diff --git a/.beads/export-state.json b/.beads/export-state.json
index 4212b19c..cd359e22 100644
--- a/.beads/export-state.json
+++ b/.beads/export-state.json
@@ -1 +1 @@
-{"last_dolt_commit":"gti423bd3bhcledmn7g16da4sho428d8","timestamp":"2026-04-23T20:46:24.660646-07:00","issues":51,"memories":0}
\ No newline at end of file
+{"last_dolt_commit":"seovg8a6i7ompl8m58c6ckvt5grfi0rl","timestamp":"2026-04-24T21:08:54.011323-07:00","issues":52,"memories":0}
\ No newline at end of file
diff --git a/.beads/issues.jsonl b/.beads/issues.jsonl
index 0e47bfc9..04c09f5b 100644
--- a/.beads/issues.jsonl
+++ b/.beads/issues.jsonl
@@ -12,19 +12,20 @@
 {"id":"stackpanel-os2.1","title":"Add Nix deployment output validation to flake checks","description":"The repo already exposes deployment-oriented flake outputs through nix/stackpanel/lib/deploy.nix and nix/flake/global-outputs.nix, but I could not find matching check coverage that forces broken nixosConfigurations / colmena wiring to fail before someone runs a real deploy. Add validation so deploy regressions are caught during normal flake checks and CI.","design":"Keep the deploy output path pure and reviewable; add checks in the flake/check layer rather than baking deploy-time behavior into runtime commands.","acceptance_criteria":"- nix flake check --impure validates the generated nixosConfigurations for configured machines (or an explicitly documented equivalent check)\n- Broken deploy module wiring fails before runtime deployment commands are attempted\n- Coverage includes unprovisioned-machine stubs vs provisioned hardware/disk layouts where relevant\n- Any added checks are documented near the flake output wiring","status":"closed","priority":1,"issue_type":"task","owner":"me@cooperm.com","created_at":"2026-03-28T15:02:34Z","created_by":"Cooper Maruyama","updated_at":"2026-03-28T20:19:29Z","closed_at":"2026-03-28T20:19:29Z","close_reason":"Superseded by pluggable-deploy-backends restructure. Work absorbed into new phase-based tasks. See openspec/changes/pluggable-deploy-backends/","external_ref":"https://linear.app/darkmatterlabs/issue/ENG-378","labels":["deployment"],"dependencies":[{"issue_id":"stackpanel-os2.1","depends_on_id":"stackpanel-os2","type":"parent-child","created_at":"2026-03-28T08:02:33Z","created_by":"Cooper Maruyama","metadata":"{}"}],"dependency_count":0,"dependent_count":2,"comment_count":0}
 {"id":"stackpanel-os2.2","title":"Finish structured deploy CLI flags and status output","description":"apps/stackpanel-go/cmd/cli/deploy.go currently supports basic app deploys with --dry-run plus human-readable status, but the design doc calls for env overrides, machine-readable output, and richer status metadata. Finish the command surface so deployment can run cleanly in CI and other tooling without scraping terminal text.","design":"Centralize deploy result formatting in deploy.go and keep non-interactive output first-class from the start.","acceptance_criteria":"- stackpanel deploy \u003capp\u003e supports --env to override deployment.defaultEnv\n- stackpanel deploy status [app] supports --json with stable machine-readable output\n- Success and failure paths include backend/target/env information without relying on TUI-only formatting\n- Add Go tests for flag resolution and JSON/status serialization","status":"closed","priority":1,"issue_type":"task","owner":"me@cooperm.com","created_at":"2026-03-28T15:02:34Z","created_by":"Cooper Maruyama","updated_at":"2026-03-28T20:19:29Z","closed_at":"2026-03-28T20:19:29Z","close_reason":"Superseded by pluggable-deploy-backends restructure. Work absorbed into new phase-based tasks. See openspec/changes/pluggable-deploy-backends/","external_ref":"https://linear.app/darkmatterlabs/issue/ENG-379","labels":["deployment"],"dependencies":[{"issue_id":"stackpanel-os2.2","depends_on_id":"stackpanel-os2","type":"parent-child","created_at":"2026-03-28T08:02:34Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-os2.2","depends_on_id":"stackpanel-os2.1","type":"blocks","created_at":"2026-03-28T08:02:38Z","created_by":"Cooper Maruyama","metadata":"{}"}],"dependency_count":1,"dependent_count":2,"comment_count":0}
 {"id":"stackpanel-os2","title":"Complete the deployment feature","description":"Deployment is partially implemented across Nix outputs, Go CLI commands, host-specific backends, docs, and the Studio deploy panel. The current repo has the core Nix scaffolding in nix/stackpanel/modules/deploy/module.nix and nix/stackpanel/lib/deploy.nix, app deploy/provision commands in apps/stackpanel-go/cmd/cli/{deploy,provision}.go, and a Colmena-centric UI in apps/web/src/components/studio/panels/deploy/deploy-panel.tsx. This epic tracks the remaining work needed to make deployment feel complete and coherent against docs/design/deploy-command.md and docs/design/provisioning.md.","design":"Use docs/design/deploy-command.md and docs/design/provisioning.md as the design source of truth, but scope child tasks to repo realities already present in code.","acceptance_criteria":"- Break remaining deployment work into executable child issues\n- Finish CLI, backend, provisioning, UI, and docs gaps\n- Land a validated end-to-end deployment story for NixOS machines and supported hosted backends","status":"closed","priority":1,"issue_type":"epic","owner":"me@cooperm.com","created_at":"2026-03-28T15:02:33Z","created_by":"Cooper Maruyama","updated_at":"2026-03-28T20:19:30Z","closed_at":"2026-03-28T20:19:30Z","close_reason":"all steps complete","external_ref":"https://linear.app/darkmatterlabs/issue/ENG-380","labels":["deployment"],"dependency_count":0,"dependent_count":0,"comment_count":0}
-{"id":"stackpanel-i5r","title":"Studio: Marketplace browse + install panel","description":"In-studio UI for discovering, purchasing, and installing modules.\n\n## Scope\n\n- apps/web/src/components/studio/panels/marketplace-panel.tsx\n- Sections: Featured, Official (stackpanel's own paid modules), Community, Installed\n- Listing detail view: README, versions, pricing, screenshots (MDX + images from the listing)\n- Install button: free → instant; paid → Polar checkout in a popup, webhook-driven refresh on return\n- Installed view: updates available, usage (if module reports it), remove\n- Calls into the CLI via agent-local endpoints for the actual install/uninstall (so studio doesn't need Nix directly)","acceptance_criteria":"- Browse renders paginated list with search\n- Listing detail shows full MDX description + pricing\n- Free install works without leaving the studio\n- Paid install flow completes end-to-end without manual reload","status":"open","priority":2,"issue_type":"task","owner":"me@cooperm.com","created_at":"2026-04-24T03:45:13Z","created_by":"Cooper Maruyama","updated_at":"2026-04-24T03:45:13Z","dependencies":[{"issue_id":"stackpanel-i5r","depends_on_id":"stackpanel-63e","type":"blocks","created_at":"2026-04-23T20:46:09Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-i5r","depends_on_id":"stackpanel-w3r","type":"blocks","created_at":"2026-04-23T20:46:10Z","created_by":"Cooper Maruyama","metadata":"{}"}],"dependency_count":2,"dependent_count":0,"comment_count":0}
-{"id":"stackpanel-24e","title":"Revenue accounting: gross / fee / developer net ledger","description":"Ledger that tracks every transaction with platform fee + developer share; source of truth for payouts and future reporting.\n\n## Scope\n\n- Drizzle table: revenue_event(id, license_id FK, event_type enum(purchase|renewal|refund|chargeback), gross_cents, fee_cents, developer_net_cents, currency, polar_event_id unique, occurred_at)\n- Derived view: developer_balance(user_id, module_slug, balance_cents, last_updated) — sum of developer_net_cents minus already-paid-out\n- Populated by the same Polar webhook handler as the license writes\n- Dashboard API: /api/me/revenue — current balance, monthly breakdown, per-module totals\n\n## Rules\n\n- Platform fee: 15% flat at MVP, calculated at write time (can change later without rewriting history)\n- Processing fee (~3%) absorbed from the 15% — developer always gets 85% of gross minus refunds\n- Refund: negative revenue_event, reduces balance\n- Chargeback: negative + lock payout temporarily (resolution flow is Phase 2)","acceptance_criteria":"- Every Polar webhook produces exactly one revenue_event (idempotent)\n- developer_balance view reconciles to sum of events\n- Refunds correctly decrement balance\n- Dashboard API returns accurate per-developer totals","status":"open","priority":2,"issue_type":"task","owner":"me@cooperm.com","created_at":"2026-04-24T03:45:08Z","created_by":"Cooper Maruyama","updated_at":"2026-04-24T03:45:08Z","dependencies":[{"issue_id":"stackpanel-24e","depends_on_id":"stackpanel-p4y","type":"blocks","created_at":"2026-04-23T20:46:08Z","created_by":"Cooper Maruyama","metadata":"{}"}],"dependency_count":1,"dependent_count":3,"comment_count":0}
-{"id":"stackpanel-w3r","title":"CLI: stackpanel install + Nix module resolver integration","description":"End-user install flow that adds a module to .stack/config.nix and wires it through the existing module system.\n\n## Scope\n\n### CLI (apps/stack-go)\n- stackpanel install \u003cslug\u003e[@version] — looks up in catalog, checks license (for paid), fetches signed tarball, unpacks to .stack/modules/\u003cslug\u003e/\u003cversion\u003e/, edits .stack/config.nix to add the module reference + version pin\n- stackpanel uninstall \u003cslug\u003e — removes pin; leaves unpacked tarball for potential rollback\n- stackpanel update \u003cslug\u003e — checks catalog for new versions, prompts to upgrade\n- Handles paid flow: if no license, opens Polar checkout URL in browser, waits for webhook to create license, then continues install\n\n### Nix integration\n- New option: stack.modules.install = [ { slug = '...'; version = '...'; source = './path or fetchTarball'; } ];\n- Resolver: if source points to .stack/modules/\u003cslug\u003e/\u003cversion\u003e/, import the module's module.nix and merge into config\n- Auto-detection from .stack/modules/ dir as fallback\n\n## Why CLI-first\n\nStudio panel can come later — CLI covers CI + power users today.","acceptance_criteria":"- stackpanel install \u003cfree-slug\u003e works end-to-end\n- stackpanel install \u003cpaid-slug\u003e launches checkout, completes install post-purchase\n- Installed module's options appear under stack.modules.\u003cslug\u003e in the config\n- stackpanel uninstall cleanly reverts config.nix","status":"open","priority":2,"issue_type":"task","owner":"me@cooperm.com","created_at":"2026-04-24T03:45:00Z","created_by":"Cooper Maruyama","updated_at":"2026-04-24T03:45:00Z","dependencies":[{"issue_id":"stackpanel-w3r","depends_on_id":"stackpanel-89x","type":"blocks","created_at":"2026-04-23T20:46:07Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-w3r","depends_on_id":"stackpanel-qij","type":"blocks","created_at":"2026-04-23T20:46:08Z","created_by":"Cooper Maruyama","metadata":"{}"}],"dependency_count":2,"dependent_count":2,"comment_count":0}
-{"id":"stackpanel-qij","title":"Module tarball signing + verification","description":"Ed25519 signatures on module tarballs so installers can verify authorship + integrity without trusting the distribution CDN.\n\n## Scope\n\n### Publishing side (dev portal)\n- Module author uploads tarball; cloud API signs it with platform key (MVP) OR author brings own signing key (Phase 2 with KYC)\n- Store signature + public key id in module_version.signature\n- Tarball hosted on R2/S3 with signed URLs\n\n### Verification side\n- Agent/CLI: on stackpanel install, fetch manifest + tarball, verify signature against catalog's published public key\n- Refuse install on signature mismatch with clear error\n- Nix side: evaluate tarball as a flake input with 'narHash' pin (Nix's own integrity check) once extracted — belt + suspenders\n\n## Why signing even with HTTPS\n\n- Defends against CDN compromise or MITM on corporate proxies\n- Enables offline-verifiable attestation of who published what\n- Precondition for any automated-update flow","acceptance_criteria":"- All published versions have a valid signature\n- CLI install refuses on signature mismatch (tested with a tampered tarball)\n- Signature check adds \u003c 500ms to install flow","status":"open","priority":2,"issue_type":"task","owner":"me@cooperm.com","created_at":"2026-04-24T03:44:51Z","created_by":"Cooper Maruyama","updated_at":"2026-04-24T03:44:51Z","dependencies":[{"issue_id":"stackpanel-qij","depends_on_id":"stackpanel-63e","type":"blocks","created_at":"2026-04-23T20:46:06Z","created_by":"Cooper Maruyama","metadata":"{}"}],"dependency_count":1,"dependent_count":2,"comment_count":0}
-{"id":"stackpanel-89x","title":"Module license + workspace entitlements","description":"License record granting a workspace the right to install a specific module (+ seats).\n\n## Scope\n\n- Drizzle tables:\n  - module_license(id, listing_id FK, workspace_id FK, polar_subscription_id | polar_order_id, status enum(active|canceled|expired|refunded), seats int default 1, activated_at, expires_at nullable)\n  - module_license_event(id, license_id FK, event_type, polar_event_id unique, payload_json, created_at) — audit log\n- tRPC:\n  - modules.listLicenses(workspace_id) — what this workspace owns\n  - modules.verifyLicense(slug, workspace_id) → { valid, reason?, expires_at? } (called by CLI + agent)\n- Capability JWT emission (reuses stackpanel-0bt infra): when agent requests a capability token, include 'modules': [{slug, version_pin}] in claims for all active licenses\n- License inheritance across workspace forks / preview stages — TBD, default to no inheritance\n\n## Enforcement touchpoints\n\n- stackpanel install \u003cslug\u003e — CLI checks license before adding pin\n- Shell entry — agent re-verifies licenses on devshell entry for installed paid modules; warns on lapsed\n- Module-provided cloud endpoints — receive capability JWT, check 'modules' claim","acceptance_criteria":"- License auto-created on Polar webhook\n- verifyLicense correctly reflects active/expired/refunded states\n- Capability tokens include per-license claims\n- stackpanel install refuses without a valid license","status":"open","priority":2,"issue_type":"task","owner":"me@cooperm.com","created_at":"2026-04-24T03:44:43Z","created_by":"Cooper Maruyama","updated_at":"2026-04-24T03:44:43Z","dependencies":[{"issue_id":"stackpanel-89x","depends_on_id":"stackpanel-0bt","type":"blocks","created_at":"2026-04-23T20:46:05Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-89x","depends_on_id":"stackpanel-63e","type":"blocks","created_at":"2026-04-23T20:46:03Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-89x","depends_on_id":"stackpanel-9uo","type":"blocks","created_at":"2026-04-23T20:46:05Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-89x","depends_on_id":"stackpanel-p4y","type":"blocks","created_at":"2026-04-23T20:46:04Z","created_by":"Cooper Maruyama","metadata":"{}"}],"dependency_count":4,"dependent_count":2,"comment_count":0}
-{"id":"stackpanel-p4y","title":"Polar integration: module products + checkout","description":"Wire each paid module's pricing to a Polar product; buy → checkout → webhook creates license.\n\n## Scope\n\n- When a module pricing row is created with model != 'free': auto-create a Polar product via @polar-sh SDK (one_time → product without interval; subscription → product with interval). Store polar_product_id in module_pricing.\n- tRPC procedure: modules.checkout(slug, workspace_id) → returns Polar checkout URL. Called by studio/CLI.\n- Polar webhook handler (packages/api/src/routes/webhooks/polar.ts):\n  - subscription.active / order.paid → create module_license row\n  - subscription.canceled / order.refunded → mark license inactive\n  - Idempotent on Polar event id\n- Success redirect to studio marketplace panel with a 'Installed' flow\n\n## Notes\n\n- Separate Polar products per module so fee accounting is clean and developers can see per-product revenue in Polar dashboard once they're onboarded\n- Use Polar test env for dev; wire real keys via .stack/secrets/vars/common.sops.yaml","acceptance_criteria":"- Free modules skip Polar entirely\n- Paid module checkout returns a working Polar URL\n- Purchase → webhook → license row appears within 10s\n- Refund → license marked inactive; install command refuses","status":"open","priority":2,"issue_type":"task","owner":"me@cooperm.com","created_at":"2026-04-24T03:44:34Z","created_by":"Cooper Maruyama","updated_at":"2026-04-24T03:44:34Z","dependencies":[{"issue_id":"stackpanel-p4y","depends_on_id":"stackpanel-63e","type":"blocks","created_at":"2026-04-23T20:46:03Z","created_by":"Cooper Maruyama","metadata":"{}"}],"dependency_count":1,"dependent_count":2,"comment_count":0}
+{"id":"stackpanel-dh5","title":"docs.stackpanel.com production deploy throws CF 1101 at runtime","description":"Background: cloud-gate-foundation upgraded alchemy-effect 0.9.0 → 0.12.0. apps/web deploys cleanly to local.stackpanel.com. apps/docs production deploy succeeds at the CF API level but every request returns CF error 1101 (Worker exception).\n\nWhat was tried (all merged in feat/cloud-gate-foundation, all still 1101):\n1. Added `--yes` to the deploy step so the React-based Plan UI is skipped (this fixed a separate Symbol.toPrimitive bug; deploy now reaches the upload phase)\n2. Pass full assets config object {directory, config:{notFoundHandling, htmlHandling, runWorkerFirst}} to mirror apps/docs/wrangler.jsonc — alchemy default for bare-string `assets:` was wrong\n3. Pass `isExternal: true` to skip alchemy bootstrap that otherwise wraps `main` in `Layer.effect(tag, entry).asEffect()` — OpenNext exports plain `{ fetch }` shape\n\nBundle size from the upload phase: 40.62 MB unminified. CF Workers Standard limit is 10 MB compressed; 40 MB raw is at the edge.\n\nLikely root cause (untested): rolldown bundle of OpenNext.worker.js inlines the dynamic `import(\"./server-functions/default/handler.mjs\")` instead of preserving as a chunk, producing one oversized file that workerd refuses to fully load. wrangler deploy handles this differently (preserves chunks).\n\nPossible directions:\n- Split via rolldown output options on alchemy side (would require alchemy upstream change)\n- Use a Build resource pattern to feed alchemy a pre-built bundle and skip rolldown entirely\n- Leave docs on plain wrangler deploy (revert alchemy.run.ts for docs) until alchemy ships native OpenNext support\n\napps/web deploys via Cloudflare.Vite which uses viteBuild instead of prepareBundle — that path works.","notes":"Update 2026-04-24 (got CF token with workers tail scope from himitsu cloudflare-api-token):\n\nCaptured the original 1101 root cause via tail:\n  No such module \"node:perf_hooks\". imported from \"handler-BwC-NBMH.js\"\n\nFixed by bumping compatibility_date to 2026-03-17 (commit on feat/cloud-gate-foundation). That date is when CF promoted node:perf_hooks to a native module — earlier dates make unenv try to polyfill it, but the polyfill itself does `import \"node:perf_hooks\"` so it cant substitute itself in a chunked bundle.\n\nAfter fix: docs.stackpanel.com homepage returns 200, but /docs/* routes return 500 with a different exception:\n  Failed to load external module shiki-db8d315635eb368c/core\n\nRoot cause (different bug): rolldown bundles props.main but Cloudflare Worker config has `unresolvedImport: false` (alchemy-effect/src/Cloudflare/Workers/Worker.ts:715). When OpenNext’s middleware/handler imports its own pre-bundled chunks like `shiki-db8d315635eb368c/core`, rolldown silences the unresolved-import warning, leaves the import literal, and the deployed worker fails to dynamic-import that module name at runtime.\n\nWorkaround paths:\n- Drop alchemy for apps/docs and revert to `wrangler deploy` (the previous wrangler.jsonc approach). Trade-off: lose declarative cert/DNS, but unblocks docs.\n- Patch alchemy/distilled.cloud rolldown plugin to NOT silence unresolved imports (would surface the issue at build time) and bundle shiki inline.\n- Pre-process .open-next/ output before passing to alchemy so all chunks are inlined into a single file.\n\nRecommend option 1 for now and revisit when alchemy adds a no-bundle / pass-through mode for `main`.","status":"open","priority":2,"issue_type":"bug","owner":"me@cooperm.com","created_at":"2026-04-25T03:20:41Z","created_by":"Cooper Maruyama","updated_at":"2026-04-25T04:08:54Z","dependency_count":0,"dependent_count":0,"comment_count":0}
+{"id":"stackpanel-i5r","title":"Studio: Marketplace browse + install panel","description":"In-studio UI for discovering, purchasing, and installing modules.\n\n## Scope\n\n- apps/web/src/components/studio/panels/marketplace-panel.tsx\n- Sections: Featured, Official (stackpanel's own paid modules), Community, Installed\n- Listing detail view: README, versions, pricing, screenshots (MDX + images from the listing)\n- Install button: free → instant; paid → Polar checkout in a popup, webhook-driven refresh on return\n- Installed view: updates available, usage (if module reports it), remove\n- Calls into the CLI via agent-local endpoints for the actual install/uninstall (so studio doesn't need Nix directly)","acceptance_criteria":"- Browse renders paginated list with search\n- Listing detail shows full MDX description + pricing\n- Free install works without leaving the studio\n- Paid install flow completes end-to-end without manual reload","status":"open","priority":2,"issue_type":"task","owner":"me@cooperm.com","created_at":"2026-04-24T03:45:13Z","created_by":"Cooper Maruyama","updated_at":"2026-04-24T03:45:13Z","dependencies":[{"issue_id":"stackpanel-i5r","depends_on_id":"stackpanel-63e","type":"blocks","created_at":"2026-04-23T20:46:09Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-i5r","depends_on_id":"stackpanel-w3r","type":"blocks","created_at":"2026-04-23T20:46:10Z","created_by":"Cooper Maruyama","metadata":"{}"}],"dependency_count":2,"dependent_count":1,"comment_count":0}
+{"id":"stackpanel-24e","title":"Revenue accounting: gross / fee / developer net ledger","description":"Ledger that tracks every transaction with platform fee + developer share; source of truth for payouts and future reporting.\n\n## Scope\n\n- Drizzle table: revenue_event(id, license_id FK, event_type enum(purchase|renewal|refund|chargeback), gross_cents, fee_cents, developer_net_cents, currency, polar_event_id unique, occurred_at)\n- Derived view: developer_balance(user_id, module_slug, balance_cents, last_updated) — sum of developer_net_cents minus already-paid-out\n- Populated by the same Polar webhook handler as the license writes\n- Dashboard API: /api/me/revenue — current balance, monthly breakdown, per-module totals\n\n## Rules\n\n- Platform fee: 15% flat at MVP, calculated at write time (can change later without rewriting history)\n- Processing fee (~3%) absorbed from the 15% — developer always gets 85% of gross minus refunds\n- Refund: negative revenue_event, reduces balance\n- Chargeback: negative + lock payout temporarily (resolution flow is Phase 2)","acceptance_criteria":"- Every Polar webhook produces exactly one revenue_event (idempotent)\n- developer_balance view reconciles to sum of events\n- Refunds correctly decrement balance\n- Dashboard API returns accurate per-developer totals","status":"open","priority":2,"issue_type":"task","owner":"me@cooperm.com","created_at":"2026-04-24T03:45:08Z","created_by":"Cooper Maruyama","updated_at":"2026-04-24T03:45:08Z","dependencies":[{"issue_id":"stackpanel-24e","depends_on_id":"stackpanel-p4y","type":"blocks","created_at":"2026-04-23T20:46:08Z","created_by":"Cooper Maruyama","metadata":"{}"}],"dependency_count":1,"dependent_count":4,"comment_count":0}
+{"id":"stackpanel-w3r","title":"CLI: stackpanel install + Nix module resolver integration","description":"End-user install flow that adds a module to .stack/config.nix and wires it through the existing module system.\n\n## Scope\n\n### CLI (apps/stack-go)\n- stackpanel install \u003cslug\u003e[@version] — looks up in catalog, checks license (for paid), fetches signed tarball, unpacks to .stack/modules/\u003cslug\u003e/\u003cversion\u003e/, edits .stack/config.nix to add the module reference + version pin\n- stackpanel uninstall \u003cslug\u003e — removes pin; leaves unpacked tarball for potential rollback\n- stackpanel update \u003cslug\u003e — checks catalog for new versions, prompts to upgrade\n- Handles paid flow: if no license, opens Polar checkout URL in browser, waits for webhook to create license, then continues install\n\n### Nix integration\n- New option: stack.modules.install = [ { slug = '...'; version = '...'; source = './path or fetchTarball'; } ];\n- Resolver: if source points to .stack/modules/\u003cslug\u003e/\u003cversion\u003e/, import the module's module.nix and merge into config\n- Auto-detection from .stack/modules/ dir as fallback\n\n## Why CLI-first\n\nStudio panel can come later — CLI covers CI + power users today.","acceptance_criteria":"- stackpanel install \u003cfree-slug\u003e works end-to-end\n- stackpanel install \u003cpaid-slug\u003e launches checkout, completes install post-purchase\n- Installed module's options appear under stack.modules.\u003cslug\u003e in the config\n- stackpanel uninstall cleanly reverts config.nix","status":"open","priority":2,"issue_type":"task","owner":"me@cooperm.com","created_at":"2026-04-24T03:45:00Z","created_by":"Cooper Maruyama","updated_at":"2026-04-24T03:45:00Z","dependencies":[{"issue_id":"stackpanel-w3r","depends_on_id":"stackpanel-89x","type":"blocks","created_at":"2026-04-23T20:46:07Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-w3r","depends_on_id":"stackpanel-qij","type":"blocks","created_at":"2026-04-23T20:46:08Z","created_by":"Cooper Maruyama","metadata":"{}"}],"dependency_count":2,"dependent_count":3,"comment_count":0}
+{"id":"stackpanel-qij","title":"Module tarball signing + verification","description":"Ed25519 signatures on module tarballs so installers can verify authorship + integrity without trusting the distribution CDN.\n\n## Scope\n\n### Publishing side (dev portal)\n- Module author uploads tarball; cloud API signs it with platform key (MVP) OR author brings own signing key (Phase 2 with KYC)\n- Store signature + public key id in module_version.signature\n- Tarball hosted on R2/S3 with signed URLs\n\n### Verification side\n- Agent/CLI: on stackpanel install, fetch manifest + tarball, verify signature against catalog's published public key\n- Refuse install on signature mismatch with clear error\n- Nix side: evaluate tarball as a flake input with 'narHash' pin (Nix's own integrity check) once extracted — belt + suspenders\n\n## Why signing even with HTTPS\n\n- Defends against CDN compromise or MITM on corporate proxies\n- Enables offline-verifiable attestation of who published what\n- Precondition for any automated-update flow","acceptance_criteria":"- All published versions have a valid signature\n- CLI install refuses on signature mismatch (tested with a tampered tarball)\n- Signature check adds \u003c 500ms to install flow","status":"open","priority":2,"issue_type":"task","owner":"me@cooperm.com","created_at":"2026-04-24T03:44:51Z","created_by":"Cooper Maruyama","updated_at":"2026-04-24T03:44:51Z","dependencies":[{"issue_id":"stackpanel-qij","depends_on_id":"stackpanel-63e","type":"blocks","created_at":"2026-04-23T20:46:06Z","created_by":"Cooper Maruyama","metadata":"{}"}],"dependency_count":1,"dependent_count":3,"comment_count":0}
+{"id":"stackpanel-89x","title":"Module license + workspace entitlements","description":"License record granting a workspace the right to install a specific module (+ seats).\n\n## Scope\n\n- Drizzle tables:\n  - module_license(id, listing_id FK, workspace_id FK, polar_subscription_id | polar_order_id, status enum(active|canceled|expired|refunded), seats int default 1, activated_at, expires_at nullable)\n  - module_license_event(id, license_id FK, event_type, polar_event_id unique, payload_json, created_at) — audit log\n- tRPC:\n  - modules.listLicenses(workspace_id) — what this workspace owns\n  - modules.verifyLicense(slug, workspace_id) → { valid, reason?, expires_at? } (called by CLI + agent)\n- Capability JWT emission (reuses stackpanel-0bt infra): when agent requests a capability token, include 'modules': [{slug, version_pin}] in claims for all active licenses\n- License inheritance across workspace forks / preview stages — TBD, default to no inheritance\n\n## Enforcement touchpoints\n\n- stackpanel install \u003cslug\u003e — CLI checks license before adding pin\n- Shell entry — agent re-verifies licenses on devshell entry for installed paid modules; warns on lapsed\n- Module-provided cloud endpoints — receive capability JWT, check 'modules' claim","acceptance_criteria":"- License auto-created on Polar webhook\n- verifyLicense correctly reflects active/expired/refunded states\n- Capability tokens include per-license claims\n- stackpanel install refuses without a valid license","status":"open","priority":2,"issue_type":"task","owner":"me@cooperm.com","created_at":"2026-04-24T03:44:43Z","created_by":"Cooper Maruyama","updated_at":"2026-04-24T03:44:43Z","dependencies":[{"issue_id":"stackpanel-89x","depends_on_id":"stackpanel-0bt","type":"blocks","created_at":"2026-04-23T20:46:05Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-89x","depends_on_id":"stackpanel-63e","type":"blocks","created_at":"2026-04-23T20:46:03Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-89x","depends_on_id":"stackpanel-9uo","type":"blocks","created_at":"2026-04-23T20:46:05Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-89x","depends_on_id":"stackpanel-p4y","type":"blocks","created_at":"2026-04-23T20:46:04Z","created_by":"Cooper Maruyama","metadata":"{}"}],"dependency_count":4,"dependent_count":3,"comment_count":0}
+{"id":"stackpanel-p4y","title":"Polar integration: module products + checkout","description":"Wire each paid module's pricing to a Polar product; buy → checkout → webhook creates license.\n\n## Scope\n\n- When a module pricing row is created with model != 'free': auto-create a Polar product via @polar-sh SDK (one_time → product without interval; subscription → product with interval). Store polar_product_id in module_pricing.\n- tRPC procedure: modules.checkout(slug, workspace_id) → returns Polar checkout URL. Called by studio/CLI.\n- Polar webhook handler (packages/api/src/routes/webhooks/polar.ts):\n  - subscription.active / order.paid → create module_license row\n  - subscription.canceled / order.refunded → mark license inactive\n  - Idempotent on Polar event id\n- Success redirect to studio marketplace panel with a 'Installed' flow\n\n## Notes\n\n- Separate Polar products per module so fee accounting is clean and developers can see per-product revenue in Polar dashboard once they're onboarded\n- Use Polar test env for dev; wire real keys via .stack/secrets/vars/common.sops.yaml","acceptance_criteria":"- Free modules skip Polar entirely\n- Paid module checkout returns a working Polar URL\n- Purchase → webhook → license row appears within 10s\n- Refund → license marked inactive; install command refuses","status":"open","priority":2,"issue_type":"task","owner":"me@cooperm.com","created_at":"2026-04-24T03:44:34Z","created_by":"Cooper Maruyama","updated_at":"2026-04-24T03:44:34Z","dependencies":[{"issue_id":"stackpanel-p4y","depends_on_id":"stackpanel-63e","type":"blocks","created_at":"2026-04-23T20:46:03Z","created_by":"Cooper Maruyama","metadata":"{}"}],"dependency_count":1,"dependent_count":3,"comment_count":0}
 {"id":"stackpanel-63e","title":"Module catalog: Drizzle schema + tRPC search/list","description":"Foundation data model for the marketplace.\n\n## Scope\n\n- Drizzle tables:\n  - module_listing(id, slug, name, summary, description_md, author_user_id, status enum(draft|pending|approved|rejected|deprecated), category, created_at)\n  - module_version(id, listing_id FK, version semver, tarball_url, signature, manifest_json, released_at)\n  - module_pricing(listing_id FK, model enum(free|one_time|subscription), price_cents, interval enum(month|year|null), polar_product_id, active bool)\n- tRPC router packages/api/src/routers/modules.ts\n  - modules.list({ category?, q?, cursor? }) — public, paginated\n  - modules.get(slug) — public, returns listing + latest version + pricing\n  - modules.listVersions(slug) — public\n- Slug validation + reserved-word list (prevent 'stack', 'stackpanel', 'official', etc. without admin flag)\n- Seed script with 3 stub listings for local dev\n\n## Why first\n\nEvery other marketplace task depends on this catalog existing.","acceptance_criteria":"- Drizzle migration applied cleanly\n- modules.list returns paginated results with search\n- modules.get returns a full listing with pricing + latest version\n- Reserved slugs cannot be used outside admin","status":"open","priority":2,"issue_type":"task","owner":"me@cooperm.com","created_at":"2026-04-24T03:44:27Z","created_by":"Cooper Maruyama","updated_at":"2026-04-24T03:44:27Z","dependency_count":0,"dependent_count":6,"comment_count":0}
-{"id":"stackpanel-b86","title":"Premium modules marketplace","description":"Epic: enable third-party developers to publish paid modules to the extension registry; users install/purchase from the studio or CLI; revenue flows to the developer minus a platform fee.\n\n## Scope\n\n- Catalog API, listings, search (free + paid in one lane)\n- Polar-backed checkout for one-time + subscription pricing\n- Per-workspace licensing with team seats\n- Signed module tarballs, verification at install/shell-entry\n- Developer portal for submitting and managing listings\n- Revenue accounting + payout rails (Polar Connect / Stripe Connect)\n- Manual review workflow at MVP; automated Nix static analysis later\n- Studio 'Marketplace' browse panel; 'stackpanel install \u003cmodule\u003e' CLI\n- Integrates with existing stack.modules option + nix/stack/modules/ auto-discovery\n\n## Economics\n\n- 15% platform fee (developer receives 85% net of processing)\n- Processing (~3%) absorbed from the 15%, not the developer's share\n- USD first; multi-currency later via Polar\n- Monthly payout minimum (TBD — $50? $100?)\n\n## Trust \u0026 safety\n\n- Nix modules can execute arbitrary build code. MVP = curated launch partners + manual review + signed tarballs required.\n- Phase 2 = automated static analysis for IFD, impure builtins, network calls outside known registries\n- Phase 3 = restricted 'pure' DSL for modules that want a verification badge\n\n## Relationship to other work\n\n- Depends on stackpanel-9uo (protectedPaidProcedure middleware) — reuses the same gate pattern\n- Benefits from stackpanel-0bt (capability JWT) for shell-entry license checks\n- Module catalog shares DB with @stack/db; uses same Polar + Better-Auth plumbing\n\n## Open questions (resolve before Phase 1 ships)\n\n1. Platform fee: 15% sticker, or tiered (higher cut for top sellers / lower for new devs)?\n2. Price floor/ceiling on one-time purchases?\n3. Annual subscription discount rate?\n4. Refund policy — 14-day hard return, or author discretion?\n5. Licensing across workspace forks + preview deploys — each needs its own seat or shared?\n6. Stackpanel's own paid modules (Hosted State, AI) — same catalog or separate 'Official' tier?\n\n## Phasing\n\n- **Phase 1 (MVP)**: curated launch, ~5 partner modules, manual payouts, honor-system + signature verification\n- **Phase 2**: self-serve dev portal, Polar Connect payouts, usage-metered pricing, automated static analysis\n- **Phase 3**: restricted DSL, plugin quality badges, bundled 'collections' pricing","acceptance_criteria":"- Developers can publish a paid module via dev portal and receive payouts\n- Users can discover, purchase, and install paid modules from studio + CLI\n- Per-workspace licensing enforced; non-licensed workspaces cannot install paid modules\n- Revenue accounting tracks gross, platform fee, and developer net\n- Signed tarballs verified at install; unsigned/invalid → refuse\n- Curated launch with ≥3 partner modules shipped","status":"open","priority":2,"issue_type":"feature","owner":"me@cooperm.com","created_at":"2026-04-24T03:44:16Z","created_by":"Cooper Maruyama","updated_at":"2026-04-24T03:44:16Z","dependencies":[{"issue_id":"stackpanel-b86","depends_on_id":"stackpanel-63e","type":"blocks","created_at":"2026-04-23T20:46:24Z","created_by":"Cooper Maruyama","metadata":"{}"}],"dependency_count":1,"dependent_count":0,"comment_count":0}
+{"id":"stackpanel-b86","title":"Premium modules marketplace","description":"Epic: enable third-party developers to publish paid modules to the extension registry; users install/purchase from the studio or CLI; revenue flows to the developer minus a platform fee.\n\n## Scope\n\n- Catalog API, listings, search (free + paid in one lane)\n- Polar-backed checkout for one-time + subscription pricing\n- Per-workspace licensing with team seats\n- Signed module tarballs, verification at install/shell-entry\n- Developer portal for submitting and managing listings\n- Revenue accounting + payout rails (Polar Connect / Stripe Connect)\n- Manual review workflow at MVP; automated Nix static analysis later\n- Studio 'Marketplace' browse panel; 'stackpanel install \u003cmodule\u003e' CLI\n- Integrates with existing stack.modules option + nix/stack/modules/ auto-discovery\n\n## Economics\n\n- 15% platform fee (developer receives 85% net of processing)\n- Processing (~3%) absorbed from the 15%, not the developer's share\n- USD first; multi-currency later via Polar\n- Monthly payout minimum (TBD — $50? $100?)\n\n## Trust \u0026 safety\n\n- Nix modules can execute arbitrary build code. MVP = curated launch partners + manual review + signed tarballs required.\n- Phase 2 = automated static analysis for IFD, impure builtins, network calls outside known registries\n- Phase 3 = restricted 'pure' DSL for modules that want a verification badge\n\n## Relationship to other work\n\n- Depends on stackpanel-9uo (protectedPaidProcedure middleware) — reuses the same gate pattern\n- Benefits from stackpanel-0bt (capability JWT) for shell-entry license checks\n- Module catalog shares DB with @stack/db; uses same Polar + Better-Auth plumbing\n\n## Open questions (resolve before Phase 1 ships)\n\n1. Platform fee: 15% sticker, or tiered (higher cut for top sellers / lower for new devs)?\n2. Price floor/ceiling on one-time purchases?\n3. Annual subscription discount rate?\n4. Refund policy — 14-day hard return, or author discretion?\n5. Licensing across workspace forks + preview deploys — each needs its own seat or shared?\n6. Stackpanel's own paid modules (Hosted State, AI) — same catalog or separate 'Official' tier?\n\n## Phasing\n\n- **Phase 1 (MVP)**: curated launch, ~5 partner modules, manual payouts, honor-system + signature verification\n- **Phase 2**: self-serve dev portal, Polar Connect payouts, usage-metered pricing, automated static analysis\n- **Phase 3**: restricted DSL, plugin quality badges, bundled 'collections' pricing","acceptance_criteria":"- Developers can publish a paid module via dev portal and receive payouts\n- Users can discover, purchase, and install paid modules from studio + CLI\n- Per-workspace licensing enforced; non-licensed workspaces cannot install paid modules\n- Revenue accounting tracks gross, platform fee, and developer net\n- Signed tarballs verified at install; unsigned/invalid → refuse\n- Curated launch with ≥3 partner modules shipped","status":"open","priority":2,"issue_type":"feature","owner":"me@cooperm.com","created_at":"2026-04-24T03:44:16Z","created_by":"Cooper Maruyama","updated_at":"2026-04-24T03:44:16Z","dependencies":[{"issue_id":"stackpanel-b86","depends_on_id":"stackpanel-02c","type":"blocks","created_at":"2026-04-23T20:46:30Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-b86","depends_on_id":"stackpanel-24e","type":"blocks","created_at":"2026-04-23T20:46:28Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-b86","depends_on_id":"stackpanel-3vi","type":"blocks","created_at":"2026-04-23T20:46:31Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-b86","depends_on_id":"stackpanel-63e","type":"blocks","created_at":"2026-04-23T20:46:24Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-b86","depends_on_id":"stackpanel-89x","type":"blocks","created_at":"2026-04-23T20:46:26Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-b86","depends_on_id":"stackpanel-c7t","type":"blocks","created_at":"2026-04-23T20:46:29Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-b86","depends_on_id":"stackpanel-i5r","type":"blocks","created_at":"2026-04-23T20:46:29Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-b86","depends_on_id":"stackpanel-l1q","type":"blocks","created_at":"2026-04-23T20:46:31Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-b86","depends_on_id":"stackpanel-p4y","type":"blocks","created_at":"2026-04-23T20:46:25Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-b86","depends_on_id":"stackpanel-qij","type":"blocks","created_at":"2026-04-23T20:46:26Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-b86","depends_on_id":"stackpanel-tvv","type":"blocks","created_at":"2026-04-23T20:46:32Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-b86","depends_on_id":"stackpanel-w3r","type":"blocks","created_at":"2026-04-23T20:46:27Z","created_by":"Cooper Maruyama","metadata":"{}"}],"dependency_count":12,"dependent_count":0,"comment_count":0}
 {"id":"stackpanel-0bt","title":"Capability JWT: issuance endpoint + agent-side verifier","description":"Short-lived signed JWT from cloud API embedding plan claims, verified by Go agent before unlocking gated commands.\n\n## Scope\n\n### Cloud side (packages/api)\n- POST /api/capability/issue → returns { token, expiresAt }\n- Payload: { sub: userId, workspace_id, plan, seats, exp: now+1h, iss: api.stackpanel.com }\n- Signed with Ed25519; public key checked into repo + embedded in agent binary\n- Private key in AWS SSM (follows existing secret pattern)\n\n### Agent side (apps/stack-go)\n- New middleware capability.Verify that reads X-Stackpanel-Capability header\n- Verifies Ed25519 signature against embedded public key\n- On success: injects plan claims into request context\n- On expiry/invalid: 401 with clear error\n\n### Studio side (apps/web)\n- AgentProvider fetches capability token on login, refreshes 5min before expiry\n- Passes as header on every agent request\n\n## Scope note\n\nThis is defense in depth. Primary gating is server-side (the tRPC middleware). Capability JWT matters only for local-only features we'll gate later (e.g., Pro UI panels).","acceptance_criteria":"- Pro-tier user successfully obtains and refreshes capability tokens\n- Agent rejects requests without valid capability on gated endpoints\n- Token expiry triggers clean refresh (no visible interruption in studio)\n- Agent's embedded public key loaded at build time, verified with a unit test","status":"open","priority":2,"issue_type":"task","owner":"me@cooperm.com","created_at":"2026-04-24T03:41:23Z","created_by":"Cooper Maruyama","updated_at":"2026-04-24T03:41:23Z","dependencies":[{"issue_id":"stackpanel-0bt","depends_on_id":"stackpanel-9uo","type":"blocks","created_at":"2026-04-23T20:42:09Z","created_by":"Cooper Maruyama","metadata":"{}"}],"dependency_count":1,"dependent_count":2,"comment_count":0}
-{"id":"stackpanel-9dq","title":"HostedStateStore adapter for alchemy-effect","description":"Implement alchemy-effect's StateStore interface backed by the cloud tRPC router.\n\n## Scope\n\n- packages/infra/src/state/HostedStateStore.ts\n- Implements the StateStore contract from alchemy-effect/State (get/put/list/delete)\n- Uses @trpc/client with httpBatchLink pointed at api.stackpanel.com, Bearer auth via ALCHEMY_STATE_TOKEN\n- Retries (Effect.retry with exponential backoff) for transient 5xx, not for 4xx\n- Structured error mapping so alchemy's UX shows 'Subscription required' on 402 instead of a cryptic stack trace\n- Feature flag via env: STACKPANEL_STATE_BACKEND=hosted|local; default local\n\n## Integration\n\n- apps/web/alchemy.run.ts and apps/docs/alchemy.run.ts: conditionally construct HostedStateStore when STACKPANEL_STATE_BACKEND=hosted","acceptance_criteria":"- Adapter passes alchemy-effect's StateStore contract tests\n- 402 from API surfaces as actionable 'upgrade' error in alchemy CLI output\n- Can deploy apps/web end-to-end with STACKPANEL_STATE_BACKEND=hosted","status":"open","priority":2,"issue_type":"task","owner":"me@cooperm.com","created_at":"2026-04-24T03:41:14Z","created_by":"Cooper Maruyama","updated_at":"2026-04-24T03:41:14Z","dependencies":[{"issue_id":"stackpanel-9dq","depends_on_id":"stackpanel-ehz","type":"blocks","created_at":"2026-04-23T20:42:08Z","created_by":"Cooper Maruyama","metadata":"{}"}],"dependency_count":1,"dependent_count":4,"comment_count":0}
-{"id":"stackpanel-ehz","title":"tRPC router for alchemy state CRUD","description":"New tRPC router exposing state operations to the HostedStateStore adapter.\n\n## Scope\n\n- packages/api/src/routers/alchemyState.ts\n- Procedures (all wrapped with protectedPaidProcedure):\n  - get(stack, stage, fqn) → decrypted JSON | null\n  - put(stack, stage, fqn, payload, expectedVersion?) → new version (optimistic concurrency)\n  - list(stack, stage?) → [{fqn, version, updated_at}]\n  - delete(stack, stage, fqn) → void\n  - listStages(stack) → [{stage, resource_count, updated_at}]\n- Input validation with Zod (stack/stage/fqn slug regex to prevent injection)\n- Error mapping: 409 on version mismatch, 404 on missing, 402 on unsubscribed (from middleware)\n- Wire router into packages/api/src/routers/_app.ts","acceptance_criteria":"- All procedures callable from a tRPC client with a Pro subscription\n- Version conflict returns 409 (not 500)\n- Unsubscribed caller gets 402\n- Integration test exercises put→get→list→delete round-trip","status":"open","priority":2,"issue_type":"task","owner":"me@cooperm.com","created_at":"2026-04-24T03:41:09Z","created_by":"Cooper Maruyama","updated_at":"2026-04-24T03:41:09Z","dependencies":[{"issue_id":"stackpanel-ehz","depends_on_id":"stackpanel-9uo","type":"blocks","created_at":"2026-04-23T20:42:06Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-ehz","depends_on_id":"stackpanel-9zb","type":"blocks","created_at":"2026-04-23T20:42:07Z","created_by":"Cooper Maruyama","metadata":"{}"}],"dependency_count":2,"dependent_count":3,"comment_count":0}
-{"id":"stackpanel-9zb","title":"Drizzle schema for workspace_state with envelope encryption","description":"DB schema + KMS integration for storing alchemy state entries, encrypted per-workspace.\n\n## Scope\n\n- Drizzle migration: workspace_state(id uuid, workspace_id uuid FK, stack text, stage text, fqn text, key_id text, encrypted_blob bytea, version int, updated_at timestamptz). Unique on (workspace_id, stack, stage, fqn).\n- New table workspace_dek(workspace_id FK PK, encrypted_dek bytea, kms_key_id text, created_at) — per-workspace DEK wrapped by master KMS key\n- Helpers in @stack/db: encryptStateBlob(workspaceId, plaintext) / decryptStateBlob(workspaceId, ciphertext) using @aws-sdk/client-kms\n- Lazy DEK creation on first write; DEK rotation hook (not wired to a schedule yet)\n\n## Notes\n\n- Plaintext state MUST NOT be persisted anywhere. Decrypt on read, discard after response.\n- Master KMS key already provisioned via @stackpanel/infra — reuse that key ID.","acceptance_criteria":"- Migration applied cleanly to a fresh dev DB\n- encryptStateBlob/decryptStateBlob round-trip correctly\n- workspace_dek row auto-created on first encryptStateBlob call\n- KMS decrypt calls only happen on read; no plaintext persisted","status":"open","priority":2,"issue_type":"task","owner":"me@cooperm.com","created_at":"2026-04-24T03:41:02Z","created_by":"Cooper Maruyama","updated_at":"2026-04-24T03:41:02Z","dependency_count":0,"dependent_count":2,"comment_count":0}
-{"id":"stackpanel-9uo","title":"Add protectedPaidProcedure middleware in @stack/api","description":"Middleware that wraps protectedProcedure and additionally verifies the user has an active Polar subscription at the 'pro' tier or higher. Rejects with TRPCError code FORBIDDEN (HTTP 402) + upgrade_url when the check fails.\n\n## Scope\n\n- packages/api/src/lib/middleware/paid.ts: new Effect-backed middleware\n- Reads subscription state via the existing @polar-sh/better-auth plugin\n- Passes {workspace_id, plan} into ctx for downstream procedures\n- Unit tests covering: active pro, active free, trial, expired, no session\n\n## Why this first\n\nUnblocks every cloud-gated feature we'll ever build — Hosted state is just the first caller.","acceptance_criteria":"- protectedPaidProcedure exported from @stack/api\n- Free/expired users get 402 with { code, upgrade_url }\n- Pro users pass through with plan claims in ctx\n- Tests cover all subscription states","status":"open","priority":2,"issue_type":"task","owner":"me@cooperm.com","created_at":"2026-04-24T03:40:55Z","created_by":"Cooper Maruyama","updated_at":"2026-04-24T03:40:55Z","dependency_count":0,"dependent_count":4,"comment_count":0}
+{"id":"stackpanel-9dq","title":"HostedStateStore adapter for alchemy-effect","description":"Implement alchemy-effect's StateStore interface backed by the cloud tRPC router.\n\n## Scope\n\n- packages/infra/src/state/HostedStateStore.ts\n- Implements the StateStore contract from alchemy-effect/State (get/put/list/delete)\n- Uses @trpc/client with httpBatchLink pointed at api.stackpanel.com, Bearer auth via ALCHEMY_STATE_TOKEN\n- Retries (Effect.retry with exponential backoff) for transient 5xx, not for 4xx\n- Structured error mapping so alchemy's UX shows 'Subscription required' on 402 instead of a cryptic stack trace\n- Feature flag via env: STACKPANEL_STATE_BACKEND=hosted|local; default local\n\n## Integration\n\n- apps/web/alchemy.run.ts and apps/docs/alchemy.run.ts: conditionally construct HostedStateStore when STACKPANEL_STATE_BACKEND=hosted","acceptance_criteria":"- Adapter passes alchemy-effect's StateStore contract tests\n- 402 from API surfaces as actionable 'upgrade' error in alchemy CLI output\n- Can deploy apps/web end-to-end with STACKPANEL_STATE_BACKEND=hosted","status":"closed","priority":2,"issue_type":"task","owner":"me@cooperm.com","created_at":"2026-04-24T03:41:14Z","created_by":"Cooper Maruyama","updated_at":"2026-04-24T07:34:27Z","closed_at":"2026-04-24T07:34:27Z","close_reason":"Closed","dependencies":[{"issue_id":"stackpanel-9dq","depends_on_id":"stackpanel-ehz","type":"blocks","created_at":"2026-04-23T20:42:08Z","created_by":"Cooper Maruyama","metadata":"{}"}],"dependency_count":1,"dependent_count":4,"comment_count":0}
+{"id":"stackpanel-ehz","title":"tRPC router for alchemy state CRUD","description":"New tRPC router exposing state operations to the HostedStateStore adapter.\n\n## Scope\n\n- packages/api/src/routers/alchemyState.ts\n- Procedures (all wrapped with protectedPaidProcedure):\n  - get(stack, stage, fqn) → decrypted JSON | null\n  - put(stack, stage, fqn, payload, expectedVersion?) → new version (optimistic concurrency)\n  - list(stack, stage?) → [{fqn, version, updated_at}]\n  - delete(stack, stage, fqn) → void\n  - listStages(stack) → [{stage, resource_count, updated_at}]\n- Input validation with Zod (stack/stage/fqn slug regex to prevent injection)\n- Error mapping: 409 on version mismatch, 404 on missing, 402 on unsubscribed (from middleware)\n- Wire router into packages/api/src/routers/_app.ts","acceptance_criteria":"- All procedures callable from a tRPC client with a Pro subscription\n- Version conflict returns 409 (not 500)\n- Unsubscribed caller gets 402\n- Integration test exercises put→get→list→delete round-trip","status":"closed","priority":2,"issue_type":"task","owner":"me@cooperm.com","created_at":"2026-04-24T03:41:09Z","created_by":"Cooper Maruyama","updated_at":"2026-04-24T07:34:27Z","closed_at":"2026-04-24T07:34:27Z","close_reason":"Closed","dependencies":[{"issue_id":"stackpanel-ehz","depends_on_id":"stackpanel-9uo","type":"blocks","created_at":"2026-04-23T20:42:06Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-ehz","depends_on_id":"stackpanel-9zb","type":"blocks","created_at":"2026-04-23T20:42:07Z","created_by":"Cooper Maruyama","metadata":"{}"}],"dependency_count":2,"dependent_count":3,"comment_count":0}
+{"id":"stackpanel-9zb","title":"Drizzle schema for workspace_state with envelope encryption","description":"DB schema + KMS integration for storing alchemy state entries, encrypted per-workspace.\n\n## Scope\n\n- Drizzle migration: workspace_state(id uuid, workspace_id uuid FK, stack text, stage text, fqn text, key_id text, encrypted_blob bytea, version int, updated_at timestamptz). Unique on (workspace_id, stack, stage, fqn).\n- New table workspace_dek(workspace_id FK PK, encrypted_dek bytea, kms_key_id text, created_at) — per-workspace DEK wrapped by master KMS key\n- Helpers in @stack/db: encryptStateBlob(workspaceId, plaintext) / decryptStateBlob(workspaceId, ciphertext) using @aws-sdk/client-kms\n- Lazy DEK creation on first write; DEK rotation hook (not wired to a schedule yet)\n\n## Notes\n\n- Plaintext state MUST NOT be persisted anywhere. Decrypt on read, discard after response.\n- Master KMS key already provisioned via @stackpanel/infra — reuse that key ID.","acceptance_criteria":"- Migration applied cleanly to a fresh dev DB\n- encryptStateBlob/decryptStateBlob round-trip correctly\n- workspace_dek row auto-created on first encryptStateBlob call\n- KMS decrypt calls only happen on read; no plaintext persisted","status":"closed","priority":2,"issue_type":"task","owner":"me@cooperm.com","created_at":"2026-04-24T03:41:02Z","created_by":"Cooper Maruyama","updated_at":"2026-04-24T07:34:27Z","closed_at":"2026-04-24T07:34:27Z","close_reason":"Closed","dependency_count":0,"dependent_count":2,"comment_count":0}
+{"id":"stackpanel-9uo","title":"Add protectedPaidProcedure middleware in @stack/api","description":"Middleware that wraps protectedProcedure and additionally verifies the user has an active Polar subscription at the 'pro' tier or higher. Rejects with TRPCError code FORBIDDEN (HTTP 402) + upgrade_url when the check fails.\n\n## Scope\n\n- packages/api/src/lib/middleware/paid.ts: new Effect-backed middleware\n- Reads subscription state via the existing @polar-sh/better-auth plugin\n- Passes {workspace_id, plan} into ctx for downstream procedures\n- Unit tests covering: active pro, active free, trial, expired, no session\n\n## Why this first\n\nUnblocks every cloud-gated feature we'll ever build — Hosted state is just the first caller.","acceptance_criteria":"- protectedPaidProcedure exported from @stack/api\n- Free/expired users get 402 with { code, upgrade_url }\n- Pro users pass through with plan claims in ctx\n- Tests cover all subscription states","status":"closed","priority":2,"issue_type":"task","owner":"me@cooperm.com","created_at":"2026-04-24T03:40:55Z","created_by":"Cooper Maruyama","updated_at":"2026-04-24T07:34:27Z","closed_at":"2026-04-24T07:34:27Z","close_reason":"Closed","dependency_count":0,"dependent_count":4,"comment_count":0}
 {"id":"stackpanel-e7v","title":"Hosted alchemy state backend (Pro tier)","description":"Epic: Build a hosted state backend for alchemy-effect (replacing the filesystem-only backend), gated behind a Pro subscription via Polar. Unlocks team deploys and fixes CI orphaning.\n\n## Motivation\n\nToday alchemy-effect ships only a filesystem state backend (noted in .github/workflows/deploy-{web,docs}.yaml). Our CI has to cache the .alchemy/state/ directory across runners so destroy jobs can find the resources to tear down — otherwise 'every runner starts blind and orphans Workers + Neon projects' (comment from deploy-web.yaml).\n\nThis is:\n- A real pain felt today (CI workaround in place)\n- Gate-able by architecture (requires our cloud API; cannot be reproduced locally)\n- Natural fit with existing Polar + Better-Auth + Neon + KMS plumbing\n- Already half-scaffolded: ALCHEMY_STATE_TOKEN is in packages/gen/env/src/effect/scope/deploy.ts\n\n## Strategy\n\n- Cloud API (api.stackpanel.com) exposes tRPC procedures for state CRUD, gated by a Polar subscription check\n- Per-workspace envelope encryption (KMS master key wraps a per-workspace DEK)\n- Custom StateStore adapter on the alchemy-effect side that talks to the cloud API\n- .stack/config.nix option to toggle hosted vs local backend\n- Studio UI panel showing state entries per stage\n\n## Free vs Pro\n\n- **Free**: local filesystem backend (status quo). Works fine for solo use.\n- **Pro**: hosted backend. Survives CI runner churn. Enables true team deploys. Audit log of who deployed what.","design":"## Architecture\n\n- Alchemy-effect StateStore is an interface (see alchemy-effect/State module). We implement HostedStateStore that calls tRPC procedures via HTTPS.\n- tRPC routers live in packages/api/src/routers/alchemyState.ts with a protectedPaidProcedure middleware gate.\n- DB schema (Drizzle): workspace_state(id, workspace_id, stack, stage, fqn, encrypted_blob, key_id, version, updated_at).\n- Encryption: per-workspace DEK stored encrypted by KMS master key. On read, API decrypts DEK via KMS, decrypts state blob, returns plaintext. Plaintext never persisted.\n- Auth: ALCHEMY_STATE_TOKEN is a signed capability JWT issued by cloud API after Better-Auth login, embedding { workspace_id, plan, exp }. Agent-side verifier checks plan claim before allowing mutations (defense in depth).\n- CI: workflows pass ALCHEMY_STATE_TOKEN (from GitHub secret) → adapter uses it as Bearer → API verifies signature + plan.\n\n## Subscription gate\n\nprotectedPaidProcedure middleware:\n1. Resolve session via Better-Auth\n2. Look up Polar subscription via @polar-sh/better-auth plugin\n3. If plan.tier \u003c 'pro' or status !== 'active' → TRPCError 402 FORBIDDEN with upgrade_url\n4. Otherwise pass {workspace_id, plan} in ctx to procedure","acceptance_criteria":"- Pro users on Polar-active subscriptions can deploy using hosted state backend\n- Non-subscribers get 402 from cloud API with clear upgrade link\n- CI deploys no longer need the filesystem cache workaround in deploy-{web,docs}.yaml\n- State is encrypted at rest (no plaintext blobs in Postgres)\n- Studio has a 'State' panel showing deployed stages + resources per workspace\n- Docs guide covers migration from local → hosted","status":"open","priority":2,"issue_type":"feature","owner":"me@cooperm.com","created_at":"2026-04-24T03:40:31Z","created_by":"Cooper Maruyama","updated_at":"2026-04-24T03:40:31Z","dependencies":[{"issue_id":"stackpanel-e7v","depends_on_id":"stackpanel-0bt","type":"blocks","created_at":"2026-04-23T20:42:24Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-e7v","depends_on_id":"stackpanel-3p8","type":"blocks","created_at":"2026-04-23T20:42:25Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-e7v","depends_on_id":"stackpanel-3qt","type":"blocks","created_at":"2026-04-23T20:42:26Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-e7v","depends_on_id":"stackpanel-6a3","type":"blocks","created_at":"2026-04-23T20:42:26Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-e7v","depends_on_id":"stackpanel-9dq","type":"blocks","created_at":"2026-04-23T20:42:23Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-e7v","depends_on_id":"stackpanel-9uo","type":"blocks","created_at":"2026-04-23T20:42:21Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-e7v","depends_on_id":"stackpanel-9zb","type":"blocks","created_at":"2026-04-23T20:42:21Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-e7v","depends_on_id":"stackpanel-bni","type":"blocks","created_at":"2026-04-23T20:42:24Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-e7v","depends_on_id":"stackpanel-ehz","type":"blocks","created_at":"2026-04-23T20:42:22Z","created_by":"Cooper Maruyama","metadata":"{}"}],"dependency_count":9,"dependent_count":0,"comment_count":0}
 {"id":"stackpanel-7zb","title":"Move .envrc generation into lib.initFiles (drop Go constant)","description":"stackpanel init currently hardcodes .envrc contents in a Go const (envrcContent in apps/stackpanel-go/cmd/cli/init.go). This duplicates nix/flake/templates/default/.envrc and means the template can drift from what ship-to-user init writes.\n\nAction: add .envrc to lib.initFiles in nix/flake/exports.nix so it flows through the existing stepWriteInitFiles pipeline as a single source of truth; remove envrcContent + stepGenerateEnvrc from init.go; keep the idempotency semantics (don't clobber existing .envrc unless --force).\n\nContext: during stackpanel-y53/0qu work (2026-04-23), the agent chose to keep .envrc on the Go side because lib.initFiles appeared broken. It was not — lib.initFiles works and already ships .stackpanel/{config,_internal,data,.gitignore}. It just doesn't include .envrc today, and its templateDir path (../flake/templates/default/.stackpanel) points at a nonexistent dir while the real templates live under nix/flake/templates/default/.stack and the repo-root .envrc. Fix that path drift too while you're in there.","status":"open","priority":2,"issue_type":"task","owner":"me@cooperm.com","created_at":"2026-04-23T16:08:51Z","created_by":"Cooper Maruyama","updated_at":"2026-04-23T16:08:51Z","dependency_count":0,"dependent_count":0,"comment_count":0}
 {"id":"stackpanel-y53","title":"add envrc generation to 'stackpanel init'","status":"closed","priority":2,"issue_type":"task","assignee":"Cooper Maruyama","owner":"me@cooperm.com","created_at":"2026-04-23T15:35:17Z","created_by":"Cooper Maruyama","updated_at":"2026-04-23T15:45:55Z","started_at":"2026-04-23T15:37:04Z","closed_at":"2026-04-23T15:45:55Z","close_reason":"Closed","dependency_count":0,"dependent_count":0,"comment_count":0}
@@ -40,12 +41,12 @@
 {"id":"stackpanel-os2.7","title":"Unify deployment docs and migration guides around the current model","description":"The repo currently mixes older provider-centric deployment docs (for example nix/stackpanel/deployment/README.md and apps/docs/content/docs/internal/deployment.mdx) with newer Nix-first deploy/provision design docs. Once the remaining CLI/backend work lands, refresh the public/internal docs so users see one coherent deployment story instead of parallel models.","design":"Document the shipped behavior after the CLI/backend/UI work settles; keep examples aligned with docs/design/deploy-command.md and docs/design/provisioning.md.","acceptance_criteria":"- Public docs cover app deploy, machine-target deploy, provisioning, and hosted-backend flows with current commands/options\n- Internal/module docs stop teaching superseded provider/defaultProvider shapes where they no longer match shipped behavior\n- Migration guidance explains old vs new config shapes and current container/deploy commands\n- Examples and validation steps match actual commands in the repo","status":"closed","priority":2,"issue_type":"task","owner":"me@cooperm.com","created_at":"2026-03-28T15:02:38Z","created_by":"Cooper Maruyama","updated_at":"2026-03-28T20:19:30Z","closed_at":"2026-03-28T20:19:30Z","close_reason":"Superseded by pluggable-deploy-backends restructure. Work absorbed into new phase-based tasks. See openspec/changes/pluggable-deploy-backends/","external_ref":"https://linear.app/darkmatterlabs/issue/ENG-381","labels":["deployment"],"dependencies":[{"issue_id":"stackpanel-os2.7","depends_on_id":"stackpanel-os2","type":"parent-child","created_at":"2026-03-28T08:02:38Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-os2.7","depends_on_id":"stackpanel-os2.3","type":"blocks","created_at":"2026-03-28T08:02:42Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-os2.7","depends_on_id":"stackpanel-os2.4","type":"blocks","created_at":"2026-03-28T08:02:42Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-os2.7","depends_on_id":"stackpanel-os2.5","type":"blocks","created_at":"2026-03-28T08:02:43Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-os2.7","depends_on_id":"stackpanel-os2.6","type":"blocks","created_at":"2026-03-28T08:02:43Z","created_by":"Cooper Maruyama","metadata":"{}"}],"dependency_count":4,"dependent_count":0,"comment_count":0}
 {"id":"stackpanel-os2.5","title":"Add stackpanel provision --new and config round-trip machine authoring","description":"apps/stackpanel-go/cmd/cli/provision.go handles provisioning for machines that already exist in config, but the provisioning design also calls for a --new workflow that can author a minimal machine entry and preserve Nix path literals for hardwareConfig/diskLayout updates. Add that machine-authoring path so new-machine setup is not a manual edit-before-provision step.","design":"Reuse the repo's existing config-writing/serialization patterns instead of inventing a new config mutator; add tagged path handling if necessary to preserve Nix path types.","acceptance_criteria":"- stackpanel provision --new \u003cname\u003e --host \u003ctarget\u003e creates a minimal machine entry in the canonical Stackpanel config\n- hardwareConfig and diskLayout paths round-trip as Nix path literals instead of quoted absolute strings\n- The provision flow can update the new machine entry after generating hardware config\n- Add tests for config edit / serialization behavior","status":"closed","priority":2,"issue_type":"task","owner":"me@cooperm.com","created_at":"2026-03-28T15:02:37Z","created_by":"Cooper Maruyama","updated_at":"2026-03-28T20:19:21Z","closed_at":"2026-03-28T20:19:21Z","close_reason":"Dropped: manual config editing is acceptable, provision --new deferred indefinitely","external_ref":"https://linear.app/darkmatterlabs/issue/ENG-382","labels":["deployment"],"dependencies":[{"issue_id":"stackpanel-os2.5","depends_on_id":"stackpanel-os2","type":"parent-child","created_at":"2026-03-28T08:02:36Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-os2.5","depends_on_id":"stackpanel-os2.1","type":"blocks","created_at":"2026-03-28T08:02:40Z","created_by":"Cooper Maruyama","metadata":"{}"}],"dependency_count":1,"dependent_count":2,"comment_count":0}
 {"id":"stackpanel-os2.6","title":"Wire deploy/provision state into the Studio Deploy panel","description":"apps/web/src/components/studio/panels/deploy/deploy-panel.tsx is still Colmena-centric and does not appear to consume the CLI state tracked in .stack/state/deployments.json and .stack/state/machines.json. Update the Studio deploy experience so it reflects the same deploy/provision model and status that the CLI writes.","design":"Expose deploy/provision state through the agent/web API rather than teaching the browser to read local state files directly.","acceptance_criteria":"- The Deploy panel shows machine provisioning state and last deploy state from the supported agent/CLI APIs\n- Users can trigger deploy/provision actions from the panel with clear loading, success, and error states\n- Unsupported or partially configured backends degrade gracefully in the UI\n- Add frontend or integration coverage for the key panel states","status":"closed","priority":2,"issue_type":"task","owner":"me@cooperm.com","created_at":"2026-03-28T15:02:37Z","created_by":"Cooper Maruyama","updated_at":"2026-03-28T20:19:29Z","closed_at":"2026-03-28T20:19:29Z","close_reason":"Superseded by pluggable-deploy-backends restructure. Work absorbed into new phase-based tasks. See openspec/changes/pluggable-deploy-backends/","external_ref":"https://linear.app/darkmatterlabs/issue/ENG-383","labels":["deployment"],"dependencies":[{"issue_id":"stackpanel-os2.6","depends_on_id":"stackpanel-os2","type":"parent-child","created_at":"2026-03-28T08:02:37Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-os2.6","depends_on_id":"stackpanel-os2.3","type":"blocks","created_at":"2026-03-28T08:02:40Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-os2.6","depends_on_id":"stackpanel-os2.4","type":"blocks","created_at":"2026-03-28T08:02:41Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-os2.6","depends_on_id":"stackpanel-os2.5","type":"blocks","created_at":"2026-03-28T08:02:41Z","created_by":"Cooper Maruyama","metadata":"{}"}],"dependency_count":3,"dependent_count":1,"comment_count":0}
-{"id":"stackpanel-3vi","title":"Docs: module author guide + marketplace policies","description":"Docs that make it obvious how to build, test, price, and publish a module — plus the policies that keep the marketplace trustworthy.\n\n## Scope\n\n### Author guide (apps/docs/content/docs/modules/)\n- 'Build your first module' — scaffolding, module.nix structure, meta.nix fields, ui.nix if applicable\n- 'Test a module locally' — stackpanel link (local dev), running against sample .stack/config.nix\n- 'Package for publication' — tarball layout, signing, manifest requirements\n- 'Price and publish' — free vs paid tradeoffs, pricing UX tips\n- 'Get paid' — Polar Connect onboarding, tax docs, payout schedule\n- 'Versioning + updates' — semver discipline, deprecation policy\n\n### Policies\n- Acceptable use: no crypto miners, no telemetry without disclosure, no license keys hardcoded\n- Refund policy: 14-day no-questions-asked (author can opt into stricter)\n- Takedown policy: security issues → emergency delist within 24h\n- Revenue share + fee structure (the 15% sticker, transparent)\n- Intellectual property: developer retains ownership, grants distribution license","acceptance_criteria":"- Author guide builds with apps/docs\n- Policies are linked from dev portal's publish flow\n- Sample module repo referenced from the 'first module' page","status":"open","priority":3,"issue_type":"task","owner":"me@cooperm.com","created_at":"2026-04-24T03:45:46Z","created_by":"Cooper Maruyama","updated_at":"2026-04-24T03:45:46Z","dependencies":[{"issue_id":"stackpanel-3vi","depends_on_id":"stackpanel-02c","type":"blocks","created_at":"2026-04-23T20:46:16Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-3vi","depends_on_id":"stackpanel-c7t","type":"blocks","created_at":"2026-04-23T20:46:15Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-3vi","depends_on_id":"stackpanel-w3r","type":"blocks","created_at":"2026-04-23T20:46:17Z","created_by":"Cooper Maruyama","metadata":"{}"}],"dependency_count":3,"dependent_count":0,"comment_count":0}
-{"id":"stackpanel-l1q","title":"Module review workflow + automated Nix static analysis","description":"Prevent malicious or broken modules from reaching users. MVP manual, Phase 2 automated.\n\n## Scope\n\n### MVP: manual review\n- Admin tool (packages/api route + studio admin panel) showing pending listings\n- Reviewer sees: uploaded tarball contents, diff from previous version (if any), links to GitHub repo, automated scan results\n- Approve → listing goes live; Reject → listing status updated with reason visible to author\n- SLA target: 3 business days for initial review\n\n### Phase 2: automated scans\n- Static-analysis pass over module.nix + meta.nix:\n  - Flag: import-from-derivation without explicit opt-in\n  - Flag: builtins.fetchurl with non-allowlisted host\n  - Flag: arbitrary path reads outside module dir\n  - Flag: network calls during eval\n- Feed findings into review UI; author sees them pre-submit\n- Optionally: automatic 'verified pure' badge for modules with zero findings\n\n## Why not AI review\n\nPattern-match is more reliable for this than an LLM for the boring 'did they try to phone home during eval' checks. LLM review can come later for README/security claims.","acceptance_criteria":"- Reviewer can approve/reject pending listings\n- Rejected listings show reason to author with re-submit path\n- Static analysis surfaces known-bad patterns in a handful of test cases","status":"open","priority":3,"issue_type":"task","owner":"me@cooperm.com","created_at":"2026-04-24T03:45:37Z","created_by":"Cooper Maruyama","updated_at":"2026-04-24T03:45:37Z","dependencies":[{"issue_id":"stackpanel-l1q","depends_on_id":"stackpanel-c7t","type":"blocks","created_at":"2026-04-23T20:46:15Z","created_by":"Cooper Maruyama","metadata":"{}"}],"dependency_count":1,"dependent_count":0,"comment_count":0}
-{"id":"stackpanel-02c","title":"Developer payout: Polar Connect + KYC onboarding","description":"Pay developers their accrued balance via Polar Connect (Stripe Connect underneath), with KYC + tax form collection at onboarding.\n\n## Scope\n\n- Onboarding flow: first time creating a paid listing → prompt to connect Polar Connect account (redirect OAuth flow)\n- Collect tax info (W-9 US / W-8BEN international) via Polar's Connect UI\n- Payout job (scheduled): once per month, for each developer with balance \u003e= $50, trigger Polar payout; record payout_event(developer_id, amount_cents, polar_transfer_id, status)\n- Emails: onboarding done, first sale, monthly statement\n- Admin tool for manual payout holds (fraud, chargeback disputes)\n\n## Phase 1 fallback\n\nIf Polar Connect isn't ready: accumulate balances, issue manual Wise transfers quarterly while we collect via email. Works for ~20 developers, not for scale.","acceptance_criteria":"- Developer can connect payout account end-to-end\n- Monthly payout runs successfully against test Polar env\n- Balance decrements match transferred amount\n- Tax forms captured before first payout","status":"open","priority":3,"issue_type":"task","owner":"me@cooperm.com","created_at":"2026-04-24T03:45:28Z","created_by":"Cooper Maruyama","updated_at":"2026-04-24T03:45:28Z","dependencies":[{"issue_id":"stackpanel-02c","depends_on_id":"stackpanel-24e","type":"blocks","created_at":"2026-04-23T20:46:13Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-02c","depends_on_id":"stackpanel-c7t","type":"blocks","created_at":"2026-04-23T20:46:14Z","created_by":"Cooper Maruyama","metadata":"{}"}],"dependency_count":2,"dependent_count":1,"comment_count":0}
-{"id":"stackpanel-c7t","title":"Developer portal: submit + manage listings","description":"Dashboard where authors create listings, upload versions, set pricing, view revenue.\n\n## Scope\n\n- apps/web/src/routes/studio/developer/* (new section gated to users with \u003e0 listings or who opt in)\n- Create listing wizard: slug, name, summary, category, repo link (optional)\n- Upload version: drag-drop tarball, auto-extract manifest, show diff from previous version\n- Pricing editor: choose free / one-time / subscription; set price; connect Polar product (auto-created by backend)\n- Revenue dashboard: balance, recent transactions, export CSV\n- Listing status flow: draft → pending review → approved/rejected → published\n- Reject reasons visible to author with actionable next steps\n\n## MVP alternative\n\nIf this feels too big for Phase 1: start with a Google Form + manual backend entry. Still gets to ~5 launch partners. Ship dev portal when we have \u003e10 authors waiting.","acceptance_criteria":"- Author can create a listing, upload a version, set pricing, and submit for review\n- Rejected listings show the reason; author can fix and resubmit\n- Revenue dashboard reconciles with backend ledger","status":"open","priority":3,"issue_type":"task","owner":"me@cooperm.com","created_at":"2026-04-24T03:45:20Z","created_by":"Cooper Maruyama","updated_at":"2026-04-24T03:45:20Z","dependencies":[{"issue_id":"stackpanel-c7t","depends_on_id":"stackpanel-24e","type":"blocks","created_at":"2026-04-23T20:46:12Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-c7t","depends_on_id":"stackpanel-63e","type":"blocks","created_at":"2026-04-23T20:46:11Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-c7t","depends_on_id":"stackpanel-qij","type":"blocks","created_at":"2026-04-23T20:46:12Z","created_by":"Cooper Maruyama","metadata":"{}"}],"dependency_count":3,"dependent_count":3,"comment_count":0}
+{"id":"stackpanel-3vi","title":"Docs: module author guide + marketplace policies","description":"Docs that make it obvious how to build, test, price, and publish a module — plus the policies that keep the marketplace trustworthy.\n\n## Scope\n\n### Author guide (apps/docs/content/docs/modules/)\n- 'Build your first module' — scaffolding, module.nix structure, meta.nix fields, ui.nix if applicable\n- 'Test a module locally' — stackpanel link (local dev), running against sample .stack/config.nix\n- 'Package for publication' — tarball layout, signing, manifest requirements\n- 'Price and publish' — free vs paid tradeoffs, pricing UX tips\n- 'Get paid' — Polar Connect onboarding, tax docs, payout schedule\n- 'Versioning + updates' — semver discipline, deprecation policy\n\n### Policies\n- Acceptable use: no crypto miners, no telemetry without disclosure, no license keys hardcoded\n- Refund policy: 14-day no-questions-asked (author can opt into stricter)\n- Takedown policy: security issues → emergency delist within 24h\n- Revenue share + fee structure (the 15% sticker, transparent)\n- Intellectual property: developer retains ownership, grants distribution license","acceptance_criteria":"- Author guide builds with apps/docs\n- Policies are linked from dev portal's publish flow\n- Sample module repo referenced from the 'first module' page","status":"open","priority":3,"issue_type":"task","owner":"me@cooperm.com","created_at":"2026-04-24T03:45:46Z","created_by":"Cooper Maruyama","updated_at":"2026-04-24T03:45:46Z","dependencies":[{"issue_id":"stackpanel-3vi","depends_on_id":"stackpanel-02c","type":"blocks","created_at":"2026-04-23T20:46:16Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-3vi","depends_on_id":"stackpanel-c7t","type":"blocks","created_at":"2026-04-23T20:46:15Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-3vi","depends_on_id":"stackpanel-w3r","type":"blocks","created_at":"2026-04-23T20:46:17Z","created_by":"Cooper Maruyama","metadata":"{}"}],"dependency_count":3,"dependent_count":1,"comment_count":0}
+{"id":"stackpanel-l1q","title":"Module review workflow + automated Nix static analysis","description":"Prevent malicious or broken modules from reaching users. MVP manual, Phase 2 automated.\n\n## Scope\n\n### MVP: manual review\n- Admin tool (packages/api route + studio admin panel) showing pending listings\n- Reviewer sees: uploaded tarball contents, diff from previous version (if any), links to GitHub repo, automated scan results\n- Approve → listing goes live; Reject → listing status updated with reason visible to author\n- SLA target: 3 business days for initial review\n\n### Phase 2: automated scans\n- Static-analysis pass over module.nix + meta.nix:\n  - Flag: import-from-derivation without explicit opt-in\n  - Flag: builtins.fetchurl with non-allowlisted host\n  - Flag: arbitrary path reads outside module dir\n  - Flag: network calls during eval\n- Feed findings into review UI; author sees them pre-submit\n- Optionally: automatic 'verified pure' badge for modules with zero findings\n\n## Why not AI review\n\nPattern-match is more reliable for this than an LLM for the boring 'did they try to phone home during eval' checks. LLM review can come later for README/security claims.","acceptance_criteria":"- Reviewer can approve/reject pending listings\n- Rejected listings show reason to author with re-submit path\n- Static analysis surfaces known-bad patterns in a handful of test cases","status":"open","priority":3,"issue_type":"task","owner":"me@cooperm.com","created_at":"2026-04-24T03:45:37Z","created_by":"Cooper Maruyama","updated_at":"2026-04-24T03:45:37Z","dependencies":[{"issue_id":"stackpanel-l1q","depends_on_id":"stackpanel-c7t","type":"blocks","created_at":"2026-04-23T20:46:15Z","created_by":"Cooper Maruyama","metadata":"{}"}],"dependency_count":1,"dependent_count":1,"comment_count":0}
+{"id":"stackpanel-02c","title":"Developer payout: Polar Connect + KYC onboarding","description":"Pay developers their accrued balance via Polar Connect (Stripe Connect underneath), with KYC + tax form collection at onboarding.\n\n## Scope\n\n- Onboarding flow: first time creating a paid listing → prompt to connect Polar Connect account (redirect OAuth flow)\n- Collect tax info (W-9 US / W-8BEN international) via Polar's Connect UI\n- Payout job (scheduled): once per month, for each developer with balance \u003e= $50, trigger Polar payout; record payout_event(developer_id, amount_cents, polar_transfer_id, status)\n- Emails: onboarding done, first sale, monthly statement\n- Admin tool for manual payout holds (fraud, chargeback disputes)\n\n## Phase 1 fallback\n\nIf Polar Connect isn't ready: accumulate balances, issue manual Wise transfers quarterly while we collect via email. Works for ~20 developers, not for scale.","acceptance_criteria":"- Developer can connect payout account end-to-end\n- Monthly payout runs successfully against test Polar env\n- Balance decrements match transferred amount\n- Tax forms captured before first payout","status":"open","priority":3,"issue_type":"task","owner":"me@cooperm.com","created_at":"2026-04-24T03:45:28Z","created_by":"Cooper Maruyama","updated_at":"2026-04-24T03:45:28Z","dependencies":[{"issue_id":"stackpanel-02c","depends_on_id":"stackpanel-24e","type":"blocks","created_at":"2026-04-23T20:46:13Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-02c","depends_on_id":"stackpanel-c7t","type":"blocks","created_at":"2026-04-23T20:46:14Z","created_by":"Cooper Maruyama","metadata":"{}"}],"dependency_count":2,"dependent_count":2,"comment_count":0}
+{"id":"stackpanel-c7t","title":"Developer portal: submit + manage listings","description":"Dashboard where authors create listings, upload versions, set pricing, view revenue.\n\n## Scope\n\n- apps/web/src/routes/studio/developer/* (new section gated to users with \u003e0 listings or who opt in)\n- Create listing wizard: slug, name, summary, category, repo link (optional)\n- Upload version: drag-drop tarball, auto-extract manifest, show diff from previous version\n- Pricing editor: choose free / one-time / subscription; set price; connect Polar product (auto-created by backend)\n- Revenue dashboard: balance, recent transactions, export CSV\n- Listing status flow: draft → pending review → approved/rejected → published\n- Reject reasons visible to author with actionable next steps\n\n## MVP alternative\n\nIf this feels too big for Phase 1: start with a Google Form + manual backend entry. Still gets to ~5 launch partners. Ship dev portal when we have \u003e10 authors waiting.","acceptance_criteria":"- Author can create a listing, upload a version, set pricing, and submit for review\n- Rejected listings show the reason; author can fix and resubmit\n- Revenue dashboard reconciles with backend ledger","status":"open","priority":3,"issue_type":"task","owner":"me@cooperm.com","created_at":"2026-04-24T03:45:20Z","created_by":"Cooper Maruyama","updated_at":"2026-04-24T03:45:20Z","dependencies":[{"issue_id":"stackpanel-c7t","depends_on_id":"stackpanel-24e","type":"blocks","created_at":"2026-04-23T20:46:12Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-c7t","depends_on_id":"stackpanel-63e","type":"blocks","created_at":"2026-04-23T20:46:11Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-c7t","depends_on_id":"stackpanel-qij","type":"blocks","created_at":"2026-04-23T20:46:12Z","created_by":"Cooper Maruyama","metadata":"{}"}],"dependency_count":3,"dependent_count":4,"comment_count":0}
 {"id":"stackpanel-3qt","title":"Docs: hosted alchemy state backend — guide + migration","description":"Documentation for the hosted backend: tradeoffs, setup, and migration from local.\n\n## Scope\n\n- apps/docs/content/docs/guides/hosted-state.mdx: new guide\n- Cover: why hosted (team deploys, CI resilience, audit trail), why not (solo use, offline), subscription requirement, encryption model, incident/outage behavior\n- Migration steps: toggle Nix option → obtain ALCHEMY_STATE_TOKEN → first deploy uploads existing local state\n- Screenshots of the Studio State panel\n- Link from deploy-*.yaml workflow comments to this doc\n\n## Why bundle this with the feature\n\nUsers won't discover hosted state unless it's in the docs; Pro conversion depends on understanding the value.","acceptance_criteria":"- Guide builds with apps/docs\n- Links from workflow comments + from the Studio empty state\n- Covers pricing + how the capability token works","status":"open","priority":3,"issue_type":"task","owner":"me@cooperm.com","created_at":"2026-04-24T03:41:46Z","created_by":"Cooper Maruyama","updated_at":"2026-04-24T03:41:46Z","dependencies":[{"issue_id":"stackpanel-3qt","depends_on_id":"stackpanel-3p8","type":"blocks","created_at":"2026-04-23T20:42:15Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-3qt","depends_on_id":"stackpanel-9dq","type":"blocks","created_at":"2026-04-23T20:42:15Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-3qt","depends_on_id":"stackpanel-bni","type":"blocks","created_at":"2026-04-23T20:42:16Z","created_by":"Cooper Maruyama","metadata":"{}"}],"dependency_count":3,"dependent_count":1,"comment_count":0}
 {"id":"stackpanel-6a3","title":"Migrate CI deploys off filesystem cache once hosted backend ships","description":"Kill the actions/cache hack in deploy-{web,docs}.yaml.\n\n## Scope\n\n- .github/workflows/deploy-web.yaml: remove 'Restore alchemy state' step (lines ~82-93)\n- .github/workflows/deploy-docs.yaml: remove analogous step (lines ~80-88)\n- Same for the destroy jobs\n- Add ALCHEMY_STATE_TOKEN to the job env (pulled from GitHub secrets)\n- Update comments: explain why state persistence is no longer our problem\n- Verify preview deploys still work (state now survives runner churn because it's in our DB)\n\n## Blocker\n\nOnly run this after HostedStateStore is shipped and proven on dev-CI for a week.","acceptance_criteria":"- CI workflows have no filesystem state caching\n- Preview deploys + destroys work across runner churn\n- bun.lock / workflow diff shows net-negative lines","status":"open","priority":3,"issue_type":"task","owner":"me@cooperm.com","created_at":"2026-04-24T03:41:41Z","created_by":"Cooper Maruyama","updated_at":"2026-04-24T03:41:41Z","dependencies":[{"issue_id":"stackpanel-6a3","depends_on_id":"stackpanel-9dq","type":"blocks","created_at":"2026-04-23T20:42:11Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-6a3","depends_on_id":"stackpanel-bni","type":"blocks","created_at":"2026-04-23T20:42:14Z","created_by":"Cooper Maruyama","metadata":"{}"}],"dependency_count":2,"dependent_count":1,"comment_count":0}
 {"id":"stackpanel-3p8","title":"Studio: State panel showing hosted state per workspace/stack/stage","description":"New studio UI panel for browsing hosted state — who deployed what, when, which resources exist per stage.\n\n## Scope\n\n- apps/web/src/components/studio/panels/state-panel.tsx\n- Wires to alchemyState.list + listStages tRPC procedures (not the agent)\n- Tree view: workspace → stack → stage → resources\n- Row actions: 'View JSON' (decrypt on-demand via get), 'Rollback to previous version' (requires versioning; keep as a follow-up)\n- Empty state for local-backend users pointing to the Pro upgrade\n\n## Why this matters\n\nGives Pro users immediate visible value — audit log-like view of their cloud state they couldn't have on local filesystem.","acceptance_criteria":"- Panel lists all stages for the active workspace\n- JSON view decrypts on demand and renders in a modal\n- Local-backend users see upgrade prompt\n- Panel doesn't break for free users (no 500s)","status":"open","priority":3,"issue_type":"task","owner":"me@cooperm.com","created_at":"2026-04-24T03:41:35Z","created_by":"Cooper Maruyama","updated_at":"2026-04-24T03:41:35Z","dependencies":[{"issue_id":"stackpanel-3p8","depends_on_id":"stackpanel-ehz","type":"blocks","created_at":"2026-04-23T20:42:10Z","created_by":"Cooper Maruyama","metadata":"{}"}],"dependency_count":1,"dependent_count":2,"comment_count":0}
-{"id":"stackpanel-bni","title":"Nix option: stack.deploy.stateBackend = 'hosted' | 'local'","description":"Expose the state backend choice in .stack/config.nix so users can opt into the Pro backend declaratively.\n\n## Scope\n\n- nix/stackpanel/core/options/deploy.nix: new option stack.deploy.stateBackend (default 'local')\n- When 'hosted': emit STACKPANEL_STATE_BACKEND=hosted into _envs/deploy, and mark ALCHEMY_STATE_TOKEN as required\n- When 'local': leave current behavior untouched\n- Preflight warning if 'hosted' but no ALCHEMY_STATE_TOKEN in scope\n- JSON schema update for IDE intellisense (.stack/gen/schemas/)","acceptance_criteria":"- Config validates with stateBackend = 'hosted' + ALCHEMY_STATE_TOKEN present\n- Missing token emits a clear preflight warning\n- Default-unchanged behavior: existing users see no difference","status":"open","priority":3,"issue_type":"task","owner":"me@cooperm.com","created_at":"2026-04-24T03:41:28Z","created_by":"Cooper Maruyama","updated_at":"2026-04-24T03:41:28Z","dependencies":[{"issue_id":"stackpanel-bni","depends_on_id":"stackpanel-9dq","type":"blocks","created_at":"2026-04-23T20:42:09Z","created_by":"Cooper Maruyama","metadata":"{}"}],"dependency_count":1,"dependent_count":3,"comment_count":0}
-{"id":"stackpanel-tvv","title":"Phase 2: usage-metered pricing via Polar Meters","description":"Enable modules to charge by usage (e.g., 'N deploys/month', 'M agents run') in addition to flat pricing.\n\n## Scope\n\n- Polar Meter integration via @polar-sh SDK\n- Module manifest gains optional 'meters' field declaring the usage dimensions\n- Runtime: module reports usage via tRPC modules.reportUsage(slug, meter, delta) — gated by license\n- Billing: Polar rolls up usage monthly; webhook events translate into revenue_event rows\n- Author-side: dashboard shows usage graphs + projected revenue\n- User-side: studio shows current usage with soft caps before hard billing\n\n## Why Phase 2\n\nOne-time + subscription covers 95% of modules. Metered billing adds real complexity (rate limits, reconciliation, disputes). Ship it when we have a use case demanding it.","acceptance_criteria":"- At least one test module uses metered pricing end-to-end\n- Usage events reconcile between our ledger and Polar\n- User can see current usage in studio","status":"open","priority":4,"issue_type":"task","owner":"me@cooperm.com","created_at":"2026-04-24T03:45:52Z","created_by":"Cooper Maruyama","updated_at":"2026-04-24T03:45:52Z","dependencies":[{"issue_id":"stackpanel-tvv","depends_on_id":"stackpanel-24e","type":"blocks","created_at":"2026-04-23T20:46:18Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-tvv","depends_on_id":"stackpanel-89x","type":"blocks","created_at":"2026-04-23T20:46:18Z","created_by":"Cooper Maruyama","metadata":"{}"}],"dependency_count":2,"dependent_count":0,"comment_count":0}
+{"id":"stackpanel-bni","title":"Nix option: stack.deploy.stateBackend = 'hosted' | 'local'","description":"Expose the state backend choice in .stack/config.nix so users can opt into the Pro backend declaratively.\n\n## Scope\n\n- nix/stackpanel/core/options/deploy.nix: new option stack.deploy.stateBackend (default 'local')\n- When 'hosted': emit STACKPANEL_STATE_BACKEND=hosted into _envs/deploy, and mark ALCHEMY_STATE_TOKEN as required\n- When 'local': leave current behavior untouched\n- Preflight warning if 'hosted' but no ALCHEMY_STATE_TOKEN in scope\n- JSON schema update for IDE intellisense (.stack/gen/schemas/)","acceptance_criteria":"- Config validates with stateBackend = 'hosted' + ALCHEMY_STATE_TOKEN present\n- Missing token emits a clear preflight warning\n- Default-unchanged behavior: existing users see no difference","status":"closed","priority":3,"issue_type":"task","assignee":"Cooper Maruyama","owner":"me@cooperm.com","created_at":"2026-04-24T03:41:28Z","created_by":"Cooper Maruyama","updated_at":"2026-04-24T07:36:45Z","started_at":"2026-04-24T07:34:36Z","closed_at":"2026-04-24T07:36:45Z","close_reason":"Closed","dependencies":[{"issue_id":"stackpanel-bni","depends_on_id":"stackpanel-9dq","type":"blocks","created_at":"2026-04-23T20:42:09Z","created_by":"Cooper Maruyama","metadata":"{}"}],"dependency_count":1,"dependent_count":3,"comment_count":0}
+{"id":"stackpanel-tvv","title":"Phase 2: usage-metered pricing via Polar Meters","description":"Enable modules to charge by usage (e.g., 'N deploys/month', 'M agents run') in addition to flat pricing.\n\n## Scope\n\n- Polar Meter integration via @polar-sh SDK\n- Module manifest gains optional 'meters' field declaring the usage dimensions\n- Runtime: module reports usage via tRPC modules.reportUsage(slug, meter, delta) — gated by license\n- Billing: Polar rolls up usage monthly; webhook events translate into revenue_event rows\n- Author-side: dashboard shows usage graphs + projected revenue\n- User-side: studio shows current usage with soft caps before hard billing\n\n## Why Phase 2\n\nOne-time + subscription covers 95% of modules. Metered billing adds real complexity (rate limits, reconciliation, disputes). Ship it when we have a use case demanding it.","acceptance_criteria":"- At least one test module uses metered pricing end-to-end\n- Usage events reconcile between our ledger and Polar\n- User can see current usage in studio","status":"open","priority":4,"issue_type":"task","owner":"me@cooperm.com","created_at":"2026-04-24T03:45:52Z","created_by":"Cooper Maruyama","updated_at":"2026-04-24T03:45:52Z","dependencies":[{"issue_id":"stackpanel-tvv","depends_on_id":"stackpanel-24e","type":"blocks","created_at":"2026-04-23T20:46:18Z","created_by":"Cooper Maruyama","metadata":"{}"},{"issue_id":"stackpanel-tvv","depends_on_id":"stackpanel-89x","type":"blocks","created_at":"2026-04-23T20:46:18Z","created_by":"Cooper Maruyama","metadata":"{}"}],"dependency_count":2,"dependent_count":1,"comment_count":0}
diff --git a/.github/workflows/deploy-api.yaml b/.github/workflows/deploy-api.yaml
new file mode 100644
index 00000000..0a13a53e
--- /dev/null
+++ b/.github/workflows/deploy-api.yaml
@@ -0,0 +1,123 @@
+name: deploy-api
+
+# Deploys apps/api to Fly.
+#
+# Linux runners because skopeo-nix2container doesn't build on darwin (upstream
+# bug in the vendored go.podman.io path). The whole container pipeline — build,
+# push, deploy — runs on ubuntu-latest where the standard nix2container
+# toolchain works without patches.
+#
+# Triggers:
+#   - push to main touching apps/api/** or packages/api/**
+#   - manual via workflow_dispatch
+
+on:
+  push:
+    # Include feature branches matching feat/cloud-gate-* so we can verify
+    # the deploy pipeline before merging to main. Production deploys still
+    # gate on main.
+    branches: [main, "feat/cloud-gate-**"]
+    paths:
+      - "apps/api/**"
+      - "packages/api/**"
+      - "packages/auth/**"
+      - "packages/db/**"
+      - "packages/gen/env/**"
+      - ".sops.yaml"
+      - ".stack/config.nix"
+      - ".stack/config.apps.nix"
+      - "nix/**"
+      - ".github/workflows/deploy-api.yaml"
+  workflow_dispatch:
+    inputs:
+      skip_build:
+        description: "Skip container build/push (deploy last-pushed image)"
+        type: boolean
+        default: false
+
+concurrency:
+  group: deploy-api-${{ github.ref }}
+  cancel-in-progress: false
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+    env:
+      FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }}
+      SOPS_AGE_KEY: ${{ secrets.SECRETS_AGE_KEY_DEV }}
+      # mkAppDir reads .output via this absolute path so freshly-built
+      # untracked output (apps/api/.output/server/index.mjs) lands in the
+      # nix store. Must be visible to BOTH `nix build` and the push step
+      # (each re-evaluates the flake separately) — set at job scope so
+      # the derivation hash matches across steps.
+      STACKPANEL_ROOT_ABSOLUTE: ${{ github.workspace }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: DeterminateSystems/nix-installer-action@main
+        with:
+          extra-conf: |
+            accept-flake-config = true
+
+      - uses: DeterminateSystems/magic-nix-cache-action@main
+
+      - uses: superfly/flyctl-actions/setup-flyctl@master
+
+      - name: Install sops
+        run: |
+          curl -LO https://github.com/getsops/sops/releases/download/v3.11.0/sops-v3.11.0.linux.amd64
+          chmod +x sops-v3.11.0.linux.amd64
+          sudo mv sops-v3.11.0.linux.amd64 /usr/local/bin/sops
+
+      - name: Stage Fly secrets from SOPS
+        run: bash apps/api/scripts/push-secrets.sh
+
+      - uses: oven-sh/setup-bun@v2
+        with:
+          bun-version: 1.3.11
+
+      - name: Build api bundle (produces apps/api/.output for the container)
+        if: inputs.skip_build != true
+        run: |
+          bun install --frozen-lockfile
+          cd apps/api && bun run build
+
+      - name: Build container image
+        if: inputs.skip_build != true
+        run: nix build --impure .#packages.x86_64-linux.container-api
+
+      - name: Push container image to Fly registry
+        if: inputs.skip_build != true
+        run: |
+          nix run --impure .#copy-container-api -- \
+            docker://registry.fly.io/ \
+            --dest-creds "x:${FLY_API_TOKEN}"
+
+      - name: Deploy
+        run: |
+          flyctl deploy \
+            --config apps/api/fly.toml \
+            --app stackpanel-api \
+            --image registry.fly.io/stackpanel-api:latest \
+            --wait-timeout 300
+
+      - name: Verify health
+        run: |
+          curl -fsS --retry 5 --retry-delay 5 \
+            https://stackpanel-api.fly.dev/health
+
+      # Idempotent ACME cert + Cloudflare A/AAAA records pointing at the
+      # Fly app's IPs. Skipped on dev (the .fly.dev hostname is enough)
+      # and only kicks in for production / staging / pr-N stages — see
+      # apps/api/alchemy.run.ts.
+      - name: Bind public hostname
+        if: github.ref_name == 'main' || github.ref_name == 'develop' || github.event_name == 'pull_request'
+        env:
+          FLY_IO_API_KEY: ${{ secrets.FLY_API_TOKEN }}
+          STAGE: ${{ github.ref_name == 'main' && 'production' || github.ref_name == 'develop' && 'staging' || format('pr-{0}', github.event.pull_request.number) }}
+        working-directory: apps/api
+        run: bunx alchemy-effect deploy --stage "$STAGE"
+
diff --git a/.github/workflows/deploy-docs.yaml b/.github/workflows/deploy-docs.yaml
index 4deb9390..bf91db08 100644
--- a/.github/workflows/deploy-docs.yaml
+++ b/.github/workflows/deploy-docs.yaml
@@ -99,10 +99,14 @@ jobs:
           # SOPS AGE key used by `loadAppEnv` (sops-age) to decrypt the
           # generated per-app payloads. `production` uses the prod key;
           # everything else (staging, pr-*, dev) uses the dev key.
-          SOPS_AGE_KEY: ${{ needs.stage.outputs.stage == 'production' && secrets.SECRETS_AGE_KEY_PROD || secrets.SECRETS_AGE_KEY_DEV }}
+          # All stages encrypt with the github_actions age recipient
+          # (SECRETS_AGE_KEY_DEV's pubkey). The previous prod/dev split
+          # was stale — SECRETS_AGE_KEY_PROD's pubkey isn't on the prod
+          # payloads, so production deploys failed at decrypt time.
+          SOPS_AGE_KEY: ${{ secrets.SECRETS_AGE_KEY_DEV }}
         run: |
           set -euo pipefail
-          bunx alchemy-effect deploy --stage ${{ needs.stage.outputs.stage }}
+          bunx alchemy-effect deploy --stage ${{ needs.stage.outputs.stage }} --yes
       - name: Comment preview URL on PR
         if: github.event_name == 'pull_request'
         uses: marocchino/sticky-pull-request-comment@v2
@@ -139,7 +143,7 @@ jobs:
           SOPS_AGE_KEY: ${{ secrets.SECRETS_AGE_KEY_DEV }}
         run: |
           set -euo pipefail
-          bunx alchemy-effect destroy --stage ${{ needs.stage.outputs.stage }}
+          bunx alchemy-effect destroy --stage ${{ needs.stage.outputs.stage }} --yes
       - name: Delete cached alchemy state
         if: always()
         env:
diff --git a/.github/workflows/deploy-web.yaml b/.github/workflows/deploy-web.yaml
index b0b29bee..efbc8ebb 100644
--- a/.github/workflows/deploy-web.yaml
+++ b/.github/workflows/deploy-web.yaml
@@ -96,7 +96,11 @@ jobs:
           # SOPS AGE key used by `loadAppEnv` (sops-age) to decrypt the
           # generated per-app payloads. `production` uses the prod key;
           # everything else (staging, pr-*, dev) uses the dev key.
-          SOPS_AGE_KEY: ${{ needs.stage.outputs.stage == 'production' && secrets.SECRETS_AGE_KEY_PROD || secrets.SECRETS_AGE_KEY_DEV }}
+          # All stages encrypt with the github_actions age recipient
+          # (SECRETS_AGE_KEY_DEV's pubkey). The previous prod/dev split
+          # was stale — SECRETS_AGE_KEY_PROD's pubkey isn't on the prod
+          # payloads, so production deploys failed at decrypt time.
+          SOPS_AGE_KEY: ${{ secrets.SECRETS_AGE_KEY_DEV }}
         run: |
           set -euo pipefail
           bunx alchemy-effect deploy --stage ${{ needs.stage.outputs.stage }} --yes
diff --git a/.gitignore b/.gitignore
index 28f9deb4..244b3897 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,8 +1,11 @@
 .artifacts
 release.tar.gz
-.stackpanel-root
+# `.stackpanel-root` holds a single "." so the stackpanel-root flake
+# input resolves to the flake source dir across machines. Must be
+# tracked so the flake input can read it during pure evaluation.
 *.local.json
 .worktrees/
+.patch-work/
 # Dependencies
 node_modules
 .pnp
diff --git a/.sops.yaml b/.sops.yaml
index 270e5a6e..19d4f4d7 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -13,7 +13,7 @@ keys:
   - &coopmoney_3 age1dwqnyurvm7vasf9n7alduzmg79nczkuafknr8x3l4jnzwnuzzydqj0y92p
   - &coopmoney_4 age1dx6u86w8d242tvjesz362caf4lcatw24ldd0hj9qn7xhqw0s0c5qus8wxt
   - &fkb032 age1h0nv9lwkkhd9y0rlf832g3lualvjafqpyvlkgf8d0cn6c4zg959qkrfzt3
-  - &github_actions age1eqcj2g0fdekj2wpqp4y0fg9c5myydjdt9zlr5scr0grk6fxszymqkpw5jf
+  - &github_actions age1d9h9mm3u5qalmpl2pf62pyzqj8t654n435emn93rutv0cg9sr32sg64fdj
   - &jjkoh95 age1fm7zr0ea3d589tkgcz2klqgnajduzkr25e8tnhh7qxzuleqxq3yq3c0s3t
   - &keyservice age16wuzuxnkcgfuxzvzgk5e5a5f6hhs386adjewyv54m9esr4yj6uuslpn6tp
   - &local age16rkvks3tljju3y6xu0l7luhjzx634et97g3xe58xf2dgfn2865rqkq6t8f
diff --git a/.stack/config.apps.nix b/.stack/config.apps.nix
index 60054235..734b8c9f 100644
--- a/.stack/config.apps.nix
+++ b/.stack/config.apps.nix
@@ -47,6 +47,43 @@ let
   };
 in
 {
+  # apps/api
+  api = {
+    name = "api";
+    description = "Cloud API (Better-Auth, Polar webhooks, hosted alchemy state).";
+    path = "apps/api";
+    type = "bun";
+
+    bun.generateFiles = false;
+
+    env = {
+      PORT = {
+        value = "3000";
+      };
+    }
+    // envs.shared;
+
+    container = {
+      enable = true;
+      type = "bun";
+      port = 3000;
+    };
+
+    deployment = {
+      enable = true;
+      host = "fly";
+      fly = {
+        appName = "stackpanel-api";
+        region = "iad";
+        memory = "512mb";
+        cpus = 1;
+        autoStop = "stop";
+        minMachines = 1;
+        forceHttps = true;
+      };
+    };
+  };
+
   # apps/docs
   docs = {
     name = "docs";
diff --git a/.stack/config.nix b/.stack/config.nix
index 982e2983..00ec17e4 100644
--- a/.stack/config.nix
+++ b/.stack/config.nix
@@ -144,7 +144,13 @@
       warnIfMissing = true;
     };
     settings = {
-      backend = "nix2container";
+      # dockerTools emits a standard docker-archive tarball that the
+      # system skopeo can push without patches. nix2container's
+      # skopeo-nix2container currently fails to build against skopeo 1.20
+      # (upstream patches `vendor/go.podman.io/image/v5` but that path no
+      # longer exists in the vendored tree). Switch back once the
+      # upstream bug is fixed.
+      backend = "dockerTools";
     };
   };
 
