9 @@ var require_etag = __commonJS({
       if (entity.length === 0) {
         return '"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"';
       }
-      var hash2 = crypto3.createHash("sha1").update(entity, "utf8").digest("base64").substring(0, 27);
+      var hash = crypto3.createHash("sha1").update(entity, "utf8").digest("base64").substring(0, 27);
       var len = typeof entity === "string" ? Buffer.byteLength(entity, "utf8") : entity.length;
-      return '"' + len.toString(16) + "-" + hash2 + '"';
+      return '"' + len.toString(16) + "-" + hash + '"';
     }
     function etag(entity, options) {
       if (entity == null) {
@@ -76035,7 +76035,7 @@ var require_serve_static_options_interface = __commonJS({
 var require_abstract_loader = __commonJS({
   "node_modules/.pnpm/@nestjs+serve-static@4.0.2_@nestjs+common@10.4.22_class-transformer@0.5.1_class-validator@0.1_kmdzv4ihqpcjmuu5h5u36hctmy/node_modules/@nestjs/serve-static/dist/loaders/abstract.loader.js"(exports2) {
     "use strict";
-    var __decorate75 = exports2 && exports2.__decorate || function(decorators, target, key, desc) {
+    var __decorate77 = exports2 && exports2.__decorate || function(decorators, target, key, desc) {
       var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
       if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
       else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
@@ -76051,7 +76051,7 @@ var require_abstract_loader = __commonJS({
       }
     };
     exports2.AbstractLoader = AbstractLoader;
-    exports2.AbstractLoader = AbstractLoader = __decorate75([
+    exports2.AbstractLoader = AbstractLoader = __decorate77([
       (0, common_1.Injectable)()
     ], AbstractLoader);
   }
@@ -76197,7 +76197,7 @@ var require_validate_path_util = __commonJS({
 var require_express_loader = __commonJS({
   "node_modules/.pnpm/@nestjs+serve-static@4.0.2_@nestjs+common@10.4.22_class-transformer@0.5.1_class-validator@0.1_kmdzv4ihqpcjmuu5h5u36hctmy/node_modules/@nestjs/serve-static/dist/loaders/express.loader.js"(exports2) {
     "use strict";
-    var __decorate75 = exports2 && exports2.__decorate || function(decorators, target, key, desc) {
+    var __decorate77 = exports2 && exports2.__decorate || function(decorators, target, key, desc) {
       var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
       if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
       else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
@@ -76243,7 +76243,7 @@ var require_express_loader = __commonJS({
       }
     };
     exports2.ExpressLoader = ExpressLoader;
-    exports2.ExpressLoader = ExpressLoader = __decorate75([
+    exports2.ExpressLoader = ExpressLoader = __decorate77([
       (0, common_1.Injectable)()
     ], ExpressLoader);
   }
@@ -76253,7 +76253,7 @@ var require_express_loader = __commonJS({
 var require_fastify_loader = __commonJS({
   "node_modules/.pnpm/@nestjs+serve-static@4.0.2_@nestjs+common@10.4.22_class-transformer@0.5.1_class-validator@0.1_kmdzv4ihqpcjmuu5h5u36hctmy/node_modules/@nestjs/serve-static/dist/loaders/fastify.loader.js"(exports2) {
     "use strict";
-    var __decorate75 = exports2 && exports2.__decorate || function(decorators, target, key, desc) {
+    var __decorate77 = exports2 && exports2.__decorate || function(decorators, target, key, desc) {
       var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
       if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
       else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
@@ -76306,7 +76306,7 @@ var require_fastify_loader = __commonJS({
       }
     };
     exports2.FastifyLoader = FastifyLoader;
-    exports2.FastifyLoader = FastifyLoader = __decorate75([
+    exports2.FastifyLoader = FastifyLoader = __decorate77([
       (0, common_1.Injectable)()
     ], FastifyLoader);
   }
@@ -76316,7 +76316,7 @@ var require_fastify_loader = __commonJS({
 var require_noop_loader = __commonJS({
   "node_modules/.pnpm/@nestjs+serve-static@4.0.2_@nestjs+common@10.4.22_class-transformer@0.5.1_class-validator@0.1_kmdzv4ihqpcjmuu5h5u36hctmy/node_modules/@nestjs/serve-static/dist/loaders/noop.loader.js"(exports2) {
     "use strict";
-    var __decorate75 = exports2 && exports2.__decorate || function(decorators, target, key, desc) {
+    var __decorate77 = exports2 && exports2.__decorate || function(decorators, target, key, desc) {
       var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
       if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
       else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
@@ -76331,7 +76331,7 @@ var require_noop_loader = __commonJS({
       }
     };
     exports2.NoopLoader = NoopLoader;
-    exports2.NoopLoader = NoopLoader = __decorate75([
+    exports2.NoopLoader = NoopLoader = __decorate77([
       (0, common_1.Injectable)()
     ], NoopLoader);
   }
@@ -76371,16 +76371,16 @@ var require_serve_static_providers = __commonJS({
 var require_serve_static_module = __commonJS({
   "node_modules/.pnpm/@nestjs+serve-static@4.0.2_@nestjs+common@10.4.22_class-transformer@0.5.1_class-validator@0.1_kmdzv4ihqpcjmuu5h5u36hctmy/node_modules/@nestjs/serve-static/dist/serve-static.module.js"(exports2) {
     "use strict";
-    var __decorate75 = exports2 && exports2.__decorate || function(decorators, target, key, desc) {
+    var __decorate77 = exports2 && exports2.__decorate || function(decorators, target, key, desc) {
       var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
       if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
       else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
       return c > 3 && r && Object.defineProperty(target, key, r), r;
     };
-    var __metadata57 = exports2 && exports2.__metadata || function(k, v) {
+    var __metadata58 = exports2 && exports2.__metadata || function(k, v) {
       if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
     };
-    var __param14 = exports2 && exports2.__param || function(paramIndex, decorator) {
+    var __param15 = exports2 && exports2.__param || function(paramIndex, decorator) {
       return function(target, key) {
         decorator(target, key, paramIndex);
       };
@@ -76453,12 +76453,12 @@ var require_serve_static_module = __commonJS({
       }
     };
     exports2.ServeStaticModule = ServeStaticModule2;
-    exports2.ServeStaticModule = ServeStaticModule2 = ServeStaticModule_1 = __decorate75([
+    exports2.ServeStaticModule = ServeStaticModule2 = ServeStaticModule_1 = __decorate77([
       (0, common_1.Module)({
         providers: [...serve_static_providers_1.serveStaticProviders]
       }),
-      __param14(0, (0, common_1.Inject)(serve_static_constants_1.SERVE_STATIC_MODULE_OPTIONS)),
-      __metadata57("design:paramtypes", [
+      __param15(0, (0, common_1.Inject)(serve_static_constants_1.SERVE_STATIC_MODULE_OPTIONS)),
+      __metadata58("design:paramtypes", [
         Array,
         abstract_loader_1.AbstractLoader,
         core_1.HttpAdapterHost
@@ -77725,8 +77725,8 @@ var require_utils_webcrypto = __commonJS({
         return nodeCrypto.createHash("md5").update(string, "utf-8").digest("hex");
       } catch (e) {
         const data = typeof string === "string" ? textEncoder.encode(string) : string;
-        const hash2 = await subtleCrypto.digest("MD5", data);
-        return Array.from(new Uint8Array(hash2)).map((b) => b.toString(16).padStart(2, "0")).join("");
+        const hash = await subtleCrypto.digest("MD5", data);
+        return Array.from(new Uint8Array(hash)).map((b) => b.toString(16).padStart(2, "0")).join("");
       }
     }
     async function postgresMd5PasswordHash(user, password, salt) {
@@ -86798,7 +86798,7 @@ var require_umd = __commonJS({
         };
         LongPrototype.gte = LongPrototype.greaterThanOrEqual;
         LongPrototype.ge = LongPrototype.greaterThanOrEqual;
-        LongPrototype.compare = function compare2(other) {
+        LongPrototype.compare = function compare(other) {
           if (!isLong(other)) other = fromValue(other);
           if (this.eq(other)) return 0;
           var thisNeg = this.isNegative(), otherNeg = other.isNegative();
@@ -92315,15 +92315,15 @@ var require_auth_41 = __commonJS({
     "use strict";
     var crypto3 = __require("crypto");
     function sha1(msg, msg1, msg2) {
-      const hash2 = crypto3.createHash("sha1");
-      hash2.update(msg);
+      const hash = crypto3.createHash("sha1");
+      hash.update(msg);
       if (msg1) {
-        hash2.update(msg1);
+        hash.update(msg1);
       }
       if (msg2) {
-        hash2.update(msg2);
+        hash.update(msg2);
       }
-      return hash2.digest();
+      return hash.digest();
     }
     function xor(a, b) {
       const result = Buffer.allocUnsafe(a.length);
@@ -94129,9 +94129,9 @@ var require_caching_sha2_password = __commonJS({
     var STATE_WAIT_SERVER_KEY = 2;
     var STATE_FINAL = -1;
     function sha256(msg) {
-      const hash2 = crypto3.createHash("sha256");
-      hash2.update(msg);
-      return hash2.digest();
+      const hash = crypto3.createHash("sha256");
+      hash.update(msg);
+      return hash.digest();
     }
     function calculateToken(password, scramble) {
       if (!password) {
@@ -101388,8 +101388,8 @@ var require_compare = __commonJS({
   "node_modules/.pnpm/semver@7.7.3/node_modules/semver/functions/compare.js"(exports2, module2) {
     "use strict";
     var SemVer = require_semver();
-    var compare2 = (a, b, loose) => new SemVer(a, loose).compare(new SemVer(b, loose));
-    module2.exports = compare2;
+    var compare = (a, b, loose) => new SemVer(a, loose).compare(new SemVer(b, loose));
+    module2.exports = compare;
   }
 });
@@ -101397,8 +101397,8 @@ var require_compare = __commonJS({
 var require_rcompare = __commonJS({
   "node_modules/.pnpm/semver@7.7.3/node_modules/semver/functions/rcompare.js"(exports2, module2) {
     "use strict";
-    var compare2 = require_compare();
-    var rcompare = (a, b, loose) => compare2(b, a, loose);
+    var compare = require_compare();
+    var rcompare = (a, b, loose) => compare(b, a, loose);
     module2.exports = rcompare;
   }
 });
@@ -101407,8 +101407,8 @@ var require_rcompare = __commonJS({
 var require_compare_loose = __commonJS({
   "node_modules/.pnpm/semver@7.7.3/node_modules/semver/functions/compare-loose.js"(exports2, module2) {
     "use strict";
-    var compare2 = require_compare();
-    var compareLoose = (a, b) => compare2(a, b, true);
+    var compare = require_compare();
+    var compareLoose = (a, b) => compare(a, b, true);
     module2.exports = compareLoose;
   }
 });
@@ -101451,8 +101451,8 @@ var require_rsort = __commonJS({
 var require_gt = __commonJS({
   "node_modules/.pnpm/semver@7.7.3/node_modules/semver/functions/gt.js"(exports2, module2) {
     "use strict";
-    var compare2 = require_compare();
-    var gt = (a, b, loose) => compare2(a, b, loose) > 0;
+    var compare = require_compare();
+    var gt = (a, b, loose) => compare(a, b, loose) > 0;
     module2.exports = gt;
   }
 });
@@ -101461,8 +101461,8 @@ var require_gt = __commonJS({
 var require_lt = __commonJS({
   "node_modules/.pnpm/semver@7.7.3/node_modules/semver/functions/lt.js"(exports2, module2) {
     "use strict";
-    var compare2 = require_compare();
-    var lt = (a, b, loose) => compare2(a, b, loose) < 0;
+    var compare = require_compare();
+    var lt = (a, b, loose) => compare(a, b, loose) < 0;
     module2.exports = lt;
   }
 });
@@ -101471,8 +101471,8 @@ var require_lt = __commonJS({
 var require_eq = __commonJS({
   "node_modules/.pnpm/semver@7.7.3/node_modules/semver/functions/eq.js"(exports2, module2) {
     "use strict";
-    var compare2 = require_compare();
-    var eq = (a, b, loose) => compare2(a, b, loose) === 0;
+    var compare = require_compare();
+    var eq = (a, b, loose) => compare(a, b, loose) === 0;
     module2.exports = eq;
   }
 });
@@ -101481,8 +101481,8 @@ var require_eq = __commonJS({
 var require_neq = __commonJS({
   "node_modules/.pnpm/semver@7.7.3/node_modules/semver/functions/neq.js"(exports2, module2) {
     "use strict";
-    var compare2 = require_compare();
-    var neq = (a, b, loose) => compare2(a, b, loose) !== 0;
+    var compare = require_compare();
+    var neq = (a, b, loose) => compare(a, b, loose) !== 0;
     module2.exports = neq;
   }
 });
@@ -101491,8 +101491,8 @@ var require_neq = __commonJS({
 var require_gte = __commonJS({
   "node_modules/.pnpm/semver@7.7.3/node_modules/semver/functions/gte.js"(exports2, module2) {
     "use strict";
-    var compare2 = require_compare();
-    var gte = (a, b, loose) => compare2(a, b, loose) >= 0;
+    var compare = require_compare();
+    var gte = (a, b, loose) => compare(a, b, loose) >= 0;
     module2.exports = gte;
   }
 });
@@ -101501,8 +101501,8 @@ var require_gte = __commonJS({
 var require_lte = __commonJS({
   "node_modules/.pnpm/semver@7.7.3/node_modules/semver/functions/lte.js"(exports2, module2) {
     "use strict";
-    var compare2 = require_compare();
-    var lte = (a, b, loose) => compare2(a, b, loose) <= 0;
+    var compare = require_compare();
+    var lte = (a, b, loose) => compare(a, b, loose) <= 0;
     module2.exports = lte;
   }
 });
@@ -102399,12 +102399,12 @@ var require_simplify = __commonJS({
   "node_modules/.pnpm/semver@7.7.3/node_modules/semver/ranges/simplify.js"(exports2, module2) {
     "use strict";
     var satisfies = require_satisfies();
-    var compare2 = require_compare();
+    var compare = require_compare();
     module2.exports = (versions, range, options) => {
       const set = [];
       let first = null;
       let prev = null;
-      const v = versions.sort((a, b) => compare2(a, b, options));
+      const v = versions.sort((a, b) => compare(a, b, options));
       for (const version of v) {
         const included = satisfies(version, range, options);
         if (included) {
@@ -102452,7 +102452,7 @@ var require_subset = __commonJS({
     var Comparator = require_comparator();
     var { ANY } = Comparator;
     var satisfies = require_satisfies();
-    var compare2 = require_compare();
+    var compare = require_compare();
     var subset = (sub, dom, options = {}) => {
       if (sub === dom) {
         return true;
@@ -102512,7 +102512,7 @@ var require_subset = __commonJS({
       }
       let gtltComp;
       if (gt && lt) {
-        gtltComp = compare2(gt.semver, lt.semver, options);
+        gtltComp = compare(gt.semver, lt.semver, options);
         if (gtltComp > 0) {
           return null;
         } else if (gtltComp === 0 && (gt.operator !== ">=" || lt.operator !== "<=")) {
@@ -102592,14 +102592,14 @@ var require_subset = __commonJS({
       if (!a) {
         return b;
       }
-      const comp = compare2(a.semver, b.semver, options);
+      const comp = compare(a.semver, b.semver, options);
       return comp > 0 ? a : comp < 0 ? b : b.operator === ">" && a.operator === ">=" ? b : a;
     };
     var lowerLT = (a, b, options) => {
       if (!a) {
         return b;
       }
-      const comp = compare2(a.semver, b.semver, options);
+      const comp = compare(a.semver, b.semver, options);
       return comp < 0 ? a : comp > 0 ? b : b.operator === "<" && a.operator === "<=" ? b : a;
     };
     module2.exports = subset;
@@ -102623,7 +102623,7 @@ var require_semver2 = __commonJS({
     var minor = require_minor();
     var patch = require_patch();
     var prerelease = require_prerelease();
-    var compare2 = require_compare();
+    var compare = require_compare();
     var rcompare = require_rcompare();
     var compareLoose = require_compare_loose();
     var compareBuild = require_compare_build();
@@ -102661,7 +102661,7 @@ var require_semver2 = __commonJS({
       minor,
       patch,
       prerelease,
-      compare: compare2,
+      compare,
       rcompare,
       compareLoose,
       compareBuild,
@@ -103658,16 +103658,16 @@ var require_jsonwebtoken = __commonJS({
 var require_jwt_service = __commonJS({
   "node_modules/.pnpm/@nestjs+jwt@11.0.2_@nestjs+common@10.4.22_class-transformer@0.5.1_class-validator@0.14.3_refl_tb2k3hwaeibzs5qkwqj56q6ttq/node_modules/@nestjs/jwt/dist/jwt.service.js"(exports2) {
     "use strict";
-    var __decorate75 = exports2 && exports2.__decorate || function(decorators, target, key, desc) {
+    var __decorate77 = exports2 && exports2.__decorate || function(decorators, target, key, desc) {
       var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
       if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
       else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
       return c > 3 && r && Object.defineProperty(target, key, r), r;
     };
-    var __metadata57 = exports2 && exports2.__metadata || function(k, v) {
+    var __metadata58 = exports2 && exports2.__metadata || function(k, v) {
       if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
     };
-    var __param14 = exports2 && exports2.__param || function(paramIndex, decorator) {
+    var __param15 = exports2 && exports2.__param || function(paramIndex, decorator) {
       return function(target, key) {
         decorator(target, key, paramIndex);
       };
@@ -103755,11 +103755,11 @@ var require_jwt_service = __commonJS({
       }
     };
     exports2.JwtService = JwtService2;
-    exports2.JwtService = JwtService2 = __decorate75([
+    exports2.JwtService = JwtService2 = __decorate77([
       (0, common_1.Injectable)(),
-      __param14(0, (0, common_1.Optional)()),
-      __param14(0, (0, common_1.Inject)(jwt_constants_1.JWT_MODULE_OPTIONS)),
-      __metadata57("design:paramtypes", [Object])
+      __param15(0, (0, common_1.Optional)()),
+      __param15(0, (0, common_1.Inject)(jwt_constants_1.JWT_MODULE_OPTIONS)),
+      __metadata58("design:paramtypes", [Object])
     ], JwtService2);
   }
 });
@@ -103768,7 +103768,7 @@ var require_jwt_service = __commonJS({
 var require_jwt_module = __commonJS({
   "node_modules/.pnpm/@nestjs+jwt@11.0.2_@nestjs+common@10.4.22_class-transformer@0.5.1_class-validator@0.14.3_refl_tb2k3hwaeibzs5qkwqj56q6ttq/node_modules/@nestjs/jwt/dist/jwt.module.js"(exports2) {
     "use strict";
-    var __decorate75 = exports2 && exports2.__decorate || function(decorators, target, key, desc) {
+    var __decorate77 = exports2 && exports2.__decorate || function(decorators, target, key, desc) {
       var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
       if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
       else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
@@ -103828,7 +103828,7 @@ var require_jwt_module = __commonJS({
       }
     };
     exports2.JwtModule = JwtModule2;
-    exports2.JwtModule = JwtModule2 = JwtModule_1 = __decorate75([
+    exports2.JwtModule = JwtModule2 = JwtModule_1 = __decorate77([
       (0, common_1.Module)({
         providers: [jwt_service_1.JwtService],
         exports: [jwt_service_1.JwtService]
@@ -104635,16 +104635,16 @@ var require_memoize_util = __commonJS({
 var require_auth_guard = __commonJS({
   "node_modules/.pnpm/@nestjs+passport@11.0.5_@nestjs+common@10.4.22_class-transformer@0.5.1_class-validator@0.14.3_bz5s6qwi6r6ots5rioaykmbz5a/node_modules/@nestjs/passport/dist/auth.guard.js"(exports2) {
     "use strict";
-    var __decorate75 = exports2 && exports2.__decorate || function(decorators, target, key, desc) {
+    var __decorate77 = exports2 && exports2.__decorate || function(decorators, target, key, desc) {
       var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
       if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
       else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
       return c > 3 && r && Object.defineProperty(target, key, r), r;
     };
-    var __metadata57 = exports2 && exports2.__metadata || function(k, v) {
+    var __metadata58 = exports2 && exports2.__metadata || function(k, v) {
       if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
     };
-    var __param14 = exports2 && exports2.__param || function(paramIndex, decorator) {
+    var __param15 = exports2 && exports2.__param || function(paramIndex, decorator) {
       return function(target, key) {
         decorator(target, key, paramIndex);
       };
@@ -104703,14 +104703,14 @@ var require_auth_guard = __commonJS({
           return void 0;
         }
       };
-      __decorate75([
+      __decorate77([
         (0, common_1.Optional)(),
         (0, common_1.Inject)(auth_module_options_1.AuthModuleOptions),
-        __metadata57("design:type", auth_module_options_1.AuthModuleOptions)
+        __metadata58("design:type", auth_module_options_1.AuthModuleOptions)
       ], MixinAuthGuard.prototype, "options", void 0);
-      MixinAuthGuard = __decorate75([
-        __param14(0, (0, common_1.Optional)()),
-        __metadata57("design:paramtypes", [auth_module_options_1.AuthModuleOptions])
+      MixinAuthGuard = __decorate77([
+        __param15(0, (0, common_1.Optional)()),
+        __metadata58("design:paramtypes", [auth_module_options_1.AuthModuleOptions])