@@ -304,6 +310,31 @@
         secret = true;
         sops = "/dev/postgres-url";
       };
+
+      # Fly api deploy secrets — routed through the CI-accessible deploy
+      # scope so the deploy workflow can decrypt them. push-secrets.sh
+      # reads from the rendered deploy payload, not shared.sops.yaml
+      # directly (which is encrypted only for human users' AGE keys).
+      BETTER_AUTH_SECRET = {
+        secret = true;
+        sops = "/shared/better-auth-secret";
+      };
+      POLAR_ACCESS_TOKEN = {
+        secret = true;
+        sops = "/shared/polar-access-token";
+      };
+      POLAR_WEBHOOK_SECRET = {
+        secret = true;
+        sops = "/shared/polar-webhook-secret";
+      };
+      POLAR_PRO_PRODUCT_ID_PRODUCTION = {
+        secret = true;
+        sops = "/shared/polar-pro-product-id-production";
+      };
+      POLAR_FREE_PRODUCT_ID_PRODUCTION = {
+        secret = true;
+        sops = "/shared/polar-free-product-id-production";
+      };
     };
   };
 
@@ -749,10 +780,13 @@
         };
         local = {
           public-key = "age16rkvks3tljju3y6xu0l7luhjzx634et97g3xe58xf2dgfn2865rqkq6t8f";
-          tags = [ "dev" ];
+          tags = [
+            "dev"
+            "deploy"
+          ];
         };
         github-actions = {
-          public-key = "age1eqcj2g0fdekj2wpqp4y0fg9c5myydjdt9zlr5scr0grk6fxszymqkpw5jf";
+          public-key = "age1d9h9mm3u5qalmpl2pf62pyzqj8t654n435emn93rutv0cg9sr32sg64fdj";
           tags = [
             "dev"
             "staging"
diff --git a/.stack/secrets/vars/common.sops.yaml b/.stack/secrets/vars/common.sops.yaml
new file mode 100644
index 00000000..5f779659
--- /dev/null
+++ b/.stack/secrets/vars/common.sops.yaml
@@ -0,0 +1,161 @@
+alchemy_state_token: ENC[AES256_GCM,data:qj9L0l9/Gag4HEZrHe1i4xy9GlzinW104yc=,iv:jHITR1HIzlMEGzP6F/c6VBKPhB2a/6ekk/p7Al99nqg=,tag:uTSDHFYygmuDebYRxI8Zlg==,type:str]
+alchemy-state-token: ENC[AES256_GCM,data:s0ogaZrbQ9/eeBMHSn2C0tDc7mssSF3+IqXuXkLNOWBb6yGLVbS/gP4RAZg=,iv:xx/a20zxsQ2vgBozh0rwuZRv0learBObR8Sdf69dU1Q=,tag:wjVymVZHToR2lpOQy818lQ==,type:str]
+sops:
+    age:
+        - recipient: age14vpdar7vzznyxgskp9772zjar95n8l2f36w6tzk980889t7kjdqsc5a50q
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzNnJRU2VmKzUxRjJyS0l0
+            K3U3VUlNVDRxSTY0dE9pcHAvNUNzVmFEUlJ3ClBna05pS01qSVRXMTRHMHM1R1lX
+            aFBpWDFxQll1QUNhK1BhN2pQQmJmdVEKLS0tIElBQXBDSXdlc0IyYXA4QTVyNXpn
+            ZzNyMm9KS3VEQ0lXZnVwdFFPL0tOcVUK0O9bIq4xNmMSJZP133J6bKJwAeFe/qu/
+            ixX8mbQ5s6SJb2JkWdRLQPH5r36cqy8WcohI7cg47++NEo1UjZ2Mkg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1ugmyh9qcz05ehtkgnt2nn3jfz2rf2umnmqx69pgp2ue82dn7vpuqlc3g7v
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5WmNZN2F5N2dNeGwzVksr
+            dG16b3Nld3U4dWJCWUFtNm9RZzJPTFRsRkNvClgzWW5aT2xrLzNBcURLZmNnOHdI
+            bHdRQzI3ekF3bGNsM0w1WlBQMjMwa0kKLS0tIER5bFI2dkNxSFFyUjA4NWNsMlcy
+            OUNLcHZ3aEdoMnlPZ2h3b3RXQU9JMEUKtUc0UxB/yfEhYncQmpzgqOlFFf20gwep
+            47k27glisau3Wfs9EohuTgCPnqaGCbfQvdSMvCkQrEKXrp6UV+IQSQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age16ymszt6hmv7p3w596w5wlzng7wgk6mwcchr8s2nvwutnx2nrzyqsvn678s
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkSG4zMzAveXhFeWlBSlE5
+            dWhYZlBMRGZiTVNrWCtUVzZKQUpxejJyNm1jCmdGdG9BTEtOend6UFc3WTJ1RzR4
+            YnMrOU5vNjduMElVSEwxOWhnK1RCeUUKLS0tIDNCTXQ5WC94bkNIVDZhMWF4ZGs0
+            U2dCSmF0cHd0VHl3Yi9sbFYzVHZYRDQKlNCaVjmRYRaZHihgWcfA4CwoN1xlAiNE
+            x/zYI3Ep6/vLKGkQpXVa2AbCEf7CiGeHKfoqo5cYeWzzPYZNtlDvCA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age12vnpyjwhnnm85vktfmg6jwzn55fcg0lmgn6q0wx2z4wawnwgm5cqt6yf2f
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQTzRoZ1NjY1o4bHhobWVI
+            d1QxMXY1aW5jSGJ2L1JWcmpZUzNYQ2dFZGhVCkQxWGNXWTZZRFJtQXVFQnoybHVX
+            c1JWaW15eVJoZnJyOFdYaXlaV2dyMDQKLS0tIEV2eGZYaUpTc3lYb1RaamVoR2h3
+            SnF0ckFGZmhIQk9rUXNON1BGbzJ2MmcKwqVShGTzXtz4gR9bwKhOWj3ZDyn6yB8T
+            fXXSKSKAyaYbOlmLgfGwhAMehd/uLmZQuZ9E3/TVIOX+nctx1pn0HA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1ruav09tz635tt3sgq55pgn83qnte0j2nx0jd6gvjxelkqqdtygcqgcam2t
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBQm95a3YvQ3V4KzlGaGVi
+            clFoY0tpRVFyb0F4RUVUR212Vm5aODZ5REc4CjN1TDArajEvWXBETUF1S0N5VFNU
+            L3RiTHNEQVF3SkMwL3BLbVdRZW5KV3cKLS0tIC9MK0hsenhjVFYyc0J0R2dheXFa
+            MVdiNTc1M3BGVi96ZFRyVDk2clJZSGsKG+jPH1qSr5Q3NpTJJk9cY+K74ZNjS16G
+            cSuyOCDpX9xjC5eW/nYjhvihndFEsrNbr2FTGGfIKxFhDTiCn17qpw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1ph0gtrpvus5y2kl5t5wnmlcjpevavxf4l2aagrqyp7nng7jvluus959fvq
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1VFVZQXhGN203UTAvQU9l
+            SllwUitOUmZoS1RsRlQ5bjh6RXgvQlpiTHdnCi92RWptYm9UYk9qYkdTYjdoL0hl
+            TmU2VzNJTXZWclNXUk41bnFDRUhDWlEKLS0tIFZhRGVPQmNTQnJ3aCt4NHY1Ly9h
+            bWl6SlFwa2g3WlR1WThCVDlsSUNzT2sKBc00gZQMA0X5hoiXwR5FvgR824tip1iT
+            w0mIId0681l3iSl69eMZBQIffHnQ8nS0bEhYblf5Fw8ku3TTFcM8JQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1sy6t7kdeyf63mjnrdnqm08rjv2s5ddexgncuq4ps6z4c5hgg4dzqp6pznq
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjOEtaNnhpWGVoNXFNa3Yz
+            NUhNa09UREFPM25neElhaUw4YzQyUXlwcnhRCjhKMVRBYVRaYXlueUg0b3ZpbDha
+            UERDU3crQ0IxSFd2THh0Q3B3cmtyVGMKLS0tIDVRa3lHc292Z0VDU1NwdVd0RDZV
+            Ky9uOVo0V1NnR0NFeHBiUit6TVZ5ejgKDXnZRZQJsDCvNI5zUmAqLXsFpfPg0dmt
+            tNg7T895K4KB0pfrCXxYwav9Y+lJMQRbtLUq1cU9W3fRPHRQyeuDfw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1ruav09tz635tt3sgq55pgn83qnte0j2nx0jd6gvjxelkqqdtygcqgcam2t
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKajNkZGtHUCtUaXRuYkhu
+            c1gxUmxCZ0VwUzhlWkV2YlhRZmI5NWN0SlNZCkFsRHdrT056TjQxYUJEeWlZNzZB
+            d1BoSVJhd1dRNEZFMElaY0VZenU5bGsKLS0tIFpOb201Z1Z6N2s0YktXNHF2TEZo
+            WHBBWUFFZitjSk1nMUd4Znl5QldaSVEKxUzQxRabwSsWF4NbL4KklM78nODR6pZh
+            4/EcLSJccTX+g7qq7zlKtE2Kk5txMZdcVzCWb7I6ALPSGHzLqtQH2A==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1dwqnyurvm7vasf9n7alduzmg79nczkuafknr8x3l4jnzwnuzzydqj0y92p
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrTWxNNE96M3NBeEhYNy9t
+            TGc5MmF6NTd5VXdCZzc3Q0dRT0FuNi9wV1ZBCmsreDM2VmJMYVQrMmludzNhdWQ1
+            cTQydDNwSVBJdmh3emd0QURBcEpKZ0kKLS0tIHAvbE5MMnJpVWFkQ2tCNnlocGZw
+            SG9TYUlIYTY4VUpkeUovOWxoZ2pkUDQK0yRnv+Z721B51dP0D498YeA0IqRsdOYL
+            DtbbAGZWtskvFfRK7pE23p32vkbsM9LUo+5KP5NdLkVR8KupayRR3g==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1dx6u86w8d242tvjesz362caf4lcatw24ldd0hj9qn7xhqw0s0c5qus8wxt
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSY3FsZnJvbEQ3K1REd2VY
+            VXAxOVdtZE94SU5zNlJ2SzN1ZzB1ZG1TOTFVCnlQa2pjNGdDeDcwMHNPSTk1czU1
+            RWswaWlGSWlqR3h2Q1hyaDJOdks2N1UKLS0tIE1qTUE1SnhkSXdObTk0dTZiZWxI
+            Z1U3SXdEY1dURktHV1VtaW1QY21ONUkKrLHd7ZPB8wODa2tLvz7RPUqBd3Q1H02h
+            n8X2TZD5mZYZPZkxI+2mtHCHEn3LaUHaUZi8afJnhQnfsvTnIgZhHw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1h0nv9lwkkhd9y0rlf832g3lualvjafqpyvlkgf8d0cn6c4zg959qkrfzt3
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzaE1scWZLYVJMTjVjUkJW
+            NWY0QjhZaWl0RWJidkJkc01HWG5FaVpuczBrCjhvRXVlSHVCT0p6Ukl1Tm04VERI
+            Z0d4TGtab0h3Q1l1MzVYSWpVOUtjUE0KLS0tIHl0d0pqamZoOERoa1FqR1I1VitC
+            aWZsa0NvZWorSmg5aDAwVkUvVVZGY0kKq2jIONa2nhOwAjMb8nxVVvEb20Sa9+ga
+            oJvP2ywIvV0fXp7bPvi3Gh52tItnFOcA5fklQVMSyN2i4S8HS8diUQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1d9h9mm3u5qalmpl2pf62pyzqj8t654n435emn93rutv0cg9sr32sg64fdj
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGZEtNbXJHRTFudEZFSW9s
+            dm5CVFJTQU40TzNscHJRRElvblRzelcwYVQ0CjlYaDZIMitRSGw2SWpaM0V1Yk5n
+            ZktKY1JqUVUyM3lLNUZSUkZ6bTZCU0kKLS0tIGhkOEVxN3NQYk1ZZjJ1MGF3anlD
+            QTkzVkJ0ZE0wTFBrekpDRkJXQi8rSncKOpTuTnHKI8sXHyOpwZSov1X1EdI4HIIt
+            BGSxBv/ztZR9RaHFAWIwJQXE0q5rKe2CE2PjFLrA5k0aen/yPcxbeg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1fm7zr0ea3d589tkgcz2klqgnajduzkr25e8tnhh7qxzuleqxq3yq3c0s3t
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1U0pPYm1YM0hteld0NGRn
+            SStzVTI5Wm9JSGhtWVlyUHRwek9jYmpmc2lFCllzMUpEUGhHTGZZT21wc2dBRTNR
+            c1R6SW1aenNuL0ZlL0NMSHE2aFFGZ28KLS0tIHVudWhuWXk2SWh0MFVOSDJaMjR2
+            K1pKNkhjdjZlL1cwZ1p2bExsODBtRUUKdFmHherzXR6290QJmg8FXnRiKYWdIqyN
+            3/hvSub1tiQpSggCaLm7GXiiKXMSjM1M0GZg6d5865ILDhhpd1/qVg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age16wuzuxnkcgfuxzvzgk5e5a5f6hhs386adjewyv54m9esr4yj6uuslpn6tp
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtcW5XN2VQZEJxOWk2bDM5
+            d1V1cjRJRVlkTXNPZmllV2pjOTNjU0JBZlc4CmVtTDZFV2pOWXpzMHM0aHJrMXdB
+            dm5yNEcyOGZZMCs5WUsrcjJnODNNSE0KLS0tIERtN3dSeUl5RXErcG1VZEdtWkNR
+            MGxSRE5Ycm1LTjMvaXllWUNUUTlXczAKa1GM4IbmT4YS0U/XR+FnDMVomMOnP4+n
+            b6YCuzWK+DmI86EuRLjq/p5gvizDbNSLShs7VM9PocB+GFKyFrE7oQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age16rkvks3tljju3y6xu0l7luhjzx634et97g3xe58xf2dgfn2865rqkq6t8f
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtZWdsUHBGUFZlRjcwTkR4
+            Tkp1enZyb0V4VXpqS3RhMy94bDRXRTZMdFVJCk5RVXpHYmtmTDBiM2lkdEFaejNP
+            Vk5zUkRPN3F1QkNMOUtVVXNzd0JaNVEKLS0tIFovMmJZcllOK25LWDRWVUlCWXpC
+            TmphVEVvRW40REpoWW5XenY2dGo5YkEKDR6KQ5zG+Lp8deF9IK2oLI50oHPYB6YR
+            Xjenadu2RseZrRL57MUCIZjheqTm0E0WUB+fCX2sJ4aA51e3jb4lfA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1yuh8vhakrwn2nm4dzxmdp99cmvl3cd4af36p5w2v559263a4uy4sulpn60
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZZkdiNnkrVXh5dnJKWHh4
+            QlVrQ0RiSVlTanBoUjMyTXdwL0ZweFRMOXdvCmVvSnhxdTBSSndmSEMxa3pTcVZl
+            VEdGT09zYWQ3clk2dXVyY1J3Zk81SU0KLS0tIFQycUdMOURBZm5ZNGtweFJubk54
+            dWtkdWNEbisvUlRLMWhRVlJEV2VYVHMKssbK4/2B5XehwiYNCRTtaby8cOsIOsqp
+            yFaipRCQ+NPy5gPbQxNJK3nfS4ZJU5GsMn/mFH2R9voJ99BiFyKDqw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age17dh936q0l622ez7m0zfak46awqdx35hldqzsfnh72cgtcthlhg4qdl74fh
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLUU9udGpWd0wwWHRKZFlU
+            V3V2aEJRV29FbmNTY2FRSm9uU1RaZElnUmswClRIODBsd0pLRGZ5S0h1U3l6NU05
+            MGJmOGlKT1o2Y0NZZUFCTzR4MHR4TjAKLS0tIDExWDFUZTNDQ285cUVaRnROb2Ew
+            ckg0eWF3ZU1Cd2lpd3FIcnFabFdjeDQKEK6+RfVfGhAblCR8clwF0nfbeywB5Vxy
+            BpbomVDix8FiJvGNX5PJDmeaPk3D86lqQBkBiN9WxPXdLrZl7Mw1XQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-04-24T14:26:55Z"
+    mac: ENC[AES256_GCM,data:EyTu6ARdqi+Uz8PYtffa6KJyL6U5WodlGYuGXdoSCkakD0QmJ2wtqv8D0QKKdTGybcD2piwVMPsFcibZpA9wBlpgbTX2C4N8Qk0s4GjwHXDWyMPpBhY0u5qngBtzGUpOZglXkKO0BXkdzHN1oKI74cNPnQsjdkSIgdl5xoOppHs=,iv:I2jFgPWfw3vTTYwJtiln/iaZZpihFl2acxI8ftz6wC0=,tag:iYPDJx4s06/JNRXUZewyLQ==,type:str]
+    unencrypted_comment_regex: .*
+    version: 3.11.0
diff --git a/.stack/secrets/vars/dev.sops.yaml b/.stack/secrets/vars/dev.sops.yaml
index 18c5a5dc..3f346445 100644
--- a/.stack/secrets/vars/dev.sops.yaml
+++ b/.stack/secrets/vars/dev.sops.yaml
@@ -7,155 +7,155 @@ sops:
         - recipient: age14vpdar7vzznyxgskp9772zjar95n8l2f36w6tzk980889t7kjdqsc5a50q
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjOHYxWVk4U3c4dEtuZ0E4
-            SW4rRzg5OEVUUkc3Qjh3OVNXbUtJV0Y3b0U4CkhBbWJXNFJZRGJKTWplcnlKUnBa
-            QlVGaVlndjdMR0gxSE1Vek0rNVJFQzgKLS0tIDYwWjU4NW9tZTcxM1RvVU5MRE1t
-            NDlUWkNKOG9ZUzE5SXc4LytuUUt2L2cKiQXHpeSX3xxP2ZgOfndyopfiGeEzrBYz
-            u86HaQmAZqOUd98lKJcmTWkKleje4CkRpvHRyK8msD2NKDcbyX+BMQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDb2dxNWRPSVNKcE02ZUhx
+            QlFCck1nOFBUTzFxcGprUHY4K01MZ0pxbDM4Cnh5dmhucmFTN3hpUEZnVXkxUFNY
+            YXo4bmg4RFhxU1YxUTBvWGVDcHNiUlkKLS0tIE13WGtiV3kydUN6dHNPbEhmTk1K
+            MFNHVm1Yc3AyNS9MeWJqZTV0cmRRQUUKl3hTHZcIbMhm43OAguk57k9lVsSUxYcZ
+            GLkjmDamV+opgOWbyP53JCezdEPGMQ6f4G8eCfWKECsw6lfmrl+qNg==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1ugmyh9qcz05ehtkgnt2nn3jfz2rf2umnmqx69pgp2ue82dn7vpuqlc3g7v
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3ZWhkUVlIbTdWYVREV0hR
-            Ri9PSmtRSXkyMFNjdEluVkxnb3Rybk93WWdZCkVvSTVNOWp5cFM0dUpmZ2FWQmxY
-            blJKVVhNcXNzU24vL0d4VnlqeDJHRDAKLS0tIHFYdURBQ281Nm1rZGZuTFJJV1JZ
-            SjFob0llZEpPREh1TE90eC9ma25ud0UKbJgAXail/AdEbVsTWbllZ1kbI/bebvnA
-            bZWiWyBP29tuvY+G9kZCAwvHndrBBcYpmBqb9OuKCSTzZs7NaeqoPw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArOFZieEtiNkVQdjc3UGlK
+            SkcrWWRsWitTdHN0alhRRisrbGtyRmozQ1FRCjQyMzFMZFVLYnNTUER2Zy80ai90
+            RitiRDZHRVJFMlQwWnYvR01RcG5STHMKLS0tIFpIWUROVHcyZ0dvTTBXUWtvZEg0
+            Zmxja0phTlIrV3pybUxqTmdUUDNtM2cKd3sW1gOkNtNqCpb4PwGh0Tbm7wJT2o0x
+            6ZbTy+INI8GZWqH7G0xlDMPQvLUhmmVOTBXGH6iB4A53j8V5OilByQ==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age16ymszt6hmv7p3w596w5wlzng7wgk6mwcchr8s2nvwutnx2nrzyqsvn678s
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnUnFMNEdHeStlMFliMEp5
-            WndOZElUSG1qQ2VQUlFMdEdzVHpiYklNcTJNCjltclJIWDNheURYNkdvRE9yeENN
-            RW1Nd25LMlNnSHFIN0ZSOEVhNHlWZ3cKLS0tIERQMXU4bmowZU1JQjdWZWZLTmFr
-            aGwxbytzODEvcU5RZkJnR0ZwK2NpakkK3QeHPfx/Pm65oHuy/161QZ3X+q54dQ48
-            9Mlkm1YkS7kHVC1lhqfJLvM7nimEx0LmQH7+uwUbnSUg2FMe+KMjpA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyTzNlUFlIemZ5NmphSU5s
+            MHBrMzdKYTlhc25HWnRJb1d4L0V1bjZXTkg0CmJ6R3FIVDBLQ2U3alk1dUdpUXhn
+            ZERSVUpvcWdodEJxYWNxcTdlVDdlRHMKLS0tIHpJaU9MalNKKy85Y216VUlQL1pO
+            Zkd3dENoZTI4d3lGWWlvOTVsa1pTR0kKPm8ta/6TEM7tkhWwiUDQGtq8ghjoVZRW
+            BmROQCIOiSB+qTMWshkZAc0pUq5JhZC36kdoWx13OxsoRTQYzD60xA==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age12vnpyjwhnnm85vktfmg6jwzn55fcg0lmgn6q0wx2z4wawnwgm5cqt6yf2f
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsZHpvOEh0RnFGYlpUc1hh
-            T21abVl2Vm1OcTRQYzAyZnpldjkrYW9qUFZrCnhKU1l5T1BTcUZvRDBsQ0hiUFBT
-            N3Qxc1lKdWc4Wm1TY3lHV2R4OXgrSk0KLS0tIHZuYlFwTjU0Z1Z2Z0s3VmdyMm4r
-            QUdQaFMzM2xxeXlaVjMvcWNpVnBMRlUKyThZPvmrGE8MoyD/ADbXmi3zyKE6+nrP
-            JLmtsTH12lDnKPKrmblAXHsggTCQvB7E3qlv1b++d/yEaztcMakVXg==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHb1lpVlZMQ3pmV0tEeTBs
+            NkdKeVpBU1l1OWlndjRlV2MrdkcvN01ERVFrClE2dUM0NmlNSllyalp4b0V1NVIw
+            VXQ0ejhGUVRqY1ZKRXhVNlVmTmo5bUUKLS0tIHJYaFZxbWw3cEFMb3I3cU1Za2Qv
+            ak9NL1NLOStmQXdKM3ZCQU9sR1BBVGMKxPFNdvKAqcB9gPxtk2SuIW8wYDqNLnmh
+            0XYjk5NdvgSgvsXYPvEq3an9GOgq/nnUq5wh9tCxEVkWRGcaXesTAw==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1ruav09tz635tt3sgq55pgn83qnte0j2nx0jd6gvjxelkqqdtygcqgcam2t
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxTzZPOHdKN2RaTnduK1M0
-            bjB1VHU3Sm9EZWdPUS9jVFp1TVBXU3VlSVNjCjk1ZWRMVXF2b0pQaHErMWpBbTly
-            ZE95Z2pkNGhoQWpWR2V1c0RjMTl6blkKLS0tICtRUlhlelpvd1hBM1Z4WWRjOFBh
-            Rm51ZDNZa25xR1hGWlZBenVQNTZBdU0KRbFgOND373NBHWvnOMiNPvCsN0qeQVyz
-            Fb1/O2ynZuK27qEBOoLqH0uhc/3E2f7NJ7SYfpHcPYrUy5PPzahlKA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzOWhKRWNNbjFsd0tYeXV4
+            TUdJNTBUa3pycTFsZFpjblprTjVqaFhBTmtvCmRjNHZ1M0htV1BZYlhBUE4rZGRB
+            TFN5T1lzOGpsRkE3bmw1Sm43Z2RJMUEKLS0tIG4vOEFNUjFDcjBNeUYvREtyMEc3
+            L3VLek5QNTYyWGxla1ZmeXNLQWFMeFUKjhGE4fj1S10eUm+R/kTY50cYK7C4B070
+            PLjTS33/illFuj6PeMf6nIiyUG/0RIw+AEJdheqCYNE8C/4ycJ1K6w==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1ph0gtrpvus5y2kl5t5wnmlcjpevavxf4l2aagrqyp7nng7jvluus959fvq
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0cW1GOW9iV2NiQkJGSW1s
-            Um5BSTlTSWd6SDhCWkhkZXZ5akJIME5NQlQ4CmZCVldSTG16WHBEZEs4Sm51eUk2
-            ZWdObHFNNUxFekx3VW9TTjRoL21ld00KLS0tIE5tZ3hjVFVwZkI2cmNpa0lZZTZQ
-            Qm1mdHN4dGJ4bGFZa3RKT3I2ZWZJcGMKhSia8Td1ypbJiZlyi0Cz/tmC7XDTcOgB
-            r7wcSagCcRX0iXM+G5FdmbL/UDyTNmP3oIz1Rp9V/w//9Ex5lTcaEg==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwbEJ4ZjF4Tis1T2ZsNGNS
+            SHMwY1laT3I1b1RtdlM1Y1p5d1FXYjhjMkFvCisyUmVGUVJqWjNhQjJDcDV6VnJO
+            RERLbkhBUE02ZjJtWlBHcGxzMEhQTW8KLS0tIDU2UTNoTmh2Y05Hbk5NSy81emM0
+            bWhzbmwwQjYzeFllNCs2Y0UzZTdzMncKL+HZNrO7enr9xYQRfFl2L5VjEZirsRFg
+            GCj2goRj4yoUOPrE+Xb/Ad3IcZpxSfT1+Uvw2L1SgLHw62RnrualUw==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1sy6t7kdeyf63mjnrdnqm08rjv2s5ddexgncuq4ps6z4c5hgg4dzqp6pznq
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMaXZSOFhWOUFCUCt1MTVK
-            MlRBSDdZVVQ4akpwdHp1UU1LS3l6VjRWM0hVCkVwTFRiazBmNEp0MEdhUDF3UXNC
-            dXVTWkY0NTh1ZmNsRzIxSVdzV2E4bEUKLS0tIGE5NlZBMG1JaGpKMThpUGRqWVRa
-            TDJTeVcxN3YzZHNWcU83em9mVWFPU1EKKBvr+Rfgbd3Wd5paMqzu6YnN6gqeEpxt
-            y1qPGaQMwrG4nGKWCUZtUGLE8oNeags+LNw8V/L36qVwEs3JY0aWTw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqS2F0akdRRTJWUFh2QzQx
+            M3QxZ3FvR3hqd292TkUrbFAxUGtrNUk1Q2lnCm16dDJ6dVRXczYzVUR4WS92YzFm
+            anRUQmJMa1hCZjZKUEFsWVErU0orWjAKLS0tIHVYaFo4RGJSYnY5QThmcWthSGtK
+            WG9paTI4Y013aWJOUGVHR2YwNmJCR0UKTQEHr9sOXQZD2xQ9VgX4A00xsJjt6qzy
+            s9000fDZ1snZ03m1/SRWjRdgrUvbtsVtA25RnVtPvRqhUSQSu7uMWg==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1ruav09tz635tt3sgq55pgn83qnte0j2nx0jd6gvjxelkqqdtygcqgcam2t
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWYmlNSzF1SjNSUUxUY2Zo
-            amxyUXFMRFk3K3duWStPLzNyZGt4bFYybDE4CmFpaDlod2had3U0eFM5YXFsbThx
-            dFBwQWRaM0w2UHRLZFRxU3p1SzRsZFkKLS0tIGdyV1Y4N09xY1ZFeW8yZGlvZ0xm
-            QkRjNEhYZkptMWN6SWlKMHFZM253encKSA31enORoMOEUbaFVvlzS/C7yfQKvEkk
-            P1BkUKe2eCaFT7wqbsytwfnxMigcf/2CySd4/qUvr6gVdSd7CyW6Yw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGajRCZkZ0d0F1clVyUS9z
+            NmJkeGtVV3ZSb0hHVGtsQkZUT3lXWm1ENTFFCjVRQkd3c0hNU1JSMWc1SVFrS0Rx
+            K3NBSWEvRkE3cnFYd2xBMTlXc05SWGcKLS0tIDNqMzJGZlgwUzJDdEhPL2FlMnl5
+            Sm0yd3NLRy9qMlYxb0lncTREUXNnWW8KaKXGK2nYPkHQT8SFkVlT90mJFbcK0mSy
+            Co3E3GS/rfqCmnNr7nLlaBx1jXfrTihNUZPpr89/qh9bBPWDaCbhFQ==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1dwqnyurvm7vasf9n7alduzmg79nczkuafknr8x3l4jnzwnuzzydqj0y92p
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBidm5QSUxQWDk2Y1hsa0hl
-            R2d1QUpIU01yMWdzWDFyOWlQR3p0bm41aGg0Cnp0U20zbHpabFFlcTdFVzZhdEhG
-            aUxFSUZxNzloSzdFNjJES2g5M2pUbUEKLS0tIDluL3MzMFJ6c2tnN2tjR2tSR2dx
-            MlF0aC9lRVIza1FBRW4yU1pYdkJPWm8KzkBtGeu/t1FS75XuA9bSh0gK5OAOcOEU
-            StIZnsIP6+sV7EA50F+3IDwR4VI47vN3uUy4HD9n4akOOc0GW77taw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYVDlLZzVQTURwa0wwaWg5
+            SlpwTWRxdWxFSWVkenV3aVU0Z1FLZ2ZyS3pJCm81RVVhNE9OM0hUakxubWwrdVUy
+            WldjdmpQY1lZc2N5OFFNckorWWNtYjAKLS0tIFNyTDRrZC9HTEVGS2g5Z0Z5cmIv
+            TXY3V0xwRXk1ZUVpeWgrcHBQRTJNUHMKWKJkpRMgmWDjZuaNDhzvlQyegbbm/k/5
+            I38M2TI+tGgcSpoKWfPeFTfnxUzT+V0iAP/JGkPDwVlpaSoSXw5E5g==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1dx6u86w8d242tvjesz362caf4lcatw24ldd0hj9qn7xhqw0s0c5qus8wxt
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLalhIQzhQSU9FNkFMcGFH
-            dHhKdEtVbnprVG1yaGJqbHZQQnVuUmREaWxVCm9FODJ0L3lvUTBIczRIM2crWkdk
-            M1lUV3BLbENXUTVZODVaOGd2Nk8yRnMKLS0tICszM3N4UEk2M3VNTDJxQW13bVJR
-            SjZzbmZVRjh3cEJYNFFDZWw3OUE3VEUKElT3vyLB6VHsmUrUBlV5lIjVlt7VpDGM
-            ixYqfjQ6gV8RkSsHo0lq5FaFOJiPfb/P8uxlMU9uVTyfBJsmmU7zeQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmTERrQTdoSkwvTmpoU0lq
+            MWVtZGNFcWlKOEk3TW12Nmh1azA0Z3AxY1c0CitOZWxZT3dPSzErVFNrMEREQWQy
+            dzZWc0JqaVpqUHZNdmJxS2x5dDlGK1UKLS0tIGtRanA5V2lOMXAvanExU1h1a1cr
+            RGMvZkRNditCblUwTXN4bjdhaHdhdXMKboLfOsBoyielS/T5uFsrp2+xsxymW2lZ
+            zIG6DMyE+p5J5wHycmdpSNWqmkw8eaiu129QK0gMmEEr+Zg4RTVK4w==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1h0nv9lwkkhd9y0rlf832g3lualvjafqpyvlkgf8d0cn6c4zg959qkrfzt3
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEN25iVDJqZGx4V0l6aUdM
-            bVJGMFE1SHBURCtQbGhCVCtTV2Z5b1RqVUg0CnlpVCtRMnA4YktDMzJYRldpWDRZ
-            K0F4dVVvM0RXWlVCZDNaQzlsNEp4TU0KLS0tIENhc0E2czhrRGs3WlZJT3FrYVBO
-            SndLM0R3Y3VDZEl2T2VzRjBGd2tHeEUKDAhCGtxL4ptpX/GrnCJSd0FetsytFc0s
-            mWRl7IVnT9piwuPsaYk8Y883QP6zBFIu6eTUfYHcIfAVKdHVq9T8Rg==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrWWdlcTdpS2xGNWZDZmNB
+            aldkZ1AwTTNoUXUrSG91akFNM1V5U2k2U1hZCkhGM2ZjaFlzRjd1NmtFbHFSaHZM
+            eHMvQVZ2enlLU1NyQW1pNmJ0MHZrVmMKLS0tIEMxUWFuZzRaTFlkdkV3YlAvU3JF
+            SEJPT0Q0VUlJcGZpa0Q3aWVyUEszWE0KUoS1/XPmq+gT0r9eAEvcL0U3hctQQD5N
+            uTg7FIZvGfSGAJLPc+aoPk8z38aOmoPjxbuPnM3jpJcgJjHYsBAlRQ==
             -----END AGE ENCRYPTED FILE-----
-        - recipient: age1eqcj2g0fdekj2wpqp4y0fg9c5myydjdt9zlr5scr0grk6fxszymqkpw5jf
+        - recipient: age1d9h9mm3u5qalmpl2pf62pyzqj8t654n435emn93rutv0cg9sr32sg64fdj
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwaFhRSisxdnBXWGhRVTdt
-            QUliVWhNWTRUV2ZBOWp2QXpxTGQrRUFIMEVrCnBqeDhTdnVvRWYzOE1wQkF1WXZa
-            ZVBHSWxzeFZTSTRCVi9mV053VWxlYk0KLS0tICtGOGhMNTNiSHBBNDNZMGRtWHdF
-            WUtTSmF5OWxDSll1RWJPb3hKTWtOTGMKN4Wq2qdkdoCMB/onycWSUrfjMYOEOv7i
-            rV+7YbXb0/4f0B09UvhbYwvhJfzv4FUAdZB05qdSoywDhp4/ANFypw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNelJsck5oekNMK095Nnlk
+            dE5CenNQQmpNaG1OSWNiWU82NXBTYVUrRm1BCjdUQTZVeUdCT2RyaGFlbUkyWHZw
+            UUgvNzlEempkeVU0TFYwOGhKb1lkL1kKLS0tIE01ZERHRzhXWElpZ1dyOGZoeGRp
+            TGdBNERMN0NVRGs5V3ZadzJ6RGpjQm8K9tTYxUtwMAtg+jAmfkpNlxnk4a1o5gIg
+            MVjNymRwiK45oZ6h0Kgj+BNu0D5xjAxn8oEPXshkkOUqhbol9fB5HQ==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1fm7zr0ea3d589tkgcz2klqgnajduzkr25e8tnhh7qxzuleqxq3yq3c0s3t
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzM1VhZFNZY3dENE42My9p
-            N1lOMVd2dTdlK0ttdDlyVDdkcTF4VlpOYWprCkNCRUs0YmF5MlM0RXhVN2dYT2lo
-            aVRoV2RpUkphRkJNNmg2cnRJR09sMFkKLS0tIHdQMTVQY1FHQlV6Ly94NkZ5Qkw3
-            eDZSVHU5a21ucVpIVXRaN0wvdXBBVzQK2Ck6IftFau9XKgBLXWDg6cCI4/yz8ak/
-            vC/Qpe9cCextW7nK6ZOehJrtJjq6DKwd4X7YPN3f94xKTQkm0ZoLDA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyZVhIY2tEdllGamtXOVJ2
+            ajFMSnA4cUtDS1pWaytYa3JVbXlYalh5ZjFjCmhZeTFIN0xseVhmbDVDdEJhb1By
+            QkFpVlJtZDhla2VLU2Fvd3doVjFXYUEKLS0tIFdFY0pWamtSbjQ0aVk2ZGlxczhM
+            b3BzRG80R3ozRElyZ1JjOVhzTkxoMWMKDzI/fCsIn6VdMqIrH8vS1TMxx7sq0HGv
+            FTHMExoCkBjZLUmIRJa2F0Bfzf1bCiUOa+FiVQNYvCiwodYZGsiCzg==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age16wuzuxnkcgfuxzvzgk5e5a5f6hhs386adjewyv54m9esr4yj6uuslpn6tp
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwWlFackFxcG8xVzlqc2tI
-            d1JESVh1b013RjRQRmJONDZybFRyUExVaVZzCnFrVnZPemJNdGV0cDJCNEwwMVJQ
-            MTVvRXdsVmpnVmY2d2p3MDBRMlRETzQKLS0tIDhqem9VVXB0cko1OC9BUVZldWhF
-            cVFTdDVPTVdwYi9HRVgrSzlPbDRtOVkKuwfbZiMuD0Zpi6FCEGZmV86ftS2DZycs
-            aC/L7fIyqZ/AbM/VNvzq6d6MkSljZoUeoRx8k774iV3ZTLakQnuy8A==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxM2NqVnNwYlI1MnlSbHc3
+            TWxGN1dRWHZSb1B3UjFPZS9jbnFLb1FnZG1RCmxmRzFmbGZuaW5HV1dYWE8zY0xH
+            OXdhblU2bE5vZ2hJMjR3Z0xXRjJiZ1EKLS0tIGJNdlNvNjVKdi9CZGdqWEpBdDRW
+            N2QyYTBLY3BlRzdVRHE2MDNvcjFCN1UKvMW0Qi5Sm3kUeAvb52MfeTYiPBww8KAQ
+            IXQFMtyQM7a+2sTg9WOn0ZvwlbPb7fxT0vzX3o3mXb2wZc+fyjMtEQ==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age16rkvks3tljju3y6xu0l7luhjzx634et97g3xe58xf2dgfn2865rqkq6t8f
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqVzBpa25tRHhpUC9tcm1Z
-            dHA3TUE2SVNyLzQxUjAvWEZhcjRVaHlMRlI0CnZVRDZhRFVDNXJsdXlzbFdjRDhi
-            UmJjVjcrR0lqVEhkc3FjR3k1K1hBVmsKLS0tIGZMZlY1K3ZaSyt6MU82bVViOXBG
-            cmd6SkZjeHN0T2dUQm9mR2JRc04wNmcK1JV1E4Ceh0keFe27jV5ihcZVdaSzYv7Q
-            k7w0FlIwWM8qInzs8FM+B5qBRcpxhNTmWmAkrxSkCZsI5R0EQ3TopQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjUWkvMWs1QytVRGdzcGlZ
+            RkNFNmtXcndBSHVxSFhFTUdXY1FnMXFra25ZClpyK1o2am9pbG1LN3kvR1FsMmxI
+            bzQ1MlBYVDZoN25TSjRURzdEeFpreUUKLS0tIDBHZUVSNEdxdzNTNnFzN3V2L2hk
+            UkVlMEcyam4wazRzTUtRZHFxUjlDOFkK+1ka4vQTrvsvBMWGU2JF9nTlBUHUBC/5
+            7/oR75boG/GbQ3cUxZoHfQehQEvjs7um2KRuBP9fF2QPuWZCWAlpgg==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1yuh8vhakrwn2nm4dzxmdp99cmvl3cd4af36p5w2v559263a4uy4sulpn60
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4VlJDZStESjM1VVh4RWtM
-            UHBTKy9ZNFN2S1VLNHRJYW0xUXRIL1hoRm1VCjJEb2M2bE1ZVldHaFA2TTBTU1lH
-            Z0VwbGhRV21pV0FEU1dDTkQ2YVo3bFUKLS0tIFJLek1QUFJsSmZUYVNlZ2JJQzZE
-            elZqTFcxSFJmeHJkK1VKb0taNVErK0kKaDDM+tWzx5uLLnWGL+EwIAYTWDEZzDCc
-            gNO68ireRxrukhnoLhqH+dFiTzk+zhi7RjPqjs4dnCiIgD2hnOTCWw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3b1hzVUk5YmNoSHFLeUpv
+            Qy9GckcydXJNUmUrV3BnaENZWEVHekdrOUR3CksxRFFDd1N5S0dTZ2dhUGphNS93
+            THdTOWVZRjUrOU1hTGxmVEpHVFdwN3MKLS0tIEdxek0vbEREb2FEYzkydEpwelhP
+            QWNkNWJ0UGpCSDJtcE4veHJDdzhUSVEKRscUX/tncYsK0LlWX60/AbctxREbvDq9
+            sBB9dKRWOpLp4Taf8jwD2o4A3C1aQnHhkBIvFf8UK46D4nEgRFrPKQ==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age17dh936q0l622ez7m0zfak46awqdx35hldqzsfnh72cgtcthlhg4qdl74fh
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqYVFxenFsLy82SDJiWkNO
-            Q09FS3AzdnQ0Y085Y2NxTjJiaGlsTGtHZ0NjCndiaXFGNUtpMDRESVBFeDJicExJ
-            cnIycStvWDBnTTJ2bTJQb1FtU2tSSjAKLS0tIFNtd3YxWnFHMU9OaU0zNEI4b0k5
-            bkJ0bUVmN3o0OXV2NDlHVlBNVHQ3NzAKtbukA5CsIzav1+T9VqAZV2dMMntRiFIb
-            lqfv7MKRlPcl2uhrSTJKPMX+L9eijxjPJYLqQ8kIplfRCbW1rDULTg==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvQzVXM0xVTFkvMU9zcE9o
+            bjMxeEs3RGVwYjhodDZPZzA0T3BIMFVJeGt3Cm1IRDdRUmIzeXNWZFcrSmx6K3dm
+            b1BoQVpmYkVDblF5RnczU2svMWs3czQKLS0tIElhVEFhWDBVenNvZTM0Ujc0b3Nw
+            bWZhTjZ4ZVN0QkxMSnQxdkFqMWxBUzAKXQXvCjzWT11LnJjD8ppAp4es0p/zKnDk
+            BCxv+gDMUKaNqihFs/G2I1oRyG0JygO0aQXjSWZTS6tjUK9AELriLg==
             -----END AGE ENCRYPTED FILE-----
     lastmodified: "2026-04-17T13:05:56Z"
     mac: ENC[AES256_GCM,data:G+W4axy7x2A3zc2Buujy+n3C2Y91d0fIB7KnkOQRioR4tHS1ySyo3wGyDGvUlyp7sgQL0IBmUSfIorBfPmV8UTc0Ynka3KYsQ7rr5vcdTQbSuM8f6y3goGxPmUerwDoiPuztMCAzj8ln8AH5Yof1ByzWtq6BnhSCYVfI40i2tvI=,iv:iQ7/SL1K6aibPScRVIgA3C70SjaMqiy4wWFUXG8uVyA=,tag:xHMn/i6uhrj4EJaWJjmqlg==,type:str]
diff --git a/.stack/secrets/vars/shared.sops.yaml b/.stack/secrets/vars/shared.sops.yaml
index da686eca..f20035eb 100644
--- a/.stack/secrets/vars/shared.sops.yaml
+++ b/.stack/secrets/vars/shared.sops.yaml
@@ -1,168 +1,173 @@
 aws_sandbox_access_key_id: ENC[AES256_GCM,data:XQ5ah1vlCnyAK//KKetbyIOjVh4=,iv:R2li+GSiupSSx54YhFguOHJ1erudiY8R1apx/zAL8og=,tag:ks73C8BH5kB+zbrIiyW5bg==,type:str]
 aws_sandbox_secret_access_key: ENC[AES256_GCM,data:1tNl/QjhrrEVMQEoQbppYzx5Pc/QY7Sjq7v/RmWphajz5iCH917vlw==,iv:zHJbjoqEbXyQrTcxRBHFfTdw/AFcMRXtsv72j7yqQao=,tag:kAmZ0W6q+14NrNPEWXxhaA==,type:str]
 cloudflare_account_id: ENC[AES256_GCM,data:vxEgNOP76f4l7bWsDVAhNJT1McaRqnGhy3wSFBj6+rE=,iv:lISK8zjDiKE9koXB7sRvcfw+GhvHmB3rtIPq7s8dbik=,tag:U/R9sSahq7etfN2lxRgsbg==,type:str]
-cloudflare_api_token: ENC[AES256_GCM,data:erNh8YJHuomJGjw/cQPa/qlzM6edU0pVlud+l1OLVhimt0vmAym5FMMk3NBp2vH8gfOTmwA=,iv:k9Bjb2A57tWhY1xK6Kqcm/6BgI1XBmpiJq4UKaZj7jQ=,tag:Jx02CtoZtoXz47qe1gb2Ig==,type:str]
+cloudflare_api_token: ENC[AES256_GCM,data:vOJRkSxa0gl/L+rZWZ8rUQK5qGCXJmG5m/49/RkbcYTlkvMZMY/E98VL+tEljBF7QwLL/F4=,iv:MTOSLclyymt7oMPTEg1f85PYzk0Fh2/Kn6/lfzwkRy8=,tag:c5rKylqVmddUbEbhiU0Mww==,type:str]
 cloudflare_service_account_client_id: ENC[AES256_GCM,data:QSNncrl1/MfzMxScqbPJcT/ZjoW8UIWYFrYRnyZUnbOww1P1f4Hk,iv:QUtnnykjedEOBnTD7EMPs2CDYAMhSFo4Q8Nivxoe0O0=,tag:zHggRUmtTpzQJ8bwc/PU1A==,type:str]
 cloudflare_service_account_client_secret: ENC[AES256_GCM,data:4xh96UpRRQdx2FKNbK4dDiznLULJaE/K/BleqTRPNqiLLl1r/zaXNaWH+yPSkjwH1kE2nxr5c2TlsUbvFHttwQ==,iv:r9BXpDp8J28QgkTnceCBxmD+bocDdLdmlowbjsJswbc=,tag:/TAr4Ad7rXrBsvjDN0eGYQ==,type:str]
 hetzner_api_key: ENC[AES256_GCM,data:Pc8M0fTCCpVAkYZF+x6JEAikjwQ1UQeKvMB/8zm2hHy3+GCaoYU6CTJmxFNaGL/eKc0jZ4XquDNJjB3mTO9tWA==,iv:8gxK4vALWK8Ts8CU8mCXVNN/1pJOtOoNfASXRjLlI+o=,tag:KNEuaYIDOCA3q9KcXmfJqA==,type:str]
 neon_api_token: ENC[AES256_GCM,data:NNSce3MnmZl3TQRLrGoeOSD0D9Mu7DjwAQ1PBxg5Nm3ecwYvL+xnS7chuPIDSDD1+oXtOire/tTP0HiCoE8LiCEtdY2q,iv:cQuA1xFwItbUkIeYRfMqoa2W350oEtvn1w7c9XxcXeY=,tag:YHpzdtGv+ur2xQq6/rNaEw==,type:str]
 neon_api_key: ENC[AES256_GCM,data:V91MLYMH4JPR10ygNpSC7zBT9tBEhjvHvfg08pE65LXvrHE8j1xfwFqeNCYuMXvB+iXluaa2lSYZF0SJi4GnGfhua8xc,iv:1tfVSnOaEL9RNYs++rlhplOBqQBThIxo1Ufi7wlgDMQ=,tag:qCZQuCHVERkR15L/wRxMzg==,type:str]
+better_auth_secret: ENC[AES256_GCM,data:SV4nbYx+jtkn50nOD2yKXFdfdqhRyNGOdsFOIc08N69G95JwAL0R36JwNAE=,iv:brpVlFfi7k79ynkL0DvzrcfEZXD2gjAzWFa19U/41HY=,tag:JVzGA7Y+zyvDhDdvcHuI3g==,type:str]
+polar_webhook_secret: ENC[AES256_GCM,data:jD4goZkvipC6e31tlqRHRSVOnZF9NMWfJJx/zjLfV+jUiQ==,iv:m03yhodIzuKQdK8pNYiEULTVkiVYq84trqBPf9tpxBs=,tag:MkjThhFmVg+lygf2SAgmcw==,type:str]
+polar_pro_product_id_production: ENC[AES256_GCM,data:V4KLAMQ0CqO9BIGMTH9AzYo9sa0h6Hw=,iv:HgclsKnzDKHVJqskN1VpjDskcAWWZu6gDRLIE8yARNU=,tag:5+dcxON7dofbKL1NX0qwug==,type:str]
+polar_free_product_id_production: ENC[AES256_GCM,data:TnUDpM2MNAcUybcjdKU/1SPDRPugh9ue,iv:fwlByRKzh/qJCohH+7cJgQTjP+LuaL2JFK2Pm9emnd0=,tag:kSkgY03C410pNN2FYI0rBg==,type:str]
+polar_access_token: ENC[AES256_GCM,data:MY1LQCF8t2DJhSTFSBsNKnG0rsMm6rVDBquAC/W7EzkwCmXZYV4=,iv:i0wE+ZX0LGS0AX2Jy2E7N8KZqKpOe09dgDRCl5xqb3E=,tag:eDrt+poym3MlbSYj4luiEw==,type:str]
 sops:
     age:
         - recipient: age14vpdar7vzznyxgskp9772zjar95n8l2f36w6tzk980889t7kjdqsc5a50q
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLUVFUS2FzZDRWNklrd1BI
-            NWN4bEQ1NVlEcmtJV0p3Tmhsc0lOT0tldnlrCitoenR4a3FtV1hmR0IwMU5PL1lJ
-            V2FoZEZ3dHlRa3I2QUwzeWRhOU56cU0KLS0tIFovSC92ZlJPbURSNW52VDZoUGJY
-            Y1UwNjlOUC9Da2xjV0g1ZllLOEIyeHcKeh3TSDX6fVB2Z/1FBdaR10c36YnLtG5O
-            CX4bOO/VS/2ue0ahQD2dKXAcWXHXjPauV/KOkvs6gHo+5kLA83X3xg==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOaDhnMTEwMHU0ZHVqUGt4
+            QzM2a0luWFk0RE9QVnE5L1VqTEFEMVRyNHowCndOa2NsQnFrMkRUc284blRQMXh6
+            VnpMbkwyWnA3cXMxdU1mMk9leTZTSDAKLS0tIHRIMUVJOThjRlJlOHVsdzQ3N0hO
+            Q0RkNGQ2OEFrQ0hkVUtlT0xiWmRxVmcKIY7GQLtue0vQEuCqmrr+8CS4+C8byK/J
+            exL01lY/mMrTtkg4sWJm/pVVhZbgMlrm2NLICMs1JeTjZCs6KSl1cg==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1ugmyh9qcz05ehtkgnt2nn3jfz2rf2umnmqx69pgp2ue82dn7vpuqlc3g7v
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyaDJnYnVPL1JHU3VmN2kv
-            MURIY1V5YUx1V1BZWU9FZGhwVnRNWGxHNVdnClFjcGZVNFJIZnBZTE5UMmRKdFNN
-            Nm9ndmdtRzJhT043QjZtOE9NREpDdVEKLS0tIEJFcDR1Z3ZYZzdwVXdMQ081ZjVW
-            alB4QWhFSU5lODM3eTIxblE3a0o1UkEKDplnJMpuMJz8HR+SMdXXjZMy7LXBPBay
-            lLmDzn9t65X3jsC7HuHy7f/TbqszkZZJC7+nkZhUZvu245ALm/Dr6w==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzS05venFwTWxjd3l5Y3Av
+            WUgvV3RaOEk5aWhBdXQrT2dQMnJCRXdJNXdzCjNnZHdjSmJkWkFsT0poL3l4dnZu
+            OWZSYW1IZ3AwbW1kVnpOM2tnZG4yeWcKLS0tIEI3SnN4aTc1VWVSbU1nMVppSUUx
+            WmhLOTVFOXcyUDN2TXpRaWppdVdkcm8KnyeSl+dhr0v6Ecp7i1sJFOvz3lQD/jJd
+            NsVqSjKumXpHTDL4GzGBJAUHeBkn77c9GlsulAPsZVIsi/8lICP8+w==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age16ymszt6hmv7p3w596w5wlzng7wgk6mwcchr8s2nvwutnx2nrzyqsvn678s
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLeFBpWm8rTXRJM1JpS0Rw
-            M3lvcm9uZFhEQ1hSU25hNzFQTW5LazNZMngwClF0R1lYWEtMbHJUMUV1Rk8wUzdS
-            Z2hkY3FDT3MrM2EzU0FROGdZL0E0WW8KLS0tIE1naUpzUlNveDZ4MXQ5aFpKS1lp
-            WWFudzk5Z2ZTeUY3b3h2OVlZYXRoNTAKj+a6sZ5bgXGIulz+rSk2t7vy2skDyVqQ
-            glsP+xQEyfT9fyljTn3V+9LXcPWQvqMb6MrCbIxI+paeXB8Nx9ApMA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCNG1HZjJjOHMxeWh0bVQ2
+            emlBWUVWV3I1QmpVUFFHOEhDNllvQ202RXg4CjFXVStLcS9mK1EzTDd5VTlhUzRP
+            NkNNQjhWMlZmc3YxT3Y4aS9STVVsU1UKLS0tIGJWSmdYazZFNFRpQ1AxcitPbk14
+            dEo0QmRWNXNkNFN3eE81ODk0elViWEUKfwNC4pk26x3YYNvLH3UhkMimA/mz6IaS
+            MTrdlo8JKv2nhXgWjIYdd/XcNkuWKyYZmyxTXvCmLKPG/VTq6iLWYA==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age12vnpyjwhnnm85vktfmg6jwzn55fcg0lmgn6q0wx2z4wawnwgm5cqt6yf2f
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaZXo4MGhCeGZaNFBzZ2VV
-            SWEwNGdIVVcxSG43T2toSXQzV2kxRkZsbzFZCkQwb3hXY1M2N0k4Z0EvUy9wSHZJ
-            aGxnODdSTzlSdXpZbDMxdFpWb3g3YzQKLS0tIFN2UlVGbzBRRklyVXBsWHB5a1Fj
-            WjM5UGtGdHl3Vk94YlAydkwwRDlocFUKlbtEScLYymFJjO3WoofZf0d1nILytZix
-            2lthZSEWxdJ0NPNo5yo3xGsRCZyAMrXA9Aaj+ANdhPLPTnrRLHrR7g==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPcXF0a3A0alZ6K1VDaWlE
+            MnkrNjN3UVhiRkkxcVBMdGhyaGFCL3JNcmxZCjZsWnNQZTZ6cE9NdlBXa1VHTW84
+            WFk4TVRZcUt5L3gwd0ZUaE9ZSXBtaHMKLS0tIExPRWh5NEJnalhJNWxjeUVtK25p
+            K1dCd0RqVW4vSDBOaUhvVXZvd1ZQWlUKq/0UzwdTp3egprgwp80uCZJ/GPgCT8qV
+            GRU74vq504Ay2cbd9kdPvjEgLaTVMmkYNldtleM5ryluqkIDCijmUw==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1ruav09tz635tt3sgq55pgn83qnte0j2nx0jd6gvjxelkqqdtygcqgcam2t
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYbDBxQkF4cjlqTTRmdFk5
-            S3Rjc0p1Y0krK0JNenQxQ1FiMUV4Y08yV21VClhYYkE0Y2EvTFdlMVEzMkZCVkhp
-            MUFOWlBlbjBOT2pQS0YrbkFNbTZCdUEKLS0tIEw5cXR5RGZLdmVIVml6dmV3MTFF
-            RElJRGEyWjdJbkNrSXUyQW1TTHRFRE0KC7zvfrtWBCmnIXhmCcIEI7UGbJtkAFAP
-            v7gAmkS85x5k6zCadySAxeWruKVWtgxGXtzG/ecRVhuQqsHD7YNYHQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxSk45L3lWV0Z5MnVkdkd2
+            QVhjNmxTcVZ1NlVlTUpNdDIzemppdUtkeFNjCjdJb3VpaFJCMmdnRFI4T1hJMTFw
+            dTVkT3pJUkJIdEt6ZThPVVpnVTdtTHMKLS0tIHVqNVhpM0YrRGdZY2hzK1Z6SGZw
+            ajI2MEh4b3BhOEZac25aZzJhZkRiRFkK8tFrrWu3DnZiApZ8tKPmIKg8zy2IgE+d
+            iF4rXwCklStqH6kB8kltQgnVH6nqezNkKnLOQAk/IePCPfUPlWEtXA==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1ph0gtrpvus5y2kl5t5wnmlcjpevavxf4l2aagrqyp7nng7jvluus959fvq
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNTEdPMURXZi9qSVFSNzYr
-            UmMwVjNUYy9pdVVXZHlmRGFhQndubVBraWlNCjZkT0RFMDNFUkJVcXVZRFdJazQ2
-            ZTd6RkJXRHptekVidlJkWUlzTy9DODQKLS0tIDhuMkxOcXVoS090eVlCLzcycTVp
-            eThCbjZMRTAxNWpWWnNMSmY2UWpmK0UKTyee/uxejVZdwS9rH2/bDE2h49vjyuBF
-            n+QuBOCoOZykQLjf+JtnXRO9a0gZMuM8QFqDGAFE5xl6PBYyS8AK1A==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGVCtFbGxFOXBpUHpQZXFI
+            dmQ1ZDNLbnhZSFBEcjNrYms0Wk5mVzhkaWtBCnBFUG9SeUxnM3Y0Q0FTM2hMQzRJ
+            blJadHdWQzlSTnF3aURlaHFPZ3JGUW8KLS0tIHp0dkovLzUrV2x6MitnVmlTUlNR
+            QmJXME95QUFaNkpUQ2pGVzcyZjl4UTgKbNGYjVq8S6WDbfPIypTRxMfCai+IxjiF
+            9Ha3JmvS1qdDAASoHqK4ehQ6XlL69PS/ztpLs7yTqfkju46BrMJ8RA==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1sy6t7kdeyf63mjnrdnqm08rjv2s5ddexgncuq4ps6z4c5hgg4dzqp6pznq
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSbkk4M1RNb1pZZ2p1SjRQ
-            SDF0VHVkcXdjdEEyUGh2THkxVXk3QVlvbkFzCkZQOHIvcmZxR0RMRStLb3BuRU00
-            NHFLb21EVmo4MUhmeEdlWXpXVGlqNEEKLS0tIDNaVzdpbEhsWlVYQWpIU28vL3RO
-            NUZ2SlMwZXFzREI5SmFCQ2JjY3RnN28KRoZFbZVNEe1kmgpXsGIE9ow9UdxO2Fhj
-            IFlstHgIT0NfCoCJlikIchGrLBSUwfB8fP44iOhV96wYCTdjNTfwww==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhYngySERQcENOcTNjNFgy
+            R0h2VkpsdEIvdXhYSm8vTjc5bzZTalg3OURRClpNWS9SRUw0elFsTEpTL0tIcnhl
+            VnM4MWJMRWRzc2hVQktKK21oRFVkQVEKLS0tIHZNNUdOc0xTOTR2OFJ4bEJ3WlhZ
+            SGtnVkpsLzRHQ2ZuM0E0YmdiZEZFTkkKzMFBd1v3YbWOzWyN8lfGjSZK/fxrKIcU
+            0rKWUVqaNwXaR3s20Amie5Cf4FEa6srQ2m8ZXOeJkyO1pyBbDbbxLA==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1ruav09tz635tt3sgq55pgn83qnte0j2nx0jd6gvjxelkqqdtygcqgcam2t
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCYWxKbU9XKzlWVEZhNGNQ
-            cVlhVmsvLzR2alRDN3I4VDdBcFBZMWR5QkZVCm9Pc1hmSjBTZ3BTNTRVcUJYRjk2
-            WWtZdFI3S1p6cE1YNXNrbVd0UDZtYUEKLS0tIE1HNVprM1E2cUErSFdoNWxSenNy
-            dTZGUWZWbVhDaEpmeE0zSHBtcVpZanMK4RYNBRWZCRXxWh1Fzd6qKC0YRqavilXt
-            g6Jr1caudlPCm+Vf289b7YQBdHjonsY/YnoGOJ6erqKaQHvB+dkzcA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0S3htbnJXK2xKWUIwV2Ni
+            RmpnaWdvNmhiM2JvdGF0MWYzTTJiY3BLb1RzClg0MXJta3hjNGhwNU5oM3g1ZG5j
+            T1dybDI1cnZnRHRxbXYyS2oyKzFsRGsKLS0tIG9wb1kwMzVOQkFqYTc0RURaN1BK
+            UHo5UGI3WWRBV241eHM0MzZpbE5TMzAKRl3Xly9fN+gNkF9mJzTt6cycywvYoQjD
+            KB07JHajozUnJ6LA8d97q/XriMTho08LuKhWfKYbWug4VRZTYYtT0g==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1dwqnyurvm7vasf9n7alduzmg79nczkuafknr8x3l4jnzwnuzzydqj0y92p
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCcnFna1VHeHl5aGpVa20y
-            aFo2UC9FTXB1WmhBd1daTFh0TW00L1RERDM0CmpNZVQ0VDl6Q3UxamVtU3RPUjVk
-            QU04aTM5ckNMUkU0Q1p4KzFqWlY4ZUkKLS0tIHBEVTREZktTZTh2ZDBWanpwVnNH
-            eGRqMTlDaWRxWk1tbDJRY1I3VXRyYnMK04tnWpZvADUc5AL38EfA5fyiVeK1PqxX
-            of3cheqfebsH4tDOHdTzDM7+oWcn0Xh3Ty/FAK56V9oXP96ygrhArw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRS0QweWJRcDI0bi9xVHht
+            U09DZUdKR3BTWVFQZlBsL2Z1QVdGUTY4VGc4ClZBRjlvTk9ITm5TV2paeWZUeERV
+            Z01aOWUvM1J6TFFodUhmcENNR2NYVFkKLS0tIHlJN3Y3Ry9RMUVvc1ppM2ZSeG9X
+            WGxpLzYrdUorRFdWc0FmZVMzSVlNaGMKeSPHIylPZLbJgG+DrxS1Am7ryS3zb7eo
+            8bTnOrlN/OIF+RjivMHVD094SL6xyDCS4tFYNWHfNaWxK291L4L/2A==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1dx6u86w8d242tvjesz362caf4lcatw24ldd0hj9qn7xhqw0s0c5qus8wxt
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxR01lQnNCM00rWDM1VzR0
-            WjFPaDRnNitUTkZNVDdwbVd4eTJBTlZtMkI4CjUzckpQSlJ4Z1NMSU96V1FaTm10
-            NkRDVXpzODk4VGp4TENjdnZhTW94YzAKLS0tIFV1R1RaekFtT3lJbGR5M2FlMFQ3
-            TUdwMWFudGZOTXRuaytsclVvNjVzNVEKfy7mS99cp9Od+D4x80WMFOtOjKfXHiRh
-            ctfItC+r3utJ+TogS+FMap9ZB7Yf72bu5QIsyeqHrnJijo2pz+qfnA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrMjh3WXhYQ1EyY3o5Ukoz
+            YWJlVGdKMlMxSElUS2NHbmIydk93dUdtcjJBCnI1U3VtMnZjdCt2VGRMYkl1alVC
+            THdFbHZueTcwU2NUQzZNNEI0NHNyMmMKLS0tIFoxOGVadmhRSFNlOVJMejJrWGNY
+            UXRTMUxIY2ROTkR1eFE2bFJCTHIrZ1UK5SoPsxpG4bRxtcmgqAzs15D/ZfRtlNOV
+            cLvQIatBEybX0sRO0kfzLjgye7shtFiu9Dx+W3oqOmsR1Gjx4aoPCg==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1h0nv9lwkkhd9y0rlf832g3lualvjafqpyvlkgf8d0cn6c4zg959qkrfzt3
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpUWZkSW16Z3RSNGpRWFdl
-            VEI4cktrL1ZBek0yZUkzaU13bFdoVktMVDBFCm9SQ0xvM0hkTFE4aWpsVy9CVEVi
-            cGUvZytTYWp3MHRHUnlDTytHZ2JuNHMKLS0tIGkyNmFSdE4wM2EwaHlJNG5qQTRM
-            SkR3dlRMVW83cFlTRUQrN1BNWE1yanMK06ok+ydLxgkQzvkfpw4gEfh4TpvHiG0u
-            ZAyP5z2V87wn1CfE5eZKvD0f8HJU57a7cl+G0B9A+LfhjtLOmmX63Q==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFQll5bHRXNmIxVWFOYnRq
+            bFlvcVc1MXhuZmo5bndsK1Z2N3dSZkx4Nnl3ClpkcFRxTWZKYytPMy95d1VCakRK
+            WlJXWmowRTRXMTZrc3J2dG5DWFlkRUUKLS0tIG9WUWxGZTlXZHV5THpLWUh4SVk0
+            eDQvbVFYdGFrVWJNSlNjU0Ryb2JnUW8KV4u4GjN1dVJ5eZq3DJ3ph8mmRVxo1i5X
+            xlJqp+aEEuJTQGXUp9rWW8WKm3LGP+UcJYtPBwZKwgBiVN6fpj3Tzw==
             -----END AGE ENCRYPTED FILE-----
-        - recipient: age1eqcj2g0fdekj2wpqp4y0fg9c5myydjdt9zlr5scr0grk6fxszymqkpw5jf
+        - recipient: age1d9h9mm3u5qalmpl2pf62pyzqj8t654n435emn93rutv0cg9sr32sg64fdj
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGTWRkUzA1NjNaNFFCRFlQ
-            MzB6ZkFqeXg4TTU2OEs0Yk9xZFBXMFpDS1c4CjRJaHp1eWVTd3pWNldOTjBPMlJs
-            Mm1KYlpvMndxcnhXc0JNdnI5S2tQS1UKLS0tIHBZbWM5TDBTWTI0N2ViVW9LNnE5
-            NzZmbkFKQVdmN09sWTJoeWRyQ1FzaVkKE46ZAbggYOoQ85OX25zfPS4HtjzqmoKY
-            WvcWn4wY/aM8westLk1yIDQeCkyTczbKfdSgvT9lkxpZLX483zZfbA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBObE8xcTVqRUMxcHc3aXVY
+            bnM3WUhVUHZxYmY3Q0E4clFjUU9oVFVQT0E4CjNXNWxFSVkrdzFvdEdKaEcvY2hh
+            cGEzRVZyK2NJVWpwNlNDWUJESU5OUHMKLS0tIFRCdm1Rc1ZPeVhPWTU4TVMzZmFW
+            OUdPaDg0UHFKZ2JVYjF3aUR2Y0hMdDgK/pM1Q3/7r/apPaqZkNvAvJMnL/errQrS
+            0vfatY/b81TO3ABvnJPZIEO5/ECtLsldI52kJonNGbzJHuWv0wQdbg==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1fm7zr0ea3d589tkgcz2klqgnajduzkr25e8tnhh7qxzuleqxq3yq3c0s3t
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpY1hJaTVxbHU4TEM4ZXNF
-            T0dFbFpKK3JCR3hjRGVqSzlPOWlTRE1NV3lrCmlRZ3o0dlIxODlqaW96dEE5QXg5
-            L0JzOTQ4N0FoWkhaRjFBclFFSDAyQk0KLS0tIDVuUnlGMnlLVk1tZlRTYnRUVGlt
-            bmR6cW1DbmpDUjJNWk9yL3BucU83emcKtRG8xAgMeVwKWsG5T/Ph9lI1Q0l+8Izk
-            unMt4RpvKWEdzzxrPQTvLTPA4TEEdnH9kryPdZQF1ob+sPg0Zp8aog==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqbmR6ZFhoMTlBYVVPRm1J
+            RDV6QS8vaFlNRGZ3ek0zRisxblFrbkFwYURBCk5kMDh2ZHl4elFjR2JkU1FqL0Z5
+            K2tQMmg3bmpSMnhVTW1VS0hHYXBjNW8KLS0tIHFwbUwvc2pWZU9DZDV1SlJzWUxE
+            bDEzOWZJaTQybGQ0T1ZycEYwVmd4RXcK8gRveCQP4nnSNNRM7F8zJAKSaf26OcP+
+            Somq0brBPK8RiK4yDPoQ6T56y3zADDv1gRqwcEZ3Hupy6F4dhanxzg==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age16wuzuxnkcgfuxzvzgk5e5a5f6hhs386adjewyv54m9esr4yj6uuslpn6tp
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUV0x3bGxxRFMrVnBURDhS
-            MEp3d1NMWTVaNndiVUl0cFVaNHB0Y3hncHlrCmZjUi95UGhSUXlocWQ4SCtHYkRV
-            NGFaRjluMDJLRDVYNGNER0IvZjNzQ1UKLS0tIGduRGh6aEFnOERqS2NRc1FadlhP
-            YTd4ell0KzE0cWh6V1dxOTNmblQ4YmsKYt/VKILX06SAUmJhmllx4JZIl9anb1ww
-            8WaqVfNVCa/9wA/Ah6FPcpC9hvboIgHzAUJ7xy5fvdYdDzKipbroWg==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBR2hzMVY2a3AyZ1BGTjUw
+            WFJKeFRjNTh5ZVVKT0ttVnNUNjlCbG5zaUdNCjE0QjRGS2lFNUY4eFhULzBwVGJy
+            aHJVRmlJcVVPUTJ4QnRMY1BtaDFkYmcKLS0tIHZEWGlLWGV4RnBZblhaYkpIYjF4
+            NHlheGkxVklGVXo5TDZzUWpBNzJVUU0KRrn1hYM4WgqBsXQIAeGeuqyh47VSpfSA
+            vIwXvixQkA9M3OL9BFInRnxpfM0yly9FHlvG2Fyx42CL3FqGw6R6uA==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age16rkvks3tljju3y6xu0l7luhjzx634et97g3xe58xf2dgfn2865rqkq6t8f
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvV3RrbDZBQUg5TmNWUnpS
-            U1pJOGtobnhBZWljczh6NHBVcXBuaWZTR21BClhHVk5wTTV3b3YvM0xEVmx1UU9l
-            bm9VS1VlejBmLzJaMmtDZTZ1TFJ0bncKLS0tIFhvelFER0ZrdENreHFHTHo3Sjlk
-            UmErMDZpSFROTm1Fem81TVg3WFQrbkkK3hrbxLcrSkTlyxdRZOdtP/HQ7j0SOEuk
-            edTAP81z+78QGnrfuvZ7PkJ7yDRJ84KCAxWXLSW3ZN8u305SnAE8/Q==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZbXRIVENmSENCMi81N1Z1
+            ZWdYWEJlVkUyY3NDekU5ZEZsYWRXb3lvNGpJCkxsY2RtNXhBdDFqMVpiejZxcHVy
+            TmZiQTE0dzAxTW82Vk5GVUM1c01rYlEKLS0tIE1nOG9aZzgveUtrbWRGRmVJaFFl
+            RGxBdmkxOFo4a3ZIMFNpSndBTlRBRUkKtDlty0kr4NSQ3Jfa+eXtEBLInCYwn5ic
+            9ydnVHuEs5meV0JJFWPaP8z4edqaVAS0iHbu1WcaF0fmb88vw7EenQ==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1yuh8vhakrwn2nm4dzxmdp99cmvl3cd4af36p5w2v559263a4uy4sulpn60
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2L2VuakE2c01Tam84K1ZE
-            Q1F4WmtNNXErT3F5NXZ0MWdPYW5nMnFEY3pVCkFyWDhvdGFGMTZJd3hwMDltalZE
-            U0pkVWE1TEZ0bnpEMGdCU0VmQWZiZzAKLS0tIE9vVEdHdGxXaWhGbnVDcFE2WE5Q
-            dGJpZXUxZUNDcFhYamdjdXNkeUZXeTAKZNTEjtTbelQ34REWPv/Qh+lhdDTT9htb
-            Abfn5yYTZcIPML/dU3WrxeFoMfaNEBX4L9qAyqadzWdgqsvIR0NDcg==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoOW1MUFZhYW5Bd2VqODlD
+            TkNnU0ZCb0s0TVM4UTFRK0JucFltVENFaURBCndLKzBoZmdCYzNnd2RnRzRrdTJ2
+            NFQ3OHpDaTN1QWtJb2ZFWTlwR3FVT1UKLS0tIEFiUmdMMHcwQjltakVpWGNQenRY
+            WEVVNlJjRWFzR1pudVpXZEFwTkVuY1kK2LcDFxcSlZpvBCN4pxKQ3u896OTiXO62
+            qcrs+DurYCB+yWhXsjWF4li6ZloqaE2Y94cEMnn/AtXC3vug+cbGRg==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age17dh936q0l622ez7m0zfak46awqdx35hldqzsfnh72cgtcthlhg4qdl74fh
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVQkMvNEw0Q1RXbkt1bXFj
-            c2dnOHhDUGR3VWQxZS9iNExzNHRzdjV1Uml3CjJVeVFaQXAxQ3llM055RlJVcnRB
-            cFBjOHg4Q05lalh3MHFETG8yS3cxYTgKLS0tIDJ2Qi9RWkpZSXNvVzl1anpRaUtq
-            QVl6UDg4Zm5iRlhZZWc3bGRHRmFmOEUKelNXpOz+BzlKQppqfqMlW+eq6gorQorm
-            O8gFQqiLEVxpB+bddYSPSVVgo/qfVguygoYSu5SXb4VohxWt5rRRLA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBia2pnNGJZZUhZUHJqMW8x
+            aGozOFFoYnlYeUw5NC9yZVJwTDJuWGI1aVcwCkZDT2o0K3U3NGphS0JZem5xc0xO
+            Tk9CRkx2clgvdU83ekwvR2dDenlLeW8KLS0tIHA3MFdSRFZkS1IycGN0OHdJVWN2
+            cVhrOXBNVDU0SklqUklqOFlBb05SVFUKobg5pJzfemDUshDwJL3IAd5xVY+aL8ib
+            7ty5Fz4oC0LIpAqeNiaRUsVno9gxDNQj+wLyLl61qXrC+mfagkx7yA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-04-24T00:45:23Z"
-    mac: ENC[AES256_GCM,data:9wUqmYdoxdfZktlkRNBL+OAedqcv+AlBFwsLN6u9bIfHcWG7uh1KrEDrLgQsbFK4rsGvV2saTr0KmHrDrO5wfy894c3lGo/TGXZab0vjgChIwOekwHLAg5LdHZFntY4rt1/j3YYgsnw7+SaoR+VfrktAKzMR4vjbSjSEa2pWJ5Y=,iv:3TYCFuyDGoCSchnd3mqMFHAnWiPjdxpxb+RhfIMI3ZA=,tag:8t7UTgyC/ywOIIk6rqmZQg==,type:str]
+    lastmodified: "2026-04-24T17:24:17Z"
+    mac: ENC[AES256_GCM,data:MR2mqz+6OMlGwmF3YGd0pfzUxoMk007MxDv3b/McmHPN3pWhc5x1iim7N5C9uigyL3KbhiBkxvtClFjHnC1C2She9wBp0xE9GJYyaU8W8CGM/LD20gV0qgRt6VcVs+MliRW7+Xw+LHGkGa8nLZI91E0CsOruKjDvfHuhaS435Rk=,iv:ELUGkGqP61LY1lgNSrkoNNN6B85kS8gOpr3BhBrfow4=,tag:SAPb19GKM0Buuo5s3Yvz+w==,type:str]
     unencrypted_comment_regex: .*
     version: 3.11.0
diff --git a/.stack/secrets/vars/test.sops.yaml b/.stack/secrets/vars/test.sops.yaml
index 06b3aa98..01f21305 100644
--- a/.stack/secrets/vars/test.sops.yaml
+++ b/.stack/secrets/vars/test.sops.yaml
@@ -1,175 +1,158 @@
 postgres_url: ENC[AES256_GCM,data:xjnMMCL6L7wETlwXp62P72z4dmqOsniXaKRV2dFvwiGcLeIirs9sq/sl,iv:yRYX5imo5Olrbek95SOlE3kBY0HJXBUoSpTgE9aUV8g=,tag:VY0a8MB5FKk2H61JMx/fRA==,type:str]
 sops:
     age:
-        - recipient: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRZy5oeMfqhk91usPMfWM3qZjOu91mhxP5FNISekFeUuHVWciOTjObUquvXcBXPBECsMkkHCuBVW01usaqvMWl0fGGs6oV0oHBjMVNoNTR8PoXklvXQyTVKH4XDHt21guAZcdIyAWrcjGaUbCotN8gbBQ4qJe8EgVrwOHBiIwKzQT8SQKJAkbwLFmQpHfcSpibr/h/UDuEpgKv6dKE5TNiEKdWKYYbCFei98A1Vax56HXVQKVZmzz0WrH3M5uLVi4BG0Ed1o6IjhBl2iJOBNZpuK6N44mc0wUQcqKwshinDPprstfaV5vYsB3U2nDLeNaO1yvOXkOA+PqGeu5Kx5k3
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1yc2EgdFJPbGx3ClF6dUZ3TG0y
-            M0wvY3luWXk0VXdWcktDd2tNVWZvRkNweWdjQk92cmVid0RUNGFqQ3I5MmVDY2ds
-            MXM4Q1FEZUQKcC9MZXNhTDgyaUdON2hUUzhJYTUyWTZ3ZXZ2cnlrZTdsditDMTNW
-            T0N1bVN0a2RTeFloK2ZoN3Q4VzRYR2NPMApjd01hcGt6STE3OVBseEY0U1BaSzQ3
-            OW94K01TTUdBMkV6eVlablcvUUdON0F2OGxQUXd6RmNSL1VxNHJ5L2o1CnFEQVJR
-            YWhMYWhzR2hkeTl1RStZZDJlWE4vc3F6NTRUTFlQRlp1SEVMbU12UUxxaXFHa3dE
-            dEt1SWtpeFp4Q1cKeG5QTzNJTXdYQS8wNU4ycGVHaWZIMU8zWVF2L1cwd2ZFWk9V
-            Zk9idU9aa1ljSU1jcG80WW5MUjdmQ0ZsY0pRMgpxd3ZodEg4dXN6MWRnZmQydGxD
-            SmdRCi0tLSBDV3JPOVJLeUFnSmNUZEhSZmEwMStiVEdWbGJsV0lRUE1wek80VGNW
-            b01FCpswW9vmOR0AO6yFNHXFV6H4i4jAvIh00sEk7ABYKNML5LGyS79/WiglfmmQ
-            bDHr6tiuXsOP8Le3xoD9rKEI5QM=
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDJiwo+71EEnDQfxVjnRlB5Ofpg6fPTFB80W5TQh+TgoKpxTsFqjvukltmnOT8kCFv11KE3QU5LWt70WNOseCS5xTY940SWBZA7zeE7ed4/CCyNP/O2DcCsoc6iIkaSegcrIcOe5Ei1nxMr0F/84GiX06tvD6r56jmu2Teer7ty7baKEjplbT+bEnfNvjMRzvcttzI3Cp6OzvZvrnv2yXm42fw380SU1H9y7uVcAYDZNPiBv0sLue5HxqDW3InQYs9fkuH5hJdLHRhBgvcczVW31fc2P9imLA3IPLF4hNNndS32dKZwfhnhwDaIEUWSwhVqZcQNZZg6P0NFU25aSzcB/FDKrTRoJQBaM4YSCsL4K0J2NI3cFDi64sP35XfcWif/DwtcmmCmxlOO7721fhOO8VwYpZXyeoYt62+EHnCqaQp0AK80hGVco0ZUraoqwnZ8YbJmzpVC7so1bJWncTCutJmgeMDdEyLWRoBV6HUx8wJUVqylQjE3OijgBHa1lxE=
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1yc2EgTXExV2JRCkhqWFRJTVQ4
-            UnQ0WVZ1ckhDRCt0cGxUQTBJamlwNW1EYU5FV2xvQ29kUTBJT2xXNFlUbXhGYjkv
-            aUg2SHpOSVYKK1F0elhGUmJhLzZZeDRGMVBFWTg2N2RsNmJTTUZIWEN6UWcxdXVM
-            c1JGM1FWOFM4S3VFeHEyRm14Z09nMFZXagoxSE94WVMrbVJpRHFSOWt2QUhJcnh4
-            TEFRNE1BbGwyVzI2ajgzZ1VoUWNvMlBWOUlzS0FJME1ybTkrMmpqKzRxClVVTFZv
-            TGFRNzNvWUtwN2FtTXVISVdQTkxzTWhHRXJsbXlGQ043cTd6OTRqbnc1TThzZjVm
-            WENxdnZEWllaRWMKaEdldk9INlVPTFRTZDZFZFcvZDhmREZIZGl1ZldpUmpHK3k3
-            S1RSeDZjdU1JM1pYMVZnUHkrMktPR1lBYUFqVApXZzl2MFNEaDFNVEdZdGRyamY1
-            cHdUWmRONzdLU1BlWjQyRDZtMjNEMU5YUEtiNndZdEdDRDgwK1ZvRHJJMTdLCkln
-            V29OL2FiZ3dwRFJpc0RnSzdXdndINktsYW9iSDVGMXJLTFY1TjNOVEpWWUloZEZ0
-            OWtvbm5jdDlqTXU4VGgKY0VpUnlGa2JEeXJVaTN3TUR5ZVJ1ZWRGRGhDNWg4aUY5
-            eWh4d0IrZUw3WUpETjV4dk5KRE5hdjV3L20wQlU2NgoKLS0tIDdpUGJGN2Y4MFM0
-            ODloVXlySndha2ZuMUNDSHBpRlhvUHErZFdKTDdaVXcKC5xEsnp4xjvLXyiJeLo9
-            WlAgN4tMCkHLFi5D+OlTtalyh1x9I5RNFSb9tC7/nz7y777luFqdHgrCvfQuEvHY
-            Ng==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDBUbmUQhSErispWvXO4iLZBkpw8LpvJwNUxQ2OMDp3XiM3mZpUNYbk43+DPlpC78P6Kg+wHq41PRq9MPKyrSmjVaNeP/BPIEsnxsDRHIVvdDcOb3dC/DX2MU5ROF19b9jUz0YmKLpjmwL9HTwtmrMwyjag609KlSliF8JvlmvVwTYsubyZr+IjsmGT+VjVohHyMWEQpnBZIDY+LuO/CBkBipbGm0V9h0m32utlKWLESAuqsNw1f4CiHam9UgBoVInAdG9avuMIyeF4NcaBgshufL8/RQibk/hPemierC/lGyMygLq7uYJT3PgMkxRmXVmXCoFARg8gzb0VPAygj6wmde70FWFOLSatkiugHKa7Aim6F0JfgpcYN4XRiVz0xDt5OyK9bmjIqW4z1ZKFtZLVs0MeCvVFSGDRB+3I6V59WfMpmTqcGSbuAl0teh+m8wn2LUdTzgDk3x0KrIGRYNn3gT+3wKnrsyUHG+7iWtsl1JdZ4rSsljbQ8+Z6Kt4qX18=
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1yc2EgYXZRczlnCndKclEwQXVJ
-            RE1VandFZkFCcTF3NlVzb1pEVGlWWklXdm85eHVrcHpzTFZtWXhIYnNtUDRJUHR6
-            bUM5OWtpankKbDVBVUFwaXlQWDNzQ0E4MVNkZ1VCY3A4VTZXYUxsWmhHWENST1Vv
-            SzEwbms0TVgxNElubzluQVJOVXM1VndMVgpQWXRiQzRWZTBFemhvUnVDS1pxUHls
-            YmdveDNXTVJFQXN3cEhkaGR5MHMrRkdYMm1UM3poNlY5SDhYTWJrYld4CmR2eEV5
-            RUQ4NEZsa0xJUnFFbjNGalBVb0xpaDJ4a3FLUE1LbS8vRVpjeUVrSE9VTGpubFc5
-            WWQ2dElyZE54MTcKbDJBZjd3Njh5VnJFbFRIU1RiaVhsRmRTck1HY1BEaDlxazRB
-            eERMVFRadVdVNFVISkoyaXVEbE9MM2Qwbi8vSApWN3lIK0hhbzRjWVlVWUZjWndP
-            cTNBRWtONnAyN1htMGU4Y3BLN0p1T01OS1E4SVNZcVdwc2dJbXFqS29HbGlVCmJu
-            S01aanNuTFdGZngxeXBzYzZ1SE9kMUF6RFFQTEpMWVc4enJPemZNRTBZZnRiOEtL
-            THlaMy9ZNzF5V296QloKZ1k4anV2N3FZbld6VS9tMmFLc2FGTHEyMFJONUI1T2xm
-            ajNDWXdZU29zWE9ucklLOXhpeWoxWDBSaVd4UHpoNAoKLS0tIE9Ed1lRUzFVajdo
-            V3doTkZ5Ulp6ZTJ0MUJ1WkxNU0hlTVYrUWJTQVMwK2cKbqdw+8VMWFL5E0hMocSS
-            mXwqk27MPd461PaGvrzSW+ZqOEYJ+EdQ2Sh/nGWo7RLkZKcygI4yimNgN02t283M
-            sQ==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age16ymszt6hmv7p3w596w5wlzng7wgk6mwcchr8s2nvwutnx2nrzyqsvn678s
+        - recipient: age14vpdar7vzznyxgskp9772zjar95n8l2f36w6tzk980889t7kjdqsc5a50q
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKaGs2aWdGWVZTcUxiZEpl
-            eFUxU3lNbTF5b2FVWWRKSDQzTCtIK0FjZ3hNCnQ2NUt2UVFMazArTjk4NVR2VlE2
-            cjNQcGs0cW5kU0ptaWlxOEM5ZE44UUUKLS0tIDZrblpnKzBZcEUvQi9sN1YzQll4
-            U0JmcFgvNk0rc2QxS0RER0VGcHVrUWsKvGlFzXx+8548Vx01QQZQh8Abxzfv/bot
-            H1OuSRcQYsRiSG2YRYQFipRjmxsaTzFnG1fQj04127YV33Lkk5k53A==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3bHd6ZWdZb3ZTOG1LWGV2
+            aU0yVTRqbXpnam5Oa1NKcG5nekFvQkxJcUQ0ClpIUGIycHRFN1A1Tm9PZnhUVW45
+            c2FFM3hoa3NWRGpRT3o3RnlmeE5FekEKLS0tIGJWYXB2Y0lJNktWUWZQWCtlb2Rk
+            TkFMczlVcnBaT2VJTFpPUkFBTWliMjQKgmU7TSLjvRu4B+wzMZEqDdkh+JUY9BHH
+            /zx9XPvNdERBbDNeIrqGauKUHzuV8gD4fZcy8Tnq8lIH+FlVFhZE9w==
             -----END AGE ENCRYPTED FILE-----
-        - recipient: age12vnpyjwhnnm85vktfmg6jwzn55fcg0lmgn6q0wx2z4wawnwgm5cqt6yf2f
+        - recipient: age1ugmyh9qcz05ehtkgnt2nn3jfz2rf2umnmqx69pgp2ue82dn7vpuqlc3g7v
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsdGNiOUxzK1JZc21acTI0
-            elFzb2hmRm5PTmFBRVJjQjl2YlVIQUZycDJjCk80OVZUakRQdGNzSHJNYUlXTVpr
-            RVNDSDFuZTA4aGthbVdIWWtzajgrVzAKLS0tIFNNbDR0TDVaMktFWk1ZZVMvRSt4
-            YkdmU1lYaUc4Sm9iWllxQTZROFNQTTgK7l2ni+/At3IefY1XaS0DilQPG0Cu0Fqq
-            wrDAbFnAAOSckgyuRY3eFTZjV4KEhkeZCQGL1ri3Ewx5uJhFYdl/8A==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5ZmFLUVZTL2FtZWJ4ZVF0
+            M05pMG1WVUR3L0RHRENNblVEM0p3VGRSYVNzClcya0lpZVJyZGlYbHpoU2lOTTlw
+            NlFWYy9sb2l1VWs3UmdQYytsY0Fja3cKLS0tIFhrak5GS05rN1dWWGp6ZnZuSmRD
+            UkFna2tVMlYvK2NnWnZjT0w4UElDSFUKw7HvsZa9NNMB+LKNbp7JrkfmFillO91H
+            UEM+CnnhNmfDTJpW7nskLhd/mY9AS3utp+ke1zJEXdKqN8TwF1qwjA==
             -----END AGE ENCRYPTED FILE-----
-        - recipient: age14vpdar7vzznyxgskp9772zjar95n8l2f36w6tzk980889t7kjdqsc5a50q
+        - recipient: age16ymszt6hmv7p3w596w5wlzng7wgk6mwcchr8s2nvwutnx2nrzyqsvn678s
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpa3pFU3JNRTJ4L2o0Vm9X
-            ZnpOenJqSDhzbkRwQ2lRdFp6K1NzU2tCSW1zCmhYTkVQSXBXVmR0UzFsYkpTeHJ1
-            Q1MrbVMwRFcwWlhZL1k5UzNJSGtNb1kKLS0tIHZqTzlYNnRrTjdIeElXeGFVejF3
-            OUtYUzIzblZGRWMzckRZV3NyazFla2cKU5AzHJfoFeWsymgu75dQy+QCqKfq0Ynr
-            6EHAR8olR1PBLy4eKOZAoyReyEU5wqiWVH0Azsaix4ylmBr2SFM1qg==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBianpvQjNDK0M0amVST1ZW
+            cUhWVGI1VE1uV0hTdjZWL2pBbFA3eC9CL2tvCnNlRS9UTzdjTituVldOSy9nVTM5
+            eTZoYmYvOEc0VGpPb1lPajdCaG5KaWcKLS0tIElzVGlVQTZteEdXblpjZlZSRW5p
+            RFNJajhUMm5TUG1zWkdUenp3SFF5cTgKjbCF/yLqc2CR/dbgKZnMOj7cxxncs1Xr
+            IyUNGWHlr16H4a1M/3Ol4vGrxxDy2LfiA/TS+BqVT0pKnpxPSSQkEQ==
             -----END AGE ENCRYPTED FILE-----
-        - recipient: age1ugmyh9qcz05ehtkgnt2nn3jfz2rf2umnmqx69pgp2ue82dn7vpuqlc3g7v
+        - recipient: age12vnpyjwhnnm85vktfmg6jwzn55fcg0lmgn6q0wx2z4wawnwgm5cqt6yf2f
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKSEt0NzFIYVhPdml0RnI2
-            QVhrTGdiMmY1YXhMaTJZamw3a2RLTE5pTnpNClptWXI3MWZ2TDMxVUlSNDMzS0tG
-            SjkvakJLcXNVaFlocFYyRWRibzROakkKLS0tIDdzcG03cWdIVEkxU0FHdjRvNHNl
-            WG8wMnJ4YWRUNVpCYlNrS1ozSEdSd1kK0+beNkd2HhjtcFrj0sGuHvw9Rx3dTP0o
-            RJ1Wz28lrkh4CXPnMoRbPivc6QyGS/IEyn6HMh9T3V4/pCydgyYSUQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4L1NGSzJCQ2pOSFlWNVZi
+            SmN6ckZhdU1WQ0tEYTVucXdBdmhMdVc1Q3drCnM5RnU2K1hSSlJoTGtxYVR1ay9E
+            dTQ0eENia1cxSDVBQS9SY1QzZE1vMVkKLS0tIG1VY1pQZWJNYzcrMG1JaytkL2hH
+            MWVGSnRzMjkyNUJjYXIzaXdQWlQram8KmvKyzaw9sTvJV7Vl8PlmkPqgI/Br4wJ7
+            XVZC52agM0MPXmp06xCloXK8WD54pm0/P6YOqtpxw01fnUWLl8yvuQ==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1ruav09tz635tt3sgq55pgn83qnte0j2nx0jd6gvjxelkqqdtygcqgcam2t
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCUGN0cHF0NG5nTUZWYkdT
-            NGVXeHU0S2NoTzRGemNGZGc0QVRReDRTbTNJCmxNZlNsR0cvYVFJWndBd3RrbmFi
-            MmwwemIrZmkrWnhiMDI0SkdKTGZDd0kKLS0tIGd1ZExSMkh1MGRkMzRtZE1sZHZW
-            eGMrdno2SEJ3dzhQc2FFamlLMlZyeWsKXzO+MoPhX6LoDA6T7S0snptCCjnY3Dah
-            F7Eys0YrOdAvBbCY8++YzfIFYuXLtWFPzuMYtOj96Od8PrkMViZ2uA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwVXdFcHhwNnBadjBGbkUr
+            U1UwTUdUN3NldXR1T3NLOWFzTkpJVDU0YmhzClpKSWNROXd3SjdQSjlJb2lxbHZh
+            ZkRPSGlCVFFTVExwRVVDVjMzMDh5ekUKLS0tIGs0TVFZYlAxTm80ZXJielErRmFz
+            Mzh4UWN5NGxaWEt0NEFOTklCYlUrdGcKkqCIBhtMbgpnImYQP/j0zUn4THBQbbXi
+            WoZkk7IIAaRl0dN10pZkXZAH7qC9nL06F90I3tlwFXsrCIWLwipSQw==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1ph0gtrpvus5y2kl5t5wnmlcjpevavxf4l2aagrqyp7nng7jvluus959fvq
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4UlFmZE8yNXlHYVFMOG1o
-            V3FBR1Q4UmlCWTJyVWJKYmdpWVZBWUF5WUV3CjNoOENRUUhMUVc2ZlAzamQ1Y2Yx
-            QXpPMTJ6SlRsQnBSM0g0ZWxsMVcwTEEKLS0tIFNVRXNZQXpmeE9GaXU2N1BCS0p0
-            QWhhWHM3ODQ5ZVdIY0dBSlJXZjVwQVkKxs3OMkEbbHXrcZaX9tmbwKI8F2xG0Nz8
-            IFu4YYJHYBMoc1loiX1uCH+rr0D+LnunCfJSW0a7A5F7qozPetaEmQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAySkJRM3NGT1ZBOUZXcFNR
+            UzVKaTFON2hSMnNNSmdNeGR1SE5LUDZtVGpRCnRJY1NLdG1kcVpHeE9kMC82SUtp
+            QkVLcFR1T2xyQ2lCSytjN08vTmp2UGsKLS0tIG1xcWYxalgrZ1dtSXVKZFFaa2dv
+            bVU1TzdXdGY4WGFvTC8zQzNHM0g1ZUUK4hDZtJ7jUBbrUsNpHvjiiUD7Yg2RRydy
+            ZPi2hsFCCkUVtt53Smi0XJwXWE5i9arIdbRoKZCyUc9v/32hCBKpYw==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1sy6t7kdeyf63mjnrdnqm08rjv2s5ddexgncuq4ps6z4c5hgg4dzqp6pznq
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAybGgyVFozclFSaGI0V3NW
-            by9UbnI3WUdJQkxsSWloa0lWQUNkOTlGK0VjCmdXckZVUXl3VUVMaGdPay9WT3Jp
-            c0JZMzhzYWMxWTdSTzZsSVMvbTUvMEkKLS0tIGF2Y2dLbElGaUJiWGVxZjJaemp2
-            LzdDVTlTejc3NlRaVTY4bUJ2a3RLZGMK/gAQ7Zb0LU9jvZTWvJMB+25+C63CF4jv
-            k6LapodqsWAVWAIYeXFQa7ZdTlFNt1IvClw69ieq1X1gqdpSIpyT5A==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZTnJFN3IvTFVsZVFqM3JZ
+            a3dLak9nU1BPbEhZN1RjWXlpY0NGTWh6UlVFClBleWk3dWtLaVY1RnNmdkhSL3l4
+            bkt6VWkvU3hOVjc1UTVZTnRGS21TMWcKLS0tIGhhdk96cnJpdjZibWRRMnBrVUdI
+            aWt2U1g4WWl0cVBLRk96WkVqam44WlkKTORg/CwrOi/NuKROH+VHDbnCbpQvVu7Q
+            gKK4zJ3ilx+uwZ+m8+ohTdurRkbU8KalnXPCEHxEL19Sx0+Zh04rzw==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1ruav09tz635tt3sgq55pgn83qnte0j2nx0jd6gvjxelkqqdtygcqgcam2t
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxUzVlUEk5aTRlQ1RvSHdW
-            NXhCZnU5TjB0M1lXTXFtMHBBdm5nQXZ0WTNBClEwSUJFaWx1T3o5d0JXaEFwVHpa
-            cUpzUTlja3ZFMFZhN1E3VjJ0blJtUFkKLS0tIHRmL1pJQnJ1MWlVeC9yUC93RHpZ
-            UDNoVzZGY0Y2eU9sTFI1RWhxU1lYSlkKNU+NArZ/GL5kJ+Kv5BZBdwxWTPw1OXLc
-            LpuGata9dhVfOjTNJsCroNAB4nJ5jym01qvXYWoU+M8sJidJRHGNMg==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVUUlzM21Dd3pnREpodyts
+            UHFnOWwwaXFCU2N1alJvVWd2MFlLKzBGMW44CkpYczNDaVRzVVhDYWp4d01hUk5Z
+            aTR1T1loem9sdnhiREJmM2lVU3pQejQKLS0tIEZWQnExRVc2ZTF1UU9DSXFWdzNL
+            dmo3MmcvaWdKWi9OeUVvdGlpVzZLaVUKHMnjTG+yD1liJQdfsQik3nwzNHGe9ipP
+            YE0bN5gfIOcD+O3mEJ06LTyyPjlilkltBeJAjsXbiS5uYMcikeEMZw==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1dwqnyurvm7vasf9n7alduzmg79nczkuafknr8x3l4jnzwnuzzydqj0y92p
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1TnVqb090bzZMdE5aUGMx
-            QkJWbVhVNmFsVmxSTzEwRUE0V3UrWVFPdlI0CmZ1akV2dzlPOXhsYlpuMGdSbDZn
-            cnNmSFZuSXBRSm1lQWNWWjZmN1ViSTQKLS0tIGpBUFN1VmpQYkNOajV4bUFVVkNU
-            eDFTbW5VaW56ajRyWFM1N0d4eHp4aWsK40Yua9tXvpCPaF6SfI4aTMxWs2J3LRdm
-            bZh+ut4LuzpNs1Q4TMORmMbW53P2Gl4580kMxBUsryzP4sUMUzU4hA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYdmxpTThEdXZGdW1pNll6
+            SkpoaVorWnZSRUZnWHBra0dwcjJ3TC9VSXpRCklIRkZXaExSU01GYk56aE9DeW8x
+            ekhFVFhrblVNMm9aQXJ3TlRydmhDMFkKLS0tIFpLTnlrTjBjVHdxRU1sT2Q4ckx1
+            bjdXeURmdjFOSW9ySm9MZlV5U0FlWWcK2YBzpSHV3u6TmqKtNBAFi0iQv73q77kS
+            O7Hlp0WUqhYp3xqgjfR5Twb1ozkeQX0UOtcnlq/A0o9h+iNWi2zwsg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1dx6u86w8d242tvjesz362caf4lcatw24ldd0hj9qn7xhqw0s0c5qus8wxt
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBESUpIcXBwZHA1QzN4V2R3
+            ZzZWYmJkd3BBL2pEQWF0MzUvcWtoQ0ZMaHpZClBnYjlDQ3B0dFVyNW1vTlVjZlo5
+            L29XYWVQdUp2c2dlcXFkdTlsSG1mdkUKLS0tIEhmWVEwblQ5V3BPVEVRTnY1bnhR
+            MW91K3dzdnZNZi9WUzZHUEZwbWpZelUK5uq7yxk0ks9FYi29aL/4sAPIgChxzKhB
+            2qJWHihqdJKutQEzRVop3pEbyQnVC0c4WfHqLXIe9u4iDRilT1LLkg==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1h0nv9lwkkhd9y0rlf832g3lualvjafqpyvlkgf8d0cn6c4zg959qkrfzt3
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBscDZMUGhtUG9oUnpHZmFJ
-            MmxTYTZxa0k1MWNRcHlzNE1UV0U2TGN2YnhBCjlPY1d6amtwd0FrSG9RYlM0SlZt
-            eVE5SHc0WFZFT2JMT3pwUElXUjdBRW8KLS0tIFNDV2VaaEloVlF5Tmc2cE5xSC85
-            bXRFU2ZxNzNtTllzeFQva2NUN1JuT3MKPVeUrB6VDG/yYkJ8oyqZlFNpaAfx3DH7
-            e0YkA4DEZ2PLLVxZAoYcWVeIoatayuSuPXLQjUgwK6uInpgqMO4ABw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuQXlCR002QlFQOHJiRi85
+            akUwM1QzKzRsWktSekk3SGdWMXozWG5BYVRVCnJUeGxlUVhTQy9pL3R1UWV5dHkx
+            Y0tvV2UxTnJUejd2QStOa0dGeWRkUGMKLS0tIE10VDk1OTR6RGFheDNVRmJLME0w
+            S2V4UGY0L2Q3QlFLZkFvU1Q4cllISlUK62IjNKXP3JvaRxyuUK2coqW08iEGJpOO
+            +2dkb/XyH3UfTtVNBj1OQsq/p9WcHdZudhPuDaJfzDr2vZiVz/SKMQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1d9h9mm3u5qalmpl2pf62pyzqj8t654n435emn93rutv0cg9sr32sg64fdj
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6eFZHMHNHNWtDclUwTzBn
+            SjcxMlFNVDFqZFFKYlN4VnpUb01LUHFyekJFCi9LWGhUV3BRYnprSE5qdDltVStX
+            cHZTM2FKaUpESEdRY2djVmlnSjh2UmMKLS0tIGpkT1J3ZkxGeGtKV2pHUDRQTGlk
+            TnJzSlc5Y2k4QTJoQVJWUUowWG5IRTQK1yn0aMjGKLyJII9QY76wAOkfP2CZkIka
+            4Nk3nrbbrXDjr+nbKsoAta7o+JDXqU+y0y6lnmRmS0qFUFrBEQ5fog==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1fm7zr0ea3d589tkgcz2klqgnajduzkr25e8tnhh7qxzuleqxq3yq3c0s3t
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtbWptZEE5bFZ6WmlZcDBO
-            U0xwK3hMVjg4RWlNQTI5OWRONnJqWDIrTDBFCmpVYkRjN2dvWWp4VG04SGZrZVFw
-            QjRyYm9jYkRmQjM5TzQ0NUIreFR1NDQKLS0tIC9aL1R0SGNyL2l0M1BhSDlVOVFU
-            SzlYSTdDeVRWUzQ3RW8rZnk1cnVNUmcKBtLuzbRRnHdDe9FHFB7vZFPB3J3ExbD2
-            MK6NCLT+pKVjcusJe9ROsxaTt14PuLoewdzujgqPfc8dhs+z9zH9tQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNd3V6dFhpMGVVaTY0MW80
+            bFBkZTA4RHFaZ0sySEQ0NkpLaWVPNDZUMXdFCkhpaGI5d2U5ZHB6ay9iTkdLNDNq
+            YnRIbnYzaklMVkRXNmt3SzFvZ1ZxTkUKLS0tIEhvZ2YxdkdCSWMzZC9jdkFEeXFX
+            a2VGVjd6L1VRd0hiRFUwYVpLZzZGdjAKnxO0Hx8TpkJVSAHDJUILGeOPVuwq7E2R
+            sP7sP9heWeg97MlZLF4VO0/pu7KHP7OqZ+N8frqRgykVHxkT+Y5XAw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age16wuzuxnkcgfuxzvzgk5e5a5f6hhs386adjewyv54m9esr4yj6uuslpn6tp
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBbEl1Mlp6eThVanJWMVRY
+            akQzMmVUSGY5bGZKTkJFdnRITkRSS3FNS0RFCmZrd0ZwUElkYXNpWHJkbjhoNFI2
+            Ni9RNkJSU1BVNTRGWkpEcWhQNGRUb1kKLS0tIDNBMHcxekFpd0NrL0FkZVFZTVhm
+            b3dILzBmS0ZDWFlYVnNwejRFcElUU0UKWvn7Y/sOvOB1FHhxilyQzAoCT2dAkbmp
+            Gvdn0pp+rJrfdWbnrvinmkeIMWnE1oqfKSpruzUsKss22g7ZhgkCMA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age16rkvks3tljju3y6xu0l7luhjzx634et97g3xe58xf2dgfn2865rqkq6t8f
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiSjIvZHMyeklVYmpKOVZQ
+            OHZIVC85WHpEblN1UWtBK1RUVXVFZTJzZEFjCjBZS0dka2U4dFk4dnhHb0JxNTl5
+            S2ZqVVV4OVo1YVk0endGRU5pb2ZHUnMKLS0tIDJ6dG5hVFpmamtGc3dSczZXc1Rs
+            aVZHREJGdmJreVJqUnNXRm5PazIrMVUKbCFEEmMDGbhuUBkil/RotLYs7IdqTvjy
+            jqXIXYDjQ1SCtCRQLrnMIZbE4PaPYnsKjInT2KchhcpqlAWbfQhZaQ==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1yuh8vhakrwn2nm4dzxmdp99cmvl3cd4af36p5w2v559263a4uy4sulpn60
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIejRlbm1sZlZvY1VocDNZ
-            M01oQjN4SXNLMU1sWERQVTI5NEJpR2R0MzBnCmxvL1RqU1hxVUJwV0xXVWxqNlJ6
-            Rkk0dGhVQXQ4c3cwWG1DbXIzcTNmczgKLS0tIFNITVZEMXZMOHBaT0hyQjVtVWM5
-            SW8zQTY2bVhlQklESVB2eDNnQ3Y4bXcKIpECDftb4mLwnObOer4PpI1wCpzWFlS/
-            7V6A4FYiCAtNKrx8skawX7wD13LS5KjrBau2lnXSPdmQNLZo186iiA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYemFKWG9KLzNyM1BqTjZO
+            RlZZVlVCcUh2TGE0SFJJVmtnOWRjM2hERkFBCkZzeHNXZzRjeFpRaWRMMWl6SC9y
+            Z1NhS0kzdDVqOEVLYUN2KzFhSk1jUEEKLS0tIFkwa1JwZ3lwdmVZZndjeEw4a1Vu
+            N3BiZllYdTI1MkFxclBVY0JVK1VjRmMKv8xN+xibBQac61R9DHg+SmJRncIcJs69
+            dKZNK2mw5Rg+HJrfDyk7yy/yy9eN+odJlEtIZzETantSj/Yfz0Q+hg==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age17dh936q0l622ez7m0zfak46awqdx35hldqzsfnh72cgtcthlhg4qdl74fh
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBSGZhMG5ZZXQ2WXpUSTMz
-            Z3h5c0wwMENTcWtzWlhOYWZtOHo4SE1vRmpBCkNVNDBiQnpvVUV6eXI3aUVlYmo2
-            aWY0TDlTVzAzdTFhVGpBVjRkRzB1U0kKLS0tIFMxTk9QbjU1d1FzbzEwcXhJVkxm
-            aS8xT2F0b2Z4Ykk1MG1PQ1FLZWJGRVEKkiVYn+clzMUbMJPfskL8C6HIyVsG7E3x
-            jc2mqzOr8+bqywCLMD19g4P+1R0WP7m26VPEjTAlJnmU4FYNQu5CmQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZWmFPeXpIZGtJWXQ0b0JG
+            d3V1T2lINGwrdkVtZWhWVkQ5TDRkOVd5R1JZCmRvQkNldDBYRkJvbEdWRWtoM0sz
+            bExEdnlvRDBjbWlQaU9qMUF0aExvSmMKLS0tIEp0cU4wMWV2MFdkYS9vY2liSVZi
+            S1NxN1NPSUU1M05MTXduU1JsT0R6UWcKQojDFA5Mr5mTmy37MpFmsaOgs1tMqyKx
+            bchnch0YV2R8QTBZ5LX8MPhfxiLWUoV8IMsDQ+XxNzyRvjdfmZLPVA==
             -----END AGE ENCRYPTED FILE-----
     lastmodified: "2026-03-20T15:32:03Z"
     mac: ENC[AES256_GCM,data:oHquN4QTFcB3mCeP0buNxsh7oPdOB8ccDk4sW8TIa8u5J8EdmeYUqFeZgheTWvVqo499NGUUxWyXVvXsUaH4u+4xjjrJGhSwP6kLguyY0vcPNFrqGmm7/1JFwC89BlQ5RceHWcmaZFVfpFx5LehRcMATg/KonTTkAlxMxJHIVSA=,iv:RmtSxvkHqmfG0FB63QNa0LgISHO88DDT2UJEGD4E6II=,tag:GKjVFf9ye+7Ss44e/nT1DA==,type:str]
diff --git a/.stackpanel-root b/.stackpanel-root
new file mode 100644
index 00000000..795c24b0
--- /dev/null
+++ b/.stackpanel-root
@@ -0,0 +1 @@
+/Users/cm/git/darkmatter/stackpanel
diff --git a/.superpowers/brainstorm/filetree-1777244419/.events b/.superpowers/brainstorm/filetree-1777244419/.events
new file mode 100644
index 00000000..0fdf8e8f
--- /dev/null
+++ b/.superpowers/brainstorm/filetree-1777244419/.events
@@ -0,0 +1,9 @@
+{"type":"click","text":"illustrative setup tax\n      Files your team keeps paying to maintain\n    \n    \n      Not product code. Not differentiating. Just the conventional glue every repo needs.\n    \n  \n\n  \n    \n      File\n      Maintenance reason\n      Commits\n      Time\n    \n\n    \n      process-compose.yml\n      services, readiness, scripts\n      14\n      2.8h\n    \n    \n      .sops.yaml\n      recipients, keys, environments\n      9\n      1.6h\n    \n    \n      packages/env/\n      typed env drift across apps\n      18\n      3.4h\n    \n    \n      Caddyfile\n      local domains and reverse proxy\n      7\n      1.2h\n    \n    \n      Dockerfile\n      runtime defaults and build context\n      11\n      2.1h\n    \n    \n      docker-compose.yml\n      dev databases, queues, object storage\n      13\n      2.5h\n    \n    \n      .vscode/settings.json\n      team editor and schema setup\n      8\n      1.1h\n    \n    \n      tsconfig.json\n      tooling defaults and path aliases\n      10\n      1.7h\n    \n    \n      .gitignore\n      generated files and local state\n      6\n      45m\n    \n  \n\n  \n\n  \n    \n      Stackpanel moves this into conventions.\n      You still get the familiar files. You just stop hand-editing the same boilerplate every time the repo grows.\n    \n    \n      17h\n      illustrative maintenance avoided per project\n    \n  \n\n  \n    You maintain: app code, app definitions, secret schemas, project choices\n    Stackpanel handles: generated env, service glue, local routes, IDE/tooling defaults","choice":"maintenance-receipt","id":null,"timestamp":1777373993859}
+{"type":"click","text":"illustrative setup tax\n      Files your team keeps paying to maintain\n    \n    \n      Not product code. Not differentiating. Just the conventional glue every repo needs.\n    \n  \n\n  \n    \n      File\n      Maintenance reason\n      Commits\n      Time\n    \n\n    \n      process-compose.yml\n      services, readiness, scripts\n      14\n      2.8h\n    \n    \n      .sops.yaml\n      recipients, keys, environments\n      9\n      1.6h\n    \n    \n      packages/env/\n      typed env drift across apps\n      18\n      3.4h\n    \n    \n      Caddyfile\n      local domains and reverse proxy\n      7\n      1.2h\n    \n    \n      Dockerfile\n      runtime defaults and build context\n      11\n      2.1h\n    \n    \n      docker-compose.yml\n      dev databases, queues, object storage\n      13\n      2.5h\n    \n    \n      .vscode/settings.json\n      team editor and schema setup\n      8\n      1.1h\n    \n    \n      tsconfig.json\n      tooling defaults and path aliases\n      10\n      1.7h\n    \n    \n      .gitignore\n      generated files and local state\n      6\n      45m\n    \n  \n\n  \n\n  \n    \n      Stackpanel moves this into conventions.\n      You still get the familiar files. You just stop hand-editing the same boilerplate every time the repo grows.\n    \n    \n      17h\n      illustrative maintenance avoided per project\n    \n  \n\n  \n    You maintain: app code, app definitions, secret schemas, project choices\n    Stackpanel handles: generated env, service glue, local routes, IDE/tooling defaults","choice":"maintenance-receipt","id":null,"timestamp":1777374586871}
+{"type":"click","text":"illustrative setup tax\n      Files your team keeps paying to maintain\n    \n    \n      Not product code. Not differentiating. Just the conventional glue every repo needs.\n    \n  \n\n  \n    \n      File\n      Maintenance reason\n      Commits\n      Time\n    \n\n    \n      process-compose.yml\n      services, readiness, scripts\n      14\n      2.8h\n    \n    \n      .sops.yaml\n      recipients, keys, environments\n      9\n      1.6h\n    \n    \n      packages/env/\n      typed env drift across apps\n      18\n      3.4h\n    \n    \n      Caddyfile\n      local domains and reverse proxy\n      7\n      1.2h\n    \n    \n      Dockerfile\n      runtime defaults and build context\n      11\n      2.1h\n    \n    \n      docker-compose.yml\n      dev databases, queues, object storage\n      13\n      2.5h\n    \n    \n      .vscode/settings.json\n      team editor and schema setup\n      8\n      1.1h\n    \n    \n      tsconfig.json\n      tooling defaults and path aliases\n      10\n      1.7h\n    \n    \n      .gitignore\n      generated files and local state\n      6\n      45m\n    \n  \n\n  \n\n  \n    \n      Stackpanel moves this into conventions.\n      You still get the familiar files. You just stop hand-editing the same boilerplate every time the repo grows.\n    \n    \n      17h\n      illustrative maintenance avoided per project\n    \n  \n\n  \n    You maintain: app code, app definitions, secret schemas, project choices\n    Stackpanel handles: generated env, service glue, local routes, IDE/tooling defaults","choice":"maintenance-receipt","id":null,"timestamp":1777374587188}
+{"type":"click","text":"illustrative setup tax\n      Files your team keeps paying to maintain\n    \n    \n      Not product code. Not differentiating. Just the conventional glue every repo needs.\n    \n  \n\n  \n    \n      File\n      Maintenance reason\n      Commits\n      Time\n    \n\n    \n      process-compose.yml\n      services, readiness, scripts\n      14\n      2.8h\n    \n    \n      .sops.yaml\n      recipients, keys, environments\n      9\n      1.6h\n    \n    \n      packages/env/\n      typed env drift across apps\n      18\n      3.4h\n    \n    \n      Caddyfile\n      local domains and reverse proxy\n      7\n      1.2h\n    \n    \n      Dockerfile\n      runtime defaults and build context\n      11\n      2.1h\n    \n    \n      docker-compose.yml\n      dev databases, queues, object storage\n      13\n      2.5h\n    \n    \n      .vscode/settings.json\n      team editor and schema setup\n      8\n      1.1h\n    \n    \n      tsconfig.json\n      tooling defaults and path aliases\n      10\n      1.7h\n    \n    \n      .gitignore\n      generated files and local state\n      6\n      45m\n    \n  \n\n  \n\n  \n    \n      Stackpanel moves this into conventions.\n      You still get the familiar files. You just stop hand-editing the same boilerplate every time the repo grows.\n    \n    \n      17h\n      illustrative maintenance avoided per project\n    \n  \n\n  \n    You maintain: app code, app definitions, secret schemas, project choices\n    Stackpanel handles: generated env, service glue, local routes, IDE/tooling defaults","choice":"maintenance-receipt","id":null,"timestamp":1777374587337}
+{"type":"click","text":"illustrative setup tax\n      Files your team keeps paying to maintain\n    \n    \n      Not product code. Not differentiating. Just the conventional glue every repo needs.\n    \n  \n\n  \n    \n      File\n      Maintenance reason\n      Commits\n      Time\n    \n\n    \n      process-compose.yml\n      services, readiness, scripts\n      14\n      2.8h\n    \n    \n      .sops.yaml\n      recipients, keys, environments\n      9\n      1.6h\n    \n    \n      packages/env/\n      typed env drift across apps\n      18\n      3.4h\n    \n    \n      Caddyfile\n      local domains and reverse proxy\n      7\n      1.2h\n    \n    \n      Dockerfile\n      runtime defaults and build context\n      11\n      2.1h\n    \n    \n      docker-compose.yml\n      dev databases, queues, object storage\n      13\n      2.5h\n    \n    \n      .vscode/settings.json\n      team editor and schema setup\n      8\n      1.1h\n    \n    \n      tsconfig.json\n      tooling defaults and path aliases\n      10\n      1.7h\n    \n    \n      .gitignore\n      generated files and local state\n      6\n      45m\n    \n  \n\n  \n\n  \n    \n      Stackpanel moves this into conventions.\n      You still get the familiar files. You just stop hand-editing the same boilerplate every time the repo grows.\n    \n    \n      17h\n      illustrative maintenance avoided per project\n    \n  \n\n  \n    You maintain: app code, app definitions, secret schemas, project choices\n    Stackpanel handles: generated env, service glue, local routes, IDE/tooling defaults","choice":"maintenance-receipt","id":null,"timestamp":1777374587518}
+{"type":"click","text":"illustrative setup tax\n      Files your team keeps paying to maintain\n    \n    \n      Not product code. Not differentiating. Just the conventional glue every repo needs.\n    \n  \n\n  \n    \n      File\n      Maintenance reason\n      Commits\n      Time\n    \n\n    \n      process-compose.yml\n      services, readiness, scripts\n      14\n      2.8h\n    \n    \n      .sops.yaml\n      recipients, keys, environments\n      9\n      1.6h\n    \n    \n      packages/env/\n      typed env drift across apps\n      18\n      3.4h\n    \n    \n      Caddyfile\n      local domains and reverse proxy\n      7\n      1.2h\n    \n    \n      Dockerfile\n      runtime defaults and build context\n      11\n      2.1h\n    \n    \n      docker-compose.yml\n      dev databases, queues, object storage\n      13\n      2.5h\n    \n    \n      .vscode/settings.json\n      team editor and schema setup\n      8\n      1.1h\n    \n    \n      tsconfig.json\n      tooling defaults and path aliases\n      10\n      1.7h\n    \n    \n      .gitignore\n      generated files and local state\n      6\n      45m\n    \n  \n\n  \n\n  \n    \n      Stackpanel moves this into conventions.\n      You still get the familiar files. You just stop hand-editing the same boilerplate every time the repo grows.\n    \n    \n      17h\n      illustrative maintenance avoided per project\n    \n  \n\n  \n    You maintain: app code, app definitions, secret schemas, project choices\n    Stackpanel handles: generated env, service glue, local routes, IDE/tooling defaults","choice":"maintenance-receipt","id":null,"timestamp":1777374587912}
+{"type":"click","text":"illustrative setup tax\n      Files your team keeps paying to maintain\n    \n    \n      Not product code. Not differentiating. Just the conventional glue every repo needs.\n    \n  \n\n  \n    \n      File\n      Maintenance reason\n      Commits\n      Time\n    \n\n    \n      process-compose.yml\n      services, readiness, scripts\n      14\n      2.8h\n    \n    \n      .sops.yaml\n      recipients, keys, environments\n      9\n      1.6h\n    \n    \n      packages/env/\n      typed env drift across apps\n      18\n      3.4h\n    \n    \n      Caddyfile\n      local domains and reverse proxy\n      7\n      1.2h\n    \n    \n      Dockerfile\n      runtime defaults and build context\n      11\n      2.1h\n    \n    \n      docker-compose.yml\n      dev databases, queues, object storage\n      13\n      2.5h\n    \n    \n      .vscode/settings.json\n      team editor and schema setup\n      8\n      1.1h\n    \n    \n      tsconfig.json\n      tooling defaults and path aliases\n      10\n      1.7h\n    \n    \n      .gitignore\n      generated files and local state\n      6\n      45m\n    \n  \n\n  \n\n  \n    \n      Stackpanel moves this into conventions.\n      You still get the familiar files. You just stop hand-editing the same boilerplate every time the repo grows.\n    \n    \n      17h\n      illustrative maintenance avoided per project\n    \n  \n\n  \n    You maintain: app code, app definitions, secret schemas, project choices\n    Stackpanel handles: generated env, service glue, local routes, IDE/tooling defaults","choice":"maintenance-receipt","id":null,"timestamp":1777374588104}