       ], MixinAuthGuard);
       const guard = (0, common_1.mixin)(MixinAuthGuard);
       return guard;
@@ -104764,7 +104764,7 @@ var require_interfaces8 = __commonJS({
 var require_passport_module = __commonJS({
   "node_modules/.pnpm/@nestjs+passport@11.0.5_@nestjs+common@10.4.22_class-transformer@0.5.1_class-validator@0.14.3_bz5s6qwi6r6ots5rioaykmbz5a/node_modules/@nestjs/passport/dist/passport.module.js"(exports2) {
     "use strict";
-    var __decorate75 = exports2 && exports2.__decorate || function(decorators, target, key, desc) {
+    var __decorate77 = exports2 && exports2.__decorate || function(decorators, target, key, desc) {
       var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
       if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
       else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
@@ -104819,7 +104819,7 @@ var require_passport_module = __commonJS({
       }
     };
     exports2.PassportModule = PassportModule2;
-    exports2.PassportModule = PassportModule2 = PassportModule_1 = __decorate75([
+    exports2.PassportModule = PassportModule2 = PassportModule_1 = __decorate77([
       (0, common_1.Module)({})
     ], PassportModule2);
   }
@@ -105074,28 +105074,28 @@ var require_bcrypt = __commonJS({
           return false;
         return wrong === 0;
       }
-      bcrypt2.compareSync = function(s, hash2) {
-        if (typeof s !== "string" || typeof hash2 !== "string")
-          throw Error("Illegal arguments: " + typeof s + ", " + typeof hash2);
-        if (hash2.length !== 60)
+      bcrypt2.compareSync = function(s, hash) {
+        if (typeof s !== "string" || typeof hash !== "string")
+          throw Error("Illegal arguments: " + typeof s + ", " + typeof hash);
+        if (hash.length !== 60)
           return false;
-        return safeStringCompare(bcrypt2.hashSync(s, hash2.substr(0, hash2.length - 31)), hash2);
+        return safeStringCompare(bcrypt2.hashSync(s, hash.substr(0, hash.length - 31)), hash);
       };
-      bcrypt2.compare = function(s, hash2, callback, progressCallback) {
+      bcrypt2.compare = function(s, hash, callback, progressCallback) {
         function _async(callback2) {
-          if (typeof s !== "string" || typeof hash2 !== "string") {
-            nextTick(callback2.bind(this, Error("Illegal arguments: " + typeof s + ", " + typeof hash2)));
+          if (typeof s !== "string" || typeof hash !== "string") {
+            nextTick(callback2.bind(this, Error("Illegal arguments: " + typeof s + ", " + typeof hash)));
             return;
           }
-          if (hash2.length !== 60) {
+          if (hash.length !== 60) {
             nextTick(callback2.bind(this, null, false));
             return;
           }
-          bcrypt2.hash(s, hash2.substr(0, 29), function(err, comp) {
+          bcrypt2.hash(s, hash.substr(0, 29), function(err, comp) {
             if (err)
               callback2(err);
             else
-              callback2(null, safeStringCompare(comp, hash2));
+              callback2(null, safeStringCompare(comp, hash));
           }, progressCallback);
         }
         if (callback) {
@@ -105113,17 +105113,17 @@ var require_bcrypt = __commonJS({
             });
           });
       };
-      bcrypt2.getRounds = function(hash2) {
-        if (typeof hash2 !== "string")
-          throw Error("Illegal arguments: " + typeof hash2);
-        return parseInt(hash2.split("$")[2], 10);
+      bcrypt2.getRounds = function(hash) {
+        if (typeof hash !== "string")
+          throw Error("Illegal arguments: " + typeof hash);
+        return parseInt(hash.split("$")[2], 10);
       };
-      bcrypt2.getSalt = function(hash2) {
-        if (typeof hash2 !== "string")
-          throw Error("Illegal arguments: " + typeof hash2);
-        if (hash2.length !== 60)
-          throw Error("Illegal hash length: " + hash2.length + " != 60");
-        return hash2.substring(0, 29);
+      bcrypt2.getSalt = function(hash) {
+        if (typeof hash !== "string")
+          throw Error("Illegal arguments: " + typeof hash);
+        if (hash.length !== 60)
+          throw Error("Illegal hash length: " + hash.length + " != 60");
+        return hash.substring(0, 29);
       };
       var nextTick = typeof process !== "undefined" && process && typeof process.nextTick === "function" ? typeof setImmediate === "function" ? setImmediate : process.nextTick : setTimeout;
       function stringToBytes(str) {
@@ -107036,10 +107036,10 @@ var require_lib14 = __commonJS({
 // apps/api/dist/main.js
 var import_reflect_metadata = __toESM(require_Reflect(), 1);
 var import_core5 = __toESM(require_core3(), 1);
-var import_common49 = __toESM(require_common(), 1);
+var import_common51 = __toESM(require_common(), 1);
 // apps/api/dist/app.module.js
-var import_common48 = __toESM(require_common(), 1);
+var import_common50 = __toESM(require_common(), 1);
 var import_core4 = __toESM(require_core3(), 1);
 var import_serve_static = __toESM(require_serve_static2(), 1);
 import { join as join4 } from "path";
@@ -107061,7 +107061,7 @@ var import_common = __toESM(require_common(), 1);
 import Database from "better-sqlite3";
 // packages/metadata/dist/schema.js
-var SCHEMA_VERSION = 21;
+var SCHEMA_VERSION = 22;
 var MIGRATIONS = [
   // Version 1: Initial schema
   `
@@ -107546,6 +107546,50 @@ var MIGRATIONS = [
   CREATE INDEX IF NOT EXISTS idx_backups_created_by ON backups(created_by);
   UPDATE schema_version SET version = 21;
+  `,
+  // Version 22: Add is_public to resources + rename settings to user_preferences with user_id
+  `
+  -- Create system user for storing system-wide preferences (if not exists)
+  INSERT OR IGNORE INTO users (id, email, password_hash, role, created_at, updated_at)
+  VALUES ('system', 'system@internal', '', 'admin', datetime('now'), datetime('now'));
+  -- Ensure settings table exists (even if empty) to avoid errors in migration
+  CREATE TABLE IF NOT EXISTS settings (
+    key TEXT PRIMARY KEY,
+    value TEXT NOT NULL,
+    updated_at TEXT NOT NULL DEFAULT (datetime('now'))
+  );
+  -- Create user_preferences table (replaces settings)
+  CREATE TABLE IF NOT EXISTS user_preferences (
+    id TEXT PRIMARY KEY,
+    user_id TEXT NOT NULL,
+    key TEXT NOT NULL,
+    value TEXT NOT NULL,
+    updated_at TEXT NOT NULL DEFAULT (datetime('now')),
+    FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE,
+    UNIQUE(user_id, key)
+  );
+  -- Migrate existing settings as system defaults (user_id = 'system')
+  INSERT OR IGNORE INTO user_preferences (id, user_id, key, value, updated_at)
+  SELECT hex(randomblob(16)), 'system', key, value, updated_at FROM settings;
+  -- Drop old settings table
+  DROP TABLE IF EXISTS settings;
+  -- Create index for user preferences
+  CREATE INDEX IF NOT EXISTS idx_user_preferences_user ON user_preferences(user_id);
+  CREATE INDEX IF NOT EXISTS idx_user_preferences_key ON user_preferences(user_id, key);
+  -- Add is_public to resources (default 0 = private, only owner can see)
+  ALTER TABLE connections ADD COLUMN is_public INTEGER NOT NULL DEFAULT 0;
+  ALTER TABLE servers ADD COLUMN is_public INTEGER NOT NULL DEFAULT 0;
+  ALTER TABLE projects ADD COLUMN is_public INTEGER NOT NULL DEFAULT 0;
+  ALTER TABLE database_groups ADD COLUMN is_public INTEGER NOT NULL DEFAULT 0;
+  ALTER TABLE saved_queries ADD COLUMN is_public INTEGER NOT NULL DEFAULT 0;
+  UPDATE schema_version SET version = 22;
   `
 ];
@@ -107665,9 +107709,9 @@ var ConnectionRepository = class {
     const encryptedPwd = input.password ? encryptPassword(input.password) : null;
     const connectionType = input.connectionType || this.inferConnectionType(input.host);
     this.db.prepare(`
-      INSERT INTO connections (id, name, engine, connection_type, host, port, database, username, encrypted_password, ssl, default_schema, tags, read_only, server_id, project_id, group_id, created_by, created_at, updated_at)
-      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
-    `).run(id, input.name, input.engine, connectionType, input.host, input.port, input.database, input.username, encryptedPwd, input.ssl ? 1 : 0, input.defaultSchema || null, JSON.stringify(input.tags ?? []), input.readOnly ? 1 : 0, input.serverId || null, input.projectId || null, input.groupId || null, userId || null, now, now);
+      INSERT INTO connections (id, name, engine, connection_type, host, port, database, username, encrypted_password, ssl, default_schema, tags, read_only, server_id, project_id, group_id, is_public, created_by, created_at, updated_at)
+      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+    `).run(id, input.name, input.engine, connectionType, input.host, input.port, input.database, input.username, encryptedPwd, input.ssl ? 1 : 0, input.defaultSchema || null, JSON.stringify(input.tags ?? []), input.readOnly ? 1 : 0, input.serverId || null, input.projectId || null, input.groupId || null, input.isPublic ? 1 : 0, userId || null, now, now);
     return this.findById(id);
   }
   /**
@@ -107723,7 +107767,7 @@ var ConnectionRepository = class {
         `;
     const params = [];
     if (userContext && !userContext.isAdmin && userContext.userId) {
-      query += ` WHERE c.created_by = ? OR c.created_by IS NULL`;
+      query += ` WHERE (c.created_by = ? OR c.created_by IS NULL OR c.is_public = 1)`;
       params.push(userContext.userId);
     }
     query += ` ORDER BY p.name, dg.name, c.name`;
@@ -107748,7 +107792,7 @@ var ConnectionRepository = class {
         `;
     const params = [projectId];
     if (userContext && !userContext.isAdmin && userContext.userId) {
-      query += ` AND (c.created_by = ? OR c.created_by IS NULL)`;
+      query += ` AND (c.created_by = ? OR c.created_by IS NULL OR c.is_public = 1)`;
       params.push(userContext.userId);
     }
     query += ` ORDER BY dg.name, c.name`;
@@ -107773,7 +107817,7 @@ var ConnectionRepository = class {
         `;
     const params = [groupId];
     if (userContext && !userContext.isAdmin && userContext.userId) {
-      query += ` AND (c.created_by = ? OR c.created_by IS NULL)`;
+      query += ` AND (c.created_by = ? OR c.created_by IS NULL OR c.is_public = 1)`;
       params.push(userContext.userId);
     }
     query += ` ORDER BY c.name`;
@@ -107798,7 +107842,7 @@ var ConnectionRepository = class {
         `;
     const params = [];
     if (userContext && !userContext.isAdmin && userContext.userId) {
-      query += ` AND (c.created_by = ? OR c.created_by IS NULL)`;
+      query += ` AND (c.created_by = ? OR c.created_by IS NULL OR c.is_public = 1)`;
       params.push(userContext.userId);
     }
     query += ` ORDER BY c.name`;
@@ -107822,7 +107866,7 @@ var ConnectionRepository = class {
         `;
     const params = [];
     if (userContext && !userContext.isAdmin && userContext.userId) {
-      query += ` WHERE c.created_by = ? OR c.created_by IS NULL`;
+      query += ` WHERE (c.created_by = ? OR c.created_by IS NULL OR c.is_public = 1)`;
       params.push(userContext.userId);
     }
     query += ` ORDER BY c.name`;
@@ -107897,6 +107941,10 @@ var ConnectionRepository = class {
       updates.push("server_id = ?");
       values.push(input.serverId);
     }
+    if (input.isPublic !== void 0) {
+      updates.push("is_public = ?");
+      values.push(input.isPublic ? 1 : 0);
+    }
     if (updates.length > 0) {
       updates.push("updated_at = ?");
       values.push((/* @__PURE__ */ new Date()).toISOString());
@@ -107968,21 +108016,23 @@ var ConnectionRepository = class {
       projectId: row.project_id || void 0,
       groupId: row.group_id || void 0,
       createdBy: row.created_by || void 0,
+      isPublic: row.is_public === 1,
       serverName: row.server_name,
       projectName: row.project_name,
       groupName: row.group_name
     };
   }
   /**
-   * Check if user can access a connection
+   * Check if user can access (view) a connection
+   * Accessible if: owner, admin, not private, or created_by is null (legacy)
    */
   canAccess(connectionId, userContext) {
     if (userContext.isAdmin)
       return true;
-    const row = this.db.prepare("SELECT created_by FROM connections WHERE id = ?").get(connectionId);
+    const row = this.db.prepare("SELECT created_by, is_public FROM connections WHERE id = ?").get(connectionId);
     if (!row)
       return false;
-    return row.created_by === null || row.created_by === userContext.userId;
+    return row.created_by === null || row.created_by === userContext.userId || row.is_public === 1;
   }
   /**
    * Find connections by server ID (filtered by user unless admin)
@@ -108001,13 +108051,25 @@ var ConnectionRepository = class {
         `;
     const params = [serverId];
     if (userContext && !userContext.isAdmin && userContext.userId) {
-      query += ` AND (c.created_by = ? OR c.created_by IS NULL)`;
+      query += ` AND (c.created_by = ? OR c.created_by IS NULL OR c.is_public = 1)`;
       params.push(userContext.userId);
     }
     query += ` ORDER BY c.name`;
     const rows = this.db.prepare(query).all(...params);
     return rows.map((row) => this.rowToConnection(row));
   }
+  /**
+   * Check if user can modify (update/delete) a connection
+   * Only owner or admin can modify
+   */
+  canModify(connectionId, userContext) {
+    if (userContext.isAdmin)
+      return true;
+    const row = this.db.prepare("SELECT created_by FROM connections WHERE id = ?").get(connectionId);
+    if (!row)
+      return false;
+    return row.created_by === null || row.created_by === userContext.userId;
+  }
 };
 // packages/metadata/dist/repositories/query.repository.js
@@ -108034,7 +108096,7 @@ var QueryLogsRepository = class {
     let query = "SELECT * FROM saved_queries";
     const params = [];
     if (userContext && !userContext.isAdmin && userContext.userId) {
-      query += " WHERE created_by = ? OR created_by IS NULL";
+      query += " WHERE (created_by = ? OR created_by IS NULL OR is_public = 1)";
       params.push(userContext.userId);
     }
     query += " ORDER BY name";
@@ -108051,7 +108113,7 @@ var QueryLogsRepository = class {
       query += "folder_id IS NULL";
     }
     if (userContext && !userContext.isAdmin && userContext.userId) {
-      query += " AND (created_by = ? OR created_by IS NULL)";
+      query += " AND (created_by = ? OR created_by IS NULL OR is_public = 1)";
       params.push(userContext.userId);
     }
     query += " ORDER BY name";
@@ -108059,9 +108121,20 @@ var QueryLogsRepository = class {
     return rows.map((row) => this.rowToSavedQuery(row));
   }
   /**
-   * Check if user can access a saved query
+   * Check if user can access (view) a saved query
    */
   canAccessSavedQuery(queryId, userContext) {
+    if (userContext.isAdmin)
+      return true;
+    const row = this.db.prepare("SELECT created_by, is_public FROM saved_queries WHERE id = ?").get(queryId);
+    if (!row)
+      return false;
+    return row.created_by === null || row.created_by === userContext.userId || row.is_public === 1;
+  }
+  /**
+   * Check if user can modify (update/delete) a saved query
+   */
+  canModifySavedQuery(queryId, userContext) {
     if (userContext.isAdmin)
       return true;
     const row = this.db.prepare("SELECT created_by FROM saved_queries WHERE id = ?").get(queryId);
@@ -108088,6 +108161,10 @@ var QueryLogsRepository = class {
       updates.push("folder_id = ?");
       values.push(input.folderId);
     }
+    if (input.isPublic !== void 0) {
+      updates.push("is_public = ?");
+      values.push(input.isPublic ? 1 : 0);
+    }
     if (updates.length > 0) {
       updates.push("updated_at = ?");
       values.push((/* @__PURE__ */ new Date()).toISOString());
@@ -108156,7 +108233,8 @@ var QueryLogsRepository = class {
       folderId: row.folder_id ?? void 0,
       createdAt: new Date(row.created_at),
       updatedAt: new Date(row.updated_at),
-      createdBy: row.created_by ?? void 0
+      createdBy: row.created_by ?? void 0,
+      isPublic: row.is_public === 1
     };
   }
   rowToFolder(row) {
@@ -108334,7 +108412,7 @@ var ProjectRepository = class {
     let query = `SELECT * FROM projects`;
     const params = [];
     if (userContext && !userContext.isAdmin && userContext.userId) {
-      query += ` WHERE created_by = ? OR created_by IS NULL`;
+      query += ` WHERE (created_by = ? OR created_by IS NULL OR is_public = 1)`;
       params.push(userContext.userId);
     }
     query += ` ORDER BY name`;
@@ -108342,9 +108420,20 @@ var ProjectRepository = class {
     return rows.map((row) => this.rowToProject(row));
   }
   /**
-   * Check if user can access a project
+   * Check if user can access (view) a project
    */
   canAccess(projectId, userContext) {
+    if (userContext.isAdmin)
+      return true;
+    const row = this.db.getDb().prepare("SELECT created_by, is_public FROM projects WHERE id = ?").get(projectId);
+    if (!row)
+      return false;
+    return row.created_by === null || row.created_by === userContext.userId || row.is_public === 1;
+  }
+  /**
+   * Check if user can modify (update/delete) a project
+   */
+  canModify(projectId, userContext) {
     if (userContext.isAdmin)
       return true;
     const row = this.db.getDb().prepare("SELECT created_by FROM projects WHERE id = ?").get(projectId);
@@ -108370,6 +108459,10 @@ var ProjectRepository = class {
       updates.push("color = ?");
       values.push(input.color);
     }
+    if (input.isPublic !== void 0) {
+      updates.push("is_public = ?");
+      values.push(input.isPublic ? 1 : 0);
+    }
     if (updates.length === 0) {
       return this.findById(id);
     }
@@ -108398,7 +108491,8 @@ var ProjectRepository = class {
       color: row.color || void 0,
       createdAt: new Date(row.created_at),
       updatedAt: new Date(row.updated_at),
-      createdBy: row.created_by || void 0
+      createdBy: row.created_by || void 0,
+      isPublic: row.is_public === 1
     };
   }
 };
@@ -108458,7 +108552,7 @@ var DatabaseGroupRepository = class {
       params.push(projectId);
     }
     if (userContext && !userContext.isAdmin && userContext.userId) {
-      conditions.push("(dg.created_by = ? OR dg.created_by IS NULL)");
+      conditions.push("(dg.created_by = ? OR dg.created_by IS NULL OR dg.is_public = 1)");
       params.push(userContext.userId);
     }
     if (conditions.length > 0) {
@@ -108485,7 +108579,7 @@ var DatabaseGroupRepository = class {
         `;
     const params = [];
     if (userContext && !userContext.isAdmin && userContext.userId) {
-      query += ` AND (dg.created_by = ? OR dg.created_by IS NULL)`;
+      query += ` AND (dg.created_by = ? OR dg.created_by IS NULL OR dg.is_public = 1)`;
       params.push(userContext.userId);
     }
     query += ` ORDER BY p.name, dg.name`;
@@ -108493,9 +108587,20 @@ var DatabaseGroupRepository = class {
     return rows.map((row) => this.rowToGroup(row));
   }
   /**
-   * Check if user can access a database group
+   * Check if user can access (view) a database group
    */
   canAccess(groupId, userContext) {
+    if (userContext.isAdmin)
+      return true;
+    const row = this.db.getDb().prepare("SELECT created_by, is_public FROM database_groups WHERE id = ?").get(groupId);
+    if (!row)
+      return false;
+    return row.created_by === null || row.created_by === userContext.userId || row.is_public === 1;
+  }
+  /**
+   * Check if user can modify (update/delete) a database group
+   */
+  canModify(groupId, userContext) {
     if (userContext.isAdmin)
       return true;
     const row = this.db.getDb().prepare("SELECT created_by FROM database_groups WHERE id = ?").get(groupId);
@@ -108533,6 +108638,10 @@ var DatabaseGroupRepository = class {
       updates.push("sync_target_schema = ?");
       values.push(input.syncTargetSchema);
     }
+    if (input.isPublic !== void 0) {
+      updates.push("is_public = ?");
+      values.push(input.isPublic ? 1 : 0);
+    }
     if (updates.length === 0) {
       return this.findById(id);
     }
@@ -108567,6 +108676,7 @@ var DatabaseGroupRepository = class {
       createdAt: new Date(row.created_at),
       updatedAt: new Date(row.updated_at),
       createdBy: row.created_by || void 0,
+      isPublic: row.is_public === 1,
       projectName: row.project_name,
       sourceConnectionName: row.source_connection_name,
       connectionCount: row.connection_count
@@ -109439,6 +109549,7 @@ var ServerRepository = class {
       createdAt: new Date(row.created_at),
       updatedAt: new Date(row.updated_at),
       createdBy: row.created_by ?? void 0,
+      isPublic: row.is_public === 1,
       databaseCount: row.database_count
     };
   }
@@ -109491,7 +109602,7 @@ var ServerRepository = class {
         `;
     const params = [];
     if (userContext && !userContext.isAdmin && userContext.userId) {
-      query += ` WHERE s.created_by = ? OR s.created_by IS NULL`;
+      query += ` WHERE (s.created_by = ? OR s.created_by IS NULL OR s.is_public = 1)`;