+{"type":"click","text":"illustrative setup tax\n      Files your team keeps paying to maintain\n    \n    \n      Not product code. Not differentiating. Just the conventional glue every repo needs.\n    \n  \n\n  \n    \n      File\n      Maintenance reason\n      Commits\n      Time\n    \n\n    \n      process-compose.yml\n      services, readiness, scripts\n      14\n      2.8h\n    \n    \n      .sops.yaml\n      recipients, keys, environments\n      9\n      1.6h\n    \n    \n      packages/env/\n      typed env drift across apps\n      18\n      3.4h\n    \n    \n      Caddyfile\n      local domains and reverse proxy\n      7\n      1.2h\n    \n    \n      Dockerfile\n      runtime defaults and build context\n      11\n      2.1h\n    \n    \n      docker-compose.yml\n      dev databases, queues, object storage\n      13\n      2.5h\n    \n    \n      .vscode/settings.json\n      team editor and schema setup\n      8\n      1.1h\n    \n    \n      tsconfig.json\n      tooling defaults and path aliases\n      10\n      1.7h\n    \n    \n      .gitignore\n      generated files and local state\n      6\n      45m\n    \n  \n\n  \n\n  \n    \n      Stackpanel moves this into conventions.\n      You still get the familiar files. You just stop hand-editing the same boilerplate every time the repo grows.\n    \n    \n      17h\n      illustrative maintenance avoided per project\n    \n  \n\n  \n    You maintain: app code, app definitions, secret schemas, project choices\n    Stackpanel handles: generated env, service glue, local routes, IDE/tooling defaults","choice":"maintenance-receipt","id":null,"timestamp":1777374588505}
+{"type":"click","text":"illustrative setup tax\n      Files your team keeps paying to maintain\n    \n    \n      Not product code. Not differentiating. Just the conventional glue every repo needs.\n    \n  \n\n  \n    \n      File\n      Maintenance reason\n      Commits\n      Time\n    \n\n    \n      process-compose.yml\n      services, readiness, scripts\n      14\n      2.8h\n    \n    \n      .sops.yaml\n      recipients, keys, environments\n      9\n      1.6h\n    \n    \n      packages/env/\n      typed env drift across apps\n      18\n      3.4h\n    \n    \n      Caddyfile\n      local domains and reverse proxy\n      7\n      1.2h\n    \n    \n      Dockerfile\n      runtime defaults and build context\n      11\n      2.1h\n    \n    \n      docker-compose.yml\n      dev databases, queues, object storage\n      13\n      2.5h\n    \n    \n      .vscode/settings.json\n      team editor and schema setup\n      8\n      1.1h\n    \n    \n      tsconfig.json\n      tooling defaults and path aliases\n      10\n      1.7h\n    \n    \n      .gitignore\n      generated files and local state\n      6\n      45m\n    \n  \n\n  \n\n  \n    \n      Stackpanel moves this into conventions.\n      You still get the familiar files. You just stop hand-editing the same boilerplate every time the repo grows.\n    \n    \n      17h\n      illustrative maintenance avoided per project\n    \n  \n\n  \n    You maintain: app code, app definitions, secret schemas, project choices\n    Stackpanel handles: generated env, service glue, local routes, IDE/tooling defaults","choice":"maintenance-receipt","id":null,"timestamp":1777374589521}
diff --git a/.superpowers/brainstorm/filetree-1777244419/.server-info b/.superpowers/brainstorm/filetree-1777244419/.server-info
new file mode 100644
index 00000000..0f7c0ab9
--- /dev/null
+++ b/.superpowers/brainstorm/filetree-1777244419/.server-info
@@ -0,0 +1 @@
+{"type":"server-started","port":50966,"host":"127.0.0.1","url_host":"localhost","url":"http://localhost:50966","screen_dir":"/Users/cm/git/darkmatter/stackpanel/.superpowers/brainstorm/filetree-1777244419"}
diff --git a/.superpowers/brainstorm/filetree-1777244419/.server.pid b/.superpowers/brainstorm/filetree-1777244419/.server.pid
new file mode 100644
index 00000000..a275b045
--- /dev/null
+++ b/.superpowers/brainstorm/filetree-1777244419/.server.pid
@@ -0,0 +1 @@
+41378
diff --git a/.superpowers/brainstorm/filetree-1777244419/maintenance-receipt.html b/.superpowers/brainstorm/filetree-1777244419/maintenance-receipt.html
new file mode 100644
index 00000000..c67b1fb9
--- /dev/null
+++ b/.superpowers/brainstorm/filetree-1777244419/maintenance-receipt.html
@@ -0,0 +1,310 @@
+<h2>Configuration Maintenance Receipt</h2>
+<p class="subtitle">A calmer version: treat setup files like recurring line items. Stackpanel’s promise is that these stop being hand-managed costs.</p>
+
+<style>
+  .receipt-shell {
+    border: 1px solid rgba(255,255,255,0.12);
+    border-radius: 28px;
+    overflow: hidden;
+    background: #0b0d0c;
+    box-shadow: 0 28px 100px rgba(0,0,0,0.28);
+  }
+  .receipt-header {
+    display: flex;
+    align-items: flex-start;
+    justify-content: space-between;
+    gap: 24px;
+    padding: 26px 28px 20px;
+    border-bottom: 1px dashed rgba(255,255,255,0.16);
+  }
+  .receipt-kicker {
+    color: rgba(255,255,255,0.46);
+    font-size: 12px;
+    letter-spacing: 0.16em;
+    text-transform: uppercase;
+  }
+  .receipt-title {
+    margin-top: 6px;
+    color: white;
+    font-size: 28px;
+    line-height: 1.05;
+    letter-spacing: -0.04em;
+    font-weight: 850;
+  }
+  .receipt-note {
+    max-width: 280px;
+    color: rgba(255,255,255,0.56);
+    font-size: 13px;
+    line-height: 1.5;
+    text-align: right;
+  }
+  .receipt-table {
+    padding: 18px 28px 8px;
+  }
+  .receipt-row,
+  .receipt-columns {
+    display: grid;
+    grid-template-columns: minmax(260px, 1.25fr) minmax(180px, 0.9fr) 96px 96px;
+    gap: 18px;
+    align-items: baseline;
+  }
+  .receipt-columns {
+    padding: 0 0 10px;
+    color: rgba(255,255,255,0.36);
+    font-size: 11px;
+    letter-spacing: 0.12em;
+    text-transform: uppercase;
+  }
+  .receipt-row {
+    padding: 11px 0;
+    border-top: 1px solid rgba(255,255,255,0.07);
+  }
+  .receipt-row:first-of-type {
+    border-top-color: rgba(255,255,255,0.12);
+  }
+  .file-path {
+    color: rgba(255,212,176,0.92);
+    font-family: ui-monospace, SFMono-Regular, Menlo, monospace;
+    font-size: 13px;
+  }
+  .reason {
+    color: rgba(255,255,255,0.56);
+    font-size: 13px;
+  }
+  .number {
+    color: rgba(255,255,255,0.72);
+    font-family: ui-monospace, SFMono-Regular, Menlo, monospace;
+    font-size: 13px;
+    text-align: right;
+  }
+  .receipt-divider {
+    margin: 14px 28px 0;
+    border-top: 1px dashed rgba(255,255,255,0.18);
+  }
+  .receipt-total {
+    display: grid;
+    grid-template-columns: 1fr auto;
+    gap: 22px;
+    padding: 22px 28px 28px;
+    align-items: end;
+  }
+  .total-copy strong {
+    display: block;
+    color: white;
+    font-size: 18px;
+    margin-bottom: 5px;
+  }
+  .total-copy span {
+    color: rgba(255,255,255,0.5);
+    font-size: 13px;
+    line-height: 1.45;
+  }
+  .total-number {
+    text-align: right;
+  }
+  .total-number strong {
+    display: block;
+    color: #ffbd7a;
+    font-size: 44px;
+    letter-spacing: -0.07em;
+    line-height: 0.95;
+  }
+  .total-number span {
+    color: rgba(255,255,255,0.48);
+    font-size: 12px;
+  }
+  .receipt-footer {
+    display: flex;
+    justify-content: space-between;
+    gap: 18px;
+    padding: 16px 28px;
+    border-top: 1px solid rgba(255,255,255,0.08);
+    background: rgba(255,255,255,0.025);
+    color: rgba(255,255,255,0.48);
+    font-size: 12px;
+  }
+  .receipt-footer b {
+    color: rgba(255,255,255,0.72);
+  }
+  @media (max-width: 900px) {
+    .receipt-header,
+    .receipt-total,
+    .receipt-footer {
+      display: block;
+    }
+    .receipt-note,
+    .total-number {
+      margin-top: 14px;
+      text-align: left;
+    }
+    .receipt-row,
+    .receipt-columns {
+      grid-template-columns: minmax(180px, 1fr) 72px 72px;
+    }
+    .receipt-columns span:nth-child(2),
+    .receipt-row .reason {
+      display: none;
+    }
+  }
+  @media (max-width: 480px) {
+    .receipt-shell {
+      border-radius: 20px;
+    }
+    .receipt-header {
+      padding: 22px 18px 18px;
+    }
+    .receipt-title {
+      font-size: 24px;
+    }
+    .receipt-note {
+      max-width: none;
+      margin-top: 12px;
+      text-align: left;
+    }
+    .receipt-table {
+      padding: 12px 18px 4px;
+    }
+    .receipt-columns {
+      display: none;
+    }
+    .receipt-row {
+      display: grid;
+      grid-template-columns: 1fr;
+      gap: 6px;
+      padding: 13px 0;
+    }
+    .receipt-row .reason {
+      display: block;
+      order: 2;
+    }
+    .receipt-row .number {
+      text-align: left;
+    }
+    .receipt-row .number:nth-of-type(2) {
+      order: 3;
+    }
+    .receipt-row .number:nth-of-type(3) {
+      order: 4;
+    }
+    .receipt-row .number:nth-of-type(2)::before {
+      content: "Commits: ";
+      color: rgba(255,255,255,0.38);
+      font-family: ui-sans-serif, system-ui, sans-serif;
+    }
+    .receipt-row .number:nth-of-type(3)::before {
+      content: "Time: ";
+      color: rgba(255,255,255,0.38);
+      font-family: ui-sans-serif, system-ui, sans-serif;
+    }
+    .receipt-divider {
+      margin: 12px 18px 0;
+    }
+    .receipt-total {
+      padding: 20px 18px 24px;
+    }
+    .total-number strong {
+      font-size: 38px;
+    }
+    .receipt-footer {
+      padding: 15px 18px;
+    }
+    .receipt-footer span + span {
+      display: block;
+      margin-top: 10px;
+    }
+  }
+</style>
+
+<div class="receipt-shell option" data-choice="maintenance-receipt" onclick="toggleSelect(this)">
+  <div class="receipt-header">
+    <div>
+      <div class="receipt-kicker">illustrative setup tax</div>
+      <div class="receipt-title">Files your team keeps paying to maintain</div>
+    </div>
+    <div class="receipt-note">
+      Not product code. Not differentiating. Just the conventional glue every repo needs.
+    </div>
+  </div>
+
+  <div class="receipt-table">
+    <div class="receipt-columns">
+      <span>File</span>
+      <span>Maintenance reason</span>
+      <span class="number">Commits</span>
+      <span class="number">Time</span>
+    </div>
+
+    <div class="receipt-row">
+      <span class="file-path">process-compose.yml</span>
+      <span class="reason">services, readiness, scripts</span>
+      <span class="number">14</span>
+      <span class="number">2.8h</span>
+    </div>
+    <div class="receipt-row">
+      <span class="file-path">.sops.yaml</span>
+      <span class="reason">recipients, keys, environments</span>
+      <span class="number">9</span>
+      <span class="number">1.6h</span>
+    </div>
+    <div class="receipt-row">
+      <span class="file-path">packages/env/</span>
+      <span class="reason">typed env drift across apps</span>
+      <span class="number">18</span>
+      <span class="number">3.4h</span>
+    </div>
+    <div class="receipt-row">
+      <span class="file-path">Caddyfile</span>
+      <span class="reason">local domains and reverse proxy</span>
+      <span class="number">7</span>
+      <span class="number">1.2h</span>
+    </div>
+    <div class="receipt-row">
+      <span class="file-path">Dockerfile</span>
+      <span class="reason">runtime defaults and build context</span>
+      <span class="number">11</span>
+      <span class="number">2.1h</span>
+    </div>
+    <div class="receipt-row">
+      <span class="file-path">docker-compose.yml</span>
+      <span class="reason">dev databases, queues, object storage</span>
+      <span class="number">13</span>
+      <span class="number">2.5h</span>
+    </div>
+    <div class="receipt-row">
+      <span class="file-path">.vscode/settings.json</span>
+      <span class="reason">team editor and schema setup</span>
+      <span class="number">8</span>
+      <span class="number">1.1h</span>
+    </div>
+    <div class="receipt-row">
+      <span class="file-path">tsconfig.json</span>
+      <span class="reason">tooling defaults and path aliases</span>
+      <span class="number">10</span>
+      <span class="number">1.7h</span>
+    </div>
+    <div class="receipt-row">
+      <span class="file-path">.gitignore</span>
+      <span class="reason">generated files and local state</span>
+      <span class="number">6</span>
+      <span class="number">45m</span>
+    </div>
+  </div>
+
+  <div class="receipt-divider"></div>
+
+  <div class="receipt-total">
+    <div class="total-copy">
+      <strong>Stackpanel moves this into conventions.</strong>
+      <span>You still get the familiar files. You just stop hand-editing the same boilerplate every time the repo grows.</span>
+    </div>
+    <div class="total-number">
+      <strong>17h</strong>
+      <span>illustrative maintenance avoided per project</span>
+    </div>
+  </div>
+
+  <div class="receipt-footer">
+    <span><b>You maintain:</b> app code, app definitions, secret schemas, project choices</span>
+    <span><b>Stackpanel handles:</b> generated env, service glue, local routes, IDE/tooling defaults</span>
+  </div>
+</div>
diff --git a/.superpowers/brainstorm/manual-1777098555/.server-stopped b/.superpowers/brainstorm/manual-1777098555/.server-stopped
new file mode 100644
index 00000000..cd819a72
--- /dev/null
+++ b/.superpowers/brainstorm/manual-1777098555/.server-stopped
@@ -0,0 +1 @@
+{"reason":"idle timeout","timestamp":1777100775264}
diff --git a/.superpowers/brainstorm/prototypes-1777232838/.server-stopped b/.superpowers/brainstorm/prototypes-1777232838/.server-stopped
new file mode 100644
index 00000000..fc23d912
--- /dev/null
+++ b/.superpowers/brainstorm/prototypes-1777232838/.server-stopped
@@ -0,0 +1 @@
+{"reason":"idle timeout","timestamp":1777234938415}
diff --git a/.superpowers/brainstorm/prototypes-1777232838/.server.pid b/.superpowers/brainstorm/prototypes-1777232838/.server.pid
new file mode 100644
index 00000000..cf642e8c
--- /dev/null
+++ b/.superpowers/brainstorm/prototypes-1777232838/.server.pid
@@ -0,0 +1 @@
+31656
diff --git a/.superpowers/brainstorm/prototypes-1777232838/visual-prototypes.html b/.superpowers/brainstorm/prototypes-1777232838/visual-prototypes.html
new file mode 100644
index 00000000..3183a431
--- /dev/null
+++ b/.superpowers/brainstorm/prototypes-1777232838/visual-prototypes.html
@@ -0,0 +1,369 @@
+<h2>Visual Treatments for “What You Stop Managing”</h2>
+<p class="subtitle">Three ways to make the same idea concrete: Stackpanel turns scattered setup chores into a small source of truth that generates ordinary, inspectable files.</p>
+
+<style>
+  .prototype-grid {
+    display: grid;
+    gap: 22px;
+  }
+  .prototype {
+    border: 1px solid rgba(255,255,255,0.14);
+    border-radius: 28px;
+    overflow: hidden;
+    background: rgba(255,255,255,0.035);
+    cursor: pointer;
+    transition: border-color 160ms ease, transform 160ms ease, background 160ms ease;
+  }
+  .prototype:hover {
+    transform: translateY(-2px);
+    border-color: rgba(130,246,190,0.45);
+    background: rgba(255,255,255,0.055);
+  }
+  .prototype.selected {
+    border-color: #82f6be;
+    box-shadow: 0 0 0 1px rgba(130,246,190,0.6), 0 28px 90px rgba(27,255,170,0.12);
+  }
+  .prototype-body {
+    padding: 24px;
+  }
+  .prototype-title {
+    display: flex;
+    align-items: center;
+    justify-content: space-between;
+    gap: 16px;
+    margin-bottom: 18px;
+  }
+  .prototype-title h3 {
+    margin: 0;
+    font-size: 22px;
+    color: white;
+  }
+  .tag {
+    border: 1px solid rgba(255,255,255,0.14);
+    border-radius: 999px;
+    padding: 6px 10px;
+    color: rgba(255,255,255,0.64);
+    font-size: 12px;
+    white-space: nowrap;
+  }
+  .caption {
+    color: rgba(255,255,255,0.62);
+    line-height: 1.55;
+    margin: 14px 0 0;
+  }
+  .green { color: #82f6be; }
+  .blue { color: #80c7ff; }
+  .amber { color: #f8d37b; }
+
+  /* 2. Scatter -> Source of Truth */
+  .scatter-canvas {
+    position: relative;
+    min-height: 430px;
+    border-radius: 22px;
+    overflow: hidden;
+    background:
+      radial-gradient(circle at 50% 50%, rgba(130,246,190,0.16), transparent 24%),
+      radial-gradient(circle at 8% 20%, rgba(255,255,255,0.07), transparent 18%),
+      radial-gradient(circle at 90% 82%, rgba(128,199,255,0.12), transparent 20%),
+      #07110d;
+    border: 1px solid rgba(255,255,255,0.11);
+  }
+  .scatter-label {
+    position: absolute;
+    top: 18px;
+    color: rgba(255,255,255,0.72);
+    font-size: 12px;
+    letter-spacing: 0.14em;
+    text-transform: uppercase;
+  }
+  .scatter-label.left { left: 22px; }
+  .scatter-label.right { right: 22px; }
+  .loose-file {
+    position: absolute;
+    border: 1px solid rgba(255,255,255,0.14);
+    border-radius: 16px;
+    padding: 10px 12px;
+    background: rgba(255,255,255,0.055);
+    color: rgba(255,255,255,0.72);
+    font-family: ui-monospace, SFMono-Regular, Menlo, monospace;
+    font-size: 11px;
+    box-shadow: 0 14px 40px rgba(0,0,0,0.22);
+  }
+  .source-card {
+    position: absolute;
+    left: 50%;
+    top: 50%;
+    width: 220px;
+    transform: translate(-50%, -50%);
+    border: 1px solid rgba(130,246,190,0.5);
+    border-radius: 22px;
+    background: rgba(4,18,12,0.92);
+    padding: 18px;
+    text-align: center;
+    box-shadow: 0 0 80px rgba(130,246,190,0.16);
+  }
+  .source-card strong {
+    display: block;
+    color: white;
+    font-size: 18px;
+    margin-bottom: 6px;
+  }
+  .source-card span {
+    color: rgba(255,255,255,0.62);
+    font-size: 12px;
+  }
+  .generated-pill {
+    position: absolute;
+    right: 28px;
+    border-radius: 999px;
+    border: 1px solid rgba(130,246,190,0.28);
+    background: rgba(130,246,190,0.08);
+    color: rgba(255,255,255,0.82);
+    padding: 9px 12px;
+    font-family: ui-monospace, SFMono-Regular, Menlo, monospace;
+    font-size: 11px;
+  }
+  .line {
+    position: absolute;
+    height: 1px;
+    background: linear-gradient(90deg, rgba(255,255,255,0.08), rgba(130,246,190,0.42), rgba(255,255,255,0.08));
+    transform-origin: left center;
+  }
+
+  /* 4. Timeline */
+  .timeline {
+    display: grid;
+    grid-template-columns: 1fr 1fr;
+    gap: 16px;
+  }
+  .timeline-card {
+    border: 1px solid rgba(255,255,255,0.12);
+    border-radius: 22px;
+    padding: 18px;
+    background: rgba(0,0,0,0.22);
+  }
+  .timeline-card h4 {
+    color: white;
+    margin: 0 0 16px;
+    font-size: 15px;
+  }
+  .step {
+    position: relative;
+    display: grid;
+    grid-template-columns: 30px 1fr;
+    gap: 10px;
+    padding-bottom: 15px;
+  }
+  .step:not(:last-child)::after {
+    content: "";
+    position: absolute;
+    left: 14px;
+    top: 29px;
+    bottom: 0;
+    width: 1px;
+    background: rgba(255,255,255,0.12);
+  }
+  .step-dot {
+    width: 28px;
+    height: 28px;
+    display: grid;
+    place-items: center;
+    border-radius: 999px;
+    border: 1px solid rgba(255,255,255,0.15);
+    color: rgba(255,255,255,0.7);
+    background: rgba(255,255,255,0.05);
+    font-size: 12px;
+    z-index: 1;
+  }
+  .short .step-dot {
+    border-color: rgba(130,246,190,0.45);
+    color: #82f6be;
+    background: rgba(130,246,190,0.08);
+  }
+  .step-title {
+    color: rgba(255,255,255,0.86);
+    font-weight: 700;
+    font-size: 13px;
+  }
+  .step-copy {
+    color: rgba(255,255,255,0.55);
+    font-size: 12px;
+    line-height: 1.45;
+    margin-top: 3px;
+  }
+  .time-badge {
+    display: inline-flex;
+    margin-top: 10px;
+    border-radius: 999px;
+    padding: 7px 10px;
+    background: rgba(255,255,255,0.06);
+    color: rgba(255,255,255,0.64);
+    font-size: 12px;
+  }
+  .short .time-badge {
+    background: rgba(130,246,190,0.1);
+    color: #82f6be;
+  }
+
+  /* 5. Exploded Blueprint */
+  .blueprint {
+    position: relative;
+    min-height: 460px;
+    border-radius: 22px;
+    border: 1px solid rgba(255,255,255,0.11);
+    overflow: hidden;
+    background:
+      linear-gradient(rgba(255,255,255,0.035) 1px, transparent 1px),
+      linear-gradient(90deg, rgba(255,255,255,0.035) 1px, transparent 1px),
+      radial-gradient(circle at 50% 46%, rgba(128,199,255,0.12), transparent 28%),
+      #07101d;
+    background-size: 36px 36px, 36px 36px, auto, auto;
+  }
+  .blueprint-center {
+    position: absolute;
+    left: 50%;
+    top: 48%;
+    transform: translate(-50%, -50%);
+    width: 230px;
+    border: 1px solid rgba(128,199,255,0.5);
+    border-radius: 22px;
+    padding: 18px;
+    background: rgba(4,13,25,0.94);
+    text-align: center;
+    box-shadow: 0 0 80px rgba(128,199,255,0.18);
+  }
+  .blueprint-center strong {
+    display: block;
+    color: white;
+    font-size: 18px;
+    margin-bottom: 8px;
+  }
+  .blueprint-center span {
+    color: rgba(255,255,255,0.62);
+    font-size: 12px;
+  }
+  .artifact {
+    position: absolute;
+    width: 172px;
+    border: 1px solid rgba(255,255,255,0.13);
+    border-radius: 18px;
+    padding: 12px;
+    background: rgba(255,255,255,0.055);
+    backdrop-filter: blur(12px);
+  }
+  .artifact strong {
+    color: white;
+    font-size: 12px;
+    display: block;
+    margin-bottom: 5px;
+  }
+  .artifact span {
+    color: rgba(255,255,255,0.54);
+    font-size: 11px;
+  }
+  .connector {
+    position: absolute;
+    height: 1px;
+    background: rgba(128,199,255,0.45);
+    transform-origin: left center;
+  }
+  @media (max-width: 900px) {
+    .timeline { grid-template-columns: 1fr; }
+    .scatter-canvas, .blueprint { min-height: 620px; }
+  }
+</style>
+
+<div class="prototype-grid">
+  <div class="prototype" data-choice="scatter-source" onclick="toggleSelect(this)">
+    <div class="prototype-body">
+      <div class="prototype-title">
+        <h3>#2 Scatter → Source of Truth</h3>
+        <span class="tag">best for “no lock-in”</span>
+      </div>
+      <div class="scatter-canvas">
+        <div class="scatter-label left">scattered chores</div>
+        <div class="scatter-label right">plain generated files</div>
+
+        <div class="loose-file" style="left:26px; top:74px;">.env.example</div>
+        <div class="loose-file" style="left:84px; top:143px;">docker-compose.yml</div>
+        <div class="loose-file" style="left:35px; top:230px;">scripts/devshell.sh</div>
+        <div class="loose-file" style="left:130px; top:312px;">.vscode/settings.json</div>
+        <div class="loose-file" style="left:44px; top:356px;">Caddyfile</div>
+
+        <div class="line" style="left:210px; top:100px; width:225px; transform:rotate(18deg);"></div>
+        <div class="line" style="left:260px; top:173px; width:160px; transform:rotate(6deg);"></div>
+        <div class="line" style="left:230px; top:258px; width:185px; transform:rotate(-11deg);"></div>
+        <div class="line" style="left:300px; top:330px; width:125px; transform:rotate(-22deg);"></div>
+
+        <div class="source-card">
+          <strong>.stack/config.nix</strong>
+          <span>codify conventions once</span>
+        </div>
+
+        <div class="generated-pill" style="top:82px;">packages/gen/env/*</div>
+        <div class="generated-pill" style="top:145px;">process-compose services</div>
+        <div class="generated-pill" style="top:208px;">.stack/gen/ide/*</div>
+        <div class="generated-pill" style="top:271px;">local Caddy routes</div>
+        <div class="generated-pill" style="top:334px;">.stack/state/stack.json</div>
+      </div>
+      <p class="caption">This one makes the “scattered files become a source of truth” story instantly visible. It also preserves the no-lock-in claim because the right side is still made of normal files.</p>
+    </div>
+  </div>
+
+  <div class="prototype" data-choice="timeline" onclick="toggleSelect(this)">
+    <div class="prototype-body">
+      <div class="prototype-title">
+        <h3>#4 Manual Work Timeline</h3>
+        <span class="tag">best for “stop wasting time”</span>
+      </div>
+      <div class="timeline">
+        <div class="timeline-card">
+          <h4>Every new repo today</h4>
+          <div class="step"><div class="step-dot">1</div><div><div class="step-title">Pick tool versions</div><div class="step-copy">Node, Bun, Go, Postgres, Redis, linters, CLIs.</div></div></div>
+          <div class="step"><div class="step-dot">2</div><div><div class="step-title">Wire local services</div><div class="step-copy">Ports, domains, health checks, process commands.</div></div></div>
+          <div class="step"><div class="step-dot">3</div><div><div class="step-title">Write env glue</div><div class="step-copy">Secrets, examples, generated types, app-specific loaders.</div></div></div>
+          <div class="step"><div class="step-dot">4</div><div><div class="step-title">Document setup</div><div class="step-copy">Then debug every teammate’s machine anyway.</div></div></div>
+          <span class="time-badge">Repeated by hand, every project</span>
+        </div>
+        <div class="timeline-card short">
+          <h4>With Stackpanel</h4>
+          <div class="step"><div class="step-dot">1</div><div><div class="step-title">Describe the stack once</div><div class="step-copy">Apps, services, secrets, packages, modules.</div></div></div>
+          <div class="step"><div class="step-dot">2</div><div><div class="step-title">Enter the devshell</div><div class="step-copy"><span class="green">nix develop --impure</span> generates the boring parts.</div></div></div>
+          <div class="step"><div class="step-dot">3</div><div><div class="step-title">Open Studio</div><div class="step-copy">See ports, processes, files, services, and config state.</div></div></div>
+          <span class="time-badge">Same outcome, fewer chores</span>
+        </div>
+      </div>
+      <p class="caption">This version is the clearest emotional sell: the left side feels tedious, the right side feels obvious. It is less strong on no-lock-in unless paired with generated-file labels below.</p>
+    </div>
+  </div>
+
+  <div class="prototype" data-choice="blueprint" onclick="toggleSelect(this)">
+    <div class="prototype-body">
+      <div class="prototype-title">
+        <h3>#5 Exploded Blueprint</h3>
+        <span class="tag">best for “how it works”</span>
+      </div>
+      <div class="blueprint">
+        <div class="connector" style="left:50%; top:48%; width:210px; transform:rotate(-37deg);"></div>
+        <div class="connector" style="left:50%; top:48%; width:220px; transform:rotate(2deg);"></div>
+        <div class="connector" style="left:50%; top:48%; width:205px; transform:rotate(38deg);"></div>
+        <div class="connector" style="left:50%; top:48%; width:220px; transform:rotate(145deg);"></div>
+        <div class="connector" style="left:50%; top:48%; width:210px; transform:rotate(182deg);"></div>
+        <div class="connector" style="left:50%; top:48%; width:210px; transform:rotate(222deg);"></div>
+
+        <div class="blueprint-center">
+          <strong>.stack/</strong>
+          <span>apps + services + secrets + conventions</span>
+        </div>
+
+        <div class="artifact" style="right:44px; top:38px;"><strong>typed env modules</strong><span>plain TypeScript exports</span></div>
+        <div class="artifact" style="right:28px; top:196px;"><strong>process config</strong><span>services, readiness, tasks</span></div>
+        <div class="artifact" style="right:54px; bottom:42px;"><strong>local domains</strong><span>Caddy routes + ports</span></div>
+        <div class="artifact" style="left:46px; bottom:48px;"><strong>IDE workspaces</strong><span>VS Code, Zed, schemas</span></div>
+        <div class="artifact" style="left:28px; top:198px;"><strong>state JSON</strong><span>agent-readable config</span></div>
+        <div class="artifact" style="left:52px; top:42px;"><strong>Nix devshell</strong><span>packages, hooks, scripts</span></div>
+      </div>
+      <p class="caption">This is the most “productized” visual. It explains that Stackpanel is not hiding the system; it is projecting one source of truth into the files and surfaces developers already know.</p>
+    </div>
+  </div>
+</div>
diff --git a/apps/api/.gitignore b/apps/api/.gitignore
new file mode 100644
index 00000000..aa20f91f
--- /dev/null
+++ b/apps/api/.gitignore
@@ -0,0 +1,4 @@
+.alchemy/
+.output/
+.wrangler/
+node_modules/
diff --git a/apps/api/alchemy.run.ts b/apps/api/alchemy.run.ts
new file mode 100644
index 00000000..d5bc85fc
--- /dev/null
+++ b/apps/api/alchemy.run.ts
@@ -0,0 +1,119 @@
+// apps/api/alchemy.run.ts
+//
+// Declarative cert + DNS orchestration for the api on Fly.
+//
+// The Fly machine is built and deployed by the CI workflow's
+// `bun run build` → `nix build container-api` → skopeo push → flyctl
+// deploy chain. This script handles the things that *aren't* the machine:
+//
+//   1. Ensure an ACME certificate for the public hostname exists on the
+//      Fly app (idempotent).
+//   2. Look up the IP addresses Fly assigned to the app.
+//   3. Create A + AAAA records on the stackpanel.com Cloudflare zone
+//      pointing at those IPs (proxy off — Fly terminates TLS).
+//
+// Replaces the previous `flyctl certs add` + manual Cloudflare DNS
+// dance. Same Effect-native pattern as apps/web's domain binding via
+// `@distilled.cloud/cloudflare` Workers.
+
+import { loadDeployEnv, resolveDeployStage } from "@stackpanel/infra/lib/deploy";
+import {
+  AppCertificatesAcmeCreate,
+  AppIPAssignmentsList,
+} from "@distilled.cloud/fly-io/Operations";
+import { CredentialsFromEnv as FlyCredentialsFromEnv } from "@distilled.cloud/fly-io";
+import * as DNS from "@distilled.cloud/cloudflare/dns";
+import * as Stack from "alchemy-effect/Stack";
+import * as Effect from "effect/Effect";
+import * as Layer from "effect/Layer";
+
+const PROJECT = "stackpanel";
+const SERVICE = "api";
+
+const FLY_APP = "stackpanel-api";
+const STACKPANEL_ZONE = "d34628a3ab639230ff1f6dc1eb640eec";
+
+// `appEnv` is our SOPS namespace (`prod` | `staging` | `dev`); CI sets
+// FLY_IO_API_KEY from the FLY_API_TOKEN GH secret so the fly-io SDK
+// picks it up via process.env.
+const { stage, appEnv } = resolveDeployStage();
+await loadDeployEnv(SERVICE, appEnv);
+
+// Production lives at api.stackpanel.com; preview/staging deploys get
+// api-<stage>.stackpanel.com so they don't collide with prod.
+const hostnameFor = (stage: string): string =>
+  stage === "production" ? "api.stackpanel.com" : `api-${stage}.stackpanel.com`;
+
+const program = Effect.gen(function* () {
+  if (stage === "dev") {
+    // Local/dev deploys serve from stackpanel-api.fly.dev directly — no
+    // custom hostname, no DNS records.
+    return { url: `https://${FLY_APP}.fly.dev` };
+  }
+
+  const hostname = hostnameFor(stage);
+
+  // (1) Ensure ACME cert exists for the hostname. Idempotent: returns
+  // the existing cert if one's already on the app.
+  yield* AppCertificatesAcmeCreate({ app_name: FLY_APP, hostname });
+
+  // (2) Look up the IPs Fly assigned the app. Shared v4 + dedicated v6
+  // is the default. We point DNS at whatever Fly returns rather than
+  // hard-coding 66.241.125.29.
+  const ipsResp = (yield* AppIPAssignmentsList({ app_name: FLY_APP })) as {
+    ips?: ReadonlyArray<{ ip?: string; service_name?: string; shared?: boolean }>;
+  };
+  const ips = ipsResp.ips ?? [];
+  // Fly returns one row per assigned IP. Distinguish v4 (IPv4 dotted quad)
+  // from v6 (contains a colon) at the address level rather than relying on
+  // a `kind` field that the SDK schema doesn't expose.
+  const v4 = ips.find((i) => i.ip && !i.ip.includes(":"))?.ip;
+  const v6 = ips.find((i) => i.ip && i.ip.includes(":"))?.ip;
+  if (!v4 || !v6) {
+    return yield* Effect.fail(
+      new Error(
+        `Fly app ${FLY_APP} missing v4 or v6 IP (got: ${JSON.stringify(ips)})`,
+      ),
+    );
+  }
+
+  // (3) Reconcile DNS records: drop anything stale at this name, then
+  // create the A + AAAA pointing at Fly. Proxy off — Fly's ACME validation
+  // and TLS termination both need direct connections, not the CF proxy.
+  const existing = (yield* DNS.listRecords({
+    zoneId: STACKPANEL_ZONE,
+    name: { exact: hostname },
+  } as never)) as { result?: ReadonlyArray<{ id: string; name?: string; type?: string }> };
+  for (const r of existing.result ?? []) {
+    if (r.name === hostname && (r.type === "A" || r.type === "AAAA")) {
+      yield* DNS.deleteRecord({ zoneId: STACKPANEL_ZONE, dnsRecordId: r.id });
+    }
+  }
+  yield* DNS.createRecord({
+    zoneId: STACKPANEL_ZONE,
+    name: hostname,
+    type: "A",
+    content: v4,
+    ttl: 1,
+    proxied: false,
+  });
+  yield* DNS.createRecord({
+    zoneId: STACKPANEL_ZONE,
+    name: hostname,
+    type: "AAAA",
+    content: v6,
+    ttl: 1,
+    proxied: false,
+  } as never);
+
+  return { url: `https://${hostname}` };
+});
+
+// Both providers' credentials read from process.env (set by loadDeployEnv).
+const providers = Layer.mergeAll(FlyCredentialsFromEnv) as unknown as Layer.Layer<
+  any,
+  never,
+  any
+>;
+
+export default Stack.make(`${PROJECT}-${SERVICE}`, providers)(program);
diff --git a/apps/api/fly.toml b/apps/api/fly.toml
new file mode 100644
index 00000000..f1403153
--- /dev/null
+++ b/apps/api/fly.toml
@@ -0,0 +1,33 @@
+# Generated by stackpanel - do not edit manually
+# Regenerate by entering the devshell: nix develop --impure
+#
+# Deploy workflow (uses nix2container/dockerTools):
+#   1. Build app:        bun run build (in app directory)
+#   2. Build container:  container-build api
+#   3. Push container:   container-copy api docker://registry.fly.io/
+#   4. Deploy:           flyctl deploy --config apps/api/fly.toml --image registry.fly.io/stackpanel-api:latest
+#
+# Or use turbo workflow:
+#   turbo run ship:api
+
+app = "stackpanel-api"
+org = "darkmatter"
+
+# Build section removed - we use pre-built container images
+# Container is built with nix2container/dockerTools and pushed via skopeo
+
+[env]
+PORT = '3000'
+
+[http_service]
+internal_port = 3000
+force_https = true
+auto_stop_machines = "stop"
+auto_start_machines = true
+min_machines_running = 1
+processes = ["app"]
+
+[[vm]]
+memory = "512mb"
+cpu_kind = "shared"
+cpus = 1
diff --git a/apps/api/package.json b/apps/api/package.json
index d3b1159c..ccc22484 100644
--- a/apps/api/package.json
+++ b/apps/api/package.json
@@ -5,14 +5,23 @@
   "type": "module",
   "scripts": {
     "dev": "bun run --watch src/index.ts",
-    "build": "bun build src/index.ts --outdir dist --target bun",
+    "build": "mkdir -p .output/server && bun build src/index.ts --outfile .output/server/index.mjs --target bun",
     "start": "bun run src/index.ts"
   },
   "dependencies": {
+    "@stackpanel/api": "workspace:*",
+    "@stackpanel/auth": "workspace:*",
+    "@stackpanel/db": "workspace:*",
+    "@distilled.cloud/cloudflare": "catalog:",
+    "@distilled.cloud/fly-io": "catalog:",
+    "@trpc/server": "catalog:",
+    "alchemy-effect": "catalog:",
+    "effect": "catalog:",
     "hono": "catalog:"
   },
   "devDependencies": {
     "@types/bun": "latest",
+    "@types/node": "^22.13.11",
     "typescript": "^5"
   }
 }
diff --git a/apps/api/scripts/push-secrets.sh b/apps/api/scripts/push-secrets.sh
new file mode 100755
index 00000000..f2c59eba
--- /dev/null
+++ b/apps/api/scripts/push-secrets.sh
@@ -0,0 +1,58 @@
+#!/usr/bin/env bash
+# ==============================================================================
+# push-secrets.sh
+#
+# Decrypts the CI-accessible deploy-scope SOPS payload as dotenv format
+# and pushes the subset of secrets the stackpanel-api Fly app needs.
+#
+# Reads from packages/gen/env/data/_envs/deploy.sops.json — which is
+# encrypted against the GitHub Actions key (SECRETS_AGE_KEY_DEV) via the
+# stackpanel codegen pipeline. Do NOT read .stack/secrets/vars/shared.sops.yaml
+# here: it's encrypted only for humans and will fail in CI.
+#
+# DATABASE_URL is NOT set here — the deploy scope's POSTGRES_URL points at
+# PlanetScale but the api uses Neon web_dev. Set it once manually:
+#   fly secrets set DATABASE_URL='postgres://...' --app stackpanel-api
+#
+# Usage:
+#   bash apps/api/scripts/push-secrets.sh              # push to stackpanel-api
+#   FLY_APP=other bash apps/api/scripts/push-secrets.sh
+#
+# Requires: sops (3.9+ for --output-type dotenv), fly CLI, a key that
+# decrypts the deploy payload (SOPS_AGE_KEY, ssh key, etc.).
+# ==============================================================================
+set -euo pipefail
+
+REPO_ROOT="$(git rev-parse --show-toplevel)"
+DEPLOY_SOPS="${REPO_ROOT}/packages/gen/env/data/_envs/deploy.sops.json"
+FLY_APP="${FLY_APP:-stackpanel-api}"
+
+if [[ ! -f "$DEPLOY_SOPS" ]]; then
+  echo "deploy sops payload not found: $DEPLOY_SOPS" >&2
+  echo "run \`nix develop --impure\` once to regenerate it." >&2
+  exit 1
+fi
+
+# dotenv output gives us KEY=VALUE lines directly. We select + rename a
+# subset (AWS_SANDBOX_* → AWS_*) and append fixed non-secret env below.
+SOURCE_ENV=$(sops --output-type dotenv -d "$DEPLOY_SOPS")
+
+{
+  # Secrets from the deploy scope — renamed where the Fly app expects
+  # the unprefixed AWS var name.
+  echo "$SOURCE_ENV" | grep -E '^(BETTER_AUTH_SECRET|POLAR_ACCESS_TOKEN|POLAR_WEBHOOK_SECRET|POLAR_PRO_PRODUCT_ID_PRODUCTION|POLAR_FREE_PRODUCT_ID_PRODUCTION)='
+  echo "$SOURCE_ENV" | grep -E '^AWS_SANDBOX_ACCESS_KEY_ID=' | sed 's/^AWS_SANDBOX_/AWS_/'
+  echo "$SOURCE_ENV" | grep -E '^AWS_SANDBOX_SECRET_ACCESS_KEY=' | sed 's/^AWS_SANDBOX_/AWS_/'
+
+  # Fixed non-secret env — same across deploys of the production stage.
+  cat <<EOF
+BETTER_AUTH_URL=https://api.stackpanel.com
+AWS_REGION=us-east-1
+STACKPANEL_KMS_ALIAS=alias/stackpanel-secrets
+POLAR_SUCCESS_URL=https://local.stackpanel.com/checkout/success
+CORS_ORIGIN=https://local.stackpanel.com
+CORS_ALLOWED_ORIGINS=https://local.stackpanel.com,https://stackpanel.com,https://studio.stackpanel.com
+EOF
+} | "${FLY_BIN:-flyctl}" secrets import --app "$FLY_APP" --stage
+
+echo "✓ Pushed secrets to $FLY_APP (staged, will apply on next deploy)"
diff --git a/apps/api/src/index.ts b/apps/api/src/index.ts
index b3f9009e..d2460170 100644
--- a/apps/api/src/index.ts
+++ b/apps/api/src/index.ts
@@ -1,20 +1,77 @@
+import { auth } from "@stackpanel/auth";
+import { appRouter, createTRPCContext } from "@stackpanel/api";
+import { fetchRequestHandler } from "@trpc/server/adapters/fetch";
 import { Hono } from "hono";
+import { cors } from "hono/cors";
+
+/**
+ * Cloud API for stackpanel — mounted at api.stackpanel.com.
+ *
+ * Hosts Better-Auth (email/password + Polar payments + webhooks),
+ * gated tRPC procedures for hosted alchemy state, and (future) marketplace
+ * catalog endpoints. Runs on Fly (Node/Bun), not Cloudflare Workers —
+ * needs real Node APIs for AWS KMS + AES-GCM envelope encryption.
+ */
 
 const app = new Hono();
 
-app.get("/", (c) => {
-  return c.json({ name: "stackpanel-api", version: "0.0.1" });
-});
+// Origins allowed to call this API with credentials. The studio lives on
+// local.stackpanel.com (production) or localhost during dev, so both need
+// to be in the allowlist — `credentials: true` requires exact-match origins.
+const allowedOrigins = (process.env.CORS_ALLOWED_ORIGINS ?? "")
+	.split(",")
+	.map((s: string) => s.trim())
+	.filter(Boolean);
+
+const defaultOrigins = [
+	"http://localhost:3000",
+	"http://localhost:5775",
+	"https://local.stackpanel.com",
+	"https://stackpanel.com",
+];
+
+const origins = allowedOrigins.length > 0 ? allowedOrigins : defaultOrigins;
+
+app.use(
+	"*",
+	cors({
+		origin: origins,
+		credentials: true,
+		allowMethods: ["GET", "POST", "OPTIONS"],
+		allowHeaders: ["Content-Type", "Authorization", "Cookie"],
+		exposeHeaders: ["Set-Cookie"],
+	}),
+);
+
+app.get("/", (c) =>
+	c.json({ name: "stackpanel-api", version: "0.0.1" }),
+);
+
+app.get("/health", (c) =>
+	c.json({
+		status: "ok",
+		region: process.env.FLY_REGION ?? process.env.REGION ?? "unknown",
+		timestamp: Date.now(),
+	}),
+);
+
+// Better-Auth handler — covers /api/auth/* (sign-in, sign-up, session,
+// social OAuth, Polar checkout/portal, and webhook mount). All routes
+// emitted by the plugin tree are handled here.
+app.on(["POST", "GET"], "/api/auth/*", (c) => auth.handler(c.req.raw));
 
-app.get("/health", (c) => {
-  return c.json({
-    status: "ok",
-    region: process.env.REGION ?? "unknown",
-    timestamp: Date.now(),
-  });
-});
+// tRPC handler. Studio talks to this via @trpc/client httpBatchStreamLink.
+app.all("/trpc/*", (c) =>
+	fetchRequestHandler({
+		endpoint: "/trpc",
+		req: c.req.raw,
+		router: appRouter,
+		createContext: () =>
+			createTRPCContext({ headers: c.req.raw.headers, auth }),
+	}),
+);
 
 export default {
-  port: Number(process.env.PORT ?? 3000),
-  fetch: app.fetch,
+	port: Number(process.env.PORT ?? 3000),
+	fetch: app.fetch,
 };
diff --git a/apps/docs/alchemy.run.ts b/apps/docs/alchemy.run.ts
index 5be89a57..f1917f21 100644
--- a/apps/docs/alchemy.run.ts
+++ b/apps/docs/alchemy.run.ts
@@ -36,8 +36,36 @@ const program = Effect.gen(function* () {
   // resource only handles upload + binding wiring.
   const website = yield* Cloudflare.Worker("Docs", {
     main: ".open-next/worker.js",
-    assets: ".open-next/assets",
+    // OpenNext emits a plain Workers default export `{ fetch }` — the alchemy
+    // bootstrap that wraps `main` in `Layer.effect(tag, entry)` mis-handles
+    // that shape and the deployed worker throws CF 1101 on first request.
+    // `isExternal: true` skips the wrapper so the bundle keeps OpenNext's own
+    // entrypoint.
+    isExternal: true,
+    // Mirror apps/docs/wrangler.jsonc — OpenNext serves its own routing so the
+    // worker must run for missed asset paths, and we want the SPA-style
+    // trailing-slash handling for static MDX routes.
+    assets: {
+      directory: ".open-next/assets",
+      // OpenNext static incremental cache lives under `.open-next/cache`; preview
+      // copies it into assets, but CI `build:worker` does not. Mount the cache
+      // tree at the URL prefix OpenNext expects (`alchemy-effect` asset sources).
+      sources: [
+        { directory: ".open-next/cache", prefix: "cdn-cgi/_next_cache" },
+      ],
+      config: {
+        notFoundHandling: "none",
+        htmlHandling: "auto-trailing-slash",
+        runWorkerFirst: false,
+      },
+    },
     compatibility: {
+      // Must be >= 2026-03-17 — that's the date Cloudflare started providing
+      // node:perf_hooks as a native module. OpenNext (via Next.js's edge
+      // runtime) imports it transitively, and on earlier dates the unenv
+      // polyfill itself references node:perf_hooks, so the worker throws
+      // `No such module "node:perf_hooks"` on first request (CF error 1101).
+      date: "2026-03-17",
       flags: [
         "nodejs_compat",
         "nodejs_compat_populate_process_env",
diff --git a/apps/docs/content/docs/meta.json b/apps/docs/content/docs/meta.json
index 3002fc30..c016d0b6 100644
--- a/apps/docs/content/docs/meta.json
+++ b/apps/docs/content/docs/meta.json
@@ -16,6 +16,7 @@
     "extensions",
     "apps-ci",
     "deployment",
+    "stacks",
     "ide",
     "---Plugins---",
     "modules",
diff --git a/apps/docs/content/docs/stacks/alchemy.mdx b/apps/docs/content/docs/stacks/alchemy.mdx
new file mode 100644
index 00000000..3aea0751
--- /dev/null
+++ b/apps/docs/content/docs/stacks/alchemy.mdx
@@ -0,0 +1,104 @@
+---
+title: Alchemy
+description: Resource-graph IaC for Cloudflare, AWS, Vercel, GitHub and Stripe — without managing Terraform yourself
+icon: workflow
+---
+
+import { Callout } from "fumadocs-ui/components/callout";
+
+The **Alchemy** Production Stack ships a maintained Nix flake that wires the [Alchemy](https://distilled.cloud) resource graph into your Stackpanel project. You declare resources in TypeScript, Stackpanel handles the deploy machinery, and we maintain the modules so you don't have to.
+
+## What's in the flake
+
+- **Per-app modules** that auto-wire your apps: `apps.<myapp>.alchemy.cloudflareWorker.enable = true` is enough to get a deploy.
+- **Provider modules** for Cloudflare (Workers, Pages, R2, KV, Durable Objects, Queues, Hyperdrive), AWS (Lambda, S3, DynamoDB, IAM, KMS, ECR), Vercel, GitHub, and Stripe.
+- **State storage** wired to filesystem (dev), S3 / R2 (staging + prod), or DO (per-PR preview environments).
+- **Secrets bridge** that pulls SOPS-encrypted variables from your Stackpanel project and provisions them as worker bindings, env vars, or Secret resources.
+- **Per-PR preview environments** — each PR branch deploys to a uniquely named stage and tears down on PR close.
+
+## Installation
+
+Add the flake input to your root `flake.nix`:
+
+```nix
+{
+  inputs = {
+    stackpanel.url = "github:darkmatter/stackpanel";
+    stack-alchemy.url = "github:darkmatter/stack-alchemy";
+  };
+}
+```
+
+Then enable the stack in `.stack/config.nix`:
+
+```nix
+{
+  stackpanel.stacks.alchemy = {
+    enable = true;
+    branch = "stable";  # community | stable | early
+    state = {
+      kind = "r2";
+      bucket = "acme-alchemy-state";
+    };
+  };
+}
+```
+
+## A minimal example
+
+```nix
+{
+  stackpanel.apps.web = {
+    path = "apps/web";
+    framework.tanstack-start.enable = true;
+
+    alchemy.cloudflareWorker = {
+      enable = true;
+      domain = "app.acme.com";
+      previewDomain = "*.preview.acme.dev";
+      bindings = {
+        DB = { kind = "hyperdrive"; project = "acme-prod"; };
+        SESSIONS = { kind = "kv"; namespace = "sessions"; };
+        UPLOADS = { kind = "r2"; bucket = "acme-uploads"; };
+      };
+    };
+  };
+}
+```
+
+That's it. Stackpanel generates the Alchemy script, wires bindings to env vars in your `@gen/env/web` package, and gives you `bun run deploy:web` (and a per-PR preview pipeline in CI).
+
+## What we maintain
+
+The Alchemy stack covers a moving surface — providers ship breaking changes regularly. Subscriptions get patches for:
+
+- **Cloudflare**: new bindings, Wrangler API changes, `routes` semantics, the Pages → Workers migration, etc.
+- **AWS**: API version bumps, IAM policy hardening, KMS / Secrets Manager interactions.
+- **Vercel**: project / deployment API changes, build-output API.
+- **State backends**: R2 + DO compatibility as both move forward.
+- **Alchemy core**: tracking upstream releases, deprecation notices, type changes.
+
+See [the SLA matrix](./#pricing) for patch turnaround by tier.
+
+## Tier differences
+
+| Resource family | Community | Team | Business | Enterprise |
+| --- | --- | --- | --- | --- |
+| Cloudflare Workers / Pages / R2 / KV | ✓ | ✓ | ✓ | ✓ |
+| Cloudflare Durable Objects / Queues | ✓ | ✓ | ✓ | ✓ |
+| AWS Lambda / S3 / DynamoDB | ✓ | ✓ | ✓ | ✓ |
+| Vercel | — | ✓ | ✓ | ✓ |
+| Stripe products & prices | — | ✓ | ✓ | ✓ |
+| GitHub repo / secrets | — | ✓ | ✓ | ✓ |
+| Custom AWS resources via raw SDK | — | — | ✓ | ✓ |
+| Indemnification | — | — | — | ✓ |
+
+<Callout type="info">
+  All tiers get the same source code. The differences above describe which modules we **maintain** for which tiers — not what you're allowed to use.
+</Callout>
+
+## Related
+
+- [Production Stacks overview](./)
+- [Deployment / Cloudflare](../deployment/cloudflare)
+- [Deployment / Containers](../deployment/containers)
diff --git a/apps/docs/content/docs/stacks/colmena.mdx b/apps/docs/content/docs/stacks/colmena.mdx
new file mode 100644
index 00000000..bae2d7bf
--- /dev/null
+++ b/apps/docs/content/docs/stacks/colmena.mdx
@@ -0,0 +1,114 @@
+---
+title: Colmena
+description: Real Nix deployments to bare metal — atomic rollbacks, agenix secrets, Caddy + Step CA wired up
+icon: server
+---
+
+import { Callout } from "fumadocs-ui/components/callout";
+
+The **Colmena** Production Stack ships maintained NixOS modules and a [Colmena](https://colmena.cli.rs) deployment topology that take your Stackpanel apps to bare metal — Hetzner, OVH, your own datacenter — with the same atomic rollback semantics you'd expect from `nixos-rebuild switch`.
+
+If you already love NixOS for production but don't want to write the Caddy / Step CA / agenix glue yourself, this is the stack for you.
+
+## What's in the flake
+
+- **Per-app modules** that turn `apps.<myapp>.colmena.enable = true` into a systemd unit, a Caddy site, and (optionally) a database role.
+- **Machine groups**: declare classes of hosts (`web`, `worker`, `db`) with shared base packages and group-level overrides.
+- **agenix** wired to the same recipients as your Stackpanel SOPS files, so deployment secrets re-use the keys you already manage.
+- **Caddy** configured with on-host TLS (Let's Encrypt) or per-machine Step CA certs.
+- **Process supervision**: long-running workers ship as `systemd.services.<app>` with restart policies and journal-based logging.
+- **Atomic rollbacks**: every deploy uses `nixos-rebuild switch`. Roll back with `colmena rollback`.
+- **Hetzner Cloud helper modules** for provisioning servers via the Hetzner API.
+
+## Installation
+
+Add the flake input:
+
+```nix
+{
+  inputs = {
+    stackpanel.url = "github:darkmatter/stackpanel";
+    stack-colmena.url = "github:darkmatter/stack-colmena";
+  };
+}
+```
+
+Enable the stack:
+
+```nix
+{
+  stackpanel.stacks.colmena = {
+    enable = true;
+    branch = "stable";
+    hosts = {
+      "web-1.acme.io" = { group = "web"; ipv4 = "5.75.190.10"; };
+      "web-2.acme.io" = { group = "web"; ipv4 = "5.75.190.11"; };
+      "db-1.acme.io"  = { group = "db";  ipv4 = "5.75.190.20"; };
+    };
+  };
+}
+```
+
+## A minimal example
+
+```nix
+{
+  stackpanel.apps.api = {
+    path = "apps/server";
+    framework.hono.enable = true;
+
+    colmena = {
+      enable = true;
+      group = "web";       # deploys to all hosts in the "web" group
+      port = 3000;          # port the app binds to internally
+      domain = "api.acme.io";
+      tls = {
+        provider = "letsencrypt";  # or "step-ca"
+        email = "ops@acme.io";
+      };
+      env = [ "DATABASE_URL" "STRIPE_SECRET_KEY" ];  # pulled from SOPS via agenix
+    };
+  };
+}
+```
+
+Stackpanel generates the Colmena hive, the systemd unit, the Caddy site, and the agenix secret bindings. Deploy with:
+
+```bash
+colmena apply switch --on @web
+```
+
+## What we maintain
+
+NixOS modules are the easy part — keeping the deployment glue working as upstream evolves is the work. Subscriptions get patches for:
+
+- **NixOS releases**: tracking 23.11 / 24.05 / 24.11 etc. with timely module updates.
+- **Caddy module**: as `caddy` upstream changes its configuration semantics.
+- **agenix integration**: tracking the agenix module + tooling.
+- **Hetzner Cloud module**: as the Hetzner API evolves.
+- **systemd hardening**: enabling new sandboxing options as they ship in systemd.
+- **Step CA bridge**: as your Step CA root rotates, host certs are re-issued automatically.
+
+## Tier differences
+
+| Capability | Community | Team | Business | Enterprise |
+| --- | --- | --- | --- | --- |
+| Single-host deploys | ✓ | ✓ | ✓ | ✓ |
+| Multi-host machine groups | ✓ | ✓ | ✓ | ✓ |
+| Caddy + Let's Encrypt | ✓ | ✓ | ✓ | ✓ |
+| Step CA TLS | — | ✓ | ✓ | ✓ |
+| Hetzner Cloud provisioning | — | ✓ | ✓ | ✓ |
+| Multi-region rollouts (canary) | — | — | ✓ | ✓ |
+| Air-gapped binary cache mirror | — | — | — | ✓ |
+| Custom NixOS module review | — | — | — | ✓ |
+
+<Callout type="warn">
+  Colmena deploys assume you have SSH access to the target hosts. Stackpanel does not provision underlying servers for you (except via the optional Hetzner Cloud module). For fully managed compute, use the [Fly.io stack](./fly).
+</Callout>
+
+## Related
+
+- [Production Stacks overview](./)
+- [Deployment / Containers](../deployment/containers) — for OCI images instead of NixOS hosts
+- [Networking / Caddy](../networking)
+- [Secrets / agenix](../secrets)
diff --git a/apps/docs/content/docs/stacks/fly.mdx b/apps/docs/content/docs/stacks/fly.mdx
new file mode 100644
index 00000000..19ffbe7d
--- /dev/null
+++ b/apps/docs/content/docs/stacks/fly.mdx
@@ -0,0 +1,125 @@
+---
+title: Fly.io
+description: Containerized apps on Fly machines — multi-region, autoscale, secrets sync, observability
+icon: globe
+---
+
+import { Callout } from "fumadocs-ui/components/callout";
+
+The **Fly.io** Production Stack ships maintained modules that turn your Stackpanel apps into Fly Machines, complete with multi-region distribution, autoscale, health probes, secret sync, and observability dashboards.
+
+If you want apps close to users in many places without running your own bare-metal fleet, this is the stack for you.
+
+<Callout type="info">
+  Fly itself ships an excellent CLI (`flyctl`). The Fly Production Stack adds the **maintained Nix module + image build pipeline** on top — so you get reproducible OCI images from Nix and a unified deploy flow with the rest of your Stackpanel apps.
+</Callout>
+
+## What's in the flake
+
+- **Per-app Fly modules** that auto-generate `apps/<app>/fly.toml`, a per-app deploy task, and wrapped `flyctl` commands like `fly-api status`.
+- **Container builds** via [nix2container](https://github.com/nlewo/nix2container) — minimal, reproducible OCI images with no Dockerfile required.
+- **Secrets sync** that pushes SOPS-encrypted Stackpanel variables into Fly secrets on deploy.
+- **Multi-region machine layouts**: declare regions, machine sizes, autoscale rules, and minimum machines per region.
+- **Health probes** wired to your app's `/healthz` (or custom path).
+- **Observability**: Fly's built-in metrics shipped to your dashboards; optional OpenTelemetry exporters.
+- **PR preview apps** with auto-cleanup on PR close (Business tier and above).
+
+## Installation
+
+Add the flake input:
+
+```nix
+{
+  inputs = {
+    stackpanel.url = "github:darkmatter/stackpanel";
+    stack-fly.url = "github:darkmatter/stack-fly";
+  };
+}
+```
+
+Enable the stack:
+
+```nix
+{
+  stackpanel.stacks.fly = {
+    enable = true;
+    branch = "stable";
+    organization = "acme";
+    defaultRegion = "iad";
+  };
+}
+```
+
+## A minimal example
+
+```nix
+{
+  stackpanel.apps.api = {
+    path = "apps/server";
+    framework.hono.enable = true;
+
+    fly = {
+      enable = true;
+      appName = "acme-api";
+      regions = [ "iad" "fra" "syd" ];
+      machine = {
+        cpus = 1;
+        memory = "512mb";
+      };
+      autoscale = {
+        minMachines = 1;
+        maxMachines = 6;
+        autoStop = "suspend";
+        autoStart = true;
+      };
+      health = {
+        path = "/healthz";
+        intervalSeconds = 15;
+      };
+      env = [ "DATABASE_URL" "STRIPE_SECRET_KEY" ];
+    };
+  };
+}
+```
+
+Deploy:
+
+```bash
+# Wrapped flyctl commands generated per deployable app
+fly-api status
+fly-api logs
+fly-api deploy
+
+# Or via the per-app deploy task
+bun --cwd packages/infra run deploy:api
+```
+
+## What we maintain
+
+Fly ships features fast — autoscale rules, machine classes, regional features. Subscriptions get patches for:
+
+- **Fly Machines API**: when Fly bumps their REST API or `flyctl` flags.
+- **`fly.toml` schema**: tracking new fields (vm sizing, services, mounts, etc.).
+- **nix2container**: rebuilding minimal OCI images as the base layers evolve.
+- **Health probe semantics**: as Fly tightens the liveness / readiness contract.
+- **Secret rotation**: automated re-sync on SOPS recipient changes.
+- **Observability exporters**: Prometheus, OpenTelemetry collector configs.
+
+## Tier differences
+
+| Capability | Community | Team | Business | Enterprise |
+| --- | --- | --- | --- | --- |
+| Single-region deploys | ✓ | ✓ | ✓ | ✓ |
+| Multi-region machines | ✓ | ✓ | ✓ | ✓ |
+| Autoscale rules | ✓ | ✓ | ✓ | ✓ |
+| Health probes + restart policies | ✓ | ✓ | ✓ | ✓ |
+| Secret sync | ✓ | ✓ | ✓ | ✓ |
+| PR preview apps with auto-cleanup | — | ✓ | ✓ | ✓ |
+| OpenTelemetry exporter wiring | — | — | ✓ | ✓ |
+| Custom machine class advice | — | — | — | ✓ |
+
+## Related
+
+- [Production Stacks overview](./)
+- [Deployment / Fly.io](../deployment/fly) — the underlying Fly module reference
+- [Deployment / Containers](../deployment/containers)
diff --git a/apps/docs/content/docs/stacks/index.mdx b/apps/docs/content/docs/stacks/index.mdx
new file mode 100644
index 00000000..159f3244
--- /dev/null
+++ b/apps/docs/content/docs/stacks/index.mdx
@@ -0,0 +1,75 @@
+---
+title: Production Stacks
+description: Maintained Nix flakes that take your apps from devshell to production
+icon: rocket
+---
+
+import { Callout } from "fumadocs-ui/components/callout";
+
+**Production Stacks** are opinionated, maintained Nix flakes that handle a complete deployment pipeline — Terraform you don't have to write or maintain. The core Stackpanel framework is MIT and free forever; Production Stacks ship as managed subscriptions on top.
+
+<Callout type="info">
+  Stackpanel core (devshells, services, secrets, IDE integration) is and will
+  always be MIT-licensed and free. Production Stacks are an optional layer for
+  teams that want to outsource deployment maintenance to us.
+</Callout>
+
+## What you get
+
+When you subscribe to a Production Stack, you get:
+
+1. **A Nix flake** you import as a normal flake input — no code generation, no vendor lock-in.
+2. **Composable modules** that follow the Stackpanel convention. Set `apps.<myapp>.<stack>.enable = true` and the module wires up the rest.
+3. **Maintained recipes** — when Cloudflare ships a breaking change, when AWS bumps an IAM API version, when Fly.io rolls out a new machine class, we update the recipe so you don't have to.
+4. **A patch SLA** appropriate to your tier (best-effort on Community, 30-day on Team, 7-day on Business, 24-hour critical CVE on Enterprise).
+
+## The three stacks
+
+Stackpanel ships and maintains three Production Stacks today:
+
+### [Alchemy](./alchemy)
+
+**Resource-graph IaC for the full TypeScript stack.** Type-safe bindings for Cloudflare, AWS, Vercel, GitHub, Stripe, and more. Per-PR preview environments. Secrets pulled from your Stackpanel SOPS files. Flexible state storage (filesystem, S3, R2, DO).
+
+Best for: TypeScript teams shipping to Cloudflare Workers / Pages, or hybrid Cloudflare + AWS architectures.
+
+### [Colmena](./colmena)
+
+**Real Nix deployments to bare metal.** Atomic rollbacks via `nixos-rebuild`, machine groups, agenix-encrypted secrets, Caddy + Step CA wired up automatically.
+
+Best for: Hetzner / OVH / on-prem teams who want NixOS hosts without writing the operator playbook themselves.
+
+### [Fly.io](./fly)
+
+**Containerized apps at the edge.** Multi-region machines, health probes, autoscale rules, Fly secrets sync, built-in observability. Stackpanel generates `fly.toml` + a per-app deploy task and wraps `flyctl` for you.
+
+Best for: Bun / Hono / long-running workers that need to be near users globally.
+
+## Pricing
+
+| Tier | Branch | Patch SLA | Support |
+| --- | --- | --- | --- |
+| Community ($0) | `community` | Best-effort | GitHub Discussions |
+| Team ($19/seat/mo) | `stable` | 30 days | Email · next business day |
+| Business ($49/seat/mo) | `stable` + `early` | 7 days | Discord + 4-hour email |
+| Enterprise (from $5k/mo) | `stable` + `early` | 24h critical CVE | Slack channel · on-call · named CSM |
+
+See the [pricing page](/pricing) for the full breakdown.
+
+## How updates work
+
+Every Production Stack is published as a Nix flake on a versioned branch. To pull a fix you bump the input:
+
+```bash
+nix flake update stack-alchemy
+```
+
+You get the full diff in your PR — no surprise changes, no auto-applied patches. We treat your `flake.lock` as the source of truth for what's actually running.
+
+<Callout type="warn">
+  Subscriptions cover **maintenance and updates**, not access. If your subscription lapses you keep using whatever version of the flake your `flake.lock` is pinned to. You just stop receiving new updates from us.
+</Callout>
+
+## Marketplace (planned)
+
+Third-party authors will be able to publish Production Stacks of their own through the Stackpanel marketplace, with a 80/20 revenue split (creator/Stackpanel). If you maintain a popular open-source deployment recipe and want a sustainable way to get paid for it, [get in touch](mailto:hello@stackpanel.dev).
diff --git a/apps/docs/content/docs/stacks/meta.json b/apps/docs/content/docs/stacks/meta.json
new file mode 100644
index 00000000..a7f993e1
--- /dev/null
+++ b/apps/docs/content/docs/stacks/meta.json
@@ -0,0 +1,6 @@
+{
+  "title": "Production Stacks",
+  "description": "Maintained Nix flakes that get your apps from devshell to production",
+  "icon": "rocket",
+  "pages": ["index", "alchemy", "colmena", "fly"]
+}
diff --git a/apps/stackpanel-go/.stackpanel-root b/apps/stackpanel-go/.stackpanel-root
new file mode 100644
index 00000000..7612f398
--- /dev/null
+++ b/apps/stackpanel-go/.stackpanel-root
@@ -0,0 +1 @@
+/Users/cm/git/darkmatter/stackpanel/apps/stackpanel-go
diff --git a/apps/web/alchemy.run.ts b/apps/web/alchemy.run.ts
index 6646ff6b..cd167019 100644
--- a/apps/web/alchemy.run.ts
+++ b/apps/web/alchemy.run.ts
@@ -44,35 +44,49 @@ const program = Effect.gen(function* () {
   let url: Output.Output<string | undefined> = website.url;
 