       params.push(userContext.userId);
     }
     query += ` ORDER BY s.name`;
@@ -109510,7 +109621,7 @@ var ServerRepository = class {
         `;
     const params = [engine];
     if (userContext && !userContext.isAdmin && userContext.userId) {
-      query += ` AND (s.created_by = ? OR s.created_by IS NULL)`;
+      query += ` AND (s.created_by = ? OR s.created_by IS NULL OR s.is_public = 1)`;
       params.push(userContext.userId);
     }
     query += ` ORDER BY s.name`;
@@ -109518,9 +109629,20 @@ var ServerRepository = class {
     return rows.map((row) => this.rowToServer(row));
   }
   /**
-   * Check if user can access a server
+   * Check if user can access (view) a server
    */
   canAccess(serverId, userContext) {
+    if (userContext.isAdmin)
+      return true;
+    const row = this.db.prepare("SELECT created_by, is_public FROM servers WHERE id = ?").get(serverId);
+    if (!row)
+      return false;
+    return row.created_by === null || row.created_by === userContext.userId || row.is_public === 1;
+  }
+  /**
+   * Check if user can modify (update/delete) a server
+   */
+  canModify(serverId, userContext) {
     if (userContext.isAdmin)
       return true;
     const row = this.db.prepare("SELECT created_by FROM servers WHERE id = ?").get(serverId);
@@ -109578,6 +109700,10 @@ var ServerRepository = class {
       updates.push("stop_command = ?");
       values.push(input.stopCommand || null);
     }
+    if (input.isPublic !== void 0) {
+      updates.push("is_public = ?");
+      values.push(input.isPublic ? 1 : 0);
+    }
     if (updates.length === 0) {
       return existing;
     }
@@ -109621,25 +109747,26 @@ var ServerRepository = class {
   }
 };
-// packages/metadata/dist/repositories/settings.repository.js
+// packages/metadata/dist/repositories/user-preferences.repository.js
 var DEFAULT_TAGS = [
   { id: "production", name: "production", color: "239, 68, 68" },
   { id: "staging", name: "staging", color: "245, 158, 11" },
   { id: "development", name: "development", color: "16, 185, 129" },
   { id: "read-only", name: "read-only", color: "139, 92, 246" }
 ];
-var SettingsRepository = class {
+var UserPreferencesRepository = class {
   db;
   constructor(db) {
     this.db = db;
   }
   /**
-   * Get a setting value by key
+   * Get a preference value for a specific user
    */
-  get(key) {
-    const row = this.db.getDb().prepare("SELECT value FROM settings WHERE key = ?").get(key);
-    if (!row)
-      return null;
+  get(userId, key) {
+    const row = this.db.getDb().prepare("SELECT value FROM user_preferences WHERE user_id = ? AND key = ?").get(userId, key);
+    if (!row) {
+      return this.getSystemDefault(key);
+    }
     try {
       return JSON.parse(row.value);
     } catch {
@@ -109647,52 +109774,91 @@ var SettingsRepository = class {
     }
   }
   /**
-   * Set a setting value
+   * Set a preference value for a specific user
    */
-  set(key, value) {
+  set(userId, key, value) {
     const jsonValue = typeof value === "string" ? value : JSON.stringify(value);
+    const id = crypto.randomUUID();
     this.db.getDb().prepare(`
-            INSERT INTO settings (key, value, updated_at)
-            VALUES (?, ?, datetime('now'))
-            ON CONFLICT(key) DO UPDATE SET
-                value = excluded.value,
-                updated_at = datetime('now')
-        `).run(key, jsonValue);
+                INSERT INTO user_preferences (id, user_id, key, value, updated_at)
+                VALUES (?, ?, ?, ?, datetime('now'))
+                ON CONFLICT(user_id, key) DO UPDATE SET
+                    value = excluded.value,
+                    updated_at = datetime('now')
+            `).run(id, userId, key, jsonValue);
   }
   /**
-   * Delete a setting
+   * Delete a preference for a specific user
    */
-  delete(key) {
-    const result = this.db.getDb().prepare("DELETE FROM settings WHERE key = ?").run(key);
+  delete(userId, key) {
+    const result = this.db.getDb().prepare("DELETE FROM user_preferences WHERE user_id = ? AND key = ?").run(userId, key);
     return result.changes > 0;
   }
   /**
-   * Get all settings
+   * Get all preferences for a specific user
+   */
+  getAllForUser(userId) {
+    const rows = this.db.getDb().prepare("SELECT key, value FROM user_preferences WHERE user_id = ?").all(userId);
+    const preferences = {};
+    const systemDefaults = this.getAllSystemDefaults();
+    for (const [key, value] of Object.entries(systemDefaults)) {
+      preferences[key] = value;
+    }
+    for (const row of rows) {
+      try {
+        preferences[row.key] = JSON.parse(row.value);
+      } catch {
+        preferences[row.key] = row.value;
+      }
+    }
+    return preferences;
+  }
+  /**
+   * Get a system default value (user_id = 'system')
+   */
+  getSystemDefault(key) {
+    const row = this.db.getDb().prepare("SELECT value FROM user_preferences WHERE user_id = ? AND key = ?").get("system", key);
+    if (!row)
+      return null;
+    try {
+      return JSON.parse(row.value);
+    } catch {
+      return row.value;
+    }
+  }
+  /**
+   * Set a system default value
    */
-  getAll() {
-    const rows = this.db.getDb().prepare("SELECT key, value FROM settings").all();
-    const settings = {};
+  setSystemDefault(key, value) {
+    this.set("system", key, value);
+  }
+  /**
+   * Get all system defaults
+   */
+  getAllSystemDefaults() {
+    const rows = this.db.getDb().prepare("SELECT key, value FROM user_preferences WHERE user_id = ?").all("system");
+    const defaults2 = {};
     for (const row of rows) {
       try {
-        settings[row.key] = JSON.parse(row.value);
+        defaults2[row.key] = JSON.parse(row.value);
       } catch {
-        settings[row.key] = row.value;
+        defaults2[row.key] = row.value;
       }
     }
-    return settings;
+    return defaults2;
   }
-  // ============ Tag-specific methods ============
+  // ============ Tag-specific methods (system-wide) ============
   /**
-   * Get all tags
+   * Get all tags (system-wide)
    */
   getTags() {
-    return this.get("tags") || DEFAULT_TAGS;
+    return this.getSystemDefault("tags") || DEFAULT_TAGS;
   }
   /**
-   * Set tags
+   * Set tags (system-wide)
    */
   setTags(tags) {
-    this.set("tags", tags);
+    this.setSystemDefault("tags", tags);
   }
   /**
    * Add a new tag
@@ -109960,7 +110126,7 @@ var MetadataService = MetadataService_1 = class MetadataService2 {
   _backupRepository;
   _backupLogsRepository;
   _serverRepository;
-  _settingsRepository;
+  _userPreferencesRepository;
   _userRepository;
   onModuleInit() {
     let dbnexusDir;
@@ -109990,7 +110156,7 @@ var MetadataService = MetadataService_1 = class MetadataService2 {
     this._backupRepository = new BackupRepository(this.db.db);
     this._backupLogsRepository = new BackupLogsRepository(this.db.db);
     this._serverRepository = new ServerRepository(this.db);
-    this._settingsRepository = new SettingsRepository(this.db);
+    this._userPreferencesRepository = new UserPreferencesRepository(this.db);
     this._userRepository = new UserRepository(this.db.db);
     this.logger.log(`\u{1F4E6} Metadata database initialized at ${dbPath}`);
   }
@@ -110030,8 +110196,8 @@ var MetadataService = MetadataService_1 = class MetadataService2 {
   get serverRepository() {
     return this._serverRepository;
   }
-  get settingsRepository() {
-    return this._settingsRepository;
+  get userPreferencesRepository() {
+    return this._userPreferencesRepository;
   }
   get userRepository() {
     return this._userRepository;
@@ -110076,7 +110242,7 @@ var PostgresConnector = class {
         port: this.config.port,
         database: this.config.database,
         user: this.config.username,
-        password: this.config.password,
+        password: this.config.password ?? "",
         ssl: this.config.ssl ? { rejectUnauthorized: this.config.sslVerify ?? false } : false,
         connectionTimeoutMillis: 5e3,
         max: 1
@@ -110108,7 +110274,7 @@ var PostgresConnector = class {
       port: this.config.port,
       database: this.config.database,
       user: this.config.username,
-      password: this.config.password,
+      password: this.config.password ?? "",
       ssl: this.config.ssl ? { rejectUnauthorized: this.config.sslVerify ?? false } : false,
       max: 10,
       idleTimeoutMillis: 3e4,
@@ -110755,7 +110921,7 @@ var MysqlConnector = class {
         port: this.config.port,
         database: this.config.database,
         user: this.config.username,
-        password: this.config.password,
+        password: this.config.password ?? "",
         ssl: this.config.ssl ? { rejectUnauthorized: this.config.sslVerify ?? false } : void 0,
         connectTimeout: 5e3
       });
@@ -110784,7 +110950,7 @@ var MysqlConnector = class {
       port: this.config.port,
       database: this.config.database,
       user: this.config.username,
-      password: this.config.password,
+      password: this.config.password ?? "",
       ssl: this.config.ssl ? { rejectUnauthorized: this.config.sslVerify ?? false } : void 0,
       waitForConnections: true,
       connectionLimit: 10,
@@ -111201,7 +111367,7 @@ var ConnectionsService = ConnectionsService_1 = class ConnectionsService2 {
       port: settings.port,
       database: settings.database,
       username: settings.username,
-      password: settings.password,
+      password: settings.password ?? "",
       ssl: settings.ssl
     };
     if (settings.engine === "mysql") {
@@ -111253,6 +111419,13 @@ var ConnectionsService = ConnectionsService_1 = class ConnectionsService2 {
     const connector = this.connectors.get(id);
     return connector?.isConnected() ?? false;
   }
+  /**
+   * Get the decrypted password for a connection
+   */
+  getPassword(id) {
+    this.findById(id);
+    return this.metadataService.connectionRepository.getPassword(id);
+  }
   /**
    * Create a connector instance
    */
@@ -111319,6 +111492,7 @@ var CreateConnectionDto = class {
   defaultSchema;
   readOnly;
   tags;
+  isPublic;
 };
 __decorate4([
   (0, import_class_validator.IsString)(),
@@ -111358,8 +111532,8 @@ __decorate4([
   __metadata3("design:type", String)
 ], CreateConnectionDto.prototype, "username", void 0);
 __decorate4([
+  (0, import_class_validator.IsOptional)(),
   (0, import_class_validator.IsString)(),
-  (0, import_class_validator.IsNotEmpty)({ message: "Password is required" }),
   __metadata3("design:type", String)
 ], CreateConnectionDto.prototype, "password", void 0);
 __decorate4([
@@ -111403,6 +111577,11 @@ __decorate4([
   (0, import_class_validator.IsString)({ each: true }),
   __metadata3("design:type", Array)
 ], CreateConnectionDto.prototype, "tags", void 0);
+__decorate4([
+  (0, import_class_validator.IsOptional)(),
+  (0, import_class_validator.IsBoolean)(),
+  __metadata3("design:type", Boolean)
+], CreateConnectionDto.prototype, "isPublic", void 0);
 // apps/api/dist/connections/dto/update-connection.dto.js
 var import_class_validator2 = __toESM(require_cjs(), 1);
@@ -111432,6 +111611,7 @@ var UpdateConnectionDto = class {
   defaultSchema;
   readOnly;
   tags;
+  isPublic;
 };
 __decorate5([
   (0, import_class_validator2.IsOptional)(),
@@ -111519,6 +111699,11 @@ __decorate5([
   (0, import_class_validator2.IsString)({ each: true }),
   __metadata4("design:type", Array)
 ], UpdateConnectionDto.prototype, "tags", void 0);
+__decorate5([
+  (0, import_class_validator2.IsOptional)(),
+  (0, import_class_validator2.IsBoolean)(),
+  __metadata4("design:type", Boolean)
+], UpdateConnectionDto.prototype, "isPublic", void 0);
 // apps/api/dist/auth/decorators/current-user.decorator.js
 var import_common3 = __toESM(require_common(), 1);
@@ -111618,6 +111803,14 @@ var ConnectionsController = class ConnectionsController2 {
     const result = await this.connectionsService.test(id);
     return { connected: result?.success ?? false };
   }
+  getPassword(id, user) {
+    const userContext = this.getUserContext(user);
+    if (!this.connectionsService.canAccess(id, userContext)) {
+      throw new import_common4.ForbiddenException("Access denied to this connection");
+    }
+    const password = this.connectionsService.getPassword(id);
+    return { password };
+  }
 };
 __decorate6([
   (0, import_common4.Get)(),
@@ -111698,6 +111891,14 @@ __decorate6([
   __metadata5("design:paramtypes", [String, Object]),
   __metadata5("design:returntype", Promise)
 ], ConnectionsController.prototype, "getStatus", null);
+__decorate6([
+  (0, import_common4.Get)(":id/password"),
+  __param2(0, (0, import_common4.Param)("id")),
+  __param2(1, CurrentUser()),
+  __metadata5("design:type", Function),
+  __metadata5("design:paramtypes", [String, Object]),
+  __metadata5("design:returntype", Object)
+], ConnectionsController.prototype, "getPassword", null);
 ConnectionsController = __decorate6([
   (0, import_common4.Controller)("connections"),
   __metadata5("design:paramtypes", [ConnectionsService])
@@ -111737,6 +111938,7 @@ var __decorate8 = function(decorators, target, key, desc) {
 var __metadata6 = function(k, v) {
   if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
 };
+var DEFAULT_ROW_LIMIT = 1e3;
 var QueriesService = class QueriesService2 {
   metadataService;
   connectionsService;
@@ -111756,7 +111958,7 @@ var QueriesService = class QueriesService2 {
    * Execute a query
    */
   async execute(input) {
-    const { connectionId, sql, confirmed } = input;
+    const { connectionId, sql, confirmed, noLimit } = input;
     const connection = this.connectionsService.findById(connectionId);
     const validation = this.validator.validate(sql, connection.readOnly);
     if (!validation.isValid) {
@@ -111769,10 +111971,14 @@ var QueriesService = class QueriesService2 {
         dangerousType: validation.dangerousType
       });
     }
+    const { query: finalSql, limitApplied } = this.applyDefaultLimit(sql, noLimit);
     const connector = await this.connectionsService.getConnector(connectionId);
     const startTime = Date.now();
     try {
-      const result = await connector.query(sql);
+      const result = await connector.query(finalSql);
+      if (limitApplied) {
+        result.limitApplied = DEFAULT_ROW_LIMIT;
+      }
       this.metadataService.queryLogsRepository.addHistoryEntry({
         connectionId,
         sql,
@@ -111796,6 +112002,26 @@ var QueriesService = class QueriesService2 {
       throw new import_common6.BadRequestException(errorMessage);
     }
   }
+  /**
+   * Apply default LIMIT to SELECT queries without one
+   */
+  applyDefaultLimit(sql, noLimit) {
+    if (noLimit) {
+      return { query: sql, limitApplied: false };
+    }
+    const trimmed = sql.trim();
+    const upper = trimmed.toUpperCase();
+    if (!upper.startsWith("SELECT")) {
+      return { query: sql, limitApplied: false };
+    }
+    if (/\bLIMIT\s+\d+/i.test(trimmed)) {
+      return { query: sql, limitApplied: false };
+    }
+    const endsWithSemicolon = trimmed.endsWith(";");
+    const queryWithoutSemicolon = endsWithSemicolon ? trimmed.slice(0, -1) : trimmed;
+    const limitedQuery = `${queryWithoutSemicolon} LIMIT ${DEFAULT_ROW_LIMIT}${endsWithSemicolon ? ";" : ""}`;
+    return { query: limitedQuery, limitApplied: true };
+  }
   /**
    * Execute maintenance operation with detailed output
    */
@@ -112370,6 +112596,7 @@ var ExecuteQueryDto = class {
   connectionId;
   sql;
   confirmed;
+  noLimit;
 };
 __decorate9([
   (0, import_class_validator3.IsString)(),
@@ -112386,6 +112613,11 @@ __decorate9([
   (0, import_class_validator3.IsBoolean)(),
   __metadata7("design:type", Boolean)
 ], ExecuteQueryDto.prototype, "confirmed", void 0);
+__decorate9([
+  (0, import_class_validator3.IsOptional)(),
+  (0, import_class_validator3.IsBoolean)(),
+  __metadata7("design:type", Boolean)
+], ExecuteQueryDto.prototype, "noLimit", void 0);
 // apps/api/dist/queries/dto/maintenance.dto.js
 var import_class_validator4 = __toESM(require_cjs(), 1);
@@ -113372,7 +113604,7 @@ var SchemaDiffService = SchemaDiffService_1 = class SchemaDiffService2 {
   /**
    * Get all migration SQL from a diff
    */
-  getMigrationSql(diff) {
+  getMigrationSql(diff, tables) {
     const sql = [];
     const orderedTypes = [
       "fk_removed",
@@ -113389,6 +113621,9 @@ var SchemaDiffService = SchemaDiffService_1 = class SchemaDiffService2 {
     ];
     for (const type of orderedTypes) {
       for (const item of diff.items.filter((i) => i.type === type)) {
+        if (tables && tables.length > 0 && item.table && !tables.includes(item.table)) {
+          continue;
+        }
         if (item.migrationSql) {
           sql.push(...item.migrationSql);
         }
@@ -113427,12 +113662,19 @@ __decorate18([
 ], CreateSchemaDto.prototype, "name", void 0);
 var ApplyMigrationDto = class {
   description;
+  tables;
 };
 __decorate18([
   (0, import_class_validator8.IsOptional)(),
   (0, import_class_validator8.IsString)(),
   __metadata15("design:type", String)
 ], ApplyMigrationDto.prototype, "description", void 0);
+__decorate18([
+  (0, import_class_validator8.IsOptional)(),
+  (0, import_class_validator8.IsArray)(),
+  (0, import_class_validator8.IsString)({ each: true }),
+  __metadata15("design:type", Array)
+], ApplyMigrationDto.prototype, "tables", void 0);
 // apps/api/dist/schema/schema.controller.js
 var __decorate19 = function(decorators, target, key, desc) {
@@ -113498,7 +113740,7 @@ var SchemaController = class SchemaController2 {
     const srcSchema = sourceSchema || "public";
     const tgtSchema = targetSchema || "public";
     const diff = await this.schemaDiffService.compareSchemas(sourceConnectionId, targetConnectionId, srcSchema, tgtSchema);
-    const sqlStatements = this.schemaDiffService.getMigrationSql(diff);
+    const sqlStatements = this.schemaDiffService.getMigrationSql(diff, body?.tables);
     if (sqlStatements.length === 0) {
       throw new Error("No migration statements to apply - schemas are already in sync");
     }
@@ -113696,10 +113938,10 @@ SchemaModule = __decorate21([
 ], SchemaModule);
 // apps/api/dist/projects/projects.module.js
-var import_common15 = __toESM(require_common(), 1);
+var import_common17 = __toESM(require_common(), 1);
 // apps/api/dist/projects/projects.controller.js
-var import_common14 = __toESM(require_common(), 1);
+var import_common16 = __toESM(require_common(), 1);
 // apps/api/dist/projects/dto/project.dto.js
 var import_class_validator9 = __toESM(require_cjs(), 1);
@@ -113736,6 +113978,7 @@ var UpdateProjectDto = class {
   name;
   description;
   color;
+  isPublic;
 };
 __decorate22([
   (0, import_class_validator9.IsOptional)(),
@@ -113753,6 +113996,11 @@ __decorate22([
   (0, import_class_validator9.IsString)(),
   __metadata17("design:type", String)
 ], UpdateProjectDto.prototype, "color", void 0);
+__decorate22([
+  (0, import_class_validator9.IsOptional)(),
+  (0, import_class_validator9.IsBoolean)(),
+  __metadata17("design:type", Boolean)
+], UpdateProjectDto.prototype, "isPublic", void 0);
 // apps/api/dist/projects/dto/database-group.dto.js
 var import_class_validator10 = __toESM(require_cjs(), 1);
@@ -113814,6 +114062,7 @@ var UpdateDatabaseGroupDto = class {
   syncSchema;
   syncData;
   syncTargetSchema;
+  isPublic;
 };
 __decorate23([
   (0, import_class_validator10.IsOptional)(),
@@ -113863,6 +114112,21 @@ __decorate23([
   (0, import_class_validator10.IsString)(),
   __metadata18("design:type", Object)
 ], UpdateDatabaseGroupDto.prototype, "syncTargetSchema", void 0);
+__decorate23([
+  (0, import_class_validator10.IsOptional)(),
+  (0, import_class_validator10.IsBoolean)(),
+  __metadata18("design:type", Boolean)
+], UpdateDatabaseGroupDto.prototype, "isPublic", void 0);
+// apps/api/dist/auth/decorators/roles.decorator.js
+var import_common14 = __toESM(require_common(), 1);
+var ROLES_KEY = "roles";
+var Roles = (...roles) => (0, import_common14.SetMetadata)(ROLES_KEY, roles);
+// apps/api/dist/auth/decorators/public.decorator.js
+var import_common15 = __toESM(require_common(), 1);
+var IS_PUBLIC_KEY = "isPublic";
+var Public = () => (0, import_common15.SetMetadata)(IS_PUBLIC_KEY, true);
 // apps/api/dist/projects/projects.controller.js
 var __decorate24 = function(decorators, target, key, desc) {
@@ -113885,14 +114149,18 @@ var ProjectsController = class ProjectsController2 {
     this.metadataService = metadataService;
   }
   // ============ Projects ============
-  getProjects() {
-    return this.metadataService.projectRepository.findAll();
+  getProjects(user) {
+    const userContext = {
+      userId: user?.id ?? null,
+      isAdmin: user?.role === "admin"
+    };
+    return this.metadataService.projectRepository.findAll(userContext);
   }
   getProject(id) {
     return this.metadataService.projectRepository.findById(id);
   }
-  createProject(input) {
-    const project = this.metadataService.projectRepository.create(input);
+  createProject(input, user) {
+    const project = this.metadataService.projectRepository.create(input, user?.id);
     this.metadataService.auditLogRepository.create({
       action: "project_created",
       entityType: "project",
@@ -113904,7 +114172,14 @@ var ProjectsController = class ProjectsController2 {
     });
     return project;
   }
-  updateProject(id, input) {
+  updateProject(id, input, user) {
+    const userContext = {
+      userId: user?.id ?? null,
+      isAdmin: user?.role === "admin"
+    };
+    if (!this.metadataService.projectRepository.canModify(id, userContext)) {
+      throw new import_common16.ForbiddenException("You do not have permission to modify this project");
+    }
     const project = this.metadataService.projectRepository.update(id, input);
     if (project) {
       this.metadataService.auditLogRepository.create({
@@ -113919,7 +114194,14 @@ var ProjectsController = class ProjectsController2 {
     }
     return project;
   }
-  deleteProject(id) {
+  deleteProject(id, user) {
+    const userContext = {
+      userId: user?.id ?? null,
+      isAdmin: user?.role === "admin"
+    };
+    if (!this.metadataService.projectRepository.canModify(id, userContext)) {
+      throw new import_common16.ForbiddenException("You do not have permission to delete this project");
+    }
     const project = this.metadataService.projectRepository.findById(id);
     const success = this.metadataService.projectRepository.delete(id);
     if (success && project) {
@@ -113935,17 +114217,21 @@ var ProjectsController = class ProjectsController2 {
     return { success };
   }
   // ============ Database Groups ============
-  getGroups(projectId) {
-    return this.metadataService.databaseGroupRepository.findAll(projectId);
+  getGroups(projectId, user) {
+    const userContext = {
+      userId: user?.id ?? null,
+      isAdmin: user?.role === "admin"
+    };
+    return this.metadataService.databaseGroupRepository.findAll(projectId, userContext);
   }
   getGroup(_projectId, groupId) {
     return this.metadataService.databaseGroupRepository.findById(groupId);
   }
-  createGroup(projectId, input) {
+  createGroup(projectId, input, user) {
     const group = this.metadataService.databaseGroupRepository.create({
       ...input,
       projectId
-    });
+    }, user?.id);
     this.metadataService.auditLogRepository.create({
       action: "database_group_created",
       entityType: "database_group",
@@ -113957,7 +114243,14 @@ var ProjectsController = class ProjectsController2 {
     });
     return group;
   }
-  updateGroup(_projectId, groupId, input) {
+  updateGroup(_projectId, groupId, input, user) {
+    const userContext = {
+      userId: user?.id ?? null,
+      isAdmin: user?.role === "admin"
+    };
+    if (!this.metadataService.databaseGroupRepository.canModify(groupId, userContext)) {
+      throw new import_common16.ForbiddenException("You do not have permission to modify this group");
+    }
     const group = this.metadataService.databaseGroupRepository.update(groupId, input);
     if (group) {
       this.metadataService.auditLogRepository.create({
@@ -113972,7 +114265,14 @@ var ProjectsController = class ProjectsController2 {
     }
     return group;
   }
-  deleteGroup(_projectId, groupId) {
+  deleteGroup(_projectId, groupId, user) {
+    const userContext = {
+      userId: user?.id ?? null,
+      isAdmin: user?.role === "admin"
+    };
+    if (!this.metadataService.databaseGroupRepository.canModify(groupId, userContext)) {
+      throw new import_common16.ForbiddenException("You do not have permission to delete this group");
+    }
     const group = this.metadataService.databaseGroupRepository.findById(groupId);
     const success = this.metadataService.databaseGroupRepository.delete(groupId);
     if (success && group) {
@@ -113988,105 +114288,123 @@ var ProjectsController = class ProjectsController2 {
     return { success };
   }
   // ============ Connections in Project/Group ============
-  getProjectConnections(projectId) {
-    return this.metadataService.connectionRepository.findByProject(projectId);
+  getProjectConnections(projectId, user) {
+    const userContext = {
+      userId: user?.id ?? null,
+      isAdmin: user?.role === "admin"
+    };
+    return this.metadataService.connectionRepository.findByProject(projectId, userContext);
   }
-  getGroupConnections(_projectId, groupId) {
-    return this.metadataService.connectionRepository.findByGroup(groupId);
+  getGroupConnections(_projectId, groupId, user) {
+    const userContext = {
+      userId: user?.id ?? null,
+      isAdmin: user?.role === "admin"
+    };
+    return this.metadataService.connectionRepository.findByGroup(groupId, userContext);
   }
 };
 __decorate24([
-  (0, import_common14.Get)(),
+  (0, import_common16.Get)(),
+  __param5(0, CurrentUser()),
   __metadata19("design:type", Function),
-  __metadata19("design:paramtypes", []),
+  __metadata19("design:paramtypes", [Object]),
   __metadata19("design:returntype", Array)
 ], ProjectsController.prototype, "getProjects", null);
 __decorate24([
-  (0, import_common14.Get)(":id"),
-  __param5(0, (0, import_common14.Param)("id")),
+  (0, import_common16.Get)(":id"),
+  __param5(0, (0, import_common16.Param)("id")),
   __metadata19("design:type", Function),
   __metadata19("design:paramtypes", [String]),
   __metadata19("design:returntype", Object)
 ], ProjectsController.prototype, "getProject", null);
 __decorate24([
-  (0, import_common14.Post)(),
-  __param5(0, (0, import_common14.Body)()),
+  (0, import_common16.Post)(),
+  __param5(0, (0, import_common16.Body)()),
+  __param5(1, CurrentUser()),
   __metadata19("design:type", Function),
-  __metadata19("design:paramtypes", [CreateProjectDto]),
+  __metadata19("design:paramtypes", [CreateProjectDto, Object]),
   __metadata19("design:returntype", Object)
 ], ProjectsController.prototype, "createProject", null);
 __decorate24([
-  (0, import_common14.Put)(":id"),
-  __param5(0, (0, import_common14.Param)("id")),
-  __param5(1, (0, import_common14.Body)()),
+  (0, import_common16.Put)(":id"),
+  __param5(0, (0, import_common16.Param)("id")),
+  __param5(1, (0, import_common16.Body)()),
+  __param5(2, CurrentUser()),
   __metadata19("design:type", Function),
-  __metadata19("design:paramtypes", [String, UpdateProjectDto]),
+  __metadata19("design:paramtypes", [String, UpdateProjectDto, Object]),
   __metadata19("design:returntype", Object)
 ], ProjectsController.prototype, "updateProject", null);
 __decorate24([
-  (0, import_common14.Delete)(":id"),
-  __param5(0, (0, import_common14.Param)("id")),
+  (0, import_common16.Delete)(":id"),
+  __param5(0, (0, import_common16.Param)("id")),
+  __param5(1, CurrentUser()),
   __metadata19("design:type", Function),
-  __metadata19("design:paramtypes", [String]),
+  __metadata19("design:paramtypes", [String, Object]),
   __metadata19("design:returntype", Object)
 ], ProjectsController.prototype, "deleteProject", null);
 __decorate24([
-  (0, import_common14.Get)(":projectId/groups"),
-  __param5(0, (0, import_common14.Param)("projectId")),
+  (0, import_common16.Get)(":projectId/groups"),
+  __param5(0, (0, import_common16.Param)("projectId")),
+  __param5(1, CurrentUser()),
   __metadata19("design:type", Function),
-  __metadata19("design:paramtypes", [String]),
+  __metadata19("design:paramtypes", [String, Object]),
   __metadata19("design:returntype", Array)
 ], ProjectsController.prototype, "getGroups", null);
 __decorate24([
-  (0, import_common14.Get)(":projectId/groups/:groupId"),
-  __param5(0, (0, import_common14.Param)("projectId")),
-  __param5(1, (0, import_common14.Param)("groupId")),
+  (0, import_common16.Get)(":projectId/groups/:groupId"),
+  __param5(0, (0, import_common16.Param)("projectId")),
+  __param5(1, (0, import_common16.Param)("groupId")),
   __metadata19("design:type", Function),
   __metadata19("design:paramtypes", [String, String]),
   __metadata19("design:returntype", Object)
 ], ProjectsController.prototype, "getGroup", null);
 __decorate24([
-  (0, import_common14.Post)(":projectId/groups"),
-  __param5(0, (0, import_common14.Param)("projectId")),
-  __param5(1, (0, import_common14.Body)()),
+  (0, import_common16.Post)(":projectId/groups"),
+  __param5(0, (0, import_common16.Param)("projectId")),
+  __param5(1, (0, import_common16.Body)()),
+  __param5(2, CurrentUser()),
   __metadata19("design:type", Function),
-  __metadata19("design:paramtypes", [String, CreateDatabaseGroupDto]),
+  __metadata19("design:paramtypes", [String, CreateDatabaseGroupDto, Object]),
   __metadata19("design:returntype", Object)
 ], ProjectsController.prototype, "createGroup", null);
 __decorate24([
-  (0, import_common14.Put)(":projectId/groups/:groupId"),
-  __param5(0, (0, import_common14.Param)("projectId")),
-  __param5(1, (0, import_common14.Param)("groupId")),
-  __param5(2, (0, import_common14.Body)()),
+  (0, import_common16.Put)(":projectId/groups/:groupId"),
+  __param5(0, (0, import_common16.Param)("projectId")),
+  __param5(1, (0, import_common16.Param)("groupId")),
+  __param5(2, (0, import_common16.Body)()),
+  __param5(3, CurrentUser()),
   __metadata19("design:type", Function),
-  __metadata19("design:paramtypes", [String, String, UpdateDatabaseGroupDto]),
+  __metadata19("design:paramtypes", [String, String, UpdateDatabaseGroupDto, Object]),
   __metadata19("design:returntype", Object)
 ], ProjectsController.prototype, "updateGroup", null);
 __decorate24([
-  (0, import_common14.Delete)(":projectId/groups/:groupId"),
-  __param5(0, (0, import_common14.Param)("projectId")),
-  __param5(1, (0, import_common14.Param)("groupId")),
+  (0, import_common16.Delete)(":projectId/groups/:groupId"),
+  __param5(0, (0, import_common16.Param)("projectId")),
+  __param5(1, (0, import_common16.Param)("groupId")),
+  __param5(2, CurrentUser()),
   __metadata19("design:type", Function),
-  __metadata19("design:paramtypes", [String, String]),
+  __metadata19("design:paramtypes", [String, String, Object]),
   __metadata19("design:returntype", Object)
 ], ProjectsController.prototype, "deleteGroup", null);
 __decorate24([
-  (0, import_common14.Get)(":projectId/connections"),
-  __param5(0, (0, import_common14.Param)("projectId")),
+  (0, import_common16.Get)(":projectId/connections"),
+  __param5(0, (0, import_common16.Param)("projectId")),
+  __param5(1, CurrentUser()),
   __metadata19("design:type", Function),
-  __metadata19("design:paramtypes", [String]),
+  __metadata19("design:paramtypes", [String, Object]),
   __metadata19("design:returntype", Array)
 ], ProjectsController.prototype, "getProjectConnections", null);
 __decorate24([
-  (0, import_common14.Get)(":projectId/groups/:groupId/connections"),
-  __param5(0, (0, import_common14.Param)("projectId")),
-  __param5(1, (0, import_common14.Param)("groupId")),
+  (0, import_common16.Get)(":projectId/groups/:groupId/connections"),
+  __param5(0, (0, import_common16.Param)("projectId")),
+  __param5(1, (0, import_common16.Param)("groupId")),
+  __param5(2, CurrentUser()),
   __metadata19("design:type", Function),
-  __metadata19("design:paramtypes", [String, String]),
+  __metadata19("design:paramtypes", [String, String, Object]),
   __metadata19("design:returntype", Array)
 ], ProjectsController.prototype, "getGroupConnections", null);
 ProjectsController = __decorate24([
-  (0, import_common14.Controller)("projects"),
+  (0, import_common16.Controller)("projects"),
   __metadata19("design:paramtypes", [MetadataService])
 ], ProjectsController);
 var GroupsController = class GroupsController2 {
@@ -114094,39 +114412,49 @@ var GroupsController = class GroupsController2 {
   constructor(metadataService) {
     this.metadataService = metadataService;
   }
-  getAllGroups(projectId) {
-    return this.metadataService.databaseGroupRepository.findAll(projectId);
+  getAllGroups(projectId, user) {
+    const userContext = {
+      userId: user?.id ?? null,
+      isAdmin: user?.role === "admin"
+    };
+    return this.metadataService.databaseGroupRepository.findAll(projectId, userContext);
   }
   getGroup(id) {
     return this.metadataService.databaseGroupRepository.findById(id);
   }
-  getGroupConnections(groupId) {
-    return this.metadataService.connectionRepository.findByGroup(groupId);
+  getGroupConnections(groupId, user) {
+    const userContext = {
+      userId: user?.id ?? null,
+      isAdmin: user?.role === "admin"
+    };
+    return this.metadataService.connectionRepository.findByGroup(groupId, userContext);
   }
 };
 __decorate24([
-  (0, import_common14.Get)(),
-  __param5(0, (0, import_common14.Query)("projectId")),
+  (0, import_common16.Get)(),
+  __param5(0, (0, import_common16.Query)("projectId")),
+  __param5(1, CurrentUser()),
   __metadata19("design:type", Function),
-  __metadata19("design:paramtypes", [String]),
+  __metadata19("design:paramtypes", [String, Object]),
   __metadata19("design:returntype", Array)
 ], GroupsController.prototype, "getAllGroups", null);
 __decorate24([
-  (0, import_common14.Get)(":id"),
-  __param5(0, (0, import_common14.Param)("id")),
+  (0, import_common16.Get)(":id"),
+  __param5(0, (0, import_common16.Param)("id")),
   __metadata19("design:type", Function),
   __metadata19("design:paramtypes", [String]),
   __metadata19("design:returntype", Object)
 ], GroupsController.prototype, "getGroup", null);
 __decorate24([
-  (0, import_common14.Get)(":id/connections"),
-  __param5(0, (0, import_common14.Param)("id")),
+  (0, import_common16.Get)(":id/connections"),
+  __param5(0, (0, import_common16.Param)("id")),
+  __param5(1, CurrentUser()),
   __metadata19("design:type", Function),
-  __metadata19("design:paramtypes", [String]),
+  __metadata19("design:paramtypes", [String, Object]),
   __metadata19("design:returntype", Array)
 ], GroupsController.prototype, "getGroupConnections", null);
 GroupsController = __decorate24([
-  (0, import_common14.Controller)("groups"),
+  (0, import_common16.Controller)("groups"),
   __metadata19("design:paramtypes", [MetadataService])
 ], GroupsController);
@@ -114140,20 +114468,20 @@ var __decorate25 = function(decorators, target, key, desc) {
 var ProjectsModule = class ProjectsModule2 {
 };
 ProjectsModule = __decorate25([
-  (0, import_common15.Module)({
+  (0, import_common17.Module)({
     imports: [MetadataModule],
     controllers: [ProjectsController, GroupsController]
   })
 ], ProjectsModule);
 // apps/api/dist/sync/sync.module.js
-var import_common18 = __toESM(require_common(), 1);
+var import_common20 = __toESM(require_common(), 1);
 // apps/api/dist/sync/sync.controller.js
-var import_common17 = __toESM(require_common(), 1);
+var import_common19 = __toESM(require_common(), 1);
 // apps/api/dist/sync/sync.service.js
-var import_common16 = __toESM(require_common(), 1);
+var import_common18 = __toESM(require_common(), 1);
 var __decorate26 = function(decorators, target, key, desc) {
   var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
   if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
@@ -114250,7 +114578,7 @@ var SyncService = SyncService_1 = class SyncService2 {
   metadataService;
   connectionsService;
   schemaDiffService;
-  logger = new import_common16.Logger(SyncService_1.name);
+  logger = new import_common18.Logger(SyncService_1.name);
   constructor(metadataService, connectionsService, schemaDiffService) {
     this.metadataService = metadataService;
     this.connectionsService = connectionsService;
@@ -114850,7 +115178,7 @@ var SyncService = SyncService_1 = class SyncService2 {
   }
 };
 SyncService = SyncService_1 = __decorate26([
-  (0, import_common16.Injectable)(),
+  (0, import_common18.Injectable)(),
   __metadata20("design:paramtypes", [
     MetadataService,
     ConnectionsService,
@@ -115081,7 +115409,7 @@ var SyncController = class SyncController2 {
   async syncAllTables(groupId, targetConnectionId, schema = "public", body) {
     const status = await this.syncService.getGroupSyncStatus(groupId);
     if (!status?.sourceConnectionId) {
-      throw new import_common17.NotFoundException("Group not found or no source connection set");
+      throw new import_common19.NotFoundException("Group not found or no source connection set");
     }
     const tableDiffs = await this.syncService.getTableRowCounts(status.sourceConnectionId, targetConnectionId, schema);
     const results = [];
@@ -115126,96 +115454,96 @@ var SyncController = class SyncController2 {
   }
 };
 __decorate31([
-  (0, import_common17.Get)("runs"),
-  __param6(0, (0, import_common17.Query)("limit")),
+  (0, import_common19.Get)("runs"),
+  __param6(0, (0, import_common19.Query)("limit")),
   __metadata25("design:type", Function),
   __metadata25("design:paramtypes", [String]),
   __metadata25("design:returntype", void 0)
 ], SyncController.prototype, "getSyncRuns", null);
 __decorate31([
-  (0, import_common17.Get)("groups/:groupId/status"),
-  __param6(0, (0, import_common17.Param)("groupId")),
+  (0, import_common19.Get)("groups/:groupId/status"),
+  __param6(0, (0, import_common19.Param)("groupId")),
   __metadata25("design:type", Function),
   __metadata25("design:paramtypes", [String]),
   __metadata25("design:returntype", Promise)
 ], SyncController.prototype, "getGroupSyncStatus", null);
 __decorate31([
-  (0, import_common17.Get)("groups/:groupId/status/:targetConnectionId"),
-  __param6(0, (0, import_common17.Param)("groupId")),
-  __param6(1, (0, import_common17.Param)("targetConnectionId")),
+  (0, import_common19.Get)("groups/:groupId/status/:targetConnectionId"),
+  __param6(0, (0, import_common19.Param)("groupId")),
+  __param6(1, (0, import_common19.Param)("targetConnectionId")),
   __metadata25("design:type", Function),
   __metadata25("design:paramtypes", [String, String]),
   __metadata25("design:returntype", Promise)
 ], SyncController.prototype, "checkSingleTargetStatus", null);
 __decorate31([
-  (0, import_common17.Get)("groups"),
+  (0, import_common19.Get)("groups"),
   __metadata25("design:type", Function),
   __metadata25("design:paramtypes", []),
   __metadata25("design:returntype", void 0)
 ], SyncController.prototype, "getSyncEnabledGroups", null);
 __decorate31([
-  (0, import_common17.Get)("data/:sourceConnectionId/:targetConnectionId/counts"),
-  __param6(0, (0, import_common17.Param)("sourceConnectionId")),
-  __param6(1, (0, import_common17.Param)("targetConnectionId")),
-  __param6(2, (0, import_common17.Query)("schema")),
+  (0, import_common19.Get)("data/:sourceConnectionId/:targetConnectionId/counts"),
+  __param6(0, (0, import_common19.Param)("sourceConnectionId")),
+  __param6(1, (0, import_common19.Param)("targetConnectionId")),
+  __param6(2, (0, import_common19.Query)("schema")),
   __metadata25("design:type", Function),
   __metadata25("design:paramtypes", [String, String, String]),
   __metadata25("design:returntype", Promise)
 ], SyncController.prototype, "getTableRowCounts", null);
 __decorate31([
-  (0, import_common17.Get)("data/:sourceConnectionId/:targetConnectionId/diff/:schema/:table"),
-  __param6(0, (0, import_common17.Param)("sourceConnectionId")),
-  __param6(1, (0, import_common17.Param)("targetConnectionId")),
-  __param6(2, (0, import_common17.Param)("schema")),
-  __param6(3, (0, import_common17.Param)("table")),
-  __param6(4, (0, import_common17.Query)("primaryKeys")),
+  (0, import_common19.Get)("data/:sourceConnectionId/:targetConnectionId/diff/:schema/:table"),
+  __param6(0, (0, import_common19.Param)("sourceConnectionId")),
+  __param6(1, (0, import_common19.Param)("targetConnectionId")),
+  __param6(2, (0, import_common19.Param)("schema")),
+  __param6(3, (0, import_common19.Param)("table")),
+  __param6(4, (0, import_common19.Query)("primaryKeys")),
   __metadata25("design:type", Function),
   __metadata25("design:paramtypes", [String, String, String, String, String]),
   __metadata25("design:returntype", Promise)
 ], SyncController.prototype, "getTableDataDiff", null);
 __decorate31([
-  (0, import_common17.Post)("data/:sourceConnectionId/:targetConnectionId/sync/:schema/:table"),
-  __param6(0, (0, import_common17.Param)("sourceConnectionId")),
-  __param6(1, (0, import_common17.Param)("targetConnectionId")),
-  __param6(2, (0, import_common17.Param)("schema")),
-  __param6(3, (0, import_common17.Param)("table")),
-  __param6(4, (0, import_common17.Body)()),
+  (0, import_common19.Post)("data/:sourceConnectionId/:targetConnectionId/sync/:schema/:table"),
+  __param6(0, (0, import_common19.Param)("sourceConnectionId")),
+  __param6(1, (0, import_common19.Param)("targetConnectionId")),
+  __param6(2, (0, import_common19.Param)("schema")),
+  __param6(3, (0, import_common19.Param)("table")),
+  __param6(4, (0, import_common19.Body)()),
   __metadata25("design:type", Function),
   __metadata25("design:paramtypes", [String, String, String, String, SyncTableDto]),
   __metadata25("design:returntype", Promise)
 ], SyncController.prototype, "syncTableData", null);