   if (stage !== "dev") {
-    const hostname =
-      stage === "production" ? "stackpanel.com" : `${stage}.stackpanel.com`;
+    // Production binds two hostnames to the same worker:
+    //   - apex stackpanel.com → marketing/landing (`/`, `/login`, …)
+    //   - local.stackpanel.com → studio (mirrors local.drizzle.studio: the
+    //     `/studio/*` routes talk to the user's machine via
+    //     http://127.0.0.1:9876).
+    // Both ship the same bundle today; auth cookies are scoped to
+    // `.stackpanel.com` so a session from the apex carries into the studio.
+    // Non-prod stages only get the studio hostname — there's no marketing
+    // preview to host on the apex.
+    const hostnames =
+      stage === "production"
+        ? ["local.stackpanel.com", "stackpanel.com"]
+        : [`local.${stage}.stackpanel.com`];
+    const primary = hostnames[0]!;
     url = Output.all(website.accountId, website.workerName).pipe(
       Output.mapEffect(([accountId, workerName]) =>
         Effect.gen(function* () {
-          const existing = yield* Workers.listDomains({
-            accountId,
-            hostname,
-          });
-          const stale = existing.result.filter(
-            (d) => d.hostname === hostname && d.id,
-          );
-          if (stale.length > 0) {
-            yield* Effect.log(
-              `[alchemy] purging ${stale.length} existing binding(s) at ${hostname}: ${stale
-                .map((d) => `${d.service ?? "?"}#${d.id}`)
-                .join(", ")}`,
+          for (const hostname of hostnames) {
+            const existing = yield* Workers.listDomains({
+              accountId,
+              hostname,
+            });
+            const stale = existing.result.filter(
+              (d) => d.hostname === hostname && d.id,
             );
+            if (stale.length > 0) {
+              yield* Effect.log(
+                `[alchemy] purging ${stale.length} existing binding(s) at ${hostname}: ${stale
+                  .map((d) => `${d.service ?? "?"}#${d.id}`)
+                  .join(", ")}`,
+              );
+            }
+            for (const d of stale) {
+              yield* Workers.deleteDomain({ accountId, domainId: d.id! });
+            }
+            yield* Workers.putDomain({
+              accountId,
+              hostname,
+              service: workerName,
+              zoneId: STACKPANEL_ZONE,
+            });
           }
-          for (const d of stale) {
-            yield* Workers.deleteDomain({ accountId, domainId: d.id! });
-          }
-          yield* Workers.putDomain({
-            accountId,
-            hostname,
-            service: workerName,
-            zoneId: STACKPANEL_ZONE,
-          });
-          return `https://${hostname}` as string | undefined;
+          return `https://${primary}` as string | undefined;
         }).pipe(Effect.orDie),
       ),
     );
diff --git a/apps/web/src/components/demo/demo-banner.tsx b/apps/web/src/components/demo/demo-banner.tsx
new file mode 100644
index 00000000..54bd7ce4
--- /dev/null
+++ b/apps/web/src/components/demo/demo-banner.tsx
@@ -0,0 +1,48 @@
+"use client";
+
+import { Button } from "@ui/button";
+import { ArrowRight, Sparkles, X } from "lucide-react";
+import { useState } from "react";
+import { useWaitlist } from "@/components/landing/waitlist-dialog";
+
+export function DemoBanner() {
+	const [dismissed, setDismissed] = useState(false);
+	const waitlist = useWaitlist();
+
+	if (dismissed) return null;
+
+	return (
+		<div className="border-b border-amber-500/30 bg-amber-500/[0.06]">
+			<div className="mx-auto flex max-w-7xl items-center justify-between gap-3 px-4 py-2.5 text-xs sm:px-6">
+				<div className="flex min-w-0 items-center gap-2 text-amber-200">
+					<Sparkles className="h-3.5 w-3.5 shrink-0 text-amber-400" />
+					<span className="truncate">
+						<span className="font-semibold text-amber-100">Demo mode.</span>{" "}
+						Realistic fixture data. Actions are no-ops. Pair a real local
+						agent to use the actual Studio.
+					</span>
+				</div>
+				<div className="flex items-center gap-1">
+					<Button
+						size="sm"
+						variant="ghost"
+						className="h-7 px-2 text-xs text-amber-100 hover:bg-amber-500/15 hover:text-amber-50"
+						onClick={() => waitlist.open({ source: "demo.banner" })}
+					>
+						Join the beta
+						<ArrowRight className="ml-1 h-3 w-3" />
+					</Button>
+					<Button
+						size="sm"
+						variant="ghost"
+						className="h-7 w-7 p-0 text-amber-200 hover:bg-amber-500/15 hover:text-amber-50"
+						aria-label="Dismiss"
+						onClick={() => setDismissed(true)}
+					>
+						<X className="h-3.5 w-3.5" />
+					</Button>
+				</div>
+			</div>
+		</div>
+	);
+}
diff --git a/apps/web/src/components/demo/demo-fixtures.ts b/apps/web/src/components/demo/demo-fixtures.ts
new file mode 100644
index 00000000..9f4093c7
--- /dev/null
+++ b/apps/web/src/components/demo/demo-fixtures.ts
@@ -0,0 +1,406 @@
+/**
+ * Static fixture data powering the /demo Studio.
+ *
+ * Numbers are deliberately consistent (the Postgres port appears in the
+ * apps panel, the variables panel and the dev-shell environment) so the
+ * demo feels like a real, coherent project — not a collection of
+ * disconnected screenshots.
+ */
+
+export const DEMO_PROJECT = {
+	name: "acme-platform",
+	root: "/Users/sam/code/acme-platform",
+	branch: "feat/billing",
+	basePort: 6400,
+	devshellEntered: true,
+	team: [
+		{ name: "Sam Carter", email: "sam@acme.dev", role: "owner" },
+		{ name: "Priya Anand", email: "priya@acme.dev", role: "admin" },
+		{ name: "Jordan Liu", email: "jordan@acme.dev", role: "member" },
+		{ name: "Marta Vega", email: "marta@acme.dev", role: "member" },
+	],
+} as const;
+
+export type DemoApp = {
+	id: string;
+	name: string;
+	stack: string;
+	domain: string;
+	url: string;
+	port: number;
+	status: "running" | "stopped" | "building";
+	uptime?: string;
+	commit: string;
+	previewUrl?: string;
+	deployTarget?: "Cloudflare Workers" | "Fly.io" | "Hetzner (Colmena)";
+};
+
+export const DEMO_APPS: DemoApp[] = [
+	{
+		id: "web",
+		name: "web",
+		stack: "TanStack Start · Vite",
+		domain: "web.acme.local",
+		url: "https://web.acme.local",
+		port: 6400,
+		status: "running",
+		uptime: "2h 14m",
+		commit: "f3a4c12",
+		previewUrl: "https://feat-billing.web.acme.dev",
+		deployTarget: "Cloudflare Workers",
+	},
+	{
+		id: "api",
+		name: "api",
+		stack: "Hono · Cloudflare Workers",
+		domain: "api.acme.local",
+		url: "https://api.acme.local",
+		port: 6401,
+		status: "running",
+		uptime: "2h 14m",
+		commit: "f3a4c12",
+		previewUrl: "https://feat-billing.api.acme.dev",
+		deployTarget: "Cloudflare Workers",
+	},
+	{
+		id: "worker",
+		name: "worker",
+		stack: "Bun + BullMQ",
+		domain: "worker.acme.local",
+		url: "https://worker.acme.local",
+		port: 6402,
+		status: "running",
+		uptime: "1h 47m",
+		commit: "f3a4c12",
+		deployTarget: "Fly.io",
+	},
+	{
+		id: "docs",
+		name: "docs",
+		stack: "Fumadocs · Next.js",
+		domain: "docs.acme.local",
+		url: "https://docs.acme.local",
+		port: 6403,
+		status: "building",
+		commit: "8b29ee1",
+		previewUrl: "https://feat-billing.docs.acme.dev",
+		deployTarget: "Cloudflare Workers",
+	},
+];
+
+export type DemoService = {
+	id: string;
+	name: string;
+	kind: "global" | "network" | "orchestrator";
+	status: "running" | "stopped";
+	port?: number;
+	envVar?: string;
+	uptime?: string;
+	cpu?: string;
+	memory?: string;
+	connection?: string;
+	notes?: string;
+};
+
+export const DEMO_SERVICES: DemoService[] = [
+	{
+		id: "postgres",
+		name: "PostgreSQL 17",
+		kind: "global",
+		status: "running",
+		port: 6410,
+		envVar: "STACKPANEL_POSTGRES_PORT",
+		uptime: "2h 14m",
+		cpu: "0.6%",
+		memory: "184 MB",
+		connection: "postgresql://acme:****@localhost:6410/acme",
+	},
+	{
+		id: "redis",
+		name: "Redis 7",
+		kind: "global",
+		status: "running",
+		port: 6411,
+		envVar: "STACKPANEL_REDIS_PORT",
+		uptime: "2h 14m",
+		cpu: "0.1%",
+		memory: "12 MB",
+		connection: "redis://localhost:6411/0",
+	},
+	{
+		id: "minio",
+		name: "MinIO",
+		kind: "global",
+		status: "running",
+		port: 6412,
+		envVar: "STACKPANEL_MINIO_PORT",
+		uptime: "2h 14m",
+		cpu: "0.4%",
+		memory: "92 MB",
+		connection: "http://localhost:6412 (console: 6413)",
+	},
+	{
+		id: "caddy",
+		name: "Caddy reverse proxy",
+		kind: "network",
+		status: "running",
+		port: 443,
+		uptime: "2h 14m",
+		cpu: "0.2%",
+		memory: "28 MB",
+		notes: "Routes *.acme.local → app ports with TLS from Step CA",
+	},
+	{
+		id: "step-ca",
+		name: "Step CA",
+		kind: "network",
+		status: "running",
+		port: 9000,
+		uptime: "2h 14m",
+		cpu: "0.0%",
+		memory: "16 MB",
+		notes: "Issues per-device certs trusted by your OS root store",
+	},
+	{
+		id: "process-compose",
+		name: "process-compose",
+		kind: "orchestrator",
+		status: "running",
+		port: 8080,
+		uptime: "2h 14m",
+		cpu: "0.1%",
+		memory: "22 MB",
+		notes: "Supervises all dev processes with health probes",
+	},
+];
+
+export type DemoVariable = {
+	key: string;
+	scope: "shared" | "app";
+	app?: string;
+	dev: string;
+	staging: string;
+	prod: string;
+	encrypted?: boolean;
+};
+
+export const DEMO_VARIABLES: DemoVariable[] = [
+	{
+		key: "DATABASE_URL",
+		scope: "shared",
+		dev: "postgresql://acme:****@localhost:6410/acme",
+		staging: "postgresql://****@neon.tech/acme-staging",
+		prod: "postgresql://****@neon.tech/acme-prod",
+		encrypted: true,
+	},
+	{
+		key: "REDIS_URL",
+		scope: "shared",
+		dev: "redis://localhost:6411/0",
+		staging: "rediss://****@upstash.io",
+		prod: "rediss://****@upstash.io",
+		encrypted: true,
+	},
+	{
+		key: "STRIPE_SECRET_KEY",
+		scope: "app",
+		app: "api",
+		dev: "sk_test_****",
+		staging: "sk_test_****",
+		prod: "sk_live_****",
+		encrypted: true,
+	},
+	{
+		key: "RESEND_API_KEY",
+		scope: "app",
+		app: "api",
+		dev: "re_test_****",
+		staging: "re_test_****",
+		prod: "re_live_****",
+		encrypted: true,
+	},
+	{
+		key: "PUBLIC_APP_URL",
+		scope: "app",
+		app: "web",
+		dev: "https://web.acme.local",
+		staging: "https://feat-billing.acme.dev",
+		prod: "https://app.acme.com",
+	},
+	{
+		key: "FEATURE_BILLING_V2",
+		scope: "shared",
+		dev: "true",
+		staging: "true",
+		prod: "false",
+	},
+];
+
+export type DemoNetworkRoute = {
+	host: string;
+	target: string;
+	tls: boolean;
+	app?: string;
+	notes?: string;
+};
+
+export const DEMO_NETWORK_ROUTES: DemoNetworkRoute[] = [
+	{
+		host: "web.acme.local",
+		target: "http://127.0.0.1:6400",
+		tls: true,
+		app: "web",
+	},
+	{
+		host: "api.acme.local",
+		target: "http://127.0.0.1:6401",
+		tls: true,
+		app: "api",
+	},
+	{
+		host: "worker.acme.local",
+		target: "http://127.0.0.1:6402",
+		tls: true,
+		app: "worker",
+	},
+	{
+		host: "docs.acme.local",
+		target: "http://127.0.0.1:6403",
+		tls: true,
+		app: "docs",
+	},
+	{
+		host: "minio.acme.local",
+		target: "http://127.0.0.1:6412",
+		tls: true,
+		notes: "Object storage console + S3 API",
+	},
+];
+
+export type DemoGenerated = {
+	path: string;
+	tool: string;
+	bytes: number;
+	updated: string;
+};
+
+export const DEMO_GENERATED_FILES: DemoGenerated[] = [
+	{
+		path: ".vscode/settings.json",
+		tool: "stackpanel.ide",
+		bytes: 4_822,
+		updated: "2 minutes ago",
+	},
+	{
+		path: ".vscode/extensions.json",
+		tool: "stackpanel.ide",
+		bytes: 1_204,
+		updated: "2 minutes ago",
+	},
+	{
+		path: ".zed/settings.json",
+		tool: "stackpanel.ide",
+		bytes: 2_109,
+		updated: "2 minutes ago",
+	},
+	{
+		path: "process-compose.yaml",
+		tool: "stackpanel.process-compose",
+		bytes: 7_680,
+		updated: "2 minutes ago",
+	},
+	{
+		path: "Caddyfile",
+		tool: "stackpanel.network.caddy",
+		bytes: 3_412,
+		updated: "2 minutes ago",
+	},
+	{
+		path: "packages/gen/env/src/web.ts",
+		tool: "stackpanel.secrets",
+		bytes: 5_604,
+		updated: "8 minutes ago",
+	},
+	{
+		path: "packages/gen/env/src/api.ts",
+		tool: "stackpanel.secrets",
+		bytes: 6_241,
+		updated: "8 minutes ago",
+	},
+	{
+		path: "apps/web/wrangler.jsonc",
+		tool: "stackpanel.deploy.alchemy",
+		bytes: 2_905,
+		updated: "1 hour ago",
+	},
+];
+
+export type DemoActivity = {
+	at: string;
+	actor: string;
+	icon:
+		| "deploy"
+		| "secret"
+		| "shell"
+		| "code"
+		| "warn"
+		| "user";
+	title: string;
+	detail?: string;
+};
+
+export const DEMO_ACTIVITY: DemoActivity[] = [
+	{
+		at: "2 min ago",
+		actor: "sam@acme.dev",
+		icon: "shell",
+		title: "Entered devshell",
+		detail: "13 services healthy · 0 warnings",
+	},
+	{
+		at: "8 min ago",
+		actor: "sam@acme.dev",
+		icon: "code",
+		title: "Edited .stack/config.nix",
+		detail: "Added api.app.cron.enable = true",
+	},
+	{
+		at: "12 min ago",
+		actor: "priya@acme.dev",
+		icon: "secret",
+		title: "Rotated STRIPE_SECRET_KEY (prod)",
+		detail: "Re-keyed for 4 recipients",
+	},
+	{
+		at: "47 min ago",
+		actor: "ci",
+		icon: "deploy",
+		title: "Deployed feat-billing → preview",
+		detail: "alchemy · web, api, docs · 28s",
+	},
+	{
+		at: "1 hour ago",
+		actor: "jordan@acme.dev",
+		icon: "user",
+		title: "Joined the team",
+		detail: "Added AGE recipient and re-keyed dev secrets",
+	},
+	{
+		at: "3 hours ago",
+		actor: "ci",
+		icon: "warn",
+		title: "Flake check warning",
+		detail: "Unused module argument `lib` in apps/worker",
+	},
+];
+
+export const DEMO_HEALTH = {
+	devshellHash: "sha256-9f1c…74ab",
+	flakeCheck: "passing" as const,
+	openPorts: 13,
+	teamRecipients: 4,
+	encryptedFiles: 6,
+	disk: "12.4 GB available",
+	processesUp: 13,
+	processesTotal: 13,
+};
diff --git a/apps/web/src/components/demo/demo-header.tsx b/apps/web/src/components/demo/demo-header.tsx
new file mode 100644
index 00000000..28ae9bc5
--- /dev/null
+++ b/apps/web/src/components/demo/demo-header.tsx
@@ -0,0 +1,72 @@
+"use client";
+
+import { Link } from "@tanstack/react-router";
+import { Badge } from "@ui/badge";
+import { Button } from "@ui/button";
+import { SidebarTrigger } from "@ui/sidebar";
+import { CheckCircle2, ExternalLink, GitBranch, Home } from "lucide-react";
+import { useWaitlist } from "@/components/landing/waitlist-dialog";
+import { DEMO_PROJECT } from "./demo-fixtures";
+
+export function DemoHeader() {
+	const waitlist = useWaitlist();
+
+	return (
+		<header className="flex h-14 shrink-0 items-center gap-3 border-b border-border bg-background/60 px-4 backdrop-blur">
+			<SidebarTrigger className="-ml-1" />
+
+			<div className="flex min-w-0 flex-1 items-center gap-3">
+				<div className="flex items-center gap-2">
+					<div className="flex h-7 w-7 items-center justify-center rounded-md bg-accent/15 text-accent">
+						<Home className="h-3.5 w-3.5" />
+					</div>
+					<div className="min-w-0">
+						<p className="truncate font-mono text-foreground text-sm">
+							{DEMO_PROJECT.name}
+						</p>
+						<p className="truncate text-[11px] text-muted-foreground">
+							{DEMO_PROJECT.root}
+						</p>
+					</div>
+				</div>
+
+				<Badge
+					variant="outline"
+					className="hidden gap-1 border-border/60 bg-card/40 font-mono text-[10px] text-muted-foreground sm:inline-flex"
+				>
+					<GitBranch className="h-3 w-3" />
+					{DEMO_PROJECT.branch}
+				</Badge>
+
+				<Badge
+					variant="outline"
+					className="hidden gap-1 border-emerald-500/30 bg-emerald-500/10 text-[10px] text-emerald-300 sm:inline-flex"
+				>
+					<CheckCircle2 className="h-3 w-3" />
+					Devshell entered
+				</Badge>
+			</div>
+
+			<div className="flex items-center gap-2">
+				<Button
+					asChild
+					variant="ghost"
+					size="sm"
+					className="hidden text-muted-foreground hover:text-foreground sm:inline-flex"
+				>
+					<Link to="/">
+						<ExternalLink className="mr-1 h-3 w-3" />
+						Back to site
+					</Link>
+				</Button>
+				<Button
+					size="sm"
+					className="bg-foreground text-background hover:bg-foreground/90"
+					onClick={() => waitlist.open({ source: "demo.header" })}
+				>
+					Join the beta
+				</Button>
+			</div>
+		</header>
+	);
+}
diff --git a/apps/web/src/components/demo/demo-sidebar.tsx b/apps/web/src/components/demo/demo-sidebar.tsx
new file mode 100644
index 00000000..0cae3839
--- /dev/null
+++ b/apps/web/src/components/demo/demo-sidebar.tsx
@@ -0,0 +1,159 @@
+"use client";
+
+import { Logo } from "@stackpanel/ui-core/logo";
+import { Link, useRouterState } from "@tanstack/react-router";
+import { Badge } from "@ui/badge";
+import {
+	Sidebar,
+	SidebarContent,
+	SidebarFooter,
+	SidebarGroup,
+	SidebarGroupContent,
+	SidebarGroupLabel,
+	SidebarHeader,
+	SidebarMenu,
+	SidebarMenuButton,
+	SidebarMenuItem,
+	SidebarRail,
+	useSidebar,
+} from "@ui/sidebar";
+import {
+	AppWindow,
+	BookOpen,
+	FileCode,
+	Home,
+	Network,
+	Server,
+	Variable,
+} from "lucide-react";
+import { cn } from "@/lib/utils";
+
+type DemoNavItem = {
+	id: string;
+	label: string;
+	icon: React.ElementType;
+	to: string;
+	badge?: string;
+};
+
+const overviewItems: DemoNavItem[] = [
+	{ id: "overview", label: "Overview", icon: Home, to: "/demo" },
+];
+
+const mainItems: DemoNavItem[] = [
+	{ id: "apps", label: "Apps", icon: AppWindow, to: "/demo/apps", badge: "4" },
+	{
+		id: "services",
+		label: "Services",
+		icon: Server,
+		to: "/demo/services",
+		badge: "6",
+	},
+	{
+		id: "variables",
+		label: "Variables / Secrets",
+		icon: Variable,
+		to: "/demo/variables",
+	},
+	{ id: "network", label: "Network", icon: Network, to: "/demo/network" },
+	{ id: "files", label: "Generated files", icon: FileCode, to: "/demo/files" },
+];
+
+function NavItem({ item }: { item: DemoNavItem }) {
+	const routerState = useRouterState();
+	const pathname = routerState.location.pathname;
+	const { state } = useSidebar();
+	const isCollapsed = state === "collapsed";
+
+	const isActive =
+		item.to === "/demo"
+			? pathname === "/demo" || pathname === "/demo/"
+			: pathname === item.to || pathname.startsWith(`${item.to}/`);
+
+	const Icon = item.icon;
+
+	return (
+		<SidebarMenuItem>
+			<Link to={item.to}>
+				<SidebarMenuButton
+					isActive={isActive}
+					tooltip={isCollapsed ? item.label : undefined}
+					className={cn("rounded-lg text-sm")}
+				>
+					<Icon className="size-3 text-sidebar-foreground" />
+					<span className="flex-1">{item.label}</span>
+					{item.badge && !isCollapsed ? (
+						<Badge
+							variant="outline"
+							className="border-border/60 px-1.5 py-0 text-[10px] text-muted-foreground"
+						>
+							{item.badge}
+						</Badge>
+					) : null}
+				</SidebarMenuButton>
+			</Link>
+		</SidebarMenuItem>
+	);
+}
+
+export function DemoSidebar() {
+	const { state } = useSidebar();
+	const isCollapsed = state === "collapsed";
+
+	return (
+		<Sidebar collapsible="icon">
+			<SidebarHeader className="border-b border-sidebar-border px-3 py-3">
+				<Link to="/" className="flex items-center gap-2">
+					<Logo className="max-w-28" />
+					{!isCollapsed && (
+						<Badge
+							variant="outline"
+							className="border-amber-500/40 bg-amber-500/10 px-1.5 py-0 text-[10px] text-amber-200"
+						>
+							DEMO
+						</Badge>
+					)}
+				</Link>
+			</SidebarHeader>
+
+			<SidebarContent>
+				<SidebarGroup>
+					<SidebarGroupContent>
+						<SidebarMenu>
+							{overviewItems.map((item) => (
+								<NavItem key={item.id} item={item} />
+							))}
+						</SidebarMenu>
+					</SidebarGroupContent>
+				</SidebarGroup>
+
+				<SidebarGroup>
+					<SidebarGroupLabel>Manage</SidebarGroupLabel>
+					<SidebarGroupContent>
+						<SidebarMenu>
+							{mainItems.map((item) => (
+								<NavItem key={item.id} item={item} />
+							))}
+						</SidebarMenu>
+					</SidebarGroupContent>
+				</SidebarGroup>
+			</SidebarContent>
+
+			<SidebarFooter className="border-t border-sidebar-border px-3 py-3">
+				<SidebarMenu>
+					<SidebarMenuItem>
+						<a
+							href="/docs"
+							className="flex items-center gap-2 rounded-md px-2 py-1.5 text-xs text-muted-foreground hover:bg-sidebar-accent hover:text-foreground"
+						>
+							<BookOpen className="h-3 w-3" />
+							{!isCollapsed && <span>Read the docs</span>}
+						</a>
+					</SidebarMenuItem>
+				</SidebarMenu>
+			</SidebarFooter>
+
+			<SidebarRail />
+		</Sidebar>
+	);
+}
diff --git a/apps/web/src/components/landing/comparison-section.tsx b/apps/web/src/components/landing/comparison-section.tsx
new file mode 100644
index 00000000..f54bb670
--- /dev/null
+++ b/apps/web/src/components/landing/comparison-section.tsx
@@ -0,0 +1,226 @@
+import { Check, Minus, X } from "lucide-react";
+
+type Cell = "yes" | "partial" | "no";
+
+type Row = {
+	feature: string;
+	detail?: string;
+	stackpanel: Cell;
+	devenv: Cell;
+	docker: Cell;
+	paas: Cell;
+};
+
+const rows: Row[] = [
+	{
+		feature: "Reproducible across machines",
+		detail: "Same Bun, Go, Postgres versions",
+		stackpanel: "yes",
+		devenv: "yes",
+		docker: "partial",
+		paas: "no",
+	},
+	{
+		feature: "Deterministic shared ports",
+		detail: "Same ports on every laptop",
+		stackpanel: "yes",
+		devenv: "no",
+		docker: "no",
+		paas: "no",
+	},
+	{
+		feature: "Real HTTPS in dev",
+		detail: "Internal CA + reverse proxy",
+		stackpanel: "yes",
+		devenv: "no",
+		docker: "no",
+		paas: "yes",
+	},
+	{
+		feature: "Encrypted secrets in repo",
+		detail: "SOPS + AGE recipients in Nix",
+		stackpanel: "yes",
+		devenv: "partial",
+		docker: "no",
+		paas: "no",
+	},
+	{
+		feature: "Type-safe env per app",
+		detail: "Generated TS / Go / Python",
+		stackpanel: "yes",
+		devenv: "no",
+		docker: "no",
+		paas: "no",
+	},
+	{
+		feature: "IDE settings & extensions",
+		detail: "VS Code + Zed, version-controlled",
+		stackpanel: "yes",
+		devenv: "no",
+		docker: "no",
+		paas: "no",
+	},
+	{
+		feature: "Visual studio for the team",
+		detail: "Web UI for non-Nix users",
+		stackpanel: "yes",
+		devenv: "no",
+		docker: "no",
+		paas: "yes",
+	},
+	{
+		feature: "Maintained deployment recipes",
+		detail: "Production Stacks updated for you",
+		stackpanel: "yes",
+		devenv: "no",
+		docker: "no",
+		paas: "partial",
+	},
+	{
+		feature: "No vendor lock-in",
+		detail: "Eject and the repo still works",
+		stackpanel: "yes",
+		devenv: "yes",
+		docker: "yes",
+		paas: "no",
+	},
+	{
+		feature: "Self-hosted",
+		detail: "Runs on your laptop and your cloud",
+		stackpanel: "yes",
+		devenv: "yes",
+		docker: "yes",
+		paas: "no",
+	},
+];
+
+const headers = [
+	{
+		key: "stackpanel" as const,
+		title: "Stackpanel",
+		emphasis: true,
+		subtitle: "Open source",
+	},
+	{
+		key: "devenv" as const,
+		title: "Raw Nix / devenv",
+		subtitle: "DIY",
+	},
+	{
+		key: "docker" as const,
+		title: "Docker Compose",
+		subtitle: "Container-only",
+	},
+	{
+		key: "paas" as const,
+		title: "Hosted PaaS",
+		subtitle: "Vercel · Render · Fly",
+	},
+];
+
+function CellIcon({ value }: { value: Cell }) {
+	if (value === "yes") {
+		return (
+			<span className="inline-flex h-7 w-7 items-center justify-center rounded-full bg-accent/15 text-accent">
+				<Check className="h-4 w-4" />
+			</span>
+		);
+	}
+	if (value === "partial") {
+		return (
+			<span className="inline-flex h-7 w-7 items-center justify-center rounded-full bg-yellow-500/15 text-yellow-400">
+				<Minus className="h-4 w-4" />
+			</span>
+		);
+	}
+	return (
+		<span className="inline-flex h-7 w-7 items-center justify-center rounded-full bg-muted/30 text-muted-foreground/60">
+			<X className="h-4 w-4" />
+		</span>
+	);
+}
+
+export function ComparisonSection() {
+	return (
+		<section className="border-border border-b" id="compare">
+			<div className="mx-auto max-w-7xl px-4 py-24 sm:px-6 lg:px-8">
+				<div className="text-center">
+					<p className="font-medium text-accent text-sm">Comparison</p>
+					<h2 className="mt-4 text-balance font-bold font-[Montserrat] text-3xl text-foreground sm:text-4xl">
+						Why not just use what we already have?
+					</h2>
+					<p className="mx-auto mt-4 max-w-2xl text-pretty text-muted-foreground">
+						Each of these tools solves part of the problem. Stackpanel composes
+						them — so you stop maintaining the glue.
+					</p>
+				</div>
+
+				<div className="mt-12 overflow-hidden rounded-2xl border border-border bg-card">
+					<div className="overflow-x-auto">
+						<table className="w-full min-w-[720px] text-left">
+							<thead className="border-border border-b bg-secondary/40">
+								<tr>
+									<th className="px-6 py-4 font-semibold text-foreground text-sm">
+										Capability
+									</th>
+									{headers.map((header) => (
+										<th
+											className={`px-4 py-4 text-center font-semibold text-sm ${
+												header.emphasis ? "text-foreground" : "text-foreground"
+											}`}
+											key={header.key}
+										>
+											<div
+												className={`flex flex-col items-center gap-0.5 ${header.emphasis ? "text-accent" : ""}`}
+											>
+												<span>{header.title}</span>
+												<span className="font-normal text-[11px] text-muted-foreground">
+													{header.subtitle}
+												</span>
+											</div>
+										</th>
+									))}
+								</tr>
+							</thead>
+							<tbody className="divide-y divide-border/60">
+								{rows.map((row) => (
+									<tr
+										className="transition-colors hover:bg-secondary/20"
+										key={row.feature}
+									>
+										<td className="px-6 py-4">
+											<p className="font-medium text-foreground text-sm">
+												{row.feature}
+											</p>
+											{row.detail ? (
+												<p className="mt-0.5 text-muted-foreground text-xs">
+													{row.detail}
+												</p>
+											) : null}
+										</td>
+										{headers.map((header) => (
+											<td
+												className={`px-4 py-4 text-center ${header.emphasis ? "bg-accent/[0.04]" : ""}`}
+												key={`${row.feature}-${header.key}`}
+											>
+												<div className="flex justify-center">
+													<CellIcon value={row[header.key]} />
+												</div>
+											</td>
+										))}
+									</tr>
+								))}
+							</tbody>
+						</table>
+					</div>
+				</div>
+
+				<p className="mt-6 text-center text-muted-foreground text-xs">
+					Comparison reflects out-of-the-box behavior on a fresh repo. Most
+					stacks can replicate parts of Stackpanel with enough custom tooling —
+					that&apos;s the tooling we&apos;re replacing.
+				</p>
+			</div>
+		</section>
+	);
+}
diff --git a/apps/web/src/components/landing/config-showcase-section.tsx b/apps/web/src/components/landing/config-showcase-section.tsx
new file mode 100644
index 00000000..8a584bf4
--- /dev/null
+++ b/apps/web/src/components/landing/config-showcase-section.tsx
@@ -0,0 +1,197 @@
+import { ArrowRight, FileCode2, FolderTree } from "lucide-react";
+
+const configLines: Array<{
+	text: string;
+	tone?: "muted" | "comment" | "key" | "string" | "value" | "punct";
+}> = [
+	{ text: "{ pkgs, ... }: {", tone: "punct" },
+	{ text: "  stackpanel = {", tone: "key" },
+	{ text: "    enable = true;", tone: "value" },
+	{ text: '    name   = "myapp";', tone: "value" },
+	{ text: "" },
+	{ text: "    # Apps get sequential ports from the hashed base", tone: "comment" },
+	{ text: "    apps = {", tone: "key" },
+	{ text: "      web = { port = 0; };  # → :4200", tone: "value" },
+	{ text: "      api = { port = 1; };  # → :4201", tone: "value" },
+	{ text: "    };", tone: "punct" },
+	{ text: "" },
+	{ text: "    # Background services managed by process-compose", tone: "comment" },
+	{ text: "    globalServices = {", tone: "key" },
+	{ text: "      enable = true;", tone: "value" },
+	{ text: "      postgres.enable = true;", tone: "value" },
+	{ text: "      redis.enable    = true;", tone: "value" },
+	{ text: "      minio.enable    = true;", tone: "value" },
+	{ text: "    };", tone: "punct" },
+	{ text: "" },
+	{ text: "    # Real HTTPS for *.myapp.local", tone: "comment" },
+	{ text: "    caddy.enable     = true;", tone: "value" },
+	{ text: "    step-ca.enable   = true;", tone: "value" },
+	{ text: "" },
+	{ text: "    # Editor settings + extensions, generated for the team", tone: "comment" },
+	{ text: "    ide = {", tone: "key" },
+	{ text: "      enable        = true;", tone: "value" },
+	{ text: "      vscode.enable = true;", tone: "value" },
+	{ text: "      zed.enable    = true;", tone: "value" },
+	{ text: "    };", tone: "punct" },
+	{ text: "" },
+	{ text: "    # SOPS recipients live in Nix", tone: "comment" },
+	{ text: "    secrets.recipients = config.stackpanel.users.allKeys;", tone: "value" },
+	{ text: "" },
+	{ text: "    # Project commands available on $PATH", tone: "comment" },
+	{ text: "    scripts.dev = {", tone: "key" },
+	{ text: '      exec        = "bun run --filter \'./apps/*\' dev";', tone: "value" },
+	{ text: '      description = "Start every app in dev mode";', tone: "value" },
+	{ text: "    };", tone: "punct" },
+	{ text: "  };", tone: "punct" },
+	{ text: "}", tone: "punct" },
+];
+
+const toneClasses: Record<NonNullable<(typeof configLines)[number]["tone"]>, string> = {
+	muted: "text-muted-foreground",
+	comment: "text-muted-foreground/70 italic",
+	key: "text-foreground",
+	string: "text-emerald-300",
+	value: "text-foreground/90",
+	punct: "text-muted-foreground",
+};
+
+const generated: Array<{
+	path: string;
+	description: string;
+}> = [
+	{
+		path: ".vscode/settings.json",
+		description: "Workspace settings + recommended extensions for VS Code",
+	},
+	{
+		path: ".zed/settings.json",
+		description: "Language server config + Nix integration for Zed",
+	},
+	{
+		path: ".stack/secrets/.sops.yaml",
+		description: "SOPS creation rules rendered from declared recipients",
+	},
+	{
+		path: "packages/gen/env/src/<app>.ts",
+		description: "Type-safe env modules per app with embedded payloads",
+	},
+	{
+		path: ".stack/state/stack.json",
+		description: "Resolved ports, URLs, services for the Go agent",
+	},
+	{
+		path: ".stack/gen/process-compose.yaml",
+		description: "Service definitions with health probes and dependencies",
+	},
+	{
+		path: ".vscode/launch.json",
+		description: "Debug configurations contributed by app modules",
+	},
+	{
+		path: "Caddyfile",
+		description: "Reverse-proxy routes for *.local hostnames with TLS",
+	},
+];
+
+export function ConfigShowcaseSection() {
+	return (
+		<section className="border-border border-b bg-secondary/20" id="config">
+			<div className="mx-auto max-w-7xl px-4 py-24 sm:px-6 lg:px-8">
+				<div className="grid gap-12 lg:grid-cols-[5fr_4fr] lg:gap-16">
+					<div className="flex flex-col">
+						<p className="font-medium text-accent text-sm">
+							One config, everything generated
+						</p>
+						<h2 className="mt-4 text-balance font-bold font-[Montserrat] text-3xl text-foreground sm:text-4xl">
+							Declare your stack once.
+						</h2>
+						<p className="mt-4 text-pretty text-muted-foreground leading-relaxed">
+							A single{" "}
+							<span className="font-mono text-foreground">.stack/config.nix</span>{" "}
+							describes your apps, services, secrets, ports, IDE settings, and
+							deployment. Everything else — the dotfiles, the Caddyfile, the
+							SOPS rules, the type-safe env modules — is build output.
+						</p>
+
+						<div className="mt-6 overflow-hidden rounded-xl border border-border bg-background shadow-2xl">
+							<div className="flex items-center justify-between border-border border-b bg-secondary/40 px-4 py-2.5">
+								<div className="flex items-center gap-2 text-muted-foreground text-xs">
+									<FileCode2 className="h-3.5 w-3.5" />
+									<span className="font-mono">.stack/config.nix</span>
+								</div>
+								<div className="flex gap-1.5">
+									<span className="h-2.5 w-2.5 rounded-full bg-red-500/70" />
+									<span className="h-2.5 w-2.5 rounded-full bg-yellow-500/70" />
+									<span className="h-2.5 w-2.5 rounded-full bg-green-500/70" />
+								</div>
+							</div>
+							<div className="overflow-x-auto p-4 font-mono text-[13px] leading-relaxed">
+								<pre className="min-w-max">
+									{configLines.map((line, idx) => (
+										<div
+											className={
+												line.tone ? toneClasses[line.tone] : "text-foreground"
+											}
+											key={`config-line-${idx}`}
+										>
+											{line.text || "\u00A0"}
+										</div>
+									))}
+								</pre>
+							</div>
+						</div>
+
+						<p className="mt-4 text-muted-foreground text-xs">
+							Don&apos;t want to write Nix? Open the studio — every option has a
+							form, and changes are written back to this file.
+						</p>
+					</div>
+
+					<div className="flex flex-col">
+						<div className="flex items-center gap-2 font-medium text-accent text-sm">
+							<ArrowRight className="h-4 w-4" />
+							Builds into
+						</div>
+						<h3 className="mt-3 font-semibold font-[Montserrat] text-2xl text-foreground sm:text-3xl">
+							The dotfiles you would have written by hand.
+						</h3>
+						<p className="mt-3 text-muted-foreground text-sm leading-relaxed">
+							Generated files live where every tool expects them, in formats
+							every teammate already knows. Studio shows you which files are
+							stale, which module wrote them, and what would change if you
+							regenerated.
+						</p>
+
+						<div className="mt-6 rounded-xl border border-border bg-background">
+							<div className="flex items-center gap-2 border-border border-b px-4 py-2.5 text-muted-foreground text-xs">
+								<FolderTree className="h-3.5 w-3.5" />
+								<span className="font-mono">Generated by Stackpanel</span>
+								<span className="ml-auto rounded-full bg-secondary px-2 py-0.5 text-[10px]">
+									{generated.length} files
+								</span>
+							</div>
+							<ul className="divide-y divide-border/60">
+								{generated.map((file) => (
+									<li
+										className="flex items-start gap-3 px-4 py-3 transition-colors hover:bg-secondary/40"
+										key={file.path}
+									>
+										<span className="mt-0.5 inline-block h-2 w-2 shrink-0 rounded-full bg-accent" />
+										<div className="min-w-0 flex-1">
+											<p className="truncate font-mono text-foreground text-sm">
+												{file.path}
+											</p>
+											<p className="mt-0.5 text-muted-foreground text-xs">
+												{file.description}
+											</p>
+										</div>
+									</li>
+								))}
+							</ul>
+						</div>
+					</div>
+				</div>
+			</div>
+		</section>
+	);
+}
diff --git a/apps/web/src/components/landing/cta-section.tsx b/apps/web/src/components/landing/cta-section.tsx
index 6293a60a..6cf5a665 100644
--- a/apps/web/src/components/landing/cta-section.tsx
+++ b/apps/web/src/components/landing/cta-section.tsx
@@ -1,36 +1,101 @@
+import { Link } from "@tanstack/react-router";
 import { Button } from "@ui/button";
-import { ArrowRight } from "lucide-react";
+import { ArrowRight, BookOpen, Github, MonitorPlay } from "lucide-react";
+import { useWaitlist } from "./waitlist-dialog";
 
 export function CTASection() {
+	const waitlist = useWaitlist();
 	return (
 		<section className="border-border border-b">
 			<div className="mx-auto max-w-7xl px-4 py-24 sm:px-6 lg:px-8">
-				<div className="relative overflow-hidden rounded-2xl border border-border bg-card">
-					<div className="absolute inset-0 bg-[radial-gradient(ellipse_at_center,_var(--tw-gradient-stops))] from-accent/10 via-transparent to-transparent" />
+				<div className="relative overflow-hidden rounded-3xl border border-border bg-card">
+					<div className="absolute inset-0 bg-[radial-gradient(ellipse_at_top,_var(--tw-gradient-stops))] from-accent/15 via-transparent to-transparent" />
+					<div className="absolute inset-x-0 top-0 h-px bg-gradient-to-r from-transparent via-accent/40 to-transparent" />
 
 					<div className="relative px-6 py-16 text-center sm:px-12 sm:py-24">
-						<h2 className="text-balance font-bold text-3xl text-foreground sm:text-4xl">
-							Ready to own your infrastructure?
+						<div className="mx-auto inline-flex items-center gap-2 rounded-full border border-border bg-background/60 px-4 py-1.5 text-muted-foreground text-xs">
+							<span className="h-1.5 w-1.5 rounded-full bg-accent" />
+							Private beta · Open source core (MIT)
+						</div>
+
+						<h2 className="mt-6 text-balance font-bold font-[Montserrat] text-3xl text-foreground sm:text-5xl">
+							Reserve your spot in the beta.
 						</h2>
-						<p className="mx-auto mt-4 max-w-xl text-pretty text-muted-foreground">
-							Stop paying per seat. Stop dealing with vendor lock-in. Start with
-							a platform that grows with your team.
+						<p className="mx-auto mt-4 max-w-2xl text-pretty text-muted-foreground sm:text-lg">
+							Stackpanel core ships free for everyone. Production Stacks land
+							as managed subscriptions on top. Join the beta to get early
+							access to both, plus a direct line to the team building it.
 						</p>
 
-						<div className="mt-8 flex flex-wrap justify-center gap-4">
+						<div className="mt-8 flex flex-wrap items-center justify-center gap-3">
 							<Button
 								className="bg-foreground text-background hover:bg-foreground/90"
 								size="lg"
+								onClick={() => waitlist.open({ source: "landing.cta" })}
 							>
-								Get Started <ArrowRight className="ml-2 h-4 w-4" />
+								Join the beta waitlist
+								<ArrowRight className="ml-2 h-4 w-4" />
+							</Button>
+							<Button asChild size="lg" variant="outline">
+								<Link to="/demo">
+									<MonitorPlay className="mr-2 h-4 w-4" />
+									Try the demo
+								</Link>
 							</Button>
-							<Button size="lg" variant="outline">
-								Talk to Sales
+							<Button asChild size="lg" variant="outline">
+								<Link to="/pricing">See pricing</Link>
+							</Button>
+							<Button
+								asChild
+								className="text-muted-foreground hover:text-foreground"
+								size="lg"
+								variant="ghost"
+							>
+								<a
+									href="https://github.com/darkmatter/stackpanel"
+									rel="noopener noreferrer"
+									target="_blank"
+								>
+									<Github className="mr-2 h-4 w-4" />
+									GitHub
+								</a>
 							</Button>
 						</div>
 
-						<p className="mt-8 text-muted-foreground text-sm">
-							No credit card required · 14-day free trial · Cancel anytime
+						<div className="mx-auto mt-10 grid max-w-xl gap-3 text-left text-sm sm:grid-cols-3">
+							<div className="rounded-xl border border-border bg-background/40 p-3">
+								<p className="font-mono text-[11px] text-muted-foreground">
+									Step 1
+								</p>
+								<p className="mt-1 font-mono text-foreground text-xs">
+									nix flake init -t …
+								</p>
+							</div>
+							<div className="rounded-xl border border-border bg-background/40 p-3">
+								<p className="font-mono text-[11px] text-muted-foreground">
+									Step 2
+								</p>
+								<p className="mt-1 font-mono text-foreground text-xs">
+									direnv allow
+								</p>
+							</div>
+							<div className="rounded-xl border border-border bg-background/40 p-3">
+								<p className="font-mono text-[11px] text-muted-foreground">
+									Step 3
+								</p>
+								<p className="mt-1 font-mono text-foreground text-xs">dev</p>
+							</div>
+						</div>
+
+						<p className="mt-8 inline-flex items-center gap-2 text-muted-foreground text-xs">
+							<BookOpen className="h-3.5 w-3.5" />
+							Prefer to read first?{" "}
+							<a
+								className="text-foreground underline underline-offset-4 hover:text-accent"
+								href="/docs"
+							>
+								Browse the docs
+							</a>
 						</p>
 					</div>
 				</div>
diff --git a/apps/web/src/components/landing/dev-experience-section.tsx b/apps/web/src/components/landing/dev-experience-section.tsx
index e13132d5..5a86658a 100644
--- a/apps/web/src/components/landing/dev-experience-section.tsx
+++ b/apps/web/src/components/landing/dev-experience-section.tsx
@@ -1,67 +1,123 @@
-import { Code2, GitBranch, Package, Sparkles } from "lucide-react";
+import {
+	ArrowDownToLine,
+	Check,
+	Globe,
+	KeyRound,
+	Sparkles,
+	TerminalSquare,
+} from "lucide-react";
 
-export function DevExperienceSection() {
-	const features = [
-		{
-			icon: Code2,
-			title: "Nix Flakes & Devenv",
-			description:
-				"A managed nix flake based on devenv. Enable toolchains, git hooks, and dev environments through the UI.",
-		},
-		{
-			icon: Package,
-			title: "create-app Command",
-			description:
-				"Pre-configured to use your stack's tools. Creates a GitHub repo with turborepo template, CI/CD, and all the scaffolding.",
-		},
-		{
-			icon: GitBranch,
-			title: "x install Integration",
-			description:
-				"Run x install neon to add Neon to your stack with full scaffolding. Works for dozens of services.",
-		},
-		{
-			icon: Sparkles,
-			title: "Zero Install Tools",
-			description:
-				"Scripts and tools available in your PATH automatically. No manual installation required for your team.",
-		},
-	];
+const pillars = [
+	{
+		icon: ArrowDownToLine,
+		title: "Onboarding without docs",
+		description:
+			"git clone, direnv allow, done. Devshell installs every runtime, generates IDE settings, drops scripts on $PATH, and opens the studio.",
+		stat: "≈ 2 commands",
+	},
+	{
+		icon: Globe,
+		title: "Real URLs, real ports",
+		description:
+			"Hit https://web.myapp.local in any browser. OAuth callbacks, secure cookies, and webhooks behave the same as in production.",
+		stat: "TLS in dev",
+	},
+	{
+		icon: KeyRound,
+		title: "Secrets that just work",
+		description:
+			"Add a teammate's AGE key, rekey the SOPS files, commit the diff. Their next direnv reload pulls the new keys with zero config.",
+		stat: "SOPS · AGE",
+	},
+	{
+		icon: TerminalSquare,
+		title: "Project commands on $PATH",
+		description:
+			"Declared scripts (dev, lint, test, deploy) become real binaries. Every teammate runs the same command — no per-shell aliases.",
+		stat: "scripts.* in Nix",
+	},
+];
+
+const onboardingSteps = [
+	{ command: "git clone …", detail: "Pull the repo as usual" },
+	{ command: "direnv allow", detail: "Devshell builds in the background" },
+	{ command: "dev", detail: "Apps + services come up; studio opens" },
+];
 
+export function DevExperienceSection() {
 	return (
 		<section className="border-border border-b" id="devex">
 			<div className="mx-auto max-w-7xl px-4 py-24 sm:px-6 lg:px-8">
-				<div className="text-center">
-					<p className="font-medium text-accent text-sm">
-						Developer Experience
-					</p>
-					<h2 className="mt-4 text-balance font-bold text-3xl text-foreground sm:text-4xl">
-						Local development, supercharged
-					</h2>
-					<p className="mx-auto mt-4 max-w-2xl text-pretty text-muted-foreground">
-						The StackPanel isn&apos;t just for infrastructure. It&apos;s your
-						team&apos;s local development hub with managed dev shells,
-						toolchains, and scripts.
-					</p>
-				</div>
+				<div className="grid gap-12 lg:grid-cols-[5fr_7fr] lg:gap-16">
+					<div className="flex flex-col">
+						<p className="font-medium text-accent text-sm">
+							Developer experience
+						</p>
+						<h2 className="mt-4 text-balance font-bold font-[Montserrat] text-3xl text-foreground sm:text-4xl">
+							Onboarding measured in minutes, not days.
+						</h2>
+						<p className="mt-4 text-pretty text-muted-foreground leading-relaxed">
+							The README on most repos starts with a 14-step setup guide.
+							Stackpanel replaces it with{" "}
+							<span className="font-mono text-foreground">direnv allow</span>{" "}
+							— and a teammate is running the full stack on the same ports as
+							everyone else.
+						</p>
 
-				<div className="mt-16 grid gap-px overflow-hidden rounded-xl border border-border bg-border sm:grid-cols-2">
-					{features.map((feature, index) => (
-						<div
-							className={`bg-card p-8 ${index === 0 ? "sm:rounded-tl-xl" : ""} ${index === 1 ? "sm:rounded-tr-xl" : ""} ${index === 2 ? "sm:rounded-bl-xl" : ""} ${index === 3 ? "sm:rounded-br-xl" : ""}`}
-							key={feature.title}
-						>
-							<div className="flex h-10 w-10 items-center justify-center rounded-lg bg-accent/10">
-								<feature.icon className="h-5 w-5 text-accent" />
+						<div className="mt-8 overflow-hidden rounded-xl border border-border bg-background">
+							<div className="flex items-center gap-2 border-border border-b bg-secondary/40 px-4 py-2.5">
+								<Sparkles className="h-3.5 w-3.5 text-accent" />
+								<span className="font-mono text-muted-foreground text-xs">
+									New hire, day one
+								</span>
 							</div>
-							<h3 className="mt-4 font-semibold text-foreground text-lg">
-								{feature.title}
-							</h3>
-							<p className="mt-2 text-muted-foreground text-sm leading-relaxed">
-								{feature.description}
-							</p>
+							<ol className="divide-y divide-border/60">
+								{onboardingSteps.map((step, idx) => (
+									<li
+										className="flex items-center gap-4 px-4 py-3"
+										key={step.command}
+									>
+										<span className="flex h-6 w-6 shrink-0 items-center justify-center rounded-full border border-border bg-secondary font-mono text-[11px] text-muted-foreground">
+											{idx + 1}
+										</span>
+										<div className="min-w-0 flex-1">
+											<p className="truncate font-mono text-foreground text-sm">
+												$ {step.command}
+											</p>
+											<p className="mt-0.5 text-muted-foreground text-xs">
+												{step.detail}
+											</p>
+										</div>
+										<Check className="h-4 w-4 text-accent" />
+									</li>
+								))}
+							</ol>
 						</div>
-					))}
+					</div>
+
+					<div className="grid gap-px overflow-hidden rounded-2xl border border-border bg-border sm:grid-cols-2">
+						{pillars.map((pillar) => (
+							<div
+								className="flex flex-col gap-3 bg-card p-6 transition-colors hover:bg-card/80"
+								key={pillar.title}
+							>
+								<div className="flex items-start justify-between gap-3">
+									<div className="flex h-11 w-11 items-center justify-center rounded-lg bg-accent/10">
+										<pillar.icon className="h-5 w-5 text-accent" />
+									</div>
+									<span className="rounded-full border border-border bg-background/60 px-2 py-0.5 font-mono text-[10px] text-muted-foreground tracking-[0.04em]">
+										{pillar.stat}
+									</span>
+								</div>
+								<h3 className="font-semibold text-foreground text-lg">
+									{pillar.title}
+								</h3>
+								<p className="text-muted-foreground text-sm leading-relaxed">
+									{pillar.description}
+								</p>
+							</div>
+						))}
+					</div>
 				</div>
 			</div>
 		</section>
diff --git a/apps/web/src/components/landing/features-section.tsx b/apps/web/src/components/landing/features-section.tsx
index 3f7c4eeb..48969edf 100644
--- a/apps/web/src/components/landing/features-section.tsx
+++ b/apps/web/src/components/landing/features-section.tsx
@@ -1,67 +1,113 @@
-import { GitBranch, Key, Layers, Server, Shield, Users } from "lucide-react";
+import {
+	Boxes,
+	Code2,
+	GitBranch,
+	Hash,
+	KeyRound,
+	Layers,
+	LockKeyhole,
+	Network,
+	Package,
+	Puzzle,
+	Server,
+	ShieldCheck,
+} from "lucide-react";
 
-export function FeaturesSection() {
-	const features = [
-		{
-			icon: Server,
-			title: "GitOps Infrastructure",
-			description:
-				"An internal repo that deploys your servers, load balancers, databases, and everything you need in production. We manage it for you.",
-		},
-		{
-			icon: Shield,
-			title: "Internal CA & mTLS",
-			description:
-				"Deploy an internal Certificate Authority. Issue certs to all machines and team members for zero-trust networking.",
-		},
-		{
-			icon: Users,
-			title: "SSO Authentication",
-			description:
-				"Built-in SSO auth system for frictionless team onboarding. Add team members in minutes, not days.",
-		},
-		{
-			icon: Key,
-			title: "Secrets Management",
-			description:
-				"Manage secrets using age encryption with your team members' public keys. Secure by default.",
-		},
-		{
-			icon: GitBranch,
-			title: "Tailscale Integration",
-			description:
-				"Private networking for your team out of the box. Share databases and services internally with zero friction.",
-		},
-		{
-			icon: Layers,
-			title: "Scale-to-Zero",
-			description:
-				"Load balancers and services that scale to zero when not in use. Only pay for what you actually need.",
-		},
-	];
+const features = [
+	{
+		icon: Boxes,
+		title: "Reproducible devshells",
+		description:
+			"flake.lock pins every package, runtime, and version. Every teammate gets the exact same Node, Bun, Go, Postgres — independent of their OS.",
+		tag: "Nix · devenv",
+	},
+	{
+		icon: Hash,
+		title: "Deterministic ports",
+		description:
+			"Ports are hashed from your project name, then sequenced for apps and services. Same ports on every machine, no .env coordination, no clashes between projects.",
+		tag: "STACKPANEL_*_PORT",
+	},
+	{
+		icon: Server,
+		title: "Service orchestration",
+		description:
+			"Postgres, Redis, Minio, Caddy, and Step CA managed by process-compose. One command to start the whole stack with health probes wired up.",
+		tag: "process-compose",
+	},
+	{
+		icon: KeyRound,
+		title: "Encrypted secrets",
+		description:
+			"SOPS-encrypted YAML with AGE recipients declared in Nix. Add a teammate's public key, run rekey, commit the diff. No external KMS to manage.",
+		tag: "SOPS · AGE",
+	},
+	{
+		icon: ShieldCheck,
+		title: "Real HTTPS in dev",
+		description:
+			"Step CA issues internal certificates and Caddy reverse-proxies your apps to https://*.local — no browser warnings, no self-signed cert wrangling.",
+		tag: "Step CA · Caddy",
+	},
+	{
+		icon: Code2,
+		title: "IDE auto-config",
+		description:
+			"VS Code and Zed workspace settings, recommended extensions, and devshell loaders are generated and committed. New hires open the repo and the editor is ready.",
+		tag: ".vscode · .zed",
+	},
+	{
+		icon: Package,
+		title: "Type-safe @gen/env",
+		description:
+			"Per-app codegen turns your secret schemas into typed TypeScript modules with embedded encrypted payloads. Import from @gen/env/<app> and ship.",
+		tag: "TS · Go · Python",
+	},
+	{
+		icon: Puzzle,
+		title: "Extension registry",
+		description:
+			"Browse extensions in the studio and enable them with one click. Stackpanel writes the Nix config for you and contributes generated files, scripts, and panels.",
+		tag: "One-click install",
+	},
+	{
+		icon: GitBranch,
+		title: "No vendor lock-in",
+		description:
+			"Generated files are standard config in standard locations. Stop using Stackpanel and the repo keeps working — there is nothing to migrate.",
+		tag: "Eject anytime",
+	},
+];
 