 __decorate31([
-  (0, import_common17.Post)("rows/:targetConnectionId/:targetSchema/:table"),
-  __param6(0, (0, import_common17.Param)("targetConnectionId")),
-  __param6(1, (0, import_common17.Param)("targetSchema")),
-  __param6(2, (0, import_common17.Param)("table")),
-  __param6(3, (0, import_common17.Body)()),
+  (0, import_common19.Post)("rows/:targetConnectionId/:targetSchema/:table"),
+  __param6(0, (0, import_common19.Param)("targetConnectionId")),
+  __param6(1, (0, import_common19.Param)("targetSchema")),
+  __param6(2, (0, import_common19.Param)("table")),
+  __param6(3, (0, import_common19.Body)()),
   __metadata25("design:type", Function),
   __metadata25("design:paramtypes", [String, String, String, SyncRowsDto]),
   __metadata25("design:returntype", Promise)
 ], SyncController.prototype, "syncRows", null);
 __decorate31([
-  (0, import_common17.Post)("groups/:groupId/sync-all"),
-  __param6(0, (0, import_common17.Param)("groupId")),
-  __param6(1, (0, import_common17.Query)("targetConnectionId")),
-  __param6(2, (0, import_common17.Query)("schema")),
-  __param6(3, (0, import_common17.Body)()),
+  (0, import_common19.Post)("groups/:groupId/sync-all"),
+  __param6(0, (0, import_common19.Param)("groupId")),
+  __param6(1, (0, import_common19.Query)("targetConnectionId")),
+  __param6(2, (0, import_common19.Query)("schema")),
+  __param6(3, (0, import_common19.Body)()),
   __metadata25("design:type", Function),
   __metadata25("design:paramtypes", [String, String, String, SyncAllDto]),
   __metadata25("design:returntype", Promise)
 ], SyncController.prototype, "syncAllTables", null);
 __decorate31([
-  (0, import_common17.Post)("dump-restore/:sourceConnectionId/:targetConnectionId"),
-  __param6(0, (0, import_common17.Param)("sourceConnectionId")),
-  __param6(1, (0, import_common17.Param)("targetConnectionId")),
-  __param6(2, (0, import_common17.Query)("schema")),
-  __param6(3, (0, import_common17.Body)()),
+  (0, import_common19.Post)("dump-restore/:sourceConnectionId/:targetConnectionId"),
+  __param6(0, (0, import_common19.Param)("sourceConnectionId")),
+  __param6(1, (0, import_common19.Param)("targetConnectionId")),
+  __param6(2, (0, import_common19.Query)("schema")),
+  __param6(3, (0, import_common19.Body)()),
   __metadata25("design:type", Function),
   __metadata25("design:paramtypes", [String, String, String, DumpRestoreDto]),
   __metadata25("design:returntype", Promise)
 ], SyncController.prototype, "dumpAndRestore", null);
 SyncController = __decorate31([
-  (0, import_common17.Controller)("sync"),
+  (0, import_common19.Controller)("sync"),
   __metadata25("design:paramtypes", [
     SyncService,
     MetadataService
@@ -115232,7 +115560,7 @@ var __decorate32 = function(decorators, target, key, desc) {
 var SyncModule = class SyncModule2 {
 };
 SyncModule = __decorate32([
-  (0, import_common18.Module)({
+  (0, import_common20.Module)({
     imports: [MetadataModule, ConnectionsModule, SchemaModule],
     controllers: [SyncController],
     providers: [SyncService],
@@ -115241,17 +115569,10 @@ SyncModule = __decorate32([
 ], SyncModule);
 // apps/api/dist/health/health.module.js
-var import_common21 = __toESM(require_common(), 1);
-// apps/api/dist/health/health.controller.js
-var import_common20 = __toESM(require_common(), 1);
-// apps/api/dist/auth/decorators/public.decorator.js
-var import_common19 = __toESM(require_common(), 1);
-var IS_PUBLIC_KEY = "isPublic";
-var Public = () => (0, import_common19.SetMetadata)(IS_PUBLIC_KEY, true);
+var import_common22 = __toESM(require_common(), 1);
 // apps/api/dist/health/health.controller.js
+var import_common21 = __toESM(require_common(), 1);
 var __decorate33 = function(decorators, target, key, desc) {
   var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
   if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
@@ -115278,25 +115599,25 @@ var HealthController = class HealthController2 {
   }
 };
 __decorate33([
-  (0, import_common20.Get)(),
+  (0, import_common21.Get)(),
   __metadata26("design:type", Function),
   __metadata26("design:paramtypes", []),
   __metadata26("design:returntype", void 0)
 ], HealthController.prototype, "check", null);
 __decorate33([
-  (0, import_common20.Get)("live"),
+  (0, import_common21.Get)("live"),
   __metadata26("design:type", Function),
   __metadata26("design:paramtypes", []),
   __metadata26("design:returntype", void 0)
 ], HealthController.prototype, "liveness", null);
 __decorate33([
-  (0, import_common20.Get)("ready"),
+  (0, import_common21.Get)("ready"),
   __metadata26("design:type", Function),
   __metadata26("design:paramtypes", []),
   __metadata26("design:returntype", void 0)
 ], HealthController.prototype, "readiness", null);
 HealthController = __decorate33([
-  (0, import_common20.Controller)("health"),
+  (0, import_common21.Controller)("health"),
   Public()
 ], HealthController);
@@ -115310,19 +115631,19 @@ var __decorate34 = function(decorators, target, key, desc) {
 var HealthModule = class HealthModule2 {
 };
 HealthModule = __decorate34([
-  (0, import_common21.Module)({
+  (0, import_common22.Module)({
     controllers: [HealthController]
   })
 ], HealthModule);
 // apps/api/dist/scanner/scanner.module.js
-var import_common24 = __toESM(require_common(), 1);
+var import_common25 = __toESM(require_common(), 1);
 // apps/api/dist/scanner/scanner.controller.js
-var import_common23 = __toESM(require_common(), 1);
+var import_common24 = __toESM(require_common(), 1);
 // apps/api/dist/scanner/scanner.service.js
-var import_common22 = __toESM(require_common(), 1);
+var import_common23 = __toESM(require_common(), 1);
 import * as net from "net";
 import * as fs2 from "fs";
 import * as path2 from "path";
@@ -115352,7 +115673,7 @@ var DATABASE_PORTS = {
   3311: { engine: "mysql", name: "MySQL (alt)" }
 };
 var ScannerService = ScannerService_1 = class ScannerService2 {
-  logger = new import_common22.Logger(ScannerService_1.name);
+  logger = new import_common23.Logger(ScannerService_1.name);
   async scanAll(workspacePath) {
     const result = {
       connections: [],
@@ -115828,7 +116149,7 @@ var ScannerService = ScannerService_1 = class ScannerService2 {
   }
 };
 ScannerService = ScannerService_1 = __decorate35([
-  (0, import_common22.Injectable)()
+  (0, import_common23.Injectable)()
 ], ScannerService);
 // apps/api/dist/scanner/scanner.controller.js
@@ -115871,47 +116192,47 @@ var ScannerController = class ScannerController2 {
   }
 };
 __decorate36([
-  (0, import_common23.Get)("scan"),
-  __param7(0, (0, import_common23.Query)("workspace")),
+  (0, import_common24.Get)("scan"),
+  __param7(0, (0, import_common24.Query)("workspace")),
   __metadata27("design:type", Function),
   __metadata27("design:paramtypes", [String]),
   __metadata27("design:returntype", Promise)
 ], ScannerController.prototype, "scanForConnections", null);
 __decorate36([
-  (0, import_common23.Get)("scan/ports"),
+  (0, import_common24.Get)("scan/ports"),
   __metadata27("design:type", Function),
   __metadata27("design:paramtypes", []),
   __metadata27("design:returntype", Promise)
 ], ScannerController.prototype, "scanPorts", null);
 __decorate36([
-  (0, import_common23.Get)("scan/docker"),
+  (0, import_common24.Get)("scan/docker"),
   __metadata27("design:type", Function),
   __metadata27("design:paramtypes", []),
   __metadata27("design:returntype", Promise)
 ], ScannerController.prototype, "scanDocker", null);
 __decorate36([
-  (0, import_common23.Get)("scan/env"),
-  __param7(0, (0, import_common23.Query)("workspace")),
+  (0, import_common24.Get)("scan/env"),
+  __param7(0, (0, import_common24.Query)("workspace")),
   __metadata27("design:type", Function),
   __metadata27("design:paramtypes", [String]),
   __metadata27("design:returntype", Promise)
 ], ScannerController.prototype, "scanEnvFiles", null);
 __decorate36([
-  (0, import_common23.Get)("scan/compose"),
-  __param7(0, (0, import_common23.Query)("workspace")),
+  (0, import_common24.Get)("scan/compose"),
+  __param7(0, (0, import_common24.Query)("workspace")),
   __metadata27("design:type", Function),
   __metadata27("design:paramtypes", [String]),
   __metadata27("design:returntype", Promise)
 ], ScannerController.prototype, "scanDockerCompose", null);
 __decorate36([
-  (0, import_common23.Get)("scan/sqlite"),
-  __param7(0, (0, import_common23.Query)("workspace")),
+  (0, import_common24.Get)("scan/sqlite"),
+  __param7(0, (0, import_common24.Query)("workspace")),
   __metadata27("design:type", Function),
   __metadata27("design:paramtypes", [String]),
   __metadata27("design:returntype", Promise)
 ], ScannerController.prototype, "scanSqliteFiles", null);
 ScannerController = __decorate36([
-  (0, import_common23.Controller)("scanner"),
+  (0, import_common24.Controller)("scanner"),
   __metadata27("design:paramtypes", [ScannerService])
 ], ScannerController);
@@ -115925,7 +116246,7 @@ var __decorate37 = function(decorators, target, key, desc) {
 var ScannerModule = class ScannerModule2 {
 };
 ScannerModule = __decorate37([
-  (0, import_common24.Module)({
+  (0, import_common25.Module)({
     controllers: [ScannerController],
     providers: [ScannerService],
     exports: [ScannerService]
@@ -115933,10 +116254,10 @@ ScannerModule = __decorate37([
 ], ScannerModule);
 // apps/api/dist/audit/audit.module.js
-var import_common26 = __toESM(require_common(), 1);
+var import_common27 = __toESM(require_common(), 1);
 // apps/api/dist/audit/audit.controller.js
-var import_common25 = __toESM(require_common(), 1);
+var import_common26 = __toESM(require_common(), 1);
 var __decorate38 = function(decorators, target, key, desc) {
   var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
   if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
@@ -115970,24 +116291,24 @@ var AuditController = class AuditController2 {
   }
 };
 __decorate38([
-  (0, import_common25.Get)("logs"),
-  __param8(0, (0, import_common25.Query)("connectionId")),
-  __param8(1, (0, import_common25.Query)("entityType")),
-  __param8(2, (0, import_common25.Query)("action")),
-  __param8(3, (0, import_common25.Query)("limit")),
+  (0, import_common26.Get)("logs"),
+  __param8(0, (0, import_common26.Query)("connectionId")),
+  __param8(1, (0, import_common26.Query)("entityType")),
+  __param8(2, (0, import_common26.Query)("action")),
+  __param8(3, (0, import_common26.Query)("limit")),
   __metadata28("design:type", Function),
   __metadata28("design:paramtypes", [String, String, String, String]),
   __metadata28("design:returntype", Array)
 ], AuditController.prototype, "getAuditLogs", null);
 __decorate38([
-  (0, import_common25.Get)("logs/:id"),
-  __param8(0, (0, import_common25.Query)("id")),
+  (0, import_common26.Get)("logs/:id"),
+  __param8(0, (0, import_common26.Query)("id")),
   __metadata28("design:type", Function),
   __metadata28("design:paramtypes", [String]),
   __metadata28("design:returntype", Object)
 ], AuditController.prototype, "getAuditLog", null);
 AuditController = __decorate38([
-  (0, import_common25.Controller)("audit"),
+  (0, import_common26.Controller)("audit"),
   __metadata28("design:paramtypes", [MetadataService])
 ], AuditController);
@@ -116001,22 +116322,22 @@ var __decorate39 = function(decorators, target, key, desc) {
 var AuditModule = class AuditModule2 {
 };
 AuditModule = __decorate39([
-  (0, import_common26.Module)({
+  (0, import_common27.Module)({
     imports: [MetadataModule],
     controllers: [AuditController]
   })
 ], AuditModule);
 // apps/api/dist/backup/backup.module.js
-var import_common30 = __toESM(require_common(), 1);
+var import_common31 = __toESM(require_common(), 1);
 var import_platform_express2 = __toESM(require_platform_express(), 1);
 // apps/api/dist/backup/backup.controller.js
-var import_common29 = __toESM(require_common(), 1);
+var import_common30 = __toESM(require_common(), 1);
 var import_platform_express = __toESM(require_platform_express(), 1);
 // apps/api/dist/backup/backup.service.js
-var import_common27 = __toESM(require_common(), 1);
+var import_common28 = __toESM(require_common(), 1);
 import { spawn } from "node:child_process";
 import * as fs3 from "node:fs/promises";
 import * as path3 from "node:path";
@@ -116034,7 +116355,7 @@ var BackupService_1;
 var BackupService = BackupService_1 = class BackupService2 {
   metadataService;
   connectionsService;
-  logger = new import_common27.Logger(BackupService_1.name);
+  logger = new import_common28.Logger(BackupService_1.name);
   backupsDir;
   constructor(metadataService, connectionsService) {
     this.metadataService = metadataService;
@@ -116472,7 +116793,7 @@ var BackupService = BackupService_1 = class BackupService2 {
   }
 };
 BackupService = BackupService_1 = __decorate40([
-  (0, import_common27.Injectable)(),
+  (0, import_common28.Injectable)(),
   __metadata29("design:paramtypes", [
     MetadataService,
     ConnectionsService
@@ -116480,7 +116801,7 @@ BackupService = BackupService_1 = __decorate40([
 ], BackupService);
 // apps/api/dist/backup/restore.service.js
-var import_common28 = __toESM(require_common(), 1);
+var import_common29 = __toESM(require_common(), 1);
 import { spawn as spawn2 } from "node:child_process";
 import * as fs4 from "node:fs/promises";
 import { createGunzip } from "node:zlib";
@@ -116499,7 +116820,7 @@ var RestoreService_1;
 var RestoreService = RestoreService_1 = class RestoreService2 {
   metadataService;
   connectionsService;
-  logger = new import_common28.Logger(RestoreService_1.name);
+  logger = new import_common29.Logger(RestoreService_1.name);
   constructor(metadataService, connectionsService) {
     this.metadataService = metadataService;
     this.connectionsService = connectionsService;
@@ -116987,7 +117308,7 @@ SET FOREIGN_KEY_CHECKS=1;`;
   }
 };
 RestoreService = RestoreService_1 = __decorate41([
-  (0, import_common28.Injectable)(),
+  (0, import_common29.Injectable)(),
   __metadata30("design:paramtypes", [
     MetadataService,
     ConnectionsService
@@ -117379,91 +117700,91 @@ var BackupController = class BackupController2 {
   }
 };
 __decorate44([
-  (0, import_common29.Post)(),
-  __param9(0, (0, import_common29.Body)()),
+  (0, import_common30.Post)(),
+  __param9(0, (0, import_common30.Body)()),
   __metadata33("design:type", Function),
   __metadata33("design:paramtypes", [CreateBackupDto]),
   __metadata33("design:returntype", Promise)
 ], BackupController.prototype, "createBackup", null);
 __decorate44([
-  (0, import_common29.Get)(),
-  __param9(0, (0, import_common29.Query)("connectionId")),
+  (0, import_common30.Get)(),
+  __param9(0, (0, import_common30.Query)("connectionId")),
   __metadata33("design:type", Function),
   __metadata33("design:paramtypes", [String]),
   __metadata33("design:returntype", Promise)
 ], BackupController.prototype, "getBackups", null);
 __decorate44([
-  (0, import_common29.Get)("logs"),
-  __param9(0, (0, import_common29.Query)("connectionId")),
-  __param9(1, (0, import_common29.Query)("operation")),
-  __param9(2, (0, import_common29.Query)("limit")),
+  (0, import_common30.Get)("logs"),
+  __param9(0, (0, import_common30.Query)("connectionId")),
+  __param9(1, (0, import_common30.Query)("operation")),
+  __param9(2, (0, import_common30.Query)("limit")),
   __metadata33("design:type", Function),
   __metadata33("design:paramtypes", [String, String, String]),
   __metadata33("design:returntype", Promise)
 ], BackupController.prototype, "getBackupLogs", null);
 __decorate44([
-  (0, import_common29.Get)("logs/:id"),
-  __param9(0, (0, import_common29.Param)("id")),
+  (0, import_common30.Get)("logs/:id"),
+  __param9(0, (0, import_common30.Param)("id")),
   __metadata33("design:type", Function),
   __metadata33("design:paramtypes", [String]),
   __metadata33("design:returntype", Promise)
 ], BackupController.prototype, "getBackupLog", null);
 __decorate44([
-  (0, import_common29.Get)(":id"),
-  __param9(0, (0, import_common29.Param)("id")),
+  (0, import_common30.Get)(":id"),
+  __param9(0, (0, import_common30.Param)("id")),
   __metadata33("design:type", Function),
   __metadata33("design:paramtypes", [String]),
   __metadata33("design:returntype", Promise)
 ], BackupController.prototype, "getBackup", null);
 __decorate44([
-  (0, import_common29.Get)(":id/download"),
-  __param9(0, (0, import_common29.Param)("id")),
-  __param9(1, (0, import_common29.Res)()),
+  (0, import_common30.Get)(":id/download"),
+  __param9(0, (0, import_common30.Param)("id")),
+  __param9(1, (0, import_common30.Res)()),
   __metadata33("design:type", Function),
   __metadata33("design:paramtypes", [String, Object]),
   __metadata33("design:returntype", Promise)
 ], BackupController.prototype, "downloadBackup", null);
 __decorate44([
-  (0, import_common29.Post)("upload"),
-  (0, import_common29.UseInterceptors)((0, import_platform_express.FileInterceptor)("file")),
-  __param9(0, (0, import_common29.UploadedFile)()),
-  __param9(1, (0, import_common29.Body)("connectionId")),
+  (0, import_common30.Post)("upload"),
+  (0, import_common30.UseInterceptors)((0, import_platform_express.FileInterceptor)("file")),
+  __param9(0, (0, import_common30.UploadedFile)()),
+  __param9(1, (0, import_common30.Body)("connectionId")),
   __metadata33("design:type", Function),
   __metadata33("design:paramtypes", [Object, String]),
   __metadata33("design:returntype", Promise)
 ], BackupController.prototype, "uploadBackup", null);
 __decorate44([
-  (0, import_common29.Post)(":id/restore"),
-  (0, import_common29.HttpCode)(import_common29.HttpStatus.OK),
-  __param9(0, (0, import_common29.Param)("id")),
-  __param9(1, (0, import_common29.Body)()),
+  (0, import_common30.Post)(":id/restore"),
+  (0, import_common30.HttpCode)(import_common30.HttpStatus.OK),
+  __param9(0, (0, import_common30.Param)("id")),
+  __param9(1, (0, import_common30.Body)()),
   __metadata33("design:type", Function),
   __metadata33("design:paramtypes", [String, RestoreBackupDto]),
   __metadata33("design:returntype", Promise)
 ], BackupController.prototype, "restoreBackup", null);
 __decorate44([
-  (0, import_common29.Delete)(":id"),
-  (0, import_common29.HttpCode)(import_common29.HttpStatus.OK),
-  __param9(0, (0, import_common29.Param)("id")),
+  (0, import_common30.Delete)(":id"),
+  (0, import_common30.HttpCode)(import_common30.HttpStatus.OK),
+  __param9(0, (0, import_common30.Param)("id")),
   __metadata33("design:type", Function),
   __metadata33("design:paramtypes", [String]),
   __metadata33("design:returntype", Promise)
 ], BackupController.prototype, "deleteBackup", null);
 __decorate44([
-  (0, import_common29.Get)("tools/status"),
+  (0, import_common30.Get)("tools/status"),
   __metadata33("design:type", Function),
   __metadata33("design:paramtypes", []),
   __metadata33("design:returntype", Promise)
 ], BackupController.prototype, "getToolsStatus", null);
 __decorate44([
-  (0, import_common29.Post)("tools/install"),
-  (0, import_common29.HttpCode)(import_common29.HttpStatus.OK),
+  (0, import_common30.Post)("tools/install"),
+  (0, import_common30.HttpCode)(import_common30.HttpStatus.OK),
   __metadata33("design:type", Function),
   __metadata33("design:paramtypes", []),
   __metadata33("design:returntype", Promise)
 ], BackupController.prototype, "installTools", null);
 BackupController = __decorate44([
-  (0, import_common29.Controller)("backups"),
+  (0, import_common30.Controller)("backups"),
   __metadata33("design:paramtypes", [
     BackupService,
     RestoreService,
@@ -117481,7 +117802,7 @@ var __decorate45 = function(decorators, target, key, desc) {
 var BackupModule = class BackupModule2 {
 };
 BackupModule = __decorate45([
-  (0, import_common30.Module)({
+  (0, import_common31.Module)({
     imports: [
       MetadataModule,
       ConnectionsModule,
@@ -117499,10 +117820,10 @@ BackupModule = __decorate45([
 ], BackupModule);
 // apps/api/dist/servers/servers.module.js
-var import_common32 = __toESM(require_common(), 1);
+var import_common33 = __toESM(require_common(), 1);
 // apps/api/dist/servers/servers.controller.js
-var import_common31 = __toESM(require_common(), 1);
+var import_common32 = __toESM(require_common(), 1);
 import { exec } from "child_process";
 import { promisify } from "util";
@@ -117611,6 +117932,7 @@ var UpdateServerDto = class {
   tags;
   startCommand;
   stopCommand;
+  isPublic;
 };
 __decorate47([
   (0, import_class_validator18.IsOptional)(),
@@ -117668,6 +117990,11 @@ __decorate47([
   (0, import_class_validator18.IsString)(),
   __metadata35("design:type", String)
 ], UpdateServerDto.prototype, "stopCommand", void 0);
+__decorate47([
+  (0, import_class_validator18.IsOptional)(),
+  (0, import_class_validator18.IsBoolean)(),
+  __metadata35("design:type", Boolean)
+], UpdateServerDto.prototype, "isPublic", void 0);
 // apps/api/dist/servers/dto/create-database.dto.js
 var import_class_validator19 = __toESM(require_cjs(), 1);
@@ -117762,24 +118089,32 @@ var ServersController = class ServersController2 {