+export function FeaturesSection() {
 	return (
 		<section className="border-border border-b" id="features">
 			<div className="mx-auto max-w-7xl px-4 py-24 sm:px-6 lg:px-8">
 				<div className="text-center">
-					<p className="font-medium text-accent text-sm">Platform Features</p>
-					<h2 className="mt-4 text-balance font-bold text-3xl text-foreground sm:text-4xl">
-						Everything you need to ship
+					<p className="font-medium text-accent text-sm">Platform</p>
+					<h2 className="mt-4 text-balance font-bold font-[Montserrat] text-3xl text-foreground sm:text-4xl">
+						Everything that lives between code and production
 					</h2>
 					<p className="mx-auto mt-4 max-w-2xl text-pretty text-muted-foreground">
-						Self-hosted infrastructure that scales with your business. No
-						per-seat pricing, no vendor lock-in, just powerful tools that work.
+						Stackpanel collapses the dozens of files, services, and
+						integrations every team rebuilds from scratch into a single
+						declarative configuration.
 					</p>
 				</div>
 
-				<div className="mt-16 grid gap-8 sm:grid-cols-2 lg:grid-cols-3">
+				<div className="mt-16 grid gap-px overflow-hidden rounded-2xl border border-border bg-border sm:grid-cols-2 lg:grid-cols-3">
 					{features.map((feature) => (
 						<div
-							className="group rounded-xl border border-border bg-card p-6 transition-all hover:border-accent/50 hover:bg-card/80"
+							className="group relative flex flex-col bg-card p-6 transition-colors hover:bg-card/80"
 							key={feature.title}
 						>
-							<div className="flex h-12 w-12 items-center justify-center rounded-lg bg-accent/10 transition-colors group-hover:bg-accent/20">
-								<feature.icon className="h-6 w-6 text-accent" />
+							<div className="flex items-center justify-between">
+								<div className="flex h-11 w-11 items-center justify-center rounded-lg bg-accent/10 text-accent transition-colors group-hover:bg-accent/15">
+									<feature.icon className="h-5 w-5" />
+								</div>
+								<span className="rounded-full border border-border bg-background/60 px-2 py-0.5 font-mono text-[10px] text-muted-foreground tracking-[0.04em]">
+									{feature.tag}
+								</span>
 							</div>
 							<h3 className="mt-4 font-semibold text-foreground text-lg">
 								{feature.title}
@@ -72,6 +118,21 @@ export function FeaturesSection() {
 						</div>
 					))}
 				</div>
+
+				<div className="mt-10 flex flex-wrap items-center justify-center gap-x-6 gap-y-2 text-muted-foreground text-xs">
+					<span className="inline-flex items-center gap-1.5">
+						<LockKeyhole className="h-3.5 w-3.5" />
+						No data leaves your machine in dev
+					</span>
+					<span className="inline-flex items-center gap-1.5">
+						<Layers className="h-3.5 w-3.5" />
+						Composes with devenv, flake-parts, and SST
+					</span>
+					<span className="inline-flex items-center gap-1.5">
+						<Network className="h-3.5 w-3.5" />
+						Local-first · works offline
+					</span>
+				</div>
 			</div>
 		</section>
 	);
diff --git a/apps/web/src/components/landing/footer.tsx b/apps/web/src/components/landing/footer.tsx
index 431f52c3..375884b5 100644
--- a/apps/web/src/components/landing/footer.tsx
+++ b/apps/web/src/components/landing/footer.tsx
@@ -1,87 +1,135 @@
 import { Link } from "@tanstack/react-router";
 import { Github, Twitter } from "lucide-react";
 
-export function Footer() {
-	const links = {
-		product: [
-			{ label: "Features", href: "#features" },
-			{ label: "Infrastructure", href: "#infrastructure" },
-			{ label: "DevEx", href: "#devex" },
-			{ label: "Pricing", href: "#pricing" },
+type LinkGroup = {
+	label: string;
+	items: Array<{ label: string; href: string; external?: boolean }>;
+};
+
+const linkGroups: LinkGroup[] = [
+	{
+		label: "Product",
+		items: [
+			{ label: "Features", href: "/#features" },
+			{ label: "How it works", href: "/#how-it-works" },
+			{ label: "Production Stacks", href: "/#stacks" },
+			{ label: "Pricing", href: "/pricing" },
+			{ label: "Studio", href: "/studio" },
 		],
-		resources: [
-			{ label: "Documentation", href: "#" },
-			{ label: "API Reference", href: "#" },
-			{ label: "Changelog", href: "#" },
-			{ label: "Status", href: "#" },
+	},
+	{
+		label: "Resources",
+		items: [
+			{ label: "Documentation", href: "/docs" },
+			{ label: "Quick start", href: "/docs/quick-start" },
+			{ label: "Why Stackpanel", href: "/docs/why" },
+			{ label: "Changelog", href: "/docs/changelog" },
 		],
-		company: [
-			{ label: "About", href: "#" },
-			{ label: "Blog", href: "#" },
-			{ label: "Careers", href: "#" },
-			{ label: "Contact", href: "#" },
+	},
+	{
+		label: "Open source",
+		items: [
+			{
+				label: "GitHub",
+				href: "https://github.com/darkmatter/stackpanel",
+				external: true,
+			},
+			{
+				label: "Issues",
+				href: "https://github.com/darkmatter/stackpanel/issues",
+				external: true,
+			},
+			{
+				label: "Discussions",
+				href: "https://github.com/darkmatter/stackpanel/discussions",
+				external: true,
+			},
+			{
+				label: "Releases",
+				href: "https://github.com/darkmatter/stackpanel/releases",
+				external: true,
+			},
 		],
-		legal: [
-			{ label: "Privacy", href: "#" },
-			{ label: "Terms", href: "#" },
-			{ label: "Security", href: "#" },
+	},
+	{
+		label: "Legal",
+		items: [
+			{ label: "Privacy", href: "/privacy" },
+			{ label: "Terms", href: "/terms" },
+			{ label: "Security", href: "/security" },
+			{ label: "License (MIT)", href: "/docs/license" },
 		],
-	};
+	},
+];
 
+export function Footer() {
 	return (
 		<footer className="border-border border-t bg-secondary/20">
 			<div className="mx-auto max-w-7xl px-4 py-12 sm:px-6 lg:px-8 lg:py-16">
-				<div className="grid gap-8 sm:grid-cols-2 lg:grid-cols-5">
-					<div className="lg:col-span-1">
-						<Link className="flex items-center gap-2" to="/">
+				<div className="grid gap-10 sm:grid-cols-2 lg:grid-cols-6">
+					<div className="lg:col-span-2">
+						<Link className="flex items-center gap-2.5" to="/">
 							<div className="flex h-8 w-8 items-center justify-center rounded-lg bg-accent">
-								<span className="font-bold text-accent-foreground text-sm">
-									SP
+								<span className="font-bold font-[Montserrat] text-accent-foreground text-sm">
+									S
 								</span>
 							</div>
-							<span className="font-semibold text-foreground text-lg">
-								StackPanel
+							<span className="font-semibold font-[Montserrat] text-foreground text-lg">
+								Stackpanel
 							</span>
 						</Link>
-						<p className="mt-4 text-muted-foreground text-sm">
-							Your entire company, one panel.
+						<p className="mt-4 max-w-xs text-muted-foreground text-sm leading-relaxed">
+							The open-source dev platform that turns one Nix config into a
+							reproducible environment, encrypted secrets, real HTTPS, and a
+							studio for everything else.
 						</p>
-						<div className="mt-4 flex gap-4">
+						<div className="mt-5 flex items-center gap-3">
 							<a
-								className="text-muted-foreground transition-colors hover:text-foreground"
-								href="https://github.com"
+								className="rounded-md border border-border p-2 text-muted-foreground transition-colors hover:border-accent/40 hover:text-foreground"
+								href="https://github.com/darkmatter/stackpanel"
 								rel="noopener noreferrer"
 								target="_blank"
 							>
-								<Github className="h-5 w-5" />
+								<Github className="h-4 w-4" />
 								<span className="sr-only">GitHub</span>
 							</a>
 							<a
-								className="text-muted-foreground transition-colors hover:text-foreground"
-								href="https://twitter.com"
+								className="rounded-md border border-border p-2 text-muted-foreground transition-colors hover:border-accent/40 hover:text-foreground"
+								href="https://twitter.com/stackpanel_dev"
 								rel="noopener noreferrer"
 								target="_blank"
 							>
-								<Twitter className="h-5 w-5" />
+								<Twitter className="h-4 w-4" />
 								<span className="sr-only">Twitter</span>
 							</a>
 						</div>
 					</div>
 
-					{Object.entries(links).map(([category, items]) => (
-						<div key={category}>
-							<h3 className="font-semibold text-foreground text-sm capitalize">
-								{category}
+					{linkGroups.map((group) => (
+						<div key={group.label}>
+							<h3 className="font-semibold text-foreground text-sm">
+								{group.label}
 							</h3>
 							<ul className="mt-4 space-y-3">
-								{items.map((item) => (
+								{group.items.map((item) => (
 									<li key={item.label}>
-										<a
-											className="text-muted-foreground text-sm transition-colors hover:text-foreground"
-											href={item.href}
-										>
-											{item.label}
-										</a>
+										{item.external ? (
+											<a
+												className="text-muted-foreground text-sm transition-colors hover:text-foreground"
+												href={item.href}
+												rel="noopener noreferrer"
+												target="_blank"
+											>
+												{item.label}
+											</a>
+										) : (
+											<a
+												className="text-muted-foreground text-sm transition-colors hover:text-foreground"
+												href={item.href}
+											>
+												{item.label}
+											</a>
+										)}
 									</li>
 								))}
 							</ul>
@@ -89,9 +137,13 @@ export function Footer() {
 					))}
 				</div>
 
-				<div className="mt-12 border-border border-t pt-8">
-					<p className="text-center text-muted-foreground text-sm">
-						© {new Date().getFullYear()} StackPanel. All rights reserved.
+				<div className="mt-12 flex flex-col items-center justify-between gap-3 border-border border-t pt-8 sm:flex-row">
+					<p className="text-muted-foreground text-xs">
+						© {new Date().getFullYear()} Stackpanel · MIT licensed · Built on
+						Nix, devenv, Caddy, SOPS, and process-compose
+					</p>
+					<p className="text-muted-foreground text-xs">
+						Not affiliated with NixOS, devenv, or Cloudflare.
 					</p>
 				</div>
 			</div>
diff --git a/apps/web/src/components/landing/header.tsx b/apps/web/src/components/landing/header.tsx
index c532caae..fa212468 100644
--- a/apps/web/src/components/landing/header.tsx
+++ b/apps/web/src/components/landing/header.tsx
@@ -3,72 +3,70 @@
 import { Logo } from "@stackpanel/ui-core/logo";
 import { Link } from "@tanstack/react-router";
 import { Button } from "@ui/button";
-import { Menu, X } from "lucide-react";
+import { Github, Menu, X } from "lucide-react";
 import { useState } from "react";
+import { useWaitlist } from "./waitlist-dialog";
+
+const navItems = [
+	{ label: "How it works", href: "/#how-it-works" },
+	{ label: "Features", href: "/#features" },
+	{ label: "Stacks", href: "/#stacks" },
+	{ label: "Pricing", href: "/pricing" },
+	{ label: "Compare", href: "/#compare" },
+	{ label: "Demo", href: "/demo" },
+	{ label: "Docs", href: "/docs" },
+];
 
 export function Header() {
 	const [isMenuOpen, setIsMenuOpen] = useState(false);
+	const waitlist = useWaitlist();
 
 	return (
 		<header className="sticky top-0 z-50 border-border border-b bg-background/80 backdrop-blur-xl">
 			<div className="mx-auto flex h-16 max-w-7xl items-center justify-between px-4 sm:px-6 lg:px-8">
 				<div className="flex items-center gap-8">
 					<Link className="flex items-center gap-2" to="/">
-						{/* <div className="flex h-8 w-8 items-center justify-center rounded-lg bg-accent">
-              <span className="font-bold text-accent-foreground text-sm">
-								SP
-							</span>
-            </div> */}
-						{/* <span className="font-semibold text-foreground text-lg">
-							StackPanel
-						</span> */}
 						<Logo className="max-w-32" />
 					</Link>
 
 					<nav className="hidden items-center gap-6 md:flex">
-						<a
-							className="text-muted-foreground text-sm transition-colors hover:text-foreground"
-							href="#features"
-						>
-							Features
-						</a>
-						<a
-							className="text-muted-foreground text-sm transition-colors hover:text-foreground"
-							href="#infrastructure"
-						>
-							Infrastructure
-						</a>
-						<a
-							className="text-muted-foreground text-sm transition-colors hover:text-foreground"
-							href="#devex"
-						>
-							DevEx
-						</a>
-						<a
-							className="text-muted-foreground text-sm transition-colors hover:text-foreground"
-							href="#pricing"
-						>
-							Pricing
-						</a>
-						<a
-							className="text-muted-foreground text-sm transition-colors hover:text-foreground"
-							href="#docs"
-						>
-							Docs
-						</a>
+						{navItems.map((item) => (
+							<a
+								className="text-muted-foreground text-sm transition-colors hover:text-foreground"
+								href={item.href}
+								key={item.href}
+							>
+								{item.label}
+							</a>
+						))}
 					</nav>
 				</div>
 
-				<div className="hidden items-center gap-4 md:flex">
+				<div className="hidden items-center gap-2 md:flex">
+					<Button
+						asChild
+						className="text-muted-foreground hover:text-foreground"
+						size="sm"
+						variant="ghost"
+					>
+						<a
+							aria-label="GitHub"
+							href="https://github.com/darkmatter/stackpanel"
+							rel="noopener noreferrer"
+							target="_blank"
+						>
+							<Github className="h-4 w-4" />
+						</a>
+					</Button>
 					<Button asChild size="sm" variant="ghost">
-						<Link to="/login">Sign In</Link>
+						<Link to="/login">Sign in</Link>
 					</Button>
 					<Button
-						asChild
 						className="bg-foreground text-background hover:bg-foreground/90"
 						size="sm"
+						onClick={() => waitlist.open({ source: "header" })}
 					>
-						<Link to="/login">Get Started</Link>
+						Join the beta
 					</Button>
 				</div>
 
@@ -88,52 +86,50 @@ export function Header() {
 
 			{isMenuOpen && (
 				<div className="border-border border-t bg-background md:hidden">
-					<nav className="flex flex-col gap-4 px-4 py-6">
-						<a
-							className="text-muted-foreground text-sm transition-colors hover:text-foreground"
-							href="#features"
-						>
-							Features
-						</a>
-						<a
-							className="text-muted-foreground text-sm transition-colors hover:text-foreground"
-							href="#infrastructure"
-						>
-							Infrastructure
-						</a>
-						<a
-							className="text-muted-foreground text-sm transition-colors hover:text-foreground"
-							href="#devex"
-						>
-							DevEx
-						</a>
-						<a
-							className="text-muted-foreground text-sm transition-colors hover:text-foreground"
-							href="#pricing"
-						>
-							Pricing
-						</a>
-						<a
-							className="text-muted-foreground text-sm transition-colors hover:text-foreground"
-							href="#docs"
-						>
-							Docs
-						</a>
-						<div className="flex flex-col gap-2 pt-4">
+					<nav className="flex flex-col gap-1 px-4 py-4">
+						{navItems.map((item) => (
+							<a
+								className="rounded-md px-2 py-2 text-muted-foreground text-sm transition-colors hover:bg-secondary hover:text-foreground"
+								href={item.href}
+								key={item.href}
+								onClick={() => setIsMenuOpen(false)}
+							>
+								{item.label}
+							</a>
+						))}
+						<div className="mt-3 flex flex-col gap-2 border-border/60 border-t pt-3">
 							<Button
 								asChild
 								className="justify-start"
 								size="sm"
 								variant="ghost"
 							>
-								<Link to="/login">Sign In</Link>
+								<a
+									href="https://github.com/darkmatter/stackpanel"
+									rel="noopener noreferrer"
+									target="_blank"
+								>
+									<Github className="mr-2 h-4 w-4" />
+									GitHub
+								</a>
 							</Button>
 							<Button
 								asChild
+								className="justify-start"
+								size="sm"
+								variant="ghost"
+							>
+								<Link to="/login">Sign in</Link>
+							</Button>
+							<Button
 								className="bg-foreground text-background hover:bg-foreground/90"
 								size="sm"
+								onClick={() => {
+									setIsMenuOpen(false);
+									waitlist.open({ source: "header.mobile" });
+								}}
 							>
-								<Link to="/login">Get Started</Link>
+								Join the beta
 							</Button>
 						</div>
 					</nav>
diff --git a/apps/web/src/components/landing/hero-section.tsx b/apps/web/src/components/landing/hero-section.tsx
index 34f78f1b..557c35b8 100644
--- a/apps/web/src/components/landing/hero-section.tsx
+++ b/apps/web/src/components/landing/hero-section.tsx
@@ -1,27 +1,28 @@
 import { Link } from "@tanstack/react-router";
-import { Avatar, AvatarFallback } from "@ui/avatar";
 import { Badge } from "@ui/badge";
 import { Button } from "@ui/button";
-import { Card, CardContent } from "@ui/card";
-import { ArrowRight, CheckCircle2, Code, Globe2, Layers, Server } from "lucide-react";
+import { useWaitlist } from "./waitlist-dialog";
+import {
+	ArrowRight,
+	Boxes,
+	CheckCircle2,
+	Database,
+	FileCode2,
+	Globe2,
+	KeyRound,
+	Layers,
+	Network,
+	Play,
+	Server,
+	Square,
+	Terminal,
+} from "lucide-react";
 import { type ReactNode, useEffect, useMemo, useState } from "react";
-import { AppTasks } from "@/components/studio/panels/apps";
-import { PanelHeader } from "@/components/studio/panels/shared/panel-header";
-import { PackageCard } from "@/components/studio/panels/packages/components";
-import { getTypeConfig } from "@/components/studio/panels/variables/constants";
-import type { NixpkgsPackage } from "@/lib/types";
-
-// AppTask interface for demo/preview data
-interface AppTask {
-	key: string;
-	command: string;
-	env?: Record<string, string>;
-}
 import { cn } from "@/lib/utils";
 
 function Headline() {
 	return (
-		<h1 className="text-balance font-bold text-4xl text-foreground tracking-tight sm:text-5xl lg:text-6xl font-[Montserrat] -mt-4">
+		<h1 className="-mt-4 text-balance font-bold text-4xl text-foreground tracking-tight font-[Montserrat] sm:text-5xl lg:text-6xl">
 			<span
 				style={{
 					fontVariationSettings: '"wght" 210',
@@ -34,7 +35,7 @@ function Headline() {
 				Ship{" "}
 			</span>
 			<span
-				className="text-accent font-bold italic"
+				className="font-bold text-accent italic"
 				style={{
 					fontWeight: "unset",
 					fontVariationSettings: '"wght" 807',
@@ -55,372 +56,355 @@ function Headline() {
 					fontStyle: "normal",
 				}}
 			>
-				not{" "}plumbing.
+				not plumbing.
 			</span>
-			{/* <span
-				className="font-bold "
-				style={{
-					fontVariationSettings: '"wght" 482',
-					textUnderlineOffset: "5px",
-					textDecorationThickness: "from-font",
-					letterSpacing: "-0.1rem",
-				}}
-			>
-				plumbing
-			</span> */}
 		</h1>
 	);
 }
-//   {/*// style="
-//   //   font-variation-settings: &quot;wght&quot; 210;
-//   //   font-weight: unset;
-//   //   font-feature-settings: &quot;calt&quot; 1;
-//   //   font-family: &quot;Montserrat&quot;;
-//   //   letter-spacing: -0.15rem;
-//   //   line-height: 4.6rem;
-// // ">Build <span class="font-bold text-accent" style="
-// //     font-weight: unset;
-// //     font-variation-settings: &quot;wght&quot; 807;
-// //     font-style: italic;
-// //     text-decoration: underline;
-// //     text-underline-offset: 5px;
-// //     text-decoration-thickness: from-font;
-// //     letter-spacing: -0.05rem;
-// //     /* color: hsl(0,0%,90%); */
-// // ">products,</span><span class="font-bold text-accent" style="
-// //     font-weight: unset;
-// //     font-variation-settings: &quot;wght&quot; 592;
-// //     /* font-style: italic; */
-// //     /* text-decoration: underline; */
-// //     text-underline-offset: 5px;
-// //     text-decoration-thickness: from-font;
-// //     letter-spacing: -0.10rem;
-// //     color: hsl(0,0%,90%);
-// // "> <span style="
-// //     font-variation-settings: &quot;wght&quot; 398;
-// //     letter-spacing: -0.1rem;
-// //     font-style: normal;
-// //     color: hsl(0,0%,90%);
-// // ">not</span> plumbing.</span></h1>*/}
 
-const PACKAGE_PREVIEW: NixpkgsPackage[] = [
-	{
-		name: "postgresql",
-		attr_path: "pkgs.postgresql_16",
-		version: "16.3",
-		description: "Production-grade relational database with extensions support.",
-		license: "PostgreSQL",
-		homepage: "https://www.postgresql.org/",
-	},
+type AppPreview = {
+	id: string;
+	name: string;
+	stack: string;
+	status: "running" | "building" | "stopped";
+	domain: string;
+	port: number;
+};
+
+const APP_PREVIEW: AppPreview[] = [
 	{
-		name: "redis",
-		attr_path: "pkgs.redis",
-		version: "7.2.4",
-		description: "In-memory data structure store used as a cache, database, and message broker.",
-		license: "BSD-3-Clause",
-		homepage: "https://redis.io/",
+		id: "web",
+		name: "web",
+		stack: "TanStack Start · Vite",
+		status: "running",
+		domain: "web.myapp.local",
+		port: 4200,
 	},
 	{
-		name: "bun",
-		attr_path: "pkgs.bun",
-		version: "1.1.8",
-		description: "Fast JavaScript runtime, bundler, and test runner.",
-		license: "MIT",
-		homepage: "https://bun.sh/",
+		id: "api",
+		name: "api",
+		stack: "Hono · Cloudflare Workers",
+		status: "running",
+		domain: "api.myapp.local",
+		port: 4201,
 	},
 	{
-		name: "caddy",
-		attr_path: "pkgs.caddy",
-		version: "2.7.6",
-		description: "Extensible web server with automatic HTTPS and great defaults.",
-		license: "Apache-2.0",
-		homepage: "https://caddyserver.com/",
+		id: "worker",
+		name: "queue-worker",
+		stack: "Go · process-compose",
+		status: "building",
+		domain: "—",
+		port: 4202,
 	},
 ];
 
-type AppPreview = {
+type ServicePreview = {
 	id: string;
 	name: string;
-	stack: string;
-	status: "running" | "staging" | "deploying";
-	domain: string;
+	envVar: string;
 	port: number;
-	tasks: Record<string, AppTask>;
+	description: string;
 };
 
-const APP_PREVIEW: AppPreview[] = [
+const SERVICE_PREVIEW: ServicePreview[] = [
 	{
-		id: "api",
-		name: "api-gateway",
-		stack: "Bun · SST",
-		status: "running",
-		domain: "api.stackpanel.local",
-		port: 6401,
-		tasks: {
-			dev: { key: "dev", command: "bun run dev", env: {} },
-			test: { key: "test", command: "bun test", env: {} },
-		},
+		id: "postgres",
+		name: "PostgreSQL 16",
+		envVar: "STACKPANEL_POSTGRES_PORT",
+		port: 4237,
+		description: "Hashed from project name · isolated per-project",
 	},
 	{
-		id: "web",
-		name: "web",
-		stack: "React · TanStack",
-		status: "staging",
-		domain: "web.stackpanel.local",
-		port: 6402,
-		tasks: {
-			dev: { key: "dev", command: "bun run dev -- --host", env: {} },
-			lint: { key: "lint", command: "bun run lint", env: {} },
-		},
+		id: "redis",
+		name: "Redis 7",
+		envVar: "STACKPANEL_REDIS_PORT",
+		port: 4252,
+		description: "Cache + pub/sub managed by process-compose",
 	},
 	{
-		id: "worker",
-		name: "queue-worker",
-		stack: "Go · Temporal",
-		status: "deploying",
-		domain: "worker.stackpanel.local",
-		port: 6410,
-		tasks: {
-			dev: { key: "dev", command: "go run ./cmd/worker", env: {} },
-		},
+		id: "minio",
+		name: "Minio (S3)",
+		envVar: "STACKPANEL_MINIO_PORT",
+		port: 4263,
+		description: "Local object storage with presigned URLs",
+	},
+	{
+		id: "caddy",
+		name: "Caddy + Step CA",
+		envVar: "STACKPANEL_CADDY_PORT",
+		port: 4280,
+		description: "Real HTTPS for *.myapp.local in dev",
 	},
 ];
 
 type VariablePreview = {
 	id: string;
 	key: string;
-	type: string;
-	description: string;
-	environments: string[];
-	linkedApps: string[];
+	kind: "secret" | "config" | "service";
+	scope: string;
+	masked?: string;
 };
 
 const VARIABLE_PREVIEW: VariablePreview[] = [
 	{
 		id: "DATABASE_URL",
 		key: "DATABASE_URL",
-		type: "secret",
-		description: "Encrypted connection string for primary Postgres cluster.",
-		environments: ["dev", "staging", "prod"],
-		linkedApps: ["api-gateway", "queue-worker"],
+		kind: "secret",
+		scope: "api · worker",
+		masked: "ref+sops://prod.sops.yaml#/DATABASE_URL",
 	},
 	{
-		id: "NEXT_PUBLIC_API_URL",
-		key: "NEXT_PUBLIC_API_URL",
-		type: "config",
-		description: "Public API endpoint exposed to frontend clients.",
-		environments: ["dev", "staging"],
-		linkedApps: ["web"],
+		id: "STACKPANEL_API_PORT",
+		key: "STACKPANEL_API_PORT",
+		kind: "service",
+		scope: "all apps",
+		masked: "4201",
 	},
 	{
-		id: "TS_AUTH_DOMAIN",
-		key: "TS_AUTH_DOMAIN",
-		type: "service",
-		description: "Tailscale auth domain issued by Stackpanel network.",
-		environments: ["dev"],
-		linkedApps: ["web", "api-gateway"],
+		id: "VITE_PUBLIC_API_URL",
+		key: "VITE_PUBLIC_API_URL",
+		kind: "config",
+		scope: "web",
+		masked: "https://api.myapp.local",
+	},
+	{
+		id: "AGE_RECIPIENTS",
+		key: "AGE_RECIPIENTS",
+		kind: "secret",
+		scope: "team · 4 keys",
+		masked: "age1qd…ek7c, age1n4…tlkq, +2",
 	},
 ];
 
+const STATUS_STYLES: Record<AppPreview["status"], string> = {
+	running: "border-emerald-400/40 bg-emerald-500/10 text-emerald-300",
+	building: "border-amber-400/40 bg-amber-500/10 text-amber-300",
+	stopped: "border-zinc-400/30 bg-zinc-500/10 text-zinc-300",
+};
+
+const VARIABLE_STYLES: Record<VariablePreview["kind"], string> = {
+	secret:
+		"bg-fuchsia-500/10 text-fuchsia-300 border border-fuchsia-400/30",
+	config: "bg-sky-500/10 text-sky-300 border border-sky-400/30",
+	service: "bg-emerald-500/10 text-emerald-300 border border-emerald-400/30",
+};
+
 type PreviewSlide = {
 	id: string;
 	label: string;
 	tagline: string;
+	icon: typeof Boxes;
 	content: ReactNode;
 };
 
-const ROTATION_MS = 6200;
+const ROTATION_MS = 6500;
 
-function PackagesPreview() {
+function PreviewFrame({
+	title,
+	subtitle,
+	icon: Icon,
+	children,
+}: {
+	title: string;
+	subtitle: string;
+	icon: typeof Boxes;
+	children: ReactNode;
+}) {
 	return (
-		<div className="space-y-4 rounded-xl border border-border/70 bg-card p-5">
-			<PanelHeader
-				title="Packages"
-				description="Pinned runtimes, services, and tooling from nixpkgs"
-				guideKey="packages"
-			/>
-			<div className="grid gap-3 md:grid-cols-2">
-				{PACKAGE_PREVIEW.map((pkg) => (
-					<PackageCard key={pkg.name} pkg={pkg} isCompact />
-				))}
-			</div>
-			<div className="flex flex-wrap items-center gap-3 text-muted-foreground text-xs">
-				<span className="inline-flex items-center gap-1 rounded-full bg-secondary px-2.5 py-1 font-medium text-foreground">
-					<CheckCircle2 className="h-3 w-3 text-accent" />
-					Cached in devshell
-				</span>
-				<span className="inline-flex items-center gap-1">
-					<Server className="h-3 w-3" />
-					Services + runtimes, side-by-side
-				</span>
-				<span className="inline-flex items-center gap-1">
-					<Layers className="h-3 w-3" />
-					Deterministic channels
-				</span>
+		<div className="flex h-full flex-col gap-4 rounded-xl border border-border/70 bg-card p-5">
+			<div className="flex items-center justify-between gap-3">
+				<div className="flex items-center gap-3">
+					<div className="flex h-9 w-9 items-center justify-center rounded-lg bg-accent/10 text-accent">
+						<Icon className="h-4 w-4" />
+					</div>
+					<div>
+						<p className="font-semibold text-foreground text-sm">{title}</p>
+						<p className="text-muted-foreground text-xs">{subtitle}</p>
+					</div>
+				</div>
+				<Badge
+					className="border-border/70 bg-secondary text-[10px] tracking-[0.12em] uppercase"
+					variant="outline"
+				>
+					Studio
+				</Badge>
 			</div>
+			<div className="min-h-0 flex-1">{children}</div>
 		</div>
 	);
 }
 
 function AppsPreview() {
-	const statusStyles: Record<AppPreview["status"], string> = {
-		running: "border-emerald-400/40 bg-emerald-500/15 text-emerald-300",
-		staging: "border-amber-400/30 bg-amber-500/10 text-amber-300",
-		deploying: "border-blue-400/30 bg-blue-500/10 text-blue-300",
-	};
-
 	return (
-		<div className="space-y-4 rounded-xl border border-border/70 bg-card p-5">
-			<PanelHeader
-				title="Apps"
-				description="Monorepo-aware tasks with stable ports"
-				guideKey="apps"
-			/>
+		<PreviewFrame
+			icon={Boxes}
+			subtitle="Deterministic ports · stack-aware tasks · live status"
+			title="Apps"
+		>
 			<div className="grid gap-3">
 				{APP_PREVIEW.map((app) => (
-					<Card key={app.id}>
-						<CardContent className="p-4 space-y-3">
-							<div className="flex items-center justify-between gap-3">
-								<div className="flex items-center gap-3">
-									<Avatar className="h-10 w-10">
-										<AvatarFallback className="bg-secondary text-foreground">
-											{app.name
-												.split("-")
-												.map((part) => part[0])
-												.join("")
-												.slice(0, 2)
-												.toUpperCase()}
-										</AvatarFallback>
-									</Avatar>
-									<div>
-										<p className="font-medium text-foreground">{app.name}</p>
-										<p className="text-muted-foreground text-xs">{app.stack}</p>
-									</div>
+					<div
+						className="rounded-lg border border-border/70 bg-background/60 p-3"
+						key={app.id}
+					>
+						<div className="flex items-center justify-between gap-3">
+							<div className="flex items-center gap-3">
+								<div className="flex h-9 w-9 items-center justify-center rounded-md bg-secondary font-mono text-foreground text-xs">
+									{app.name.slice(0, 2).toUpperCase()}
+								</div>
+								<div>
+									<p className="font-medium font-mono text-foreground text-sm">
+										{app.name}
+									</p>
+									<p className="text-muted-foreground text-xs">{app.stack}</p>
 								</div>
-								<Badge
-									className={cn(
-										"border text-xs",
-										statusStyles[app.status],
-									)}
-									variant="outline"
-								>
-									{app.status}
-								</Badge>
 							</div>
+							<Badge
+								className={cn("text-xs capitalize", STATUS_STYLES[app.status])}
+								variant="outline"
+							>
+								{app.status === "running" ? (
+									<Play className="mr-1 h-2.5 w-2.5 fill-current" />
+								) : app.status === "building" ? (
+									<span className="mr-1 inline-block h-2 w-2 animate-pulse rounded-full bg-current" />
+								) : (
+									<Square className="mr-1 h-2.5 w-2.5" />
+								)}
+								{app.status}
+							</Badge>
+						</div>
+						<div className="mt-3 flex flex-wrap items-center gap-2 text-xs">
+							<span className="inline-flex items-center gap-1 rounded-full bg-secondary px-2 py-0.5 font-mono text-foreground/80">
+								<Globe2 className="h-3 w-3" />
+								{app.domain}
+							</span>
+							<span className="inline-flex items-center gap-1 rounded-full bg-secondary px-2 py-0.5 font-mono text-foreground/80">
+								<Network className="h-3 w-3" />:{app.port}
+							</span>
+						</div>
+					</div>
+				))}
+			</div>
+		</PreviewFrame>
+	);
+}
 
-							<div className="flex flex-wrap items-center gap-3 text-xs text-muted-foreground">
-								<span className="inline-flex items-center gap-1 rounded-full bg-secondary px-2.5 py-1 text-foreground">
-									<Globe2 className="h-3 w-3" />
-									{app.domain}
-								</span>
-								<span className="inline-flex items-center gap-1 rounded-full bg-secondary px-2.5 py-1 text-foreground">
-									<Code className="h-3 w-3" />
-									Port {app.port}
-								</span>
+function ServicesPreview() {
+	return (
+		<PreviewFrame
+			icon={Server}
+			subtitle="Postgres · Redis · Minio · Caddy + Step CA"
+			title="Services"
+		>
+			<div className="grid gap-3">
+				{SERVICE_PREVIEW.map((svc) => (
+					<div
+						className="rounded-lg border border-border/70 bg-background/60 p-3"
+						key={svc.id}
+					>
+						<div className="flex items-center justify-between gap-3">
+							<div className="flex items-center gap-3">
+								<div className="flex h-9 w-9 items-center justify-center rounded-md bg-secondary text-accent">
+									<Database className="h-4 w-4" />
+								</div>
+								<div>
+									<p className="font-medium text-foreground text-sm">
+										{svc.name}
+									</p>
+									<p className="text-muted-foreground text-xs">
+										{svc.description}
+									</p>
+								</div>
 							</div>
-
-							<div className="border-t border-border/60 pt-3">
-								<AppTasks tasks={app.tasks} />
+							<div className="text-right">
+								<p className="font-mono text-foreground text-sm">:{svc.port}</p>
+								<p className="font-mono text-muted-foreground text-[10px]">
+									{svc.envVar}
+								</p>
 							</div>
-						</CardContent>
-					</Card>
+						</div>
+					</div>
 				))}
 			</div>
-		</div>
+		</PreviewFrame>
 	);
 }
 
 function VariablesPreview() {
 	return (
-		<div className="space-y-4 rounded-xl border border-border/70 bg-card p-5">
-			<PanelHeader
-				title="Variables"
-				description="Secrets, config, and service values with scoped access"
-				guideKey="variables"
-			/>
-			<div className="grid gap-3">
-				{VARIABLE_PREVIEW.map((variable) => {
-					const typeConfig = getTypeConfig(variable.type);
-					const Icon = typeConfig.icon;
-
-					return (
-						<Card key={variable.id}>
-							<CardContent className="space-y-3 p-4">
-								<div className="flex items-center justify-between gap-3">
-									<div className="flex items-center gap-3">
-										<div
-											className={cn(
-												"flex h-10 w-10 items-center justify-center rounded-lg",
-												typeConfig.color,
-											)}
-										>
-											<Icon className="h-4 w-4" />
-										</div>
-										<div>
-											<p className="font-semibold text-foreground">
-												{variable.key}
-											</p>
-											<p className="text-muted-foreground text-xs">
-												{variable.description}
-											</p>
-										</div>
-									</div>
-									<Badge variant="outline" className="text-xs capitalize">
-										{typeConfig.label}
-									</Badge>
-								</div>
-
-								<div className="flex flex-wrap items-center gap-2 text-xs">
-									<div className="inline-flex items-center gap-1 rounded-full border border-border/80 px-2 py-1">
-										<CheckCircle2 className="h-3 w-3 text-accent" />
-										<span className="text-muted-foreground">Environments</span>
-										<div className="flex gap-1">
-											{variable.environments.map((env) => (
-												<Badge key={env} variant="secondary" className="text-[10px]">
-													{env}
-												</Badge>
-											))}
-										</div>
-									</div>
-									<div className="inline-flex items-center gap-1 rounded-full border border-border/80 px-2 py-1">
-										<span className="text-muted-foreground">Linked apps</span>
-										<div className="flex gap-1">
-											{variable.linkedApps.map((app) => (
-												<Badge key={app} variant="outline" className="text-[10px]">
-													{app}
-												</Badge>
-											))}
-										</div>
-									</div>
+		<PreviewFrame
+			icon={KeyRound}
+			subtitle="SOPS + AGE · scoped per app and environment"
+			title="Variables"
+		>
+			<div className="grid gap-2">
+				{VARIABLE_PREVIEW.map((variable) => (
+					<div
+						className="rounded-lg border border-border/70 bg-background/60 p-3"
+						key={variable.id}
+					>
+						<div className="flex items-center justify-between gap-3">
+							<div className="flex min-w-0 items-center gap-3">
+								<span
+									className={cn(
+										"inline-flex items-center rounded-md px-1.5 py-0.5 font-mono text-[10px] tracking-[0.08em] uppercase",
+										VARIABLE_STYLES[variable.kind],
+									)}
+								>
+									{variable.kind}
+								</span>
+								<div className="min-w-0">
+									<p className="truncate font-mono font-semibold text-foreground text-xs">
+										{variable.key}
+									</p>
+									<p className="truncate font-mono text-muted-foreground text-[10px]">
+										{variable.masked}
+									</p>
 								</div>
-							</CardContent>
-						</Card>
-					);
-				})}
+							</div>
+							<span className="shrink-0 rounded-full border border-border/80 px-2 py-0.5 text-[10px] text-muted-foreground">
+								{variable.scope}
+							</span>
+						</div>
+					</div>
+				))}
 			</div>
-		</div>
+			<div className="mt-3 flex flex-wrap items-center gap-2 text-muted-foreground text-[10px]">
+				<span className="inline-flex items-center gap-1 rounded-full bg-secondary px-2 py-0.5">
+					<CheckCircle2 className="h-3 w-3 text-emerald-400" />
+					Resolved at shell entry
+				</span>
+				<span className="inline-flex items-center gap-1 rounded-full bg-secondary px-2 py-0.5">
+					<FileCode2 className="h-3 w-3" />
+					Type-safe codegen
+				</span>
+			</div>
+		</PreviewFrame>
 	);
 }
 
 function StudioPreviewRotator() {
 	const previews = useMemo<PreviewSlide[]>(
 		() => [
-			{
-				id: "packages",
-				label: "Packages",
-				tagline: "Pin runtimes, services, and tools to devshell",
-				content: <PackagesPreview />,
-			},
 			{
 				id: "apps",
 				label: "Apps",
-				tagline: "Ports, domains, and tasks ready to ship",
+				tagline: "Apps with stable ports, URLs, and tasks",
+				icon: Boxes,
 				content: <AppsPreview />,
 			},
+			{
+				id: "services",
+				label: "Services",
+				tagline: "Postgres, Redis, Minio — orchestrated",
+				icon: Server,
+				content: <ServicesPreview />,
+			},
 			{
 				id: "variables",
 				label: "Variables",
-				tagline: "Secrets + config scoped per environment",
+				tagline: "Encrypted secrets + computed config",
+				icon: KeyRound,
 				content: <VariablesPreview />,
 			},
 		],
@@ -437,59 +421,75 @@ function StudioPreviewRotator() {
 
 	return (
 		<div className="relative">
-			<div className="mb-4 flex items-center justify-between">
+			<div className="mb-4 flex items-center justify-between gap-3">
 				<div className="flex items-center gap-2 text-muted-foreground text-sm">
-					<span className="rounded-full bg-accent/10 px-3 py-1 text-accent text-xs font-semibold tracking-[0.1em]">
-						Studio previews
+					<span className="inline-flex items-center gap-1.5 rounded-full bg-accent/10 px-3 py-1 font-semibold text-accent text-xs tracking-[0.12em] uppercase">
+						<Layers className="h-3 w-3" />
+						Studio preview
 					</span>
-					<span className="text-muted-foreground">
+					<span className="hidden text-muted-foreground sm:inline">
 						{previews[activeIndex]?.tagline}
 					</span>
 				</div>
 				<Link
-					className="text-accent text-sm underline-offset-4 hover:underline"
+					className="inline-flex items-center gap-1 text-accent text-sm underline-offset-4 hover:underline"
 					to="/studio"
 				>
-					Open the studio
+					Open the studio <ArrowRight className="h-3.5 w-3.5" />
 				</Link>
 			</div>
+			<div
+				aria-hidden
+				className="-z-10 -inset-4 absolute rounded-3xl bg-gradient-to-br from-accent/15 via-transparent to-primary/10 blur-3xl"
+			/>
 			<div className="relative min-h-[560px] overflow-hidden rounded-2xl border border-border/70 bg-secondary/40 p-2 shadow-2xl">
-				{previews.map((preview, index) => (
-					<div
-						className={cn(
-							"absolute inset-2 transition-all duration-500",
-							index === activeIndex
-								? "opacity-100 translate-y-0"
-								: "pointer-events-none opacity-0 translate-y-6",
-						)}
-						key={preview.id}
-					>
-						{preview.content}
+				<div className="flex items-center gap-2 px-3 pt-1.5 pb-2">
+					<div className="flex gap-1.5">
+						<span className="h-2.5 w-2.5 rounded-full bg-red-500/70" />
+						<span className="h-2.5 w-2.5 rounded-full bg-yellow-500/70" />
+						<span className="h-2.5 w-2.5 rounded-full bg-green-500/70" />
 					</div>
-				))}
+					<span className="ml-2 inline-flex items-center gap-1.5 rounded-md bg-background/60 px-2 py-0.5 font-mono text-[10px] text-muted-foreground">
+						<Terminal className="h-2.5 w-2.5" />
+						http://localhost:9876
+					</span>
+				</div>
+				<div className="relative h-[520px]">
+					{previews.map((preview, index) => (
+						<div
+							className={cn(
+								"absolute inset-0 transition-all duration-500",
+								index === activeIndex
+									? "translate-y-0 opacity-100"
+									: "pointer-events-none translate-y-4 opacity-0",
+							)}
+							key={preview.id}
+						>
+							{preview.content}
+						</div>
+					))}
+				</div>
 			</div>
 			<div className="mt-4 flex flex-wrap gap-2">
-				{previews.map((preview, index) => (
-					<button
-						className={cn(
-							"group relative overflow-hidden rounded-full border px-3 py-1.5 text-sm transition-colors",
-							index === activeIndex
-								? "border-accent/60 bg-accent/10 text-foreground"
-								: "border-border bg-background/60 text-muted-foreground hover:text-foreground",
-						)}
-						key={preview.id}
-						onClick={() => setActiveIndex(index)}
-						type="button"
-					>
-						<span
+				{previews.map((preview, index) => {
+					const Icon = preview.icon;
+					return (
+						<button
 							className={cn(
-								"absolute inset-0 z-0 bg-accent/10 transition-opacity",
-								index === activeIndex ? "opacity-100" : "opacity-0",
+								"group inline-flex items-center gap-1.5 rounded-full border px-3 py-1.5 text-sm transition-colors",
+								index === activeIndex
+									? "border-accent/60 bg-accent/10 text-foreground"
+									: "border-border bg-background/60 text-muted-foreground hover:text-foreground",
 							)}
-						/>
-						<span className="relative z-10">{preview.label}</span>
-					</button>
-				))}
+							key={preview.id}
+							onClick={() => setActiveIndex(index)}
+							type="button"
+						>
+							<Icon className="h-3.5 w-3.5" />
+							{preview.label}
+						</button>
+					);
+				})}
 			</div>
 		</div>
 	);
@@ -506,48 +506,72 @@ export function HeroSection() {
 						<div className="mb-6 inline-flex w-fit items-center gap-2 rounded-full border border-border bg-secondary px-4 py-1.5">
 							<span className="h-2 w-2 rounded-full bg-accent" />
 							<span className="text-muted-foreground text-sm">
-								The new localhost:3001
+								Open source · Powered by Nix · Self-hosted
 							</span>
 						</div>
 						<Headline />
-						{/*<h1 className="text-balance font-bold text-4xl text-foreground tracking-tight sm:text-5xl lg:text-6xl">
-              Build <span className="font-bold text-accent">products</span> not
-              plumbing.
-            </h1>*/}
 
 						<p className="mt-6 max-w-xl text-pretty text-lg text-muted-foreground leading-relaxed">
-							From idea to production-ready app. StackPanel unifies
-							infrastructure, tooling, secrets, and local development into one
-							internal platform your whole team can access.
+							One <span className="font-mono text-foreground">.stack/config.nix</span>
+							{" "}replaces dozens of config files. Reproducible dev environments,
+							encrypted secrets, deterministic ports, and real HTTPS — generated
+							for your whole team.{" "}
+							<span className="text-foreground">No Nix knowledge required.</span>
 						</p>
 
-						<div className="mt-8 flex flex-wrap gap-4">
+						<div className="mt-8 flex flex-wrap gap-3">
+							<HeroCTAs />
+							<Button asChild size="lg" variant="outline">
+								<Link to="/demo">Open Studio demo</Link>
+							</Button>
 							<Button
 								asChild
-								className="bg-foreground text-background hover:bg-foreground/90"
+								className="text-muted-foreground hover:text-foreground"
 								size="lg"
+								variant="ghost"
 							>
-								<Link to="/login">
-									Get Started <ArrowRight className="ml-2 h-4 w-4" />
-								</Link>
-							</Button>
-							<Button asChild size="lg" variant="outline">
-								<Link to="/studio">Instant Demo</Link>
+								<a
+									href="https://github.com/darkmatter/stackpanel"
+									rel="noopener noreferrer"
+									target="_blank"
+								>
+									<svg
+										aria-hidden
+										className="mr-2 h-4 w-4"
+										fill="currentColor"
+										viewBox="0 0 24 24"
+									>
+										<path d="M12 0C5.37 0 0 5.37 0 12a12 12 0 008.21 11.39c.6.11.82-.26.82-.58v-2c-3.34.73-4.04-1.61-4.04-1.61-.55-1.39-1.34-1.76-1.34-1.76-1.09-.74.08-.73.08-.73 1.21.08 1.84 1.24 1.84 1.24 1.07 1.84 2.81 1.31 3.5 1 .11-.78.42-1.31.76-1.61-2.66-.31-5.46-1.33-5.46-5.93 0-1.31.47-2.38 1.24-3.22-.13-.31-.54-1.53.12-3.18 0 0 1.01-.32 3.3 1.23a11.5 11.5 0 016 0c2.29-1.55 3.3-1.23 3.3-1.23.66 1.65.25 2.87.12 3.18.77.84 1.24 1.91 1.24 3.22 0 4.61-2.81 5.62-5.48 5.92.43.37.81 1.1.81 2.22v3.29c0 .32.22.7.83.58A12 12 0 0024 12c0-6.63-5.37-12-12-12z" />
+									</svg>
+									GitHub
+								</a>
 							</Button>
 						</div>
 
-						<div className="mt-8 flex items-center gap-6 text-muted-foreground text-sm">
+						<div className="mt-10 grid grid-cols-2 gap-x-6 gap-y-3 text-muted-foreground text-sm sm:grid-cols-3">
+							<div className="flex items-center gap-2">
+								<CheckCircle2 className="h-4 w-4 text-accent" />
+								Reproducible
+							</div>
 							<div className="flex items-center gap-2">
-								<span className="h-1.5 w-1.5 rounded-full bg-accent" />
+								<CheckCircle2 className="h-4 w-4 text-accent" />
 								Self-hosted
 							</div>
 							<div className="flex items-center gap-2">
-								<span className="h-1.5 w-1.5 rounded-full bg-accent" />
-								Zero vendor lock-in
+								<CheckCircle2 className="h-4 w-4 text-accent" />
+								No lock-in
 							</div>
 							<div className="flex items-center gap-2">
-								<span className="h-1.5 w-1.5 rounded-full bg-accent" />
-								Cost-effective
+								<CheckCircle2 className="h-4 w-4 text-accent" />
+								Local-first
+							</div>
+							<div className="flex items-center gap-2">
+								<CheckCircle2 className="h-4 w-4 text-accent" />
+								Works offline
+							</div>
+							<div className="flex items-center gap-2">
+								<CheckCircle2 className="h-4 w-4 text-accent" />
+								MIT licensed
 							</div>
 						</div>
 					</div>
@@ -558,3 +582,16 @@ export function HeroSection() {
 		</section>
 	);
 }
+
+function HeroCTAs() {
+	const waitlist = useWaitlist();
+	return (
+		<Button
+			className="bg-foreground text-background hover:bg-foreground/90"
+			size="lg"
+			onClick={() => waitlist.open({ source: "landing.hero" })}
+		>
+			Join the beta waitlist <ArrowRight className="ml-2 h-4 w-4" />
+		</Button>
+	);
+}
diff --git a/apps/web/src/components/landing/how-it-works-section.tsx b/apps/web/src/components/landing/how-it-works-section.tsx
new file mode 100644
index 00000000..7eba0ca1
--- /dev/null
+++ b/apps/web/src/components/landing/how-it-works-section.tsx
@@ -0,0 +1,174 @@
+import {
+	ArrowRight,
+	Box,
+	Cpu,
+	FileTerminal,
+	GitBranch,
+	MonitorPlay,
+	Radio,
+} from "lucide-react";
+
+const planes = [
+	{
+		id: "nix",
+		number: "01",
+		icon: FileTerminal,
+		title: "Nix plane",
+		tagline: "Declarative source of truth",
+		description:
+			"Evaluates your config, computes ports from your project name, provisions the devshell, and generates files. Runs once on shell entry.",
+		highlights: [
+			"flake-parts + devenv adapter",
+			"Per-app code generation",
+			"SOPS recipients in Nix config",
+		],
+	},
+	{
+		id: "agent",
+		number: "02",
+		icon: Cpu,
+		title: "Local agent",
+		tagline: "Bridge to your environment",
+		description:
+			"A Go binary on localhost:9876 that wraps Nix evaluation, manages services via process-compose, watches files, and serves the studio.",
+		highlights: [
+			"REST + Connect-RPC + SSE",
+			"JWT pairing flow",
+			"Works fully offline",
+		],
+	},
+	{
+		id: "studio",
+		number: "03",
+		icon: MonitorPlay,
+		title: "Web studio",
+		tagline: "Manage everything visually",
+		description:
+			"A React app for browsing extensions, managing services, editing config, viewing generated files, and resolving secrets — without writing Nix.",
+		highlights: [
+			"Real-time SSE updates",
+			"Form-based config editor",
+			"Per-extension panels",
+		],
+	},
+];
+
+export function HowItWorksSection() {
+	return (
+		<section className="relative border-border border-b" id="how-it-works">
+			<div className="mx-auto max-w-7xl px-4 py-24 sm:px-6 lg:px-8">
+				<div className="text-center">
+					<p className="font-medium text-accent text-sm">
+						How it works
+					</p>
+					<h2 className="mt-4 text-balance font-bold font-[Montserrat] text-3xl text-foreground sm:text-4xl">
+						Three planes, one project
+					</h2>
+					<p className="mx-auto mt-4 max-w-2xl text-pretty text-muted-foreground">
+						Stackpanel runs as a Nix configuration, a local Go agent, and a web
+						studio. Each plane has a clear job — together they replace the
+						boilerplate that lives between your code and production.
+					</p>
+				</div>
+
+				<div className="relative mt-16">
+					<div
+						aria-hidden
+						className="absolute inset-x-0 top-1/2 hidden h-px bg-gradient-to-r from-transparent via-border to-transparent lg:block"
+					/>
+					<div className="grid gap-6 lg:grid-cols-3 lg:gap-8">
+						{planes.map((plane, index) => (
+							<div
+								className="group relative flex flex-col rounded-2xl border border-border bg-card p-6 transition-colors hover:border-accent/40 hover:bg-card/80"
+								key={plane.id}
+							>
+								<div className="flex items-center justify-between">
+									<div className="flex items-center gap-3">
+										<div className="flex h-10 w-10 items-center justify-center rounded-lg bg-accent/10 text-accent">
+											<plane.icon className="h-5 w-5" />
+										</div>
+										<div>
+											<p className="font-mono text-muted-foreground text-xs tracking-[0.2em]">
+												{plane.number}
+											</p>
+											<h3 className="font-semibold text-foreground text-lg">
+												{plane.title}
+											</h3>
+										</div>
+									</div>
+									{index < planes.length - 1 && (
+										<ArrowRight className="hidden h-5 w-5 text-muted-foreground/40 lg:block" />
+									)}
+								</div>
+								<p className="mt-4 font-medium text-accent/90 text-sm">
+									{plane.tagline}
+								</p>
+								<p className="mt-2 flex-1 text-muted-foreground text-sm leading-relaxed">
+									{plane.description}
+								</p>
+								<ul className="mt-5 space-y-2 border-border/60 border-t pt-4 text-foreground/80 text-sm">
+									{plane.highlights.map((highlight) => (
+										<li
+											className="flex items-center gap-2"
+											key={highlight}
+										>
+											<span className="h-1.5 w-1.5 rounded-full bg-accent" />
+											{highlight}
+										</li>
+									))}
+								</ul>
+							</div>
+						))}
+					</div>
+				</div>
+
+				<div className="mt-12 rounded-2xl border border-border bg-secondary/30 p-6">
+					<div className="grid gap-6 lg:grid-cols-3 lg:gap-8">
+						<div className="flex items-start gap-3">
+							<div className="flex h-9 w-9 shrink-0 items-center justify-center rounded-lg bg-background text-accent">
+								<GitBranch className="h-4 w-4" />
+							</div>
+							<div>
+								<p className="font-semibold text-foreground text-sm">
+									Git is the deploy target
+								</p>
+								<p className="mt-1 text-muted-foreground text-sm">
+									Studio writes to your real config files. Diffs show up in
+									code review like any other change.
+								</p>
+							</div>
+						</div>
+						<div className="flex items-start gap-3">
+							<div className="flex h-9 w-9 shrink-0 items-center justify-center rounded-lg bg-background text-accent">
+								<Radio className="h-4 w-4" />
+							</div>
+							<div>
+								<p className="font-semibold text-foreground text-sm">
+									Real-time, locally
+								</p>
+								<p className="mt-1 text-muted-foreground text-sm">
+									SSE streams config and service updates from the agent — no
+									polling, no cloud round-trips.
+								</p>
+							</div>
+						</div>
+						<div className="flex items-start gap-3">
+							<div className="flex h-9 w-9 shrink-0 items-center justify-center rounded-lg bg-background text-accent">
+								<Box className="h-4 w-4" />
+							</div>
+							<div>
+								<p className="font-semibold text-foreground text-sm">
+									Eject without migration
+								</p>
+								<p className="mt-1 text-muted-foreground text-sm">
+									Generated files live in standard locations. Stop using
+									Stackpanel and your repo keeps working.
+								</p>
+							</div>
+						</div>
+					</div>
+				</div>
+			</div>
+		</section>
+	);
+}
diff --git a/apps/web/src/components/landing/index.ts b/apps/web/src/components/landing/index.ts
index f23cb87f..c2368923 100644
--- a/apps/web/src/components/landing/index.ts
+++ b/apps/web/src/components/landing/index.ts
@@ -1,9 +1,14 @@
+export { ComparisonSection } from "./comparison-section";
+export { ConfigShowcaseSection } from "./config-showcase-section";
 export { CTASection } from "./cta-section";
 export { DevExperienceSection } from "./dev-experience-section";
 export { FeaturesSection } from "./features-section";
 export { Footer } from "./footer";
 export { Header } from "./header";
 export { HeroSection } from "./hero-section";
+export { HowItWorksSection } from "./how-it-works-section";
 export { InfrastructureSection } from "./infrastructure-section";
+export { PricingSection } from "./pricing-section";
+export { ProductionStacksSection } from "./production-stacks-section";
 export { StatsSection } from "./stats-section";
 export { TerminalSection } from "./terminal-section";
diff --git a/apps/web/src/components/landing/infrastructure-section.tsx b/apps/web/src/components/landing/infrastructure-section.tsx
index 808dc0f9..ff3f8629 100644
--- a/apps/web/src/components/landing/infrastructure-section.tsx
+++ b/apps/web/src/components/landing/infrastructure-section.tsx
@@ -1,71 +1,172 @@
+import { Link } from "@tanstack/react-router";
 import { Button } from "@ui/button";
 import {
-	BarChart3,
+	ArrowRight,
+	Cloud,
 	Database,
 	HardDrive,
 	Lock,
 	Network,
-	Search,
+	Radio,
+	ShieldCheck,
+	Workflow,
 } from "lucide-react";
 
-export function InfrastructureSection() {
-	const services = [
-		{ icon: Search, name: "ELK Stack", description: "Full logging and search" },
-		{ icon: Database, name: "PostgreSQL", description: "Managed databases" },
-		{ icon: Network, name: "Load Balancers", description: "Scale-to-zero LBs" },
-		{ icon: HardDrive, name: "Object Storage", description: "S3-compatible" },
-		{
-			icon: BarChart3,
-			name: "Monitoring",
-			description: "Prometheus + Grafana",
-		},
-		{ icon: Lock, name: "Vault", description: "Secrets management" },
-	];
+type Service = {
+	icon: typeof Database;
+	name: string;
+	description: string;
+	envVar: string;
+	tag: string;
+};
+
+const coreServices: Service[] = [
+	{
+		icon: Database,
+		name: "PostgreSQL",
+		description: "Local cluster with persistent data dir, ready for migrations.",
+		envVar: "STACKPANEL_POSTGRES_PORT",
+		tag: "global",
+	},
+	{
+		icon: Radio,
+		name: "Redis",
+		description: "Single-node cache for sessions, queues, and rate limits.",
+		envVar: "STACKPANEL_REDIS_PORT",
+		tag: "global",
+	},
+	{
+		icon: HardDrive,
+		name: "MinIO",
+		description: "S3-compatible object storage with admin console exposed.",
+		envVar: "STACKPANEL_MINIO_PORT",
+		tag: "global",
+	},
+	{
+		icon: Network,
+		name: "Caddy",
+		description: "Reverse proxy that wires *.local hostnames to your apps.",
+		envVar: "STACKPANEL_CADDY_PORT",
+		tag: "network",
+	},
+	{
+		icon: ShieldCheck,
+		name: "Step CA",
+		description: "Internal certificate authority — real HTTPS in dev, no warnings.",
+		envVar: "STACKPANEL_STEP_CA_PORT",
+		tag: "network",
+	},
+	{
+		icon: Workflow,
+		name: "process-compose",
+		description: "Health probes, dependencies, and restart policies for everything above.",
+		envVar: "STACKPANEL_PC_PORT",
+		tag: "orchestrator",
+	},
+];
+
+const tagStyles: Record<string, string> = {
+	global: "border-emerald-500/30 bg-emerald-500/10 text-emerald-300",
+	network: "border-sky-500/30 bg-sky-500/10 text-sky-300",
+	orchestrator: "border-purple-500/30 bg-purple-500/10 text-purple-300",
+};
 
+export function InfrastructureSection() {
 	return (
 		<section
 			className="border-border border-b bg-secondary/20"
 			id="infrastructure"
 		>
 			<div className="mx-auto max-w-7xl px-4 py-24 sm:px-6 lg:px-8">
-				<div className="grid gap-12 lg:grid-cols-2 lg:gap-16">
-					<div>
-						<p className="font-medium text-accent text-sm">Infrastructure</p>
-						<h2 className="mt-4 text-balance font-bold text-3xl text-foreground sm:text-4xl">
-							One-click deploy robust systems
+				<div className="grid gap-12 lg:grid-cols-[5fr_7fr] lg:gap-16">
+					<div className="flex flex-col">
+						<p className="font-medium text-accent text-sm">
+							Local infrastructure
+						</p>
+						<h2 className="mt-4 text-balance font-bold font-[Montserrat] text-3xl text-foreground sm:text-4xl">
+							Production-shaped services on your laptop.
 						</h2>
 						<p className="mt-4 text-pretty text-muted-foreground leading-relaxed">
-							Deploy an entire ELK stack, a Kubernetes cluster, or a managed
-							database with a single click. We manage the complexity so you can
-							focus on building.
+							Stackpanel runs the same data stores you use in production —
+							Postgres, Redis, MinIO — orchestrated by{" "}
+							<span className="font-mono text-foreground">process-compose</span>{" "}
+							with health probes and dependency ordering.
 						</p>
 						<p className="mt-4 text-pretty text-muted-foreground leading-relaxed">
-							All services are self-hosted on your infrastructure. No data
-							leaves your network, and costs scale linearly with actual usage.
+							Caddy and an internal Step CA give you real HTTPS at clean
+							hostnames like{" "}
+							<span className="font-mono text-foreground">
+								https://api.myapp.local
+							</span>{" "}
+							— so OAuth, secure cookies, and webhooks behave like prod.
 						</p>
 
-						<div className="mt-8">
-							<Button className="bg-foreground text-background hover:bg-foreground/90">
-								Explore Services
+						<div className="mt-8 flex flex-wrap gap-3">
+							<Button
+								asChild
+								className="bg-foreground text-background hover:bg-foreground/90"
+							>
+								<Link to="/studio">
+									Open the Studio
+									<ArrowRight className="ml-2 h-4 w-4" />
+								</Link>
 							</Button>
+							<Button asChild variant="outline">
+								<a
+									href="https://github.com/darkmatter/stackpanel"
+									rel="noopener noreferrer"
+									target="_blank"
+								>
+									Read the docs
+								</a>
+							</Button>
+						</div>
+
+						<div className="mt-10 rounded-xl border border-border bg-background/60 p-5">
+							<div className="flex items-center gap-2">
+								<Cloud className="h-4 w-4 text-accent" />
+								<span className="font-semibold text-foreground text-sm">
+									Same shape, your cloud
+								</span>
+							</div>
+							<p className="mt-2 text-muted-foreground text-sm leading-relaxed">
+								Modules can target NixOS or container runtimes for staging and
+								production. Same config language, same generated Caddyfile,
+								same SOPS recipients — different host.
+							</p>
 						</div>
 					</div>
 
-					<div className="grid grid-cols-2 gap-4 sm:grid-cols-3">
-						{services.map((service) => (
+					<div className="grid gap-px overflow-hidden rounded-2xl border border-border bg-border sm:grid-cols-2">
+						{coreServices.map((service) => (
 							<div
-								className="group flex flex-col items-center justify-center rounded-xl border border-border bg-card p-6 text-center transition-all hover:border-accent/50"
+								className="group flex flex-col gap-3 bg-card p-5 transition-colors hover:bg-card/80"
 								key={service.name}
 							>
-								<div className="flex h-12 w-12 items-center justify-center rounded-lg bg-secondary transition-colors group-hover:bg-accent/20">
-									<service.icon className="h-6 w-6 text-muted-foreground transition-colors group-hover:text-accent" />
+								<div className="flex items-start justify-between gap-3">
+									<div className="flex h-11 w-11 items-center justify-center rounded-lg bg-secondary transition-colors group-hover:bg-accent/20">
+										<service.icon className="h-5 w-5 text-muted-foreground transition-colors group-hover:text-accent" />
+									</div>
+									<span
+										className={`rounded-full border px-2 py-0.5 font-mono text-[10px] tracking-[0.04em] ${tagStyles[service.tag]}`}
+									>
+										{service.tag}
+									</span>
+								</div>
+								<div>
+									<p className="font-semibold text-foreground text-base">
+										{service.name}
+									</p>
+									<p className="mt-1 text-muted-foreground text-xs leading-relaxed">
+										{service.description}
+									</p>
+								</div>
+								<div className="mt-auto flex items-center gap-2 border-border/60 border-t pt-3 font-mono text-[11px]">
+									<Lock className="h-3 w-3 text-muted-foreground" />
+									<span className="text-muted-foreground">
+										{service.envVar}
+									</span>
 								</div>
-								<p className="mt-3 font-medium text-foreground text-sm">
-									{service.name}
-								</p>
-								<p className="mt-1 text-muted-foreground text-xs">
-									{service.description}
-								</p>
 							</div>
 						))}
 					</div>
diff --git a/apps/web/src/components/landing/pricing-section.tsx b/apps/web/src/components/landing/pricing-section.tsx
new file mode 100644
index 00000000..f26404dc
--- /dev/null
+++ b/apps/web/src/components/landing/pricing-section.tsx
@@ -0,0 +1,223 @@
+import { Link } from "@tanstack/react-router";
+import { Button } from "@ui/button";
+import { ArrowRight, Check } from "lucide-react";
+import { cn } from "@/lib/utils";
+import { useWaitlist } from "./waitlist-dialog";
+
+type CTA =
+	| { label: string; kind: "waitlist"; tier: string }
+	| { label: string; kind: "link"; to: string }
+	| { label: string; kind: "email"; href: string };
+
+type Tier = {
+	id: string;
+	name: string;
+	tagline: string;
+	price: string;
+	priceDetail: string;
+	highlight?: boolean;
+	cta: CTA;
+	bullets: string[];
+};
+
+const tiers: Tier[] = [
+	{
+		id: "community",
+		name: "Community",
+		tagline: "Solo dev. Free forever.",
+		price: "$0",
+		priceDetail: "1 seat · no card required",
+		cta: { label: "Join the waitlist", kind: "waitlist", tier: "community" },
+		bullets: [
+			"Stackpanel core (MIT)",
+			"All 3 stacks on community branch",
+			"Best-effort patches",
+			"GitHub Discussions support",
+		],
+	},
+	{
+		id: "team",
+		name: "Team",
+		tagline: "For shipping teams.",
+		price: "$19",
+		priceDetail: "per user / month, billed monthly",
+		highlight: true,
+		cta: { label: "Request beta access", kind: "waitlist", tier: "team" },
+		bullets: [
+			"Everything in Community",
+			"Stable branch of every Production Stack",
+			"30-day patch SLA",
+			"Email support, next business day",
+		],
+	},
+	{
+		id: "business",
+		name: "Business",
+		tagline: "For platform teams.",
+		price: "$49",
+		priceDetail: "per user / month, billed monthly",
+		cta: { label: "Request beta access", kind: "waitlist", tier: "business" },
+		bullets: [
+			"Everything in Team",
+			"7-day patch SLA + early access channel",
+			"Multi-org, SSO, audit logs",
+			"Discord channel + 4-hour email response",
+		],
+	},
+	{
+		id: "enterprise",
+		name: "Enterprise",
+		tagline: "For companies that ship the world.",
+		price: "Custom",
+		priceDetail: "from $5,000 / month",
+		cta: { label: "Talk to us", kind: "email", href: "mailto:sales@stackpanel.dev" },
+		bullets: [
+			"24-hour critical CVE SLA",
+			"Air-gapped mirror license",
+			"Slack channel, on-call, named CSM",
+			"Indemnification, SCIM, custom RBAC",
+		],
+	},
+];
+
+export function PricingSection() {
+	const waitlist = useWaitlist();
+	return (
+		<section className="border-border border-b" id="pricing">
+			<div className="mx-auto max-w-7xl px-4 py-24 sm:px-6 lg:px-8">
+				<div className="text-center">
+					<p className="font-medium text-accent text-sm">Pricing</p>
+					<h2 className="mt-4 text-balance font-bold font-[Montserrat] text-3xl text-foreground sm:text-4xl">
+						Free dev environment. Paid production support.
+					</h2>
+					<p className="mx-auto mt-4 max-w-2xl text-pretty text-muted-foreground">
+						The Stackpanel core is MIT and free forever. Subscribe when
+						you&apos;re ready to outsource the maintenance of your production
+						deploys to a team that does it full-time.
+					</p>
+				</div>
+
+				<div className="mt-14 grid gap-px overflow-hidden rounded-2xl border border-border bg-border lg:grid-cols-4">
+					{tiers.map((tier) => (
+						<div
+							className={cn(
+								"flex flex-col gap-6 p-6 transition-colors",
+								tier.highlight
+									? "bg-accent/[0.06] hover:bg-accent/[0.09]"
+									: "bg-card hover:bg-card/80",
+							)}
+							key={tier.id}
+						>
+							<div>
+								<div className="flex items-center justify-between">
+									<h3 className="font-semibold text-foreground text-lg">
+										{tier.name}
+									</h3>
+									{tier.highlight ? (
+										<span className="rounded-full border border-accent/40 bg-accent/15 px-2 py-0.5 text-[10px] text-accent tracking-[0.08em] uppercase">
+											Most popular
+										</span>
+									) : null}
+								</div>
+								<p className="mt-1 text-muted-foreground text-sm">
+									{tier.tagline}
+								</p>
+							</div>
+
+							<div>
+								<p className="font-bold font-[Montserrat] text-4xl text-foreground tracking-tight">
+									{tier.price}
+								</p>
+								<p className="mt-1 text-muted-foreground text-xs">
+									{tier.priceDetail}
+								</p>
+							</div>
+
+							{tier.cta.kind === "waitlist" ? (
+								<Button
+									className={cn(
+										tier.highlight
+											? "bg-foreground text-background hover:bg-foreground/90"
+											: "",
+									)}
+									variant={tier.highlight ? "default" : "outline"}
+									onClick={() =>
+										waitlist.open({
+											source: "landing.pricing",
+											tier:
+												tier.cta.kind === "waitlist"
+													? tier.cta.tier
+													: undefined,
+										})
+									}
+								>
+									{tier.cta.label}
+									<ArrowRight className="ml-2 h-3.5 w-3.5" />
+								</Button>
+							) : tier.cta.kind === "link" ? (
+								<Button
+									asChild
+									className={cn(
+										tier.highlight
+											? "bg-foreground text-background hover:bg-foreground/90"
+											: "",
+									)}
+									variant={tier.highlight ? "default" : "outline"}
+								>
+									<Link to={tier.cta.to}>
+										{tier.cta.label}
+										<ArrowRight className="ml-2 h-3.5 w-3.5" />
+									</Link>
+								</Button>
+							) : (
+								<Button
+									asChild
+									className={cn(
+										tier.highlight
+											? "bg-foreground text-background hover:bg-foreground/90"
+											: "",
+									)}
+									variant={tier.highlight ? "default" : "outline"}
+								>
+									<a href={tier.cta.href}>
+										{tier.cta.label}
+										<ArrowRight className="ml-2 h-3.5 w-3.5" />
+									</a>
+								</Button>
+							)}
+
+							<ul className="flex flex-col gap-2.5 border-border/60 border-t pt-5">
+								{tier.bullets.map((bullet) => (
+									<li
+										className="flex items-start gap-2 text-foreground text-sm leading-relaxed"
+										key={bullet}
+									>
+										<Check className="mt-0.5 h-4 w-4 shrink-0 text-accent" />
+										<span>{bullet}</span>
+									</li>
+								))}
+							</ul>
+						</div>
+					))}
+				</div>
+
+				<div className="mt-10 flex flex-col items-center gap-3 text-center">
+					<p className="text-muted-foreground text-sm">
+						Same Production Stacks across every tier. You pay for SLA, support,
+						and team features — not for access to the recipes.
+					</p>
+					<Button
+						asChild
+						className="text-muted-foreground hover:text-foreground"
+						variant="ghost"
+					>
+						<Link to="/pricing">
+							Compare every feature
+							<ArrowRight className="ml-2 h-3.5 w-3.5" />
+						</Link>
+					</Button>
+				</div>
+			</div>
+		</section>
+	);
+}
diff --git a/apps/web/src/components/landing/production-stacks-section.tsx b/apps/web/src/components/landing/production-stacks-section.tsx
new file mode 100644
index 00000000..bca05db9
--- /dev/null
+++ b/apps/web/src/components/landing/production-stacks-section.tsx
@@ -0,0 +1,293 @@
+import { Link } from "@tanstack/react-router";
+import { Button } from "@ui/button";
+import {
+	ArrowRight,
+	CheckCircle2,
+	Cloud,
+	Globe2,
+	HardDrive,
+	type LucideIcon,
+	Network,
+	Server,
+	Workflow,
+} from "lucide-react";
+
+type Stack = {
+	id: string;
+	name: string;
+	tagline: string;
+	icon: LucideIcon;
+	targets: string[];
+	bullets: string[];
+	example: { line: string; tone?: "comment" | "value" | "punct" }[];
+	docHref: string;
+};
+
+const stacks: Stack[] = [
+	{
+		id: "alchemy",
+		name: "Alchemy",
+		tagline:
+			"Resource-graph IaC for the full TypeScript stack — Cloudflare, AWS, Vercel.",
+		icon: Workflow,
+		targets: ["Cloudflare", "AWS", "Vercel", "GitHub", "Stripe"],
+		bullets: [
+			"Type-safe bindings generated into your app",
+			"Per-PR preview environments out of the box",
+			"Secrets pulled straight from .stack/secrets",
+			"State stored in your repo or your S3 bucket",
+		],
+		example: [
+			{ line: "# .stack/config.nix", tone: "comment" },
+			{ line: "apps.web = {", tone: "punct" },
+			{ line: '  framework = "nextjs";', tone: "value" },
+			{ line: "  alchemy = {", tone: "punct" },
+			{ line: '    target = "cloudflare";  # or "aws" | "vercel"', tone: "value" },
+			{ line: "    previews = true;", tone: "value" },
+			{ line: "  };", tone: "punct" },
+			{ line: "};", tone: "punct" },
+		],
+		docHref: "/docs/stacks/alchemy",
+	},
+	{
+		id: "colmena",
+		name: "Colmena",
+		tagline:
+			"NixOS deploys for the people who want full control — Hetzner, bare metal, your own racks.",
+		icon: Server,
+		targets: ["Hetzner CAX/CCX", "Bare metal", "Any NixOS host", "Tailscale"],
+		bullets: [
+			"Atomic switch with one-command rollback",
+			"Machine groups for canary + production fleets",
+			"Secrets via agenix, recipients managed in Nix",
+			"Caddy + Step CA wired identically to dev",
+		],
+		example: [
+			{ line: "# .stack/config.nix", tone: "comment" },
+			{ line: "apps.api = {", tone: "punct" },
+			{ line: "  colmena = {", tone: "punct" },
+			{ line: '    host    = "cax21.fra";', tone: "value" },
+			{ line: "    replicas = 2;", tone: "value" },
+			{ line: "    rollback.enable = true;", tone: "value" },
+			{ line: "  };", tone: "punct" },
+			{ line: "};", tone: "punct" },
+		],
+		docHref: "/docs/stacks/colmena",
+	},
+	{
+		id: "fly",
+		name: "Fly.io",
+		tagline:
+			"Containerized apps at the edge — regional placement, Fly volumes, Fly Postgres.",
+		icon: Globe2,
+		targets: ["Fly Machines", "Fly Postgres", "Fly Volumes", "Tigris (S3)"],
+		bullets: [
+			"Multi-region machines from one Nix config",
+			"Health probes, autoscale, and graceful drain",
+			"Fly secrets sync from .stack/secrets at deploy",
+			"Built-in observability via Fly Metrics",
+		],
+		example: [
+			{ line: "# .stack/config.nix", tone: "comment" },
+			{ line: "apps.api.fly = {", tone: "punct" },
+			{ line: '  regions  = [ "iad" "fra" "sin" ];', tone: "value" },
+			{ line: "  machines = 3;", tone: "value" },
+			{ line: '  postgres.cluster = "myapp-pg";', tone: "value" },
+			{ line: "  autoscale.maxMachines = 10;", tone: "value" },
+			{ line: "};", tone: "punct" },
+		],
+		docHref: "/docs/stacks/fly",
+	},
+];
+
+const toneClasses: Record<string, string> = {
+	comment: "text-muted-foreground/70 italic",
+	value: "text-foreground/90",
+	punct: "text-muted-foreground",
+};
+
+const promiseBullets: { icon: LucideIcon; text: string }[] = [
+	{
+		icon: CheckCircle2,
+		text: "Same-day patches when nixpkgs ships breaking updates",
+	},
+	{
+		icon: CheckCircle2,
+		text: "Tested against every flake.lock bump before release",
+	},
+	{
+		icon: CheckCircle2,
+		text: "Provider API drift handled before it breaks your deploys",
+	},
+];
+
+export function ProductionStacksSection() {
+	return (
+		<section
+			className="border-border border-b bg-secondary/10"
+			id="stacks"
+		>
+			<div className="mx-auto max-w-7xl px-4 py-24 sm:px-6 lg:px-8">
+				<div className="text-center">
+					<p className="font-medium text-accent text-sm">
+						Production stacks
+					</p>
+					<h2 className="mt-4 text-balance font-bold font-[Montserrat] text-3xl text-foreground sm:text-4xl">
+						Deploy without becoming a platform team.
+					</h2>
+					<p className="mx-auto mt-4 max-w-2xl text-pretty text-muted-foreground">
+						Production Stacks are maintained Nix flake inputs that take your
+						app from{" "}
+						<span className="font-mono text-foreground">.stack/config.nix</span>{" "}
+						all the way to production. Stick to the conventions and you should
+						never need more than one option flip.
+					</p>
+
+					<div className="mx-auto mt-6 inline-flex items-center gap-2 rounded-full border border-border bg-background/60 px-4 py-1.5">
+						<span className="font-mono text-foreground text-xs">
+							apps.&lt;myapp&gt;.nextjs.enable = true;
+						</span>
+					</div>
+				</div>
+
+				<div className="mt-14 grid gap-6 lg:grid-cols-3">
+					{stacks.map((stack) => (
+						<div
+							className="flex flex-col rounded-2xl border border-border bg-card transition-colors hover:border-accent/40"
+							key={stack.id}
+						>
+							<div className="flex items-start justify-between gap-3 p-6 pb-4">
+								<div className="flex items-center gap-3">
+									<div className="flex h-11 w-11 items-center justify-center rounded-lg bg-accent/10 text-accent">
+										<stack.icon className="h-5 w-5" />
+									</div>
+									<div>
+										<h3 className="font-semibold text-foreground text-lg">
+											{stack.name}
+										</h3>
+										<p className="text-muted-foreground text-xs">
+											Stable · maintained
+										</p>
+									</div>
+								</div>
+							</div>
+
+							<p className="px-6 pb-4 text-muted-foreground text-sm leading-relaxed">
+								{stack.tagline}
+							</p>
+
+							<div className="px-6 pb-4">
+								<div className="flex flex-wrap gap-1.5">
+									{stack.targets.map((target) => (
+										<span
+											className="rounded-full border border-border bg-secondary/50 px-2 py-0.5 font-mono text-[11px] text-muted-foreground"
+											key={target}
+										>
+											{target}
+										</span>
+									))}
+								</div>
+							</div>
+
+							<div className="mx-6 mb-4 overflow-hidden rounded-lg border border-border/60 bg-background/60 font-mono text-[12px]">
+								<div className="border-border/60 border-b bg-secondary/30 px-3 py-1.5 text-[10px] text-muted-foreground tracking-[0.06em] uppercase">
+									Example
+								</div>
+								<pre className="overflow-x-auto p-3 leading-relaxed">
+									{stack.example.map((row, i) => (
+										<div
+											className={
+												row.tone
+													? toneClasses[row.tone]
+													: "text-foreground"
+											}
+											key={`${stack.id}-line-${i}`}
+										>
+											{row.line || "\u00A0"}
+										</div>
+									))}
+								</pre>
+							</div>
+
+							<ul className="mt-auto flex flex-col gap-2 border-border/60 border-t px-6 py-4">
+								{stack.bullets.map((bullet) => (
+									<li
+										className="flex items-start gap-2 text-muted-foreground text-xs"
+										key={bullet}
+									>
+										<CheckCircle2 className="mt-0.5 h-3.5 w-3.5 shrink-0 text-accent" />
+										<span className="leading-relaxed">{bullet}</span>
+									</li>
+								))}
+							</ul>
+						</div>
+					))}
+				</div>
+
+				<div className="mt-12 grid gap-8 rounded-2xl border border-border bg-card p-6 sm:p-8 lg:grid-cols-[2fr_3fr] lg:gap-12">
+					<div>
+						<div className="inline-flex items-center gap-2 rounded-full border border-accent/30 bg-accent/10 px-3 py-1 text-accent text-xs">
+							<HardDrive className="h-3.5 w-3.5" />
+							Our promise
+						</div>
+						<h3 className="mt-4 font-semibold font-[Montserrat] text-2xl text-foreground">
+							You write the convention. We keep it green.
+						</h3>
+						<p className="mt-3 text-muted-foreground text-sm leading-relaxed">
+							Stacks are versioned Nix flake inputs. Subscribers get the
+							private stable channel and a maintenance commitment — same-day
+							patches, tested against every nixpkgs and provider API change.
+						</p>
+
+						<div className="mt-6 flex flex-wrap gap-3">
+							<Button
+								asChild
+								className="bg-foreground text-background hover:bg-foreground/90"
+							>
+								<Link to="/pricing">
+									See pricing
+									<ArrowRight className="ml-2 h-4 w-4" />
+								</Link>
+							</Button>
+							<Button asChild variant="outline">
+								<a href="/docs/stacks">Browse all stacks</a>
+							</Button>
+						</div>
+					</div>
+
+					<ul className="grid gap-3 sm:grid-cols-1">
+						{promiseBullets.map((item) => (
+							<li
+								className="flex items-start gap-3 rounded-lg border border-border/60 bg-background/40 p-4"
+								key={item.text}
+							>
+								<item.icon className="mt-0.5 h-4 w-4 shrink-0 text-accent" />
+								<p className="text-foreground text-sm leading-relaxed">
+									{item.text}
+								</p>
+							</li>
+						))}
+						<li className="flex items-start gap-3 rounded-lg border border-border/60 bg-background/40 p-4">
+							<Cloud className="mt-0.5 h-4 w-4 shrink-0 text-accent" />
+							<div>
+								<p className="text-foreground text-sm leading-relaxed">
+									Marketplace coming soon
+								</p>
+								<p className="mt-1 text-muted-foreground text-xs leading-relaxed">
+									Third-party creators can ship and sell their own
+									Production Stacks — Stackpanel takes 20%, you keep 80%.
+								</p>
+							</div>
+						</li>
+					</ul>
+				</div>
+
+				<p className="mt-8 inline-flex items-center gap-2 text-muted-foreground text-xs">
+					<Network className="h-3.5 w-3.5" />
+					Solo developers always have free access to the community branch of
+					every stack.
+				</p>
+			</div>
+		</section>
+	);
+}
diff --git a/apps/web/src/components/landing/stats-section.tsx b/apps/web/src/components/landing/stats-section.tsx
index 03312e38..095ea591 100644
--- a/apps/web/src/components/landing/stats-section.tsx
+++ b/apps/web/src/components/landing/stats-section.tsx
@@ -1,21 +1,54 @@
+import { FileCode2, Hash, Layers, Network } from "lucide-react";
+
 export function StatsSection() {
 	const stats = [
-		{ value: "80%", label: "reduction in setup time" },
-		{ value: "Zero", label: "vendor lock-in" },
-		{ value: "10x", label: "faster onboarding" },
-		{ value: "$0", label: "per-seat pricing" },
+		{
+			icon: FileCode2,
+			value: "1",
+			label: "config file",
+			detail: ".stack/config.nix declares it all",
+		},
+		{
+			icon: Hash,
+			value: "Deterministic",
+			label: "ports",
+			detail: "Hashed from project name",
+		},
+		{
+			icon: Network,
+			value: "60+",
+			label: "agent endpoints",
+			detail: "REST + Connect-RPC + SSE",
+		},
+		{
+			icon: Layers,
+			value: "Zero",
+			label: "vendor lock-in",
+			detail: "Generated files look hand-written",
+		},
 	];
 
 	return (
 		<section className="border-border border-b bg-secondary/30">
 			<div className="mx-auto max-w-7xl px-4 py-16 sm:px-6 lg:px-8">
-				<div className="grid grid-cols-2 gap-8 lg:grid-cols-4">
+				<div className="grid grid-cols-2 gap-px overflow-hidden rounded-xl border border-border bg-border lg:grid-cols-4">
 					{stats.map((stat) => (
-						<div className="text-center" key={stat.label}>
-							<p className="font-bold text-3xl text-foreground sm:text-4xl">
+						<div
+							className="bg-background/40 p-6 text-center transition-colors hover:bg-background/60"
+							key={stat.label}
+						>
+							<div className="mx-auto flex h-9 w-9 items-center justify-center rounded-lg bg-accent/10 text-accent">
+								<stat.icon className="h-4 w-4" />
+							</div>
+							<p className="mt-3 font-bold font-[Montserrat] text-3xl text-foreground sm:text-4xl">
 								{stat.value}
 							</p>
-							<p className="mt-2 text-muted-foreground text-sm">{stat.label}</p>
+							<p className="mt-1 font-medium text-foreground text-sm">
+								{stat.label}
+							</p>
+							<p className="mt-1 text-muted-foreground text-xs">
+								{stat.detail}
+							</p>
 						</div>
 					))}
 				</div>
diff --git a/apps/web/src/components/landing/terminal-section.tsx b/apps/web/src/components/landing/terminal-section.tsx
index af2ba50f..c0b3ca35 100644
--- a/apps/web/src/components/landing/terminal-section.tsx
+++ b/apps/web/src/components/landing/terminal-section.tsx
@@ -3,127 +3,175 @@
 import { useState } from "react";
 import { cn } from "@/lib/utils";
 
-export function TerminalSection() {
-	const [activeTab, setActiveTab] = useState("create");
+type TerminalLine = {
+	text: string;
+	tone?: "info" | "success" | "warning" | "muted" | "highlight";
+};
+
+type Tab = {
+	id: string;
+	label: string;
+	prompt: string;
+	command: string;
+	lines: TerminalLine[];
+};
+
+const tabs: Tab[] = [
+	{
+		id: "init",
+		label: "Bootstrap",
+		prompt: "~/myapp $",
+		command: "nix flake init -t github:darkmatter/stackpanel#default",
+		lines: [
+			{ text: "→ Cloning template into ./", tone: "info" },
+			{ text: "✓ flake.nix written", tone: "success" },
+			{ text: "✓ .stack/config.nix written", tone: "success" },
+			{ text: "✓ .envrc written (direnv)", tone: "success" },
+			{ text: "" },
+			{ text: "Next:", tone: "muted" },
+			{ text: "  direnv allow             # build & enter the devshell", tone: "muted" },
+			{ text: "  dev                      # start every app + service", tone: "muted" },
+			{ text: "  stackpanel studio        # open Studio in your browser", tone: "muted" },
+		],
+	},
+	{
+		id: "shell",
+		label: "Enter devshell",
+		prompt: "~/myapp $",
+		command: "direnv allow",
+		lines: [
+			{ text: "direnv: loading .envrc", tone: "muted" },
+			{ text: "→ Evaluating .stack/config.nix", tone: "info" },
+			{ text: "→ Building devshell (cached: 142 / 144 derivations)", tone: "info" },
+			{ text: "✓ Toolchain ready: bun 1.x · go 1.25 · postgres 16", tone: "success" },
+			{ text: "✓ IDE config generated for VS Code + Zed", tone: "success" },
+			{ text: "✓ Ports allocated: web :4200 · api :4201 · postgres :4210", tone: "success" },
+			{ text: "✓ Stackpanel agent listening on http://localhost:9876", tone: "success" },
+			{ text: "" },
+			{ text: "STACKPANEL_PROJECT=myapp", tone: "muted" },
+			{ text: "STACKPANEL_POSTGRES_PORT=4210", tone: "muted" },
+			{ text: "Welcome back, charles. Type `dev` to start.", tone: "highlight" },
+		],
+	},
+	{
+		id: "services",
+		label: "Run the stack",
+		prompt: "(myapp) $",
+		command: "dev",
+		lines: [
+			{ text: "→ process-compose: starting myapp", tone: "info" },
+			{ text: "✓ step-ca       READY     internal CA + ACME", tone: "success" },
+			{ text: "✓ caddy         READY     https://*.myapp.local", tone: "success" },
+			{ text: "✓ postgres      READY     :4210", tone: "success" },
+			{ text: "✓ redis         READY     :4211", tone: "success" },
+			{ text: "✓ minio         READY     :4212  console :4213", tone: "success" },
+			{ text: "✓ web           READY     https://web.myapp.local", tone: "success" },
+			{ text: "✓ api           READY     https://api.myapp.local", tone: "success" },
+			{ text: "" },
+			{ text: "→ Studio: https://studio.myapp.local", tone: "highlight" },
+		],
+	},
+	{
+		id: "secrets",
+		label: "Add a secret",
+		prompt: "(myapp) $",
+		command: "stackpanel secrets edit dev",
+		lines: [
+			{ text: "→ Decrypting .stack/secrets/dev.sops.yaml with local AGE key", tone: "info" },
+			{ text: "→ Opening $EDITOR…", tone: "muted" },
+			{ text: "+ STRIPE_SECRET_KEY: sk_test_…", tone: "success" },
+			{ text: "✓ Re-encrypted for 4 recipients", tone: "success" },
+			{ text: "✓ Regenerated @gen/env/api with new field", tone: "success" },
+			{ text: "" },
+			{ text: "Next:", tone: "muted" },
+			{ text: "  git add .stack/secrets/dev.sops.yaml packages/gen/env", tone: "muted" },
+			{ text: "  git commit -m 'feat: stripe secret'", tone: "muted" },
+		],
+	},
+];
 
-	const tabs = [
-		{ id: "create", label: "Create App" },
-		{ id: "install", label: "Install Service" },
-		{ id: "deploy", label: "Deploy" },
-	];
+const toneClasses: Record<NonNullable<TerminalLine["tone"]>, string> = {
+	info: "text-muted-foreground",
+	success: "text-accent",
+	warning: "text-yellow-400",
+	muted: "text-muted-foreground/80",
+	highlight: "font-semibold text-accent",
+};
 
-	const terminalContent: Record<string, { command: string; output: string[] }> =
-		{
-			create: {
-				command: "create-app payments-api --template=api",
-				output: [
-					"→ Creating new application...",
-					"✓ Initialized turborepo workspace",
-					"✓ Applied stack configuration (neon, redis, observability)",
-					"✓ Created GitHub repo: acme-corp/payments-api",
-					"✓ Configured CI/CD pipeline",
-					"✓ Added to StackPanel dashboard",
-					"",
-					"cd payments-api && nix develop",
-				],
-			},
-			install: {
-				command: "x install neon",
-				output: [
-					"→ Installing Neon integration...",
-					"✓ Added @neondatabase/serverless to dependencies",
-					"✓ Created lib/db.ts with connection pool",
-					"✓ Added DATABASE_URL to secrets",
-					"✓ Updated nix flake with pg_dump tools",
-					"✓ Generated migration scaffolding",
-					"",
-					"Run 'x db:migrate' to create your first migration",
-				],
-			},
-			deploy: {
-				command: "x deploy production",
-				output: [
-					"→ Deploying to production...",
-					"✓ Building container image (2.3s)",
-					"✓ Pushing to internal registry",
-					"✓ Updating GitOps repo",
-					"✓ ArgoCD syncing deployment",
-					"✓ Health checks passing",
-					"",
-					"🚀 Live at https://payments-api.acme-corp.com",
-				],
-			},
-		};
+export function TerminalSection() {
+	const [activeTab, setActiveTab] = useState(tabs[0].id);
+	const current = tabs.find((tab) => tab.id === activeTab) ?? tabs[0];
 
 	return (
-		<section className="border-border border-b bg-secondary/20">
+		<section className="border-border border-b bg-secondary/20" id="cli">
 			<div className="mx-auto max-w-7xl px-4 py-24 sm:px-6 lg:px-8">
 				<div className="text-center">
-					<p className="font-medium text-accent text-sm">CLI Tools</p>
-					<h2 className="mt-4 text-balance font-bold text-3xl text-foreground sm:text-4xl">
-						Powerful commands at your fingertips
+					<p className="font-medium text-accent text-sm">CLI</p>
+					<h2 className="mt-4 text-balance font-bold font-[Montserrat] text-3xl text-foreground sm:text-4xl">
+						Real commands, no proprietary glue
 					</h2>
 					<p className="mx-auto mt-4 max-w-2xl text-pretty text-muted-foreground">
-						Tools automatically available in your PATH. No installation
-						needed—just enter your dev shell and start building.
+						The{" "}
+						<span className="font-mono text-foreground">stackpanel</span> CLI
+						speaks Nix, SOPS, and process-compose. Every command operates on
+						standard files in your repo.
 					</p>
 				</div>
 
-				<div className="mx-auto mt-12 max-w-3xl">
-					<div className="overflow-hidden rounded-xl border border-border bg-card shadow-xl">
-						<div className="flex items-center justify-between border-border border-b bg-secondary/50 px-4">
-							<div className="flex">
+				<div className="mx-auto mt-12 max-w-4xl">
+					<div className="overflow-hidden rounded-xl border border-border bg-card shadow-2xl">
+						<div className="flex items-center justify-between border-border border-b bg-secondary/50 px-2 sm:px-4">
+							<div className="flex overflow-x-auto">
 								{tabs.map((tab) => (
 									<button
 										className={cn(
-											"border-b-2 px-4 py-3 font-medium text-sm transition-colors",
+											"shrink-0 border-b-2 px-3 py-3 font-medium text-sm transition-colors sm:px-4",
 											activeTab === tab.id
 												? "border-accent text-foreground"
 												: "border-transparent text-muted-foreground hover:text-foreground",
 										)}
 										key={tab.id}
 										onClick={() => setActiveTab(tab.id)}
+										type="button"
 									>
 										{tab.label}
 									</button>
 								))}
 							</div>
-							<div className="flex gap-1.5">
+							<div className="hidden gap-1.5 pr-2 sm:flex">
 								<div className="h-3 w-3 rounded-full bg-red-500/80" />
 								<div className="h-3 w-3 rounded-full bg-yellow-500/80" />
 								<div className="h-3 w-3 rounded-full bg-green-500/80" />
 							</div>
 						</div>
 
-						<div className="p-6 font-mono text-sm">
-							<div className="flex items-center gap-2">
-								<span className="text-accent">$</span>
-								<span className="text-foreground">
-									{terminalContent[activeTab].command}
+						<div className="overflow-x-auto p-4 font-mono text-sm sm:p-6">
+							<div className="flex items-start gap-2">
+								<span className="text-muted-foreground">{current.prompt}</span>
+								<span className="break-all text-foreground">
+									{current.command}
 								</span>
 							</div>
 							<div className="mt-4 space-y-1">
-								{terminalContent[activeTab].output.map((line, i) => (
+								{current.lines.map((line, i) => (
 									<div
 										className={cn(
-											line.startsWith("✓")
-												? "text-accent"
-												: line.startsWith("→")
-													? "text-muted-foreground"
-													: line.startsWith("🚀")
-														? "font-semibold text-accent"
-														: line === ""
-															? "h-4"
-															: "text-muted-foreground",
+											line.text === "" && "h-4",
+											line.tone ? toneClasses[line.tone] : "text-foreground",
 										)}
-										key={i}
+										key={`${current.id}-line-${i}`}
 									>
-										{line}
+										{line.text}
 									</div>
 								))}
 							</div>
 						</div>
 					</div>
+
+					<p className="mt-4 text-center text-muted-foreground text-xs">
+						Same command works on macOS, Linux, and NixOS — same versions, same
+						output.
+					</p>
 				</div>
 			</div>
 		</section>
diff --git a/apps/web/src/components/landing/waitlist-dialog.tsx b/apps/web/src/components/landing/waitlist-dialog.tsx
new file mode 100644
index 00000000..38aad1cf
--- /dev/null
+++ b/apps/web/src/components/landing/waitlist-dialog.tsx
@@ -0,0 +1,351 @@
+"use client";
+
+import { Button } from "@ui/button";
+import {
+	Dialog,
+	DialogContent,
+	DialogDescription,
+	DialogFooter,
+	DialogHeader,
+	DialogTitle,
+} from "@ui/dialog";
+import { Input } from "@ui/input";
+import { Label } from "@ui/label";
+import { Textarea } from "@ui/textarea";
+import { useMutation } from "@tanstack/react-query";
+import {
+	ArrowRight,
+	CheckCircle2,
+	ExternalLink,
+	Loader2,
+	PlayCircle,
+} from "lucide-react";
+import {
+	createContext,
+	type ReactNode,
+	useCallback,
+	useContext,
+	useMemo,
+	useState,
+} from "react";
+import { Link } from "@tanstack/react-router";
+import { toast } from "sonner";
+import { useTRPC } from "@/utils/trpc";
+import { cn } from "@/lib/utils";
+
+type WaitlistOpenOptions = {
+	source?: string;
+	tier?: string;
+};
+
+type WaitlistContextValue = {
+	open: (opts?: WaitlistOpenOptions) => void;
+	close: () => void;
+};
+
+const WaitlistContext = createContext<WaitlistContextValue | null>(null);
+
+/**
+ * Provides a single global waitlist dialog mounted at the layout level.
+ * Any descendant can call `useWaitlist().open({ source: "..." })` to
+ * trigger it; only one instance is ever rendered.
+ */
+export function WaitlistProvider({ children }: { children: ReactNode }) {
+	const [openState, setOpenState] = useState(false);
+	const [source, setSource] = useState<string | undefined>();
+	const [tier, setTier] = useState<string | undefined>();
+
+	const open = useCallback((opts?: WaitlistOpenOptions) => {
+		setSource(opts?.source);
+		setTier(opts?.tier);
+		setOpenState(true);
+	}, []);
+
+	const close = useCallback(() => setOpenState(false), []);
+
+	const value = useMemo<WaitlistContextValue>(
+		() => ({ open, close }),
+		[open, close],
+	);
+
+	return (
+		<WaitlistContext.Provider value={value}>
+			{children}
+			<WaitlistDialog
+				open={openState}
+				onOpenChange={setOpenState}
+				source={source}
+				tier={tier}
+			/>
+		</WaitlistContext.Provider>
+	);
+}
+
+export function useWaitlist(): WaitlistContextValue {
+	const ctx = useContext(WaitlistContext);
+	if (!ctx) {
+		throw new Error("useWaitlist must be used within a <WaitlistProvider>");
+	}
+	return ctx;
+}
+
+type WaitlistDialogProps = {
+	open: boolean;
+	onOpenChange: (open: boolean) => void;
+	source?: string;
+	tier?: string;
+};
+
+function WaitlistDialog({
+	open,
+	onOpenChange,
+	source,
+	tier,
+}: WaitlistDialogProps) {
+	const trpc = useTRPC();
+	const [email, setEmail] = useState("");
+	const [name, setName] = useState("");
+	const [company, setCompany] = useState("");
+	const [notes, setNotes] = useState("");
+	const [submitted, setSubmitted] = useState<null | {
+		alreadyOnList: boolean;
+	}>(null);
+
+	const referrer =
+		typeof document !== "undefined" ? document.referrer || undefined : undefined;
+
+	const join = useMutation(
+		trpc.waitlist.join.mutationOptions({
+			onSuccess: (data) => {
+				setSubmitted({ alreadyOnList: data.alreadyOnList });
+				if (data.alreadyOnList) {
+					toast.success("You're already on the list — we'll be in touch.");
+				} else {
+					toast.success("You're on the list. We'll send a beta invite soon.");
+				}
+			},
+			onError: (err) => {
+				toast.error(err.message ?? "Could not join the waitlist.");
+			},
+		}),
+	);
+
+	const reset = useCallback(() => {
+		setEmail("");
+		setName("");
+		setCompany("");
+		setNotes("");
+		setSubmitted(null);
+	}, []);
+
+	const handleOpenChange = useCallback(
+		(next: boolean) => {
+			if (!next) {
+				setTimeout(reset, 200);
+			}
+			onOpenChange(next);
+		},
+		[onOpenChange, reset],
+	);
+
+	const handleSubmit = useCallback(
+		(event: React.FormEvent<HTMLFormElement>) => {
+			event.preventDefault();
+			if (!email.trim()) return;
+			join.mutate({
+				email: email.trim(),
+				name: name.trim() || undefined,
+				company: company.trim() || undefined,
+				notes: notes.trim() || undefined,
+				source: tier ? `${source ?? "unknown"}.${tier}` : source,
+				referrer,
+			});
+		},
+		[email, name, company, notes, source, tier, referrer, join],
+	);
+
+	const isPending = join.isPending;
+
+	return (
+		<Dialog open={open} onOpenChange={handleOpenChange}>
+			<DialogContent className="sm:max-w-lg">
+				{submitted ? (
+					<SuccessState
+						alreadyOnList={submitted.alreadyOnList}
+						onClose={() => handleOpenChange(false)}
+					/>
+				) : (
+					<form onSubmit={handleSubmit} className="space-y-5">
+						<DialogHeader>
+							<DialogTitle className="text-xl">
+								Join the Stackpanel beta
+							</DialogTitle>
+							<DialogDescription className="text-sm">
+								We're rolling out access in waves. Tell us a bit about what
+								you're building and we'll send you an invite when there's a
+								slot.
+							</DialogDescription>
+						</DialogHeader>
+
+						<div className="space-y-3">
+							<div className="space-y-1.5">
+								<Label htmlFor="waitlist-email" className="text-xs">
+									Work email
+								</Label>
+								<Input
+									id="waitlist-email"
+									type="email"
+									required
+									autoComplete="email"
+									placeholder="you@company.com"
+									value={email}
+									onChange={(e) => setEmail(e.target.value)}
+									disabled={isPending}
+								/>
+							</div>
+
+							<div className="grid grid-cols-2 gap-3">
+								<div className="space-y-1.5">
+									<Label htmlFor="waitlist-name" className="text-xs">
+										Name <span className="text-muted-foreground">(optional)</span>
+									</Label>
+									<Input
+										id="waitlist-name"
+										type="text"
+										autoComplete="name"
+										placeholder="Ada Lovelace"
+										value={name}
+										onChange={(e) => setName(e.target.value)}
+										disabled={isPending}
+									/>
+								</div>
+								<div className="space-y-1.5">
+									<Label htmlFor="waitlist-company" className="text-xs">
+										Company{" "}
+										<span className="text-muted-foreground">(optional)</span>
+									</Label>
+									<Input
+										id="waitlist-company"
+										type="text"
+										autoComplete="organization"
+										placeholder="Acme, Inc."
+										value={company}
+										onChange={(e) => setCompany(e.target.value)}
+										disabled={isPending}
+									/>
+								</div>
+							</div>
+
+							<div className="space-y-1.5">
+								<Label htmlFor="waitlist-notes" className="text-xs">
+									What would you build with Stackpanel?{" "}
+									<span className="text-muted-foreground">(optional)</span>
+								</Label>
+								<Textarea
+									id="waitlist-notes"
+									rows={3}
+									placeholder="e.g. multi-tenant Next.js app on Cloudflare with a Postgres + Redis dev stack."
+									value={notes}
+									onChange={(e) => setNotes(e.target.value)}
+									disabled={isPending}
+								/>
+							</div>
+						</div>
+
+						<p className="text-xs text-muted-foreground">
+							Want to see what you're signing up for?{" "}
+							<Link
+								to="/demo"
+								className="text-primary underline-offset-4 hover:underline"
+								onClick={() => handleOpenChange(false)}
+							>
+								Open the live demo
+							</Link>
+							.
+						</p>
+
+						<DialogFooter className="gap-2 sm:gap-2">
+							<Button
+								type="button"
+								variant="ghost"
+								onClick={() => handleOpenChange(false)}
+								disabled={isPending}
+							>
+								Cancel
+							</Button>
+							<Button
+								type="submit"
+								disabled={isPending || !email.trim()}
+								className={cn("min-w-32")}
+							>
+								{isPending ? (
+									<>
+										<Loader2 className="mr-2 h-4 w-4 animate-spin" />
+										Sending…
+									</>
+								) : (
+									<>
+										Join waitlist
+										<ArrowRight className="ml-2 h-4 w-4" />
+									</>
+								)}
+							</Button>
+						</DialogFooter>
+					</form>
+				)}
+			</DialogContent>
+		</Dialog>
+	);
+}
+
+function SuccessState({
+	alreadyOnList,
+	onClose,
+}: {
+	alreadyOnList: boolean;
+	onClose: () => void;
+}) {
+	return (
+		<div className="space-y-5">
+			<DialogHeader>
+				<div className="flex items-center justify-center mb-3">
+					<div className="rounded-full bg-primary/10 p-3">
+						<CheckCircle2 className="h-7 w-7 text-primary" />
+					</div>
+				</div>
+				<DialogTitle className="text-center text-xl">
+					{alreadyOnList ? "You're already on the list" : "You're on the list"}
+				</DialogTitle>
+				<DialogDescription className="text-center text-sm">
+					{alreadyOnList
+						? "We've got your earlier signup. Sit tight — we'll reach out when there's a slot."
+						: "We'll email you the moment your beta invite is ready. In the meantime, click around the live demo so you know what's coming."}
+				</DialogDescription>
+			</DialogHeader>
+
+			<div className="grid gap-2 sm:grid-cols-2">
+				<Button asChild variant="default">
+					<Link to="/demo" onClick={onClose}>
+						<PlayCircle className="mr-2 h-4 w-4" />
+						Try the demo Studio
+					</Link>
+				</Button>
+				<Button asChild variant="outline">
+					<a
+						href="https://github.com/darkmatter/stackpanel"
+						target="_blank"
+						rel="noreferrer noopener"
+						onClick={onClose}
+					>
+						<ExternalLink className="mr-2 h-4 w-4" />
+						Star us on GitHub
+					</a>
+				</Button>
+			</div>
+
+			<p className="text-center text-xs text-muted-foreground">
+				No spam. We'll only email you about the beta.
+			</p>
+		</div>
+	);
+}
diff --git a/apps/web/src/routeTree.gen.ts b/apps/web/src/routeTree.gen.ts
index 7ccef4ae..c3bf0c1d 100644
--- a/apps/web/src/routeTree.gen.ts
+++ b/apps/web/src/routeTree.gen.ts
@@ -11,12 +11,15 @@
 import { Route as rootRouteImport } from './routes/__root'
 import { Route as SuccessRouteImport } from './routes/success'
 import { Route as StudioRouteImport } from './routes/studio'
+import { Route as PricingRouteImport } from './routes/pricing'
 import { Route as LoginRouteImport } from './routes/login'
+import { Route as DemoRouteImport } from './routes/demo'
 import { Route as DashboardRouteImport } from './routes/dashboard'
 import { Route as AiRouteImport } from './routes/ai'
 import { Route as IndexRouteImport } from './routes/index'
 import { Route as StudioIndexRouteImport } from './routes/studio/index'
 import { Route as DocsIndexRouteImport } from './routes/docs/index'
+import { Route as DemoIndexRouteImport } from './routes/demo/index'
 import { Route as StudioVariablesRouteImport } from './routes/studio/variables'
 import { Route as StudioTerminalRouteImport } from './routes/studio/terminal'
 import { Route as StudioTeamRouteImport } from './routes/studio/team'
@@ -44,6 +47,11 @@ import { Route as StudioConfigurationRouteImport } from './routes/studio/configu
 import { Route as StudioChecksRouteImport } from './routes/studio/checks'
 import { Route as StudioAppsRouteImport } from './routes/studio/apps'
 import { Route as DocsSplatRouteImport } from './routes/docs/$'
+import { Route as DemoVariablesRouteImport } from './routes/demo/variables'
+import { Route as DemoServicesRouteImport } from './routes/demo/services'
+import { Route as DemoNetworkRouteImport } from './routes/demo/network'
+import { Route as DemoFilesRouteImport } from './routes/demo/files'
+import { Route as DemoAppsRouteImport } from './routes/demo/apps'
 import { Route as ApiSeedSnapshotsRouteImport } from './routes/api/seed-snapshots'
 import { Route as ApiProvisionDbRouteImport } from './routes/api/provision-db'
 import { Route as ApiTrpcSplatRouteImport } from './routes/api/trpc.$'
@@ -59,11 +67,21 @@ const StudioRoute = StudioRouteImport.update({
   path: '/studio',
   getParentRoute: () => rootRouteImport,
 } as any)
+const PricingRoute = PricingRouteImport.update({
+  id: '/pricing',
+  path: '/pricing',
+  getParentRoute: () => rootRouteImport,
+} as any)
 const LoginRoute = LoginRouteImport.update({
   id: '/login',
   path: '/login',
   getParentRoute: () => rootRouteImport,
 } as any)
+const DemoRoute = DemoRouteImport.update({
+  id: '/demo',
+  path: '/demo',
+  getParentRoute: () => rootRouteImport,
+} as any)
 const DashboardRoute = DashboardRouteImport.update({
   id: '/dashboard',
   path: '/dashboard',
@@ -89,6 +107,11 @@ const DocsIndexRoute = DocsIndexRouteImport.update({
   path: '/docs/',
   getParentRoute: () => rootRouteImport,
 } as any)
+const DemoIndexRoute = DemoIndexRouteImport.update({
+  id: '/',
+  path: '/',
+  getParentRoute: () => DemoRoute,
+} as any)
 const StudioVariablesRoute = StudioVariablesRouteImport.update({
   id: '/variables',
   path: '/variables',
@@ -224,6 +247,31 @@ const DocsSplatRoute = DocsSplatRouteImport.update({
   path: '/docs/$',
   getParentRoute: () => rootRouteImport,
 } as any)
+const DemoVariablesRoute = DemoVariablesRouteImport.update({
+  id: '/variables',
+  path: '/variables',
+  getParentRoute: () => DemoRoute,
+} as any)
+const DemoServicesRoute = DemoServicesRouteImport.update({
+  id: '/services',
+  path: '/services',
+  getParentRoute: () => DemoRoute,
+} as any)
+const DemoNetworkRoute = DemoNetworkRouteImport.update({
+  id: '/network',
+  path: '/network',
+  getParentRoute: () => DemoRoute,
+} as any)
+const DemoFilesRoute = DemoFilesRouteImport.update({
+  id: '/files',
+  path: '/files',
+  getParentRoute: () => DemoRoute,
+} as any)
+const DemoAppsRoute = DemoAppsRouteImport.update({
+  id: '/apps',
+  path: '/apps',
+  getParentRoute: () => DemoRoute,
+} as any)
 const ApiSeedSnapshotsRoute = ApiSeedSnapshotsRouteImport.update({
   id: '/api/seed-snapshots',
   path: '/api/seed-snapshots',
@@ -249,11 +297,18 @@ export interface FileRoutesByFullPath {
   '/': typeof IndexRoute
   '/ai': typeof AiRoute
   '/dashboard': typeof DashboardRoute
+  '/demo': typeof DemoRouteWithChildren
   '/login': typeof LoginRoute
+  '/pricing': typeof PricingRoute
   '/studio': typeof StudioRouteWithChildren
   '/success': typeof SuccessRoute
   '/api/provision-db': typeof ApiProvisionDbRoute
   '/api/seed-snapshots': typeof ApiSeedSnapshotsRoute
+  '/demo/apps': typeof DemoAppsRoute
+  '/demo/files': typeof DemoFilesRoute
+  '/demo/network': typeof DemoNetworkRoute
+  '/demo/services': typeof DemoServicesRoute
+  '/demo/variables': typeof DemoVariablesRoute
   '/docs/$': typeof DocsSplatRoute
   '/studio/apps': typeof StudioAppsRoute
   '/studio/checks': typeof StudioChecksRoute
@@ -281,6 +336,7 @@ export interface FileRoutesByFullPath {
   '/studio/team': typeof StudioTeamRoute
   '/studio/terminal': typeof StudioTerminalRoute
   '/studio/variables': typeof StudioVariablesRoute
+  '/demo/': typeof DemoIndexRoute
   '/docs/': typeof DocsIndexRoute
   '/studio/': typeof StudioIndexRoute
   '/api/auth/$': typeof ApiAuthSplatRoute
@@ -291,9 +347,15 @@ export interface FileRoutesByTo {
   '/ai': typeof AiRoute
   '/dashboard': typeof DashboardRoute
   '/login': typeof LoginRoute
+  '/pricing': typeof PricingRoute
   '/success': typeof SuccessRoute
   '/api/provision-db': typeof ApiProvisionDbRoute
   '/api/seed-snapshots': typeof ApiSeedSnapshotsRoute
+  '/demo/apps': typeof DemoAppsRoute
+  '/demo/files': typeof DemoFilesRoute
+  '/demo/network': typeof DemoNetworkRoute
+  '/demo/services': typeof DemoServicesRoute
+  '/demo/variables': typeof DemoVariablesRoute
   '/docs/$': typeof DocsSplatRoute
   '/studio/apps': typeof StudioAppsRoute
   '/studio/checks': typeof StudioChecksRoute
@@ -321,6 +383,7 @@ export interface FileRoutesByTo {
   '/studio/team': typeof StudioTeamRoute
   '/studio/terminal': typeof StudioTerminalRoute
   '/studio/variables': typeof StudioVariablesRoute
+  '/demo': typeof DemoIndexRoute
   '/docs': typeof DocsIndexRoute
   '/studio': typeof StudioIndexRoute
   '/api/auth/$': typeof ApiAuthSplatRoute
@@ -331,11 +394,18 @@ export interface FileRoutesById {
   '/': typeof IndexRoute
   '/ai': typeof AiRoute
   '/dashboard': typeof DashboardRoute
+  '/demo': typeof DemoRouteWithChildren
   '/login': typeof LoginRoute
+  '/pricing': typeof PricingRoute
   '/studio': typeof StudioRouteWithChildren
   '/success': typeof SuccessRoute
   '/api/provision-db': typeof ApiProvisionDbRoute
   '/api/seed-snapshots': typeof ApiSeedSnapshotsRoute
+  '/demo/apps': typeof DemoAppsRoute
+  '/demo/files': typeof DemoFilesRoute
+  '/demo/network': typeof DemoNetworkRoute
+  '/demo/services': typeof DemoServicesRoute
+  '/demo/variables': typeof DemoVariablesRoute
   '/docs/$': typeof DocsSplatRoute
   '/studio/apps': typeof StudioAppsRoute
   '/studio/checks': typeof StudioChecksRoute
@@ -363,6 +433,7 @@ export interface FileRoutesById {
   '/studio/team': typeof StudioTeamRoute
   '/studio/terminal': typeof StudioTerminalRoute
   '/studio/variables': typeof StudioVariablesRoute
+  '/demo/': typeof DemoIndexRoute
   '/docs/': typeof DocsIndexRoute
   '/studio/': typeof StudioIndexRoute
   '/api/auth/$': typeof ApiAuthSplatRoute
@@ -374,11 +445,18 @@ export interface FileRouteTypes {
     | '/'
     | '/ai'
     | '/dashboard'
+    | '/demo'
     | '/login'
+    | '/pricing'
     | '/studio'
     | '/success'
     | '/api/provision-db'
     | '/api/seed-snapshots'
+    | '/demo/apps'
+    | '/demo/files'
+    | '/demo/network'
+    | '/demo/services'
+    | '/demo/variables'
     | '/docs/$'
     | '/studio/apps'
     | '/studio/checks'
@@ -406,6 +484,7 @@ export interface FileRouteTypes {
     | '/studio/team'
     | '/studio/terminal'
     | '/studio/variables'
+    | '/demo/'
     | '/docs/'
     | '/studio/'
     | '/api/auth/$'
@@ -416,9 +495,15 @@ export interface FileRouteTypes {
     | '/ai'
     | '/dashboard'
     | '/login'
+    | '/pricing'
     | '/success'
     | '/api/provision-db'
     | '/api/seed-snapshots'
+    | '/demo/apps'
+    | '/demo/files'
+    | '/demo/network'
+    | '/demo/services'
+    | '/demo/variables'
     | '/docs/$'
     | '/studio/apps'
     | '/studio/checks'
@@ -446,6 +531,7 @@ export interface FileRouteTypes {
     | '/studio/team'
     | '/studio/terminal'
     | '/studio/variables'
+    | '/demo