   constructor(metadataService) {
     this.metadataService = metadataService;
   }
-  getServers(engine) {
+  getServers(engine, user) {
+    const userContext = {
+      userId: user?.id ?? null,
+      isAdmin: user?.role === "admin"
+    };
     if (engine) {
-      return this.metadataService.serverRepository.findByEngine(engine);
+      return this.metadataService.serverRepository.findByEngine(engine, userContext);
     }
-    return this.metadataService.serverRepository.findAll();
+    return this.metadataService.serverRepository.findAll(userContext);
   }
   getServer(id) {
     return this.metadataService.serverRepository.findById(id);
   }
-  getServerDatabases(id) {
-    return this.metadataService.connectionRepository.findByServerId(id);
+  getServerDatabases(id, user) {
+    const userContext = {
+      userId: user?.id ?? null,
+      isAdmin: user?.role === "admin"
+    };
+    return this.metadataService.connectionRepository.findByServerId(id, userContext);
   }
   getServerPassword(id) {
     const password = this.metadataService.serverRepository.getPassword(id);
     return { password };
   }
-  createServer(input) {
-    const server = this.metadataService.serverRepository.create(input);
+  createServer(input, user) {
+    const server = this.metadataService.serverRepository.create(input, user?.id);
     this.metadataService.auditLogRepository.create({
       action: "server_created",
       entityType: "server",
@@ -117793,7 +118128,14 @@ var ServersController = class ServersController2 {
     });
     return server;
   }
-  updateServer(id, input) {
+  updateServer(id, input, user) {
+    const userContext = {
+      userId: user?.id ?? null,
+      isAdmin: user?.role === "admin"
+    };
+    if (!this.metadataService.serverRepository.canModify(id, userContext)) {
+      throw new import_common32.ForbiddenException("You do not have permission to modify this server");
+    }
     const server = this.metadataService.serverRepository.update(id, input);
     if (server) {
       this.metadataService.auditLogRepository.create({
@@ -117808,8 +118150,15 @@ var ServersController = class ServersController2 {
     }
     return server;
   }
-  deleteServer(id) {
+  deleteServer(id, user) {
+    const userContext = {
+      userId: user?.id ?? null,
+      isAdmin: user?.role === "admin"
+    };
     const server = this.metadataService.serverRepository.findById(id);
+    if (!this.metadataService.serverRepository.canModify(id, userContext)) {
+      throw new import_common32.ForbiddenException("You do not have permission to delete this server");
+    }
     const linkedDatabases = this.metadataService.connectionRepository.findByServerId(id);
     if (linkedDatabases.length > 0) {
       return {
@@ -118241,110 +118590,115 @@ var ServersController = class ServersController2 {
   }
 };
 __decorate50([
-  (0, import_common31.Get)(),
-  __param10(0, (0, import_common31.Query)("engine")),
+  (0, import_common32.Get)(),
+  __param10(0, (0, import_common32.Query)("engine")),
+  __param10(1, CurrentUser()),
   __metadata38("design:type", Function),
-  __metadata38("design:paramtypes", [String]),
+  __metadata38("design:paramtypes", [String, Object]),
   __metadata38("design:returntype", Array)
 ], ServersController.prototype, "getServers", null);
 __decorate50([
-  (0, import_common31.Get)(":id"),
-  __param10(0, (0, import_common31.Param)("id")),
+  (0, import_common32.Get)(":id"),
+  __param10(0, (0, import_common32.Param)("id")),
   __metadata38("design:type", Function),
   __metadata38("design:paramtypes", [String]),
   __metadata38("design:returntype", Object)
 ], ServersController.prototype, "getServer", null);
 __decorate50([
-  (0, import_common31.Get)(":id/databases"),
-  __param10(0, (0, import_common31.Param)("id")),
+  (0, import_common32.Get)(":id/databases"),
+  __param10(0, (0, import_common32.Param)("id")),
+  __param10(1, CurrentUser()),
   __metadata38("design:type", Function),
-  __metadata38("design:paramtypes", [String]),
+  __metadata38("design:paramtypes", [String, Object]),
   __metadata38("design:returntype", Array)
 ], ServersController.prototype, "getServerDatabases", null);
 __decorate50([
-  (0, import_common31.Get)(":id/password"),
-  __param10(0, (0, import_common31.Param)("id")),
+  (0, import_common32.Get)(":id/password"),
+  __param10(0, (0, import_common32.Param)("id")),
   __metadata38("design:type", Function),
   __metadata38("design:paramtypes", [String]),
   __metadata38("design:returntype", Object)
 ], ServersController.prototype, "getServerPassword", null);
 __decorate50([
-  (0, import_common31.Post)(),
-  __param10(0, (0, import_common31.Body)()),
+  (0, import_common32.Post)(),
+  __param10(0, (0, import_common32.Body)()),
+  __param10(1, CurrentUser()),
   __metadata38("design:type", Function),
-  __metadata38("design:paramtypes", [CreateServerDto]),
+  __metadata38("design:paramtypes", [CreateServerDto, Object]),
   __metadata38("design:returntype", Object)
 ], ServersController.prototype, "createServer", null);
 __decorate50([
-  (0, import_common31.Put)(":id"),
-  __param10(0, (0, import_common31.Param)("id")),
-  __param10(1, (0, import_common31.Body)()),
+  (0, import_common32.Put)(":id"),
+  __param10(0, (0, import_common32.Param)("id")),
+  __param10(1, (0, import_common32.Body)()),
+  __param10(2, CurrentUser()),
   __metadata38("design:type", Function),
-  __metadata38("design:paramtypes", [String, UpdateServerDto]),
+  __metadata38("design:paramtypes", [String, UpdateServerDto, Object]),
   __metadata38("design:returntype", Object)
 ], ServersController.prototype, "updateServer", null);
 __decorate50([
-  (0, import_common31.Delete)(":id"),
-  __param10(0, (0, import_common31.Param)("id")),
+  (0, import_common32.Delete)(":id"),
+  __param10(0, (0, import_common32.Param)("id")),
+  __param10(1, CurrentUser()),
   __metadata38("design:type", Function),
-  __metadata38("design:paramtypes", [String]),
+  __metadata38("design:paramtypes", [String, Object]),
   __metadata38("design:returntype", Object)
 ], ServersController.prototype, "deleteServer", null);
 __decorate50([
-  (0, import_common31.Post)(":id/test"),
-  __param10(0, (0, import_common31.Param)("id")),
+  (0, import_common32.Post)(":id/test"),
+  __param10(0, (0, import_common32.Param)("id")),
   __metadata38("design:type", Function),
   __metadata38("design:paramtypes", [String]),
   __metadata38("design:returntype", Promise)
 ], ServersController.prototype, "testServerConnection", null);
 __decorate50([
-  (0, import_common31.Post)(":id/create-database"),
-  __param10(0, (0, import_common31.Param)("id")),
-  __param10(1, (0, import_common31.Body)()),
+  (0, import_common32.Post)(":id/create-database"),
+  __param10(0, (0, import_common32.Param)("id")),
+  __param10(1, (0, import_common32.Body)()),
   __metadata38("design:type", Function),
   __metadata38("design:paramtypes", [String, CreateDatabaseDto]),
   __metadata38("design:returntype", Promise)
 ], ServersController.prototype, "createDatabase", null);
 __decorate50([
-  (0, import_common31.Get)(":id/list-databases"),
-  __param10(0, (0, import_common31.Param)("id")),
+  (0, import_common32.Get)(":id/list-databases"),
+  __param10(0, (0, import_common32.Param)("id")),
   __metadata38("design:type", Function),
   __metadata38("design:paramtypes", [String]),
   __metadata38("design:returntype", Promise)
 ], ServersController.prototype, "listDatabases", null);
 __decorate50([
-  (0, import_common31.Get)(":id/info"),
-  __param10(0, (0, import_common31.Param)("id")),
+  (0, import_common32.Get)(":id/info"),
+  __param10(0, (0, import_common32.Param)("id")),
   __metadata38("design:type", Function),
   __metadata38("design:paramtypes", [String]),
   __metadata38("design:returntype", Promise)
 ], ServersController.prototype, "getServerInfo", null);
 __decorate50([
-  (0, import_common31.Delete)(":id/databases/:dbName"),
-  __param10(0, (0, import_common31.Param)("id")),
-  __param10(1, (0, import_common31.Param)("dbName")),
+  (0, import_common32.Delete)(":id/databases/:dbName"),
+  __param10(0, (0, import_common32.Param)("id")),
+  __param10(1, (0, import_common32.Param)("dbName")),
   __metadata38("design:type", Function),
   __metadata38("design:paramtypes", [String, String]),
   __metadata38("design:returntype", Promise)
 ], ServersController.prototype, "dropDatabase", null);
 __decorate50([
-  (0, import_common31.Post)(":id/start"),
-  __param10(0, (0, import_common31.Param)("id")),
-  __param10(1, (0, import_common31.Query)("confirmed")),
+  (0, import_common32.Post)(":id/start"),
+  __param10(0, (0, import_common32.Param)("id")),
+  __param10(1, (0, import_common32.Query)("confirmed")),
   __metadata38("design:type", Function),
   __metadata38("design:paramtypes", [String, String]),
   __metadata38("design:returntype", Promise)
 ], ServersController.prototype, "startServer", null);
 __decorate50([
-  (0, import_common31.Post)(":id/stop"),
-  __param10(0, (0, import_common31.Param)("id")),
-  __param10(1, (0, import_common31.Query)("confirmed")),
+  (0, import_common32.Post)(":id/stop"),
+  __param10(0, (0, import_common32.Param)("id")),
+  __param10(1, (0, import_common32.Query)("confirmed")),
   __metadata38("design:type", Function),
   __metadata38("design:paramtypes", [String, String]),
   __metadata38("design:returntype", Promise)
 ], ServersController.prototype, "stopServer", null);
 ServersController = __decorate50([
-  (0, import_common31.Controller)("servers"),
+  (0, import_common32.Controller)("servers"),
   __metadata38("design:paramtypes", [MetadataService])
 ], ServersController);
@@ -118358,17 +118712,17 @@ var __decorate51 = function(decorators, target, key, desc) {
 var ServersModule = class ServersModule2 {
 };
 ServersModule = __decorate51([
-  (0, import_common32.Module)({
+  (0, import_common33.Module)({
     imports: [MetadataModule],
     controllers: [ServersController]
   })
 ], ServersModule);
 // apps/api/dist/settings/settings.module.js
-var import_common34 = __toESM(require_common(), 1);
+var import_common35 = __toESM(require_common(), 1);
 // apps/api/dist/settings/settings.controller.js
-var import_common33 = __toESM(require_common(), 1);
+var import_common34 = __toESM(require_common(), 1);
 // apps/api/dist/settings/dto/setting.dto.js
 var import_class_validator21 = __toESM(require_cjs(), 1);
@@ -118450,103 +118804,103 @@ var SettingsController = class SettingsController2 {
   constructor(metadataService) {
     this.metadataService = metadataService;
   }
-  // ============ Generic Settings ============
+  // ============ System Settings (system-wide defaults) ============
   getAllSettings() {
-    return this.metadataService.settingsRepository.getAll();
+    return this.metadataService.userPreferencesRepository.getAllForUser("system");
   }
   getSetting(key) {
-    return this.metadataService.settingsRepository.get(key);
+    return this.metadataService.userPreferencesRepository.getSystemDefault(key);
   }
   setSetting(key, body) {
-    this.metadataService.settingsRepository.set(key, body.value);
+    this.metadataService.userPreferencesRepository.setSystemDefault(key, body.value);
     return { success: true };
   }
   deleteSetting(key) {
-    const success = this.metadataService.settingsRepository.delete(key);
+    const success = this.metadataService.userPreferencesRepository.delete("system", key);
     return { success };
   }
-  // ============ Tags ============
+  // ============ Tags (system-wide) ============
   getTags() {
-    return this.metadataService.settingsRepository.getTags();
+    return this.metadataService.userPreferencesRepository.getTags();
   }
   createTag(input) {
-    return this.metadataService.settingsRepository.addTag(input);
+    return this.metadataService.userPreferencesRepository.addTag(input);
   }
   updateTag(id, input) {
-    return this.metadataService.settingsRepository.updateTag(id, input);
+    return this.metadataService.userPreferencesRepository.updateTag(id, input);
   }
   deleteTag(id) {
-    const success = this.metadataService.settingsRepository.deleteTag(id);
+    const success = this.metadataService.userPreferencesRepository.deleteTag(id);
     return { success };
   }
   resetTags() {
-    return this.metadataService.settingsRepository.resetTags();
+    return this.metadataService.userPreferencesRepository.resetTags();
   }
 };
 __decorate54([
-  (0, import_common33.Get)(),
+  (0, import_common34.Get)(),
   __metadata41("design:type", Function),
   __metadata41("design:paramtypes", []),
   __metadata41("design:returntype", Object)
 ], SettingsController.prototype, "getAllSettings", null);
 __decorate54([
-  (0, import_common33.Get)(":key"),
-  __param11(0, (0, import_common33.Param)("key")),
+  (0, import_common34.Get)(":key"),
+  __param11(0, (0, import_common34.Param)("key")),
   __metadata41("design:type", Function),
   __metadata41("design:paramtypes", [String]),
   __metadata41("design:returntype", Object)
 ], SettingsController.prototype, "getSetting", null);
 __decorate54([
-  (0, import_common33.Put)(":key"),
-  __param11(0, (0, import_common33.Param)("key")),
-  __param11(1, (0, import_common33.Body)()),
+  (0, import_common34.Put)(":key"),
+  __param11(0, (0, import_common34.Param)("key")),
+  __param11(1, (0, import_common34.Body)()),
   __metadata41("design:type", Function),
   __metadata41("design:paramtypes", [String, SetSettingDto]),
   __metadata41("design:returntype", Object)
 ], SettingsController.prototype, "setSetting", null);
 __decorate54([
-  (0, import_common33.Delete)(":key"),
-  __param11(0, (0, import_common33.Param)("key")),
+  (0, import_common34.Delete)(":key"),
+  __param11(0, (0, import_common34.Param)("key")),
   __metadata41("design:type", Function),
   __metadata41("design:paramtypes", [String]),
   __metadata41("design:returntype", Object)
 ], SettingsController.prototype, "deleteSetting", null);
 __decorate54([
-  (0, import_common33.Get)("tags/all"),
+  (0, import_common34.Get)("tags/all"),
   __metadata41("design:type", Function),
   __metadata41("design:paramtypes", []),
   __metadata41("design:returntype", Array)
 ], SettingsController.prototype, "getTags", null);
 __decorate54([
-  (0, import_common33.Post)("tags"),
-  __param11(0, (0, import_common33.Body)()),
+  (0, import_common34.Post)("tags"),
+  __param11(0, (0, import_common34.Body)()),
   __metadata41("design:type", Function),
   __metadata41("design:paramtypes", [CreateTagDto]),
   __metadata41("design:returntype", Object)
 ], SettingsController.prototype, "createTag", null);
 __decorate54([
-  (0, import_common33.Put)("tags/:id"),
-  __param11(0, (0, import_common33.Param)("id")),
-  __param11(1, (0, import_common33.Body)()),
+  (0, import_common34.Put)("tags/:id"),
+  __param11(0, (0, import_common34.Param)("id")),
+  __param11(1, (0, import_common34.Body)()),
   __metadata41("design:type", Function),
   __metadata41("design:paramtypes", [String, UpdateTagDto]),
   __metadata41("design:returntype", Object)
 ], SettingsController.prototype, "updateTag", null);
 __decorate54([
-  (0, import_common33.Delete)("tags/:id"),
-  __param11(0, (0, import_common33.Param)("id")),
+  (0, import_common34.Delete)("tags/:id"),
+  __param11(0, (0, import_common34.Param)("id")),
   __metadata41("design:type", Function),
   __metadata41("design:paramtypes", [String]),
   __metadata41("design:returntype", Object)
 ], SettingsController.prototype, "deleteTag", null);
 __decorate54([
-  (0, import_common33.Post)("tags/reset"),
+  (0, import_common34.Post)("tags/reset"),
   __metadata41("design:type", Function),
   __metadata41("design:paramtypes", []),
   __metadata41("design:returntype", Array)
 ], SettingsController.prototype, "resetTags", null);
 SettingsController = __decorate54([
-  (0, import_common33.Controller)("settings"),
+  (0, import_common34.Controller)("settings"),
   __metadata41("design:paramtypes", [MetadataService])
 ], SettingsController);
@@ -118560,32 +118914,149 @@ var __decorate55 = function(decorators, target, key, desc) {
 var SettingsModule = class SettingsModule2 {
 };
 SettingsModule = __decorate55([
-  (0, import_common34.Module)({
+  (0, import_common35.Module)({
     imports: [MetadataModule],
     controllers: [SettingsController]
   })
 ], SettingsModule);
+// apps/api/dist/preferences/preferences.module.js
+var import_common37 = __toESM(require_common(), 1);
+// apps/api/dist/preferences/preferences.controller.js
+var import_common36 = __toESM(require_common(), 1);
+var __decorate56 = function(decorators, target, key, desc) {
+  var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+  if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+  else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+  return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata42 = function(k, v) {
+  if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param12 = function(paramIndex, decorator) {
+  return function(target, key) {
+    decorator(target, key, paramIndex);
+  };
+};
+var PreferencesController = class PreferencesController2 {
+  metadataService;
+  constructor(metadataService) {
+    this.metadataService = metadataService;
+  }
+  /**
+   * Get all preferences for the current user
+   */
+  getAllPreferences(userId) {
+    if (!userId) {
+      return {};
+    }
+    return this.metadataService.userPreferencesRepository.getAllForUser(userId);
+  }
+  /**
+   * Get a specific preference for the current user
+   */
+  getPreference(userId, key) {
+    if (!userId) {
+      return { value: null };
+    }
+    const value = this.metadataService.userPreferencesRepository.get(userId, key);
+    return { value };
+  }
+  /**
+   * Set a preference for the current user
+   */
+  setPreference(userId, key, body) {
+    if (!userId) {
+      return { success: false };
+    }
+    this.metadataService.userPreferencesRepository.set(userId, key, body.value);
+    return { success: true };
+  }
+  /**
+   * Delete a preference for the current user
+   */
+  deletePreference(userId, key) {
+    if (!userId) {
+      return { success: false };
+    }
+    const success = this.metadataService.userPreferencesRepository.delete(userId, key);
+    return { success };
+  }
+};
+__decorate56([
+  (0, import_common36.Get)(),
+  __param12(0, CurrentUser("id")),
+  __metadata42("design:type", Function),
+  __metadata42("design:paramtypes", [String]),
+  __metadata42("design:returntype", Object)
+], PreferencesController.prototype, "getAllPreferences", null);
+__decorate56([
+  (0, import_common36.Get)(":key"),
+  __param12(0, CurrentUser("id")),
+  __param12(1, (0, import_common36.Param)("key")),
+  __metadata42("design:type", Function),
+  __metadata42("design:paramtypes", [String, String]),
+  __metadata42("design:returntype", Object)
+], PreferencesController.prototype, "getPreference", null);
+__decorate56([
+  (0, import_common36.Put)(":key"),
+  __param12(0, CurrentUser("id")),
+  __param12(1, (0, import_common36.Param)("key")),
+  __param12(2, (0, import_common36.Body)()),
+  __metadata42("design:type", Function),
+  __metadata42("design:paramtypes", [String, String, Object]),
+  __metadata42("design:returntype", Object)
+], PreferencesController.prototype, "setPreference", null);
+__decorate56([
+  (0, import_common36.Delete)(":key"),
+  __param12(0, CurrentUser("id")),
+  __param12(1, (0, import_common36.Param)("key")),
+  __metadata42("design:type", Function),
+  __metadata42("design:paramtypes", [String, String]),
+  __metadata42("design:returntype", Object)
+], PreferencesController.prototype, "deletePreference", null);
+PreferencesController = __decorate56([
+  (0, import_common36.Controller)("preferences"),
+  __metadata42("design:paramtypes", [MetadataService])
+], PreferencesController);
+// apps/api/dist/preferences/preferences.module.js
+var __decorate57 = function(decorators, target, key, desc) {
+  var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+  if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+  else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+  return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var PreferencesModule = class PreferencesModule2 {
+};
+PreferencesModule = __decorate57([
+  (0, import_common37.Module)({
+    imports: [MetadataModule],
+    controllers: [PreferencesController]
+  })
+], PreferencesModule);
 // apps/api/dist/auth/auth.module.js
-var import_common40 = __toESM(require_common(), 1);
+var import_common43 = __toESM(require_common(), 1);
 var import_jwt2 = __toESM(require_jwt(), 1);
 var import_passport4 = __toESM(require_passport(), 1);
 // apps/api/dist/auth/auth.controller.js
-var import_common36 = __toESM(require_common(), 1);
+var import_common39 = __toESM(require_common(), 1);
 // apps/api/dist/auth/auth.service.js
-var import_common35 = __toESM(require_common(), 1);
+var import_common38 = __toESM(require_common(), 1);
 var import_jwt = __toESM(require_jwt(), 1);
-var bcrypt = __toESM(require_bcryptjs(), 1);
+var import_bcryptjs = __toESM(require_bcryptjs(), 1);
 import { createHash as createHash2 } from "crypto";
-var __decorate56 = function(decorators, target, key, desc) {
+var __decorate58 = function(decorators, target, key, desc) {
   var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
   if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
   else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
   return c > 3 && r && Object.defineProperty(target, key, r), r;
 };
-var __metadata42 = function(k, v) {
+var __metadata43 = function(k, v) {
   if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
 };
 var AuthService = class AuthService2 {
@@ -118601,9 +119072,9 @@ var AuthService = class AuthService2 {
   async register(dto) {
     const existingUser = this.metadataService.userRepository.findByEmail(dto.email);
     if (existingUser) {
-      throw new import_common35.ConflictException("Email already registered");
+      throw new import_common38.ConflictException("Email already registered");
     }
-    const passwordHash = await bcrypt.hash(dto.password, this.SALT_ROUNDS);
+    const passwordHash = await import_bcryptjs.default.hash(dto.password, this.SALT_ROUNDS);
     const isFirstUser = this.metadataService.userRepository.count() === 0;
     const role = isFirstUser ? "admin" : "viewer";
     const user = this.metadataService.userRepository.create({
@@ -118626,12 +119097,12 @@ var AuthService = class AuthService2 {
         email: dto.email,
         reason: "user_not_found"
       });
-      throw new import_common35.UnauthorizedException("Invalid credentials");
+      throw new import_common38.UnauthorizedException("Invalid credentials");
     }
-    const isPasswordValid = await bcrypt.compare(dto.password, user.passwordHash);
+    const isPasswordValid = await import_bcryptjs.default.compare(dto.password, user.passwordHash);
     if (!isPasswordValid) {
       this.logAuthEvent("login_failed", user.id, { reason: "invalid_password" });
-      throw new import_common35.UnauthorizedException("Invalid credentials");
+      throw new import_common38.UnauthorizedException("Invalid credentials");
     }
     const tokens = await this.generateTokens(user);
     this.logAuthEvent("user_logged_in", user.id);
@@ -118644,15 +119115,15 @@ var AuthService = class AuthService2 {
     const tokenHash = this.hashToken(refreshToken);
     const storedToken = this.metadataService.userRepository.findRefreshToken(tokenHash);
     if (!storedToken) {
-      throw new import_common35.UnauthorizedException("Invalid refresh token");
+      throw new import_common38.UnauthorizedException("Invalid refresh token");
     }
     if (new Date(storedToken.expiresAt) < /* @__PURE__ */ new Date()) {
       this.metadataService.userRepository.deleteRefreshToken(tokenHash);
-      throw new import_common35.UnauthorizedException("Refresh token expired");
+      throw new import_common38.UnauthorizedException("Refresh token expired");
     }
     const user = this.metadataService.userRepository.findById(storedToken.userId);
     if (!user) {
-      throw new import_common35.UnauthorizedException("User not found");
+      throw new import_common38.UnauthorizedException("User not found");
     }
     this.metadataService.userRepository.deleteRefreshToken(tokenHash);
     return this.generateTokens(user);
@@ -118705,24 +119176,31 @@ var AuthService = class AuthService2 {
   async changePassword(userId, currentPassword, newPassword) {
     const user = this.metadataService.userRepository.findById(userId);
     if (!user) {
-      throw new import_common35.UnauthorizedException("User not found");
+      throw new import_common38.UnauthorizedException("User not found");
     }
-    const isPasswordValid = await bcrypt.compare(currentPassword, user.passwordHash);
+    const isPasswordValid = await import_bcryptjs.default.compare(currentPassword, user.passwordHash);
     if (!isPasswordValid) {
       this.logAuthEvent("password_change_failed", userId, {
         reason: "invalid_current_password"
       });
-      throw new import_common35.BadRequestException("Current password is incorrect");
+      throw new import_common38.BadRequestException("Current password is incorrect");
     }
-    const newPasswordHash = await bcrypt.hash(newPassword, this.SALT_ROUNDS);
+    const newPasswordHash = await import_bcryptjs.default.hash(newPassword, this.SALT_ROUNDS);
     this.metadataService.userRepository.update(userId, { passwordHash: newPasswordHash });
     this.metadataService.userRepository.deleteUserRefreshTokens(userId);
     this.logAuthEvent("password_changed", userId);
   }
+  async verifyPassword(userId, password) {
+    const user = this.metadataService.userRepository.findById(userId);
+    if (!user) {
+      return false;
+    }
+    return import_bcryptjs.default.compare(password, user.passwordHash);
+  }
   async updateProfile(userId, updates) {
     const user = this.metadataService.userRepository.update(userId, updates);
     if (!user) {
-      throw new import_common35.UnauthorizedException("User not found");
+      throw new import_common38.UnauthorizedException("User not found");
     }
     return this.sanitizeUser(user);
   }
@@ -118771,9 +119249,9 @@ var AuthService = class AuthService2 {
     return sanitized;
   }
 };
-AuthService = __decorate56([
-  (0, import_common35.Injectable)(),
-  __metadata42("design:paramtypes", [
+AuthService = __decorate58([
+  (0, import_common38.Injectable)(),
+  __metadata43("design:paramtypes", [
     MetadataService,
     import_jwt.JwtService
   ])
@@ -118781,13 +119259,13 @@ AuthService = __decorate56([
 // apps/api/dist/auth/dto/register.dto.js
 var import_class_validator23 = __toESM(require_cjs(), 1);
-var __decorate57 = function(decorators, target, key, desc) {
+var __decorate59 = function(decorators, target, key, desc) {
   var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
   if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
   else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
   return c > 3 && r && Object.defineProperty(target, key, r), r;
 };
-var __metadata43 = function(k, v) {
+var __metadata44 = function(k, v) {
   if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
 };
 var RegisterDto = class {
@@ -118795,127 +119273,127 @@ var RegisterDto = class {
   password;
   name;
 };
-__decorate57([
+__decorate59([
   (0, import_class_validator23.IsEmail)({}, { message: "Please provide a valid email address" }),
-  __metadata43("design:type", String)
+  __metadata44("design:type", String)
 ], RegisterDto.prototype, "email", void 0);
-__decorate57([
+__decorate59([
   (0, import_class_validator23.IsString)(),
   (0, import_class_validator23.MinLength)(8, { message: "Password must be at least 8 characters long" }),
-  __metadata43("design:type", String)
+  __metadata44("design:type", String)
 ], RegisterDto.prototype, "password", void 0);
-__decorate57([
+__decorate59([
   (0, import_class_validator23.IsOptional)(),
   (0, import_class_validator23.IsString)(),
-  __metadata43("design:type", String)
+  __metadata44("design:type", String)
 ], RegisterDto.prototype, "name", void 0);
 // apps/api/dist/auth/dto/login.dto.js
 var import_class_validator24 = __toESM(require_cjs(), 1);
-var __decorate58 = function(decorators, target, key, desc) {
+var __decorate60 = function(decorators, target, key, desc) {
   var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
   if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
   else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
   return c > 3 && r && Object.defineProperty(target, key, r), r;
 };
-var __metadata44 = function(k, v) {
+var __metadata45 = function(k, v) {
   if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
 };
 var LoginDto = class {
   email;
   password;
 };
-__decorate58([
+__decorate60([
   (0, import_class_validator24.IsEmail)({}, { message: "Please provide a valid email address" }),
-  __metadata44("design:type", String)
+  __metadata45("design:type", String)
 ], LoginDto.prototype, "email", void 0);
-__decorate58([
+__decorate60([
   (0, import_class_validator24.IsString)(),
-  __metadata44("design:type", String)
+  __metadata45("design:type", String)
 ], LoginDto.prototype, "password", void 0);
 // apps/api/dist/auth/dto/refresh-token.dto.js
 var import_class_validator25 = __toESM(require_cjs(), 1);
-var __decorate59 = function(decorators, target, key, desc) {
+var __decorate61 = function(decorators, target, key, desc) {
   var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
   if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
   else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
   return c > 3 && r && Object.defineProperty(target, key, r), r;
 };
-var __metadata45 = function(k, v) {
+var __metadata46 = function(k, v) {
   if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
 };
 var RefreshTokenDto = class {
   refreshToken;
 };
-__decorate59([
+__decorate61([
   (0, import_class_validator25.IsString)(),
-  __metadata45("design:type", String)
+  __metadata46("design:type", String)
 ], RefreshTokenDto.prototype, "refreshToken", void 0);
 // apps/api/dist/auth/dto/create-api-key.dto.js
 var import_class_validator26 = __toESM(require_cjs(), 1);
-var __decorate60 = function(decorators, target, key, desc) {
+var __decorate62 = function(decorators, target, key, desc) {
   var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
   if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
   else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
   return c > 3 && r && Object.defineProperty(target, key, r), r;
 };
-var __metadata46 = function(k, v) {
+var __metadata47 = function(k, v) {
   if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
 };
 var CreateApiKeyDto = class {
   name;
   expiresAt;
 };
-__decorate60([
+__decorate62([
   (0, import_class_validator26.IsString)(),
   (0, import_class_validator26.MinLength)(1),
   (0, import_class_validator26.MaxLength)(100),
-  __metadata46("design:type", String)
+  __metadata47("design:type", String)
 ], CreateApiKeyDto.prototype, "name", void 0);
-__decorate60([
+__decorate62([
   (0, import_class_validator26.IsOptional)(),
   (0, import_class_validator26.IsDateString)(),
-  __metadata46("design:type", String)
+  __metadata47("design:type", String)
 ], CreateApiKeyDto.prototype, "expiresAt", void 0);
 // apps/api/dist/auth/dto/change-password.dto.js
 var import_class_validator27 = __toESM(require_cjs(), 1);
-var __decorate61 = function(decorators, target, key, desc) {
+var __decorate63 = function(decorators, target, key, desc) {
   var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
   if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
   else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
   return c > 3 && r && Object.defineProperty(target, key, r), r;
 };
-var __metadata47 = function(k, v) {
+var __metadata48 = function(k, v) {
   if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
 };
 var ChangePasswordDto = class {
   currentPassword;
   newPassword;
 };
-__decorate61([
+__decorate63([
   (0, import_class_validator27.IsString)(),
-  __metadata47("design:type", String)
+  __metadata48("design:type", String)
 ], ChangePasswordDto.prototype, "currentPassword", void 0);
-__decorate61([
+__decorate63([
   (0, import_class_validator27.IsString)(),
   (0, import_class_validator27.MinLength)(8, { message: "New password must be at least 8 characters long" }),
-  __metadata47("design:type", String)
+  __metadata48("design:type", String)
 ], ChangePasswordDto.prototype, "newPassword", void 0);
 // apps/api/dist/auth/auth.controller.js
-var __decorate62 = function(decorators, target, key, desc) {
+var __decorate64 = function(decorators, target, key, desc) {
   var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
   if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
   else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
   return c > 3 && r && Object.defineProperty(target, key, r), r;
 };
-var __metadata48 = function(k, v) {
+var __metadata49 = function(k, v) {
   if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
 };
-var __param12 = function(paramIndex, decorator) {
+var __param13 = function(paramIndex, decorator) {
   return function(target, key) {
     decorator(target, key, paramIndex);
   };
@@ -118950,6 +119428,10 @@ var AuthController = class AuthController2 {
     await this.authService.changePassword(userId, dto.currentPassword, dto.newPassword);
     return { message: "Password changed successfully. Please log in again." };
   }
+  async verifyPassword(userId, dto) {
+    const valid = await this.authService.verifyPassword(userId, dto.password);
+    return { valid };
+  }
   async updateProfile(userId, dto) {
     return this.authService.updateProfile(userId, dto);
   }
@@ -118976,120 +119458,129 @@ var AuthController = class AuthController2 {
     };
   }
 };
-__decorate62([
+__decorate64([
   Public(),
-  (0, import_common36.Post)("register"),
-  __param12(0, (0, import_common36.Body)()),
-  __metadata48("design:type", Function),
-  __metadata48("design:paramtypes", [RegisterDto]),
-  __metadata48("design:returntype", Promise)
+  (0, import_common39.Post)("register"),
+  __param13(0, (0, import_common39.Body)()),
+  __metadata49("design:type", Function),
+  __metadata49("design:paramtypes", [RegisterDto]),
+  __metadata49("design:returntype", Promise)
 ], AuthController.prototype, "register", null);
-__decorate62([
+__decorate64([
   Public(),
-  (0, import_common36.Post)("login"),
-  (0, import_common36.HttpCode)(import_common36.HttpStatus.OK),
-  __param12(0, (0, import_common36.Body)()),
-  __metadata48("design:type", Function),
-  __metadata48("design:paramtypes", [LoginDto]),
-  __metadata48("design:returntype", Promise)
+  (0, import_common39.Post)("login"),
+  (0, import_common39.HttpCode)(import_common39.HttpStatus.OK),
+  __param13(0, (0, import_common39.Body)()),
+  __metadata49("design:type", Function),
+  __metadata49("design:paramtypes", [LoginDto]),
+  __metadata49("design:returntype", Promise)
 ], AuthController.prototype, "login", null);
-__decorate62([
+__decorate64([
   Public(),
-  (0, import_common36.Post)("refresh"),
-  (0, import_common36.HttpCode)(import_common36.HttpStatus.OK),
-  __param12(0, (0, import_common36.Body)()),
-  __metadata48("design:type", Function),
-  __metadata48("design:paramtypes", [RefreshTokenDto]),
-  __metadata48("design:returntype", Promise)
+  (0, import_common39.Post)("refresh"),
+  (0, import_common39.HttpCode)(import_common39.HttpStatus.OK),
+  __param13(0, (0, import_common39.Body)()),
+  __metadata49("design:type", Function),
+  __metadata49("design:paramtypes", [RefreshTokenDto]),
+  __metadata49("design:returntype", Promise)
 ], AuthController.prototype, "refreshTokens", null);
-__decorate62([
-  (0, import_common36.Post)("logout"),
-  (0, import_common36.HttpCode)(import_common36.HttpStatus.OK),
-  __param12(0, (0, import_common36.Body)()),
-  __metadata48("design:type", Function),
-  __metadata48("design:paramtypes", [RefreshTokenDto]),
-  __metadata48("design:returntype", Promise)
+__decorate64([
+  (0, import_common39.Post)("logout"),
+  (0, import_common39.HttpCode)(import_common39.HttpStatus.OK),
+  __param13(0, (0, import_common39.Body)()),
+  __metadata49("design:type", Function),
+  __metadata49("design:paramtypes", [RefreshTokenDto]),
+  __metadata49("design:returntype", Promise)
 ], AuthController.prototype, "logout", null);
-__decorate62([
-  (0, import_common36.Post)("logout-all"),
-  (0, import_common36.HttpCode)(import_common36.HttpStatus.OK),
-  __param12(0, CurrentUser("id")),
-  __metadata48("design:type", Function),
-  __metadata48("design:paramtypes", [String]),
-  __metadata48("design:returntype", Promise)
+__decorate64([
+  (0, import_common39.Post)("logout-all"),
+  (0, import_common39.HttpCode)(import_common39.HttpStatus.OK),
+  __param13(0, CurrentUser("id")),
+  __metadata49("design:type", Function),
+  __metadata49("design:paramtypes", [String]),
+  __metadata49("design:returntype", Promise)
 ], AuthController.prototype, "logoutAll", null);
-__decorate62([
-  (0, import_common36.Get)("me"),
-  __param12(0, CurrentUser()),
-  __metadata48("design:type", Function),
-  __metadata48("design:paramtypes", [Object]),
-  __metadata48("design:returntype", Object)
+__decorate64([
+  (0, import_common39.Get)("me"),
+  __param13(0, CurrentUser()),
+  __metadata49("design:type", Function),
+  __metadata49("design:paramtypes", [Object]),
+  __metadata49("design:returntype", Object)
 ], AuthController.prototype, "getMe", null);
-__decorate62([
-  (0, import_common36.Post)("change-password"),
-  (0, import_common36.HttpCode)(import_common36.HttpStatus.OK),
-  __param12(0, CurrentUser("id")),
-  __param12(1, (0, import_common36.Body)()),
-  __metadata48("design:type", Function),
-  __metadata48("design:paramtypes", [String, ChangePasswordDto]),
-  __metadata48("design:returntype", Promise)
+__decorate64([
+  (0, import_common39.Post)("change-password"),
+  (0, import_common39.HttpCode)(import_common39.HttpStatus.OK),
+  __param13(0, CurrentUser("id")),
+  __param13(1, (0, import_common39.Body)()),
+  __metadata49("design:type", Function),
+  __metadata49("design:paramtypes", [String, ChangePasswordDto]),
+  __metadata49("design:returntype", Promise)
 ], AuthController.prototype, "changePassword", null);
-__decorate62([
-  (0, import_common36.Post)("update-profile"),
-  (0, import_common36.HttpCode)(import_common36.HttpStatus.OK),
-  __param12(0, CurrentUser("id")),
-  __param12(1, (0, import_common36.Body)()),
-  __metadata48("design:type", Function),
-  __metadata48("design:paramtypes", [String, Object]),
-  __metadata48("design:returntype", Promise)
+__decorate64([
+  (0, import_common39.Post)("verify-password"),
+  (0, import_common39.HttpCode)(import_common39.HttpStatus.OK),
+  __param13(0, CurrentUser("id")),
+  __param13(1, (0, import_common39.Body)()),
+  __metadata49("design:type", Function),
+  __metadata49("design:paramtypes", [String, Object]),
+  __metadata49("design:returntype", Promise)
+], AuthController.prototype, "verifyPassword", null);
+__decorate64([
+  (0, import_common39.Post)("update-profile"),
+  (0, import_common39.HttpCode)(import_common39.HttpStatus.OK),
+  __param13(0, CurrentUser("id")),
+  __param13(1, (0, import_common39.Body)()),
+  __metadata49("design:type", Function),
+  __metadata49("design:paramtypes", [String, Object]),
+  __metadata49("design:returntype", Promise)
 ], AuthController.prototype, "updateProfile", null);
-__decorate62([
+__decorate64([
   Public(),
-  (0, import_common36.Get)("status"),
-  __metadata48("design:type", Function),
-  __metadata48("design:paramtypes", []),
-  __metadata48("design:returntype", Object)
+  (0, import_common39.Get)("status"),
+  __metadata49("design:type", Function),
+  __metadata49("design:paramtypes", []),
+  __metadata49("design:returntype", Object)
 ], AuthController.prototype, "getAuthStatus", null);
-__decorate62([
-  (0, import_common36.Post)("api-keys"),
-  __param12(0, CurrentUser("id")),
-  __param12(1, (0, import_common36.Body)()),
-  __metadata48("design:type", Function),
-  __metadata48("design:paramtypes", [String, CreateApiKeyDto]),
-  __metadata48("design:returntype", Promise)
+__decorate64([
+  (0, import_common39.Post)("api-keys"),
+  __param13(0, CurrentUser("id")),
+  __param13(1, (0, import_common39.Body)()),
+  __metadata49("design:type", Function),
+  __metadata49("design:paramtypes", [String, CreateApiKeyDto]),
+  __metadata49("design:returntype", Promise)
 ], AuthController.prototype, "createApiKey", null);
-__decorate62([
-  (0, import_common36.Get)("api-keys"),
-  __param12(0, CurrentUser("id")),
-  __metadata48("design:type", Function),
-  __metadata48("design:paramtypes", [String]),
-  __metadata48("design:returntype", Promise)
+__decorate64([
+  (0, import_common39.Get)("api-keys"),
+  __param13(0, CurrentUser("id")),
+  __metadata49("design:type", Function),
+  __metadata49("design:paramtypes", [String]),
+  __metadata49("design:returntype", Promise)
 ], AuthController.prototype, "getApiKeys", null);
-__decorate62([
-  (0, import_common36.Delete)("api-keys/:id"),
-  (0, import_common36.HttpCode)(import_common36.HttpStatus.OK),
-  __param12(0, CurrentUser("id")),
-  __param12(1, (0, import_common36.Param)("id")),
-  __metadata48("design:type", Function),
-  __metadata48("design:paramtypes", [String, String]),
-  __metadata48("design:returntype", Promise)
+__decorate64([
+  (0, import_common39.Delete)("api-keys/:id"),
+  (0, import_common39.HttpCode)(import_common39.HttpStatus.OK),
+  __param13(0, CurrentUser("id")),
+  __param13(1, (0, import_common39.Param)("id")),
+  __metadata49("design:type", Function),
+  __metadata49("design:paramtypes", [String, String]),
+  __metadata49("design:returntype", Promise)
 ], AuthController.prototype, "deleteApiKey", null);
-AuthController = __decorate62([
-  (0, import_common36.Controller)("auth"),
-  __metadata48("design:paramtypes", [AuthService])
+AuthController = __decorate64([
+  (0, import_common39.Controller)("auth"),
+  __metadata49("design:paramtypes", [AuthService])
 ], AuthController);
 // apps/api/dist/auth/strategies/jwt.strategy.js
-var import_common37 = __toESM(require_common(), 1);
+var import_common40 = __toESM(require_common(), 1);
 var import_passport = __toESM(require_passport(), 1);
 var import_passport_jwt = __toESM(require_lib13(), 1);
-var __decorate63 = function(decorators, target, key, desc) {
+var __decorate65 = function(decorators, target, key, desc) {
   var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
   if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
   else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
   return c > 3 && r && Object.defineProperty(target, key, r), r;
 };
-var __metadata49 = function(k, v) {
+var __metadata50 = function(k, v) {
   if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
 };
 var JwtStrategy = class JwtStrategy2 extends (0, import_passport.PassportStrategy)(import_passport_jwt.Strategy) {
@@ -119105,28 +119596,28 @@ var JwtStrategy = class JwtStrategy2 extends (0, import_passport.PassportStrateg
   async validate(payload) {
     const user = this.metadataService.userRepository.findById(payload.sub);
     if (!user) {
-      throw new import_common37.UnauthorizedException("User not found");
+      throw new import_common40.UnauthorizedException("User not found");
     }
     return user;
   }
 };
-JwtStrategy = __decorate63([
-  (0, import_common37.Injectable)(),
-  __metadata49("design:paramtypes", [MetadataService])
+JwtStrategy = __decorate65([
+  (0, import_common40.Injectable)(),
+  __metadata50("design:paramtypes", [MetadataService])
 ], JwtStrategy);
 // apps/api/dist/auth/strategies/api-key.strategy.js
-var import_common38 = __toESM(require_common(), 1);
+var import_common41 = __toESM(require_common(), 1);
 var import_passport2 = __toESM(require_passport(), 1);
 var import_passport_custom = __toESM(require_lib14(), 1);
 import { createHash as createHash3 } from "crypto";
-var __decorate64 = function(decorators, target, key, desc) {
+var __decorate66 = function(decorators, target, key, desc) {
   var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
   if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
   else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
   return c > 3 && r && Object.defineProperty(target, key, r), r;
 };
-var __metadata50 = function(k, v) {
+var __metadata51 = function(k, v) {
   if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
 };
 var ApiKeyStrategy = class ApiKeyStrategy2 extends (0, import_passport2.PassportStrategy)(import_passport_custom.Strategy, "api-key") {
@@ -119138,19 +119629,19 @@ var ApiKeyStrategy = class ApiKeyStrategy2 extends (0, import_passport2.Passport
   async validate(req) {
     const apiKey = this.extractApiKey(req);
     if (!apiKey) {
-      throw new import_common38.UnauthorizedException("API key is required");
+      throw new import_common41.UnauthorizedException("API key is required");
     }
     const keyHash = this.hashKey(apiKey);
     const storedKey = this.metadataService.userRepository.findApiKeyByHash(keyHash);
     if (!storedKey) {
-      throw new import_common38.UnauthorizedException("Invalid API key");
+      throw new import_common41.UnauthorizedException("Invalid API key");
     }
     if (storedKey.expiresAt && new Date(storedKey.expiresAt) < /* @__PURE__ */ new Date()) {
-      throw new import_common38.UnauthorizedException("API key has expired");
+      throw new import_common41.UnauthorizedException("API key has expired");
     }
     const user = this.metadataService.userRepository.findById(storedKey.userId);
     if (!user) {
-      throw new import_common38.UnauthorizedException("User not found");
+      throw new import_common41.UnauthorizedException("User not found");
     }
     this.metadataService.userRepository.updateApiKeyLastUsed(storedKey.id);
     return user;
@@ -119173,22 +119664,22 @@ var ApiKeyStrategy = class ApiKeyStrategy2 extends (0, import_passport2.Passport
     return createHash3("sha256").update(key).digest("hex");
   }
 };
-ApiKeyStrategy = __decorate64([
-  (0, import_common38.Injectable)(),
-  __metadata50("design:paramtypes", [MetadataService])
+ApiKeyStrategy = __decorate66([
+  (0, import_common41.Injectable)(),
+  __metadata51("design:paramtypes", [MetadataService])
 ], ApiKeyStrategy);
 // apps/api/dist/auth/guards/combined-auth.guard.js
-var import_common39 = __toESM(require_common(), 1);
+var import_common42 = __toESM(require_common(), 1);
 var import_core = __toESM(require_core3(), 1);
 var import_passport3 = __toESM(require_passport(), 1);
-var __decorate65 = function(decorators, target, key, desc) {
+var __decorate67 = function(decorators, target, key, desc) {
   var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
   if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
   else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
   return c > 3 && r && Object.defineProperty(target, key, r), r;
 };
-var __metadata51 = function(k, v) {
+var __metadata52 = function(k, v) {
   if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
 };
 var CombinedAuthGuard = class CombinedAuthGuard2 extends (0, import_passport3.AuthGuard)(["jwt", "api-key"]) {
@@ -119220,7 +119711,7 @@ var CombinedAuthGuard = class CombinedAuthGuard2 extends (0, import_passport3.Au
     if (authHeader?.startsWith("Bearer ")) {
       return this.activateJwt(context);
     }
-    throw new import_common39.UnauthorizedException("Authentication required");
+    throw new import_common42.UnauthorizedException("Authentication required");
   }
   async activateJwt(context) {
     const jwtGuard = new ((0, import_passport3.AuthGuard)("jwt"))();
@@ -119228,7 +119719,7 @@ var CombinedAuthGuard = class CombinedAuthGuard2 extends (0, import_passport3.Au
       await jwtGuard.canActivate(context);
       return true;
     } catch {
-      throw new import_common39.UnauthorizedException("Invalid or expired token");
+      throw new import_common42.UnauthorizedException("Invalid or expired token");
     }
   }
   async activateApiKey(context) {
@@ -119237,26 +119728,26 @@ var CombinedAuthGuard = class CombinedAuthGuard2 extends (0, import_passport3.Au
       await apiKeyGuard.canActivate(context);
       return true;
     } catch {
-      throw new import_common39.UnauthorizedException("Invalid API key");
+      throw new import_common42.UnauthorizedException("Invalid API key");
     }
   }
   handleRequest(err, user) {
     if (err || !user) {
-      throw err || new import_common39.UnauthorizedException();
+      throw err || new import_common42.UnauthorizedException();
     }
     return user;
   }
 };
-CombinedAuthGuard = __decorate65([
-  (0, import_common39.Injectable)(),
-  __metadata51("design:paramtypes", [
+CombinedAuthGuard = __decorate67([
+  (0, import_common42.Injectable)(),
+  __metadata52("design:paramtypes", [
     import_core.Reflector,
     MetadataService
   ])
 ], CombinedAuthGuard);
 // apps/api/dist/auth/auth.module.js
-var __decorate66 = function(decorators, target, key, desc) {
+var __decorate68 = function(decorators, target, key, desc) {
   var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
   if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
   else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
@@ -119264,8 +119755,8 @@ var __decorate66 = function(decorators, target, key, desc) {
 };
 var AuthModule = class AuthModule2 {
 };
-AuthModule = __decorate66([
-  (0, import_common40.Module)({
+AuthModule = __decorate68([
+  (0, import_common43.Module)({
     imports: [
       MetadataModule,
       import_passport4.PassportModule.register({ defaultStrategy: "jwt" }),
@@ -119282,22 +119773,17 @@ AuthModule = __decorate66([
   })
 ], AuthModule);
-// apps/api/dist/auth/decorators/roles.decorator.js
-var import_common41 = __toESM(require_common(), 1);
-var ROLES_KEY = "roles";
-var Roles = (...roles) => (0, import_common41.SetMetadata)(ROLES_KEY, roles);
 // apps/api/dist/auth/guards/jwt-auth.guard.js
-var import_common42 = __toESM(require_common(), 1);
+var import_common44 = __toESM(require_common(), 1);
 var import_core2 = __toESM(require_core3(), 1);
 var import_passport5 = __toESM(require_passport(), 1);
-var __decorate67 = function(decorators, target, key, desc) {
+var __decorate69 = function(decorators, target, key, desc) {
   var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
   if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
   else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
   return c > 3 && r && Object.defineProperty(target, key, r), r;
 };
-var __metadata52 = function(k, v) {
+var __metadata53 = function(k, v) {
   if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
 };
 var JwtAuthGuard = class JwtAuthGuard2 extends (0, import_passport5.AuthGuard)("jwt") {
@@ -119317,21 +119803,21 @@ var JwtAuthGuard = class JwtAuthGuard2 extends (0, import_passport5.AuthGuard)("
     return super.canActivate(context);
   }
 };
-JwtAuthGuard = __decorate67([
-  (0, import_common42.Injectable)(),
-  __metadata52("design:paramtypes", [import_core2.Reflector])
+JwtAuthGuard = __decorate69([
+  (0, import_common44.Injectable)(),
+  __metadata53("design:paramtypes", [import_core2.Reflector])
 ], JwtAuthGuard);
 // apps/api/dist/auth/guards/roles.guard.js
-var import_common43 = __toESM(require_common(), 1);
+var import_common45 = __toESM(require_common(), 1);
 var import_core3 = __toESM(require_core3(), 1);
-var __decorate68 = function(decorators, target, key, desc) {
+var __decorate70 = function(decorators, target, key, desc) {
   var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
   if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
   else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
   return c > 3 && r && Object.defineProperty(target, key, r), r;
 };
-var __metadata53 = function(k, v) {
+var __metadata54 = function(k, v) {
   if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
 };
 var RolesGuard = class RolesGuard2 {
@@ -119355,15 +119841,15 @@ var RolesGuard = class RolesGuard2 {
     return requiredRoles.includes(user.role);
   }
 };
-RolesGuard = __decorate68([
-  (0, import_common43.Injectable)(),
-  __metadata53("design:paramtypes", [import_core3.Reflector])
+RolesGuard = __decorate70([
+  (0, import_common45.Injectable)(),
+  __metadata54("design:paramtypes", [import_core3.Reflector])
 ], RolesGuard);
 // apps/api/dist/auth/guards/api-key.guard.js
-var import_common44 = __toESM(require_common(), 1);
+var import_common46 = __toESM(require_common(), 1);
 var import_passport6 = __toESM(require_passport(), 1);
-var __decorate69 = function(decorators, target, key, desc) {
+var __decorate71 = function(decorators, target, key, desc) {
   var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
   if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
   else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
@@ -119374,25 +119860,25 @@ var ApiKeyGuard = class ApiKeyGuard2 extends (0, import_passport6.AuthGuard)("ap
     return super.canActivate(context);
   }
 };
-ApiKeyGuard = __decorate69([
-  (0, import_common44.Injectable)()
+ApiKeyGuard = __decorate71([
+  (0, import_common46.Injectable)()
 ], ApiKeyGuard);
 // apps/api/dist/users/users.module.js
-var import_common47 = __toESM(require_common(), 1);
+var import_common49 = __toESM(require_common(), 1);
 // apps/api/dist/users/users.controller.js
-var import_common46 = __toESM(require_common(), 1);
+var import_common48 = __toESM(require_common(), 1);
 // apps/api/dist/users/users.service.js
-var import_common45 = __toESM(require_common(), 1);
-var __decorate70 = function(decorators, target, key, desc) {
+var import_common47 = __toESM(require_common(), 1);
+var __decorate72 = function(decorators, target, key, desc) {
   var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
   if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
   else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
   return c > 3 && r && Object.defineProperty(target, key, r), r;
 };
-var __metadata54 = function(k, v) {
+var __metadata55 = function(k, v) {
   if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
 };
 var UsersService = class UsersService2 {
@@ -119411,7 +119897,7 @@ var UsersService = class UsersService2 {
   updateUserRole(id, role) {
     const user = this.metadataService.userRepository.update(id, { role });
     if (!user) {
-      throw new import_common45.NotFoundException("User not found");
+      throw new import_common47.NotFoundException("User not found");
     }
     return this.sanitizeUser(user);
   }
@@ -119423,42 +119909,42 @@ var UsersService = class UsersService2 {
     return sanitized;
   }
 };
-UsersService = __decorate70([
-  (0, import_common45.Injectable)(),
-  __metadata54("design:paramtypes", [MetadataService])
+UsersService = __decorate72([
+  (0, import_common47.Injectable)(),
+  __metadata55("design:paramtypes", [MetadataService])
 ], UsersService);
 // apps/api/dist/users/dto/update-user-role.dto.js
 var import_class_validator28 = __toESM(require_cjs(), 1);
-var __decorate71 = function(decorators, target, key, desc) {
+var __decorate73 = function(decorators, target, key, desc) {
   var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
   if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
   else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
   return c > 3 && r && Object.defineProperty(target, key, r), r;
 };
-var __metadata55 = function(k, v) {
+var __metadata56 = function(k, v) {
   if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
 };
 var UpdateUserRoleDto = class {
   role;
 };
-__decorate71([
+__decorate73([
   (0, import_class_validator28.IsString)(),
   (0, import_class_validator28.IsIn)(["admin", "editor", "viewer"], { message: "Role must be admin, editor, or viewer" }),
-  __metadata55("design:type", String)
+  __metadata56("design:type", String)
 ], UpdateUserRoleDto.prototype, "role", void 0);
 // apps/api/dist/users/users.controller.js
-var __decorate72 = function(decorators, target, key, desc) {
+var __decorate74 = function(decorators, target, key, desc) {
   var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
   if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
   else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
   return c > 3 && r && Object.defineProperty(target, key, r), r;
 };
-var __metadata56 = function(k, v) {
+var __metadata57 = function(k, v) {
   if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
 };
-var __param13 = function(paramIndex, decorator) {
+var __param14 = function(paramIndex, decorator) {
   return function(target, key) {
     decorator(target, key, paramIndex);
   };
@@ -119476,13 +119962,13 @@ var UsersController = class UsersController2 {
   }
   async updateUserRole(userId, dto, currentUserId) {
     if (userId === currentUserId && dto.role !== "admin") {
-      throw new import_common46.ForbiddenException("Cannot demote yourself from admin");
+      throw new import_common48.ForbiddenException("Cannot demote yourself from admin");
     }
     return this.usersService.updateUserRole(userId, dto.role);
   }
   async deleteUser(userId, currentUserId) {
     if (userId === currentUserId) {
-      throw new import_common46.ForbiddenException("Cannot delete your own account");
+      throw new import_common48.ForbiddenException("Cannot delete your own account");
     }
     const deleted = await this.usersService.deleteUser(userId);
     return {
@@ -119491,48 +119977,48 @@ var UsersController = class UsersController2 {
     };
   }
 };
-__decorate72([
-  (0, import_common46.Get)(),
+__decorate74([
+  (0, import_common48.Get)(),
   Roles("admin"),
-  __metadata56("design:type", Function),
-  __metadata56("design:paramtypes", []),
-  __metadata56("design:returntype", Promise)
+  __metadata57("design:type", Function),
+  __metadata57("design:paramtypes", []),
+  __metadata57("design:returntype", Promise)
 ], UsersController.prototype, "getAllUsers", null);
-__decorate72([
-  (0, import_common46.Get)(":id"),
+__decorate74([
+  (0, import_common48.Get)(":id"),
   Roles("admin"),
-  __param13(0, (0, import_common46.Param)("id")),
-  __metadata56("design:type", Function),
-  __metadata56("design:paramtypes", [String]),
-  __metadata56("design:returntype", Promise)
+  __param14(0, (0, import_common48.Param)("id")),
+  __metadata57("design:type", Function),
+  __metadata57("design:paramtypes", [String]),
+  __metadata57("design:returntype", Promise)
 ], UsersController.prototype, "getUser", null);
-__decorate72([
-  (0, import_common46.Patch)(":id/role"),
+__decorate74([
+  (0, import_common48.Patch)(":id/role"),
   Roles("admin"),
-  __param13(0, (0, import_common46.Param)("id")),
-  __param13(1, (0, import_common46.Body)()),
-  __param13(2, CurrentUser("id")),
-  __metadata56("design:type", Function),
-  __metadata56("design:paramtypes", [String, UpdateUserRoleDto, String]),
-  __metadata56("design:returntype", Promise)
+  __param14(0, (0, import_common48.Param)("id")),
+  __param14(1, (0, import_common48.Body)()),
+  __param14(2, CurrentUser("id")),
+  __metadata57("design:type", Function),
+  __metadata57("design:paramtypes", [String, UpdateUserRoleDto, String]),
+  __metadata57("design:returntype", Promise)
 ], UsersController.prototype, "updateUserRole", null);
-__decorate72([
-  (0, import_common46.Delete)(":id"),
+__decorate74([
+  (0, import_common48.Delete)(":id"),
   Roles("admin"),
-  (0, import_common46.HttpCode)(import_common46.HttpStatus.OK),
-  __param13(0, (0, import_common46.Param)("id")),
-  __param13(1, CurrentUser("id")),
-  __metadata56("design:type", Function),
-  __metadata56("design:paramtypes", [String, String]),
-  __metadata56("design:returntype", Promise)
+  (0, import_common48.HttpCode)(import_common48.HttpStatus.OK),
+  __param14(0, (0, import_common48.Param)("id")),
+  __param14(1, CurrentUser("id")),
+  __metadata57("design:type", Function),
+  __metadata57("design:paramtypes", [String, String]),
+  __metadata57("design:returntype", Promise)
 ], UsersController.prototype, "deleteUser", null);
-UsersController = __decorate72([
-  (0, import_common46.Controller)("users"),
-  __metadata56("design:paramtypes", [UsersService])
+UsersController = __decorate74([
+  (0, import_common48.Controller)("users"),
+  __metadata57("design:paramtypes", [UsersService])
 ], UsersController);
 // apps/api/dist/users/users.module.js
-var __decorate73 = function(decorators, target, key, desc) {
+var __decorate75 = function(decorators, target, key, desc) {
   var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
   if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
   else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
@@ -119540,8 +120026,8 @@ var __decorate73 = function(decorators, target, key, desc) {
 };
 var UsersModule = class UsersModule2 {
 };
-UsersModule = __decorate73([
-  (0, import_common47.Module)({
+UsersModule = __decorate75([
+  (0, import_common49.Module)({
     imports: [MetadataModule],
     controllers: [UsersController],
     providers: [UsersService],
@@ -119550,7 +120036,7 @@ UsersModule = __decorate73([
 ], UsersModule);
 // apps/api/dist/app.module.js
-var __decorate74 = function(decorators, target, key, desc) {
+var __decorate76 = function(decorators, target, key, desc) {
   var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
   if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
   else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
@@ -119559,8 +120045,8 @@ var __decorate74 = function(decorators, target, key, desc) {
 var __dirname = fileURLToPath(new URL(".", import.meta.url));
 var AppModule = class AppModule2 {
 };
-AppModule = __decorate74([
-  (0, import_common48.Module)({
+AppModule = __decorate76([
+  (0, import_common50.Module)({
     imports: [
       // Serve static files from web build in production
       ...true ? [
@@ -119582,6 +120068,7 @@ AppModule = __decorate74([
       BackupModule,
       ServersModule,
       SettingsModule,
+      PreferencesModule,
       UsersModule
     ],
     providers: [
@@ -119604,13 +120091,13 @@ import * as fs6 from "node:fs";
 var __filename = fileURLToPath2(import.meta.url);
 var __dirname2 = path4.dirname(__filename);
 async function bootstrap() {
-  const logger = new import_common49.Logger("Bootstrap");
+  const logger = new import_common51.Logger("Bootstrap");
   const app = await import_core5.NestFactory.create(AppModule, {
     bodyParser: true
   });
   app.useBodyParser("json", { limit: "50mb" });
   app.useBodyParser("urlencoded", { limit: "50mb", extended: true });
-  app.useGlobalPipes(new import_common49.ValidationPipe({
+  app.useGlobalPipes(new import_common51.ValidationPipe({
     whitelist: true,
     // Strip properties not in DTO
     forbidNonWhitelisted: true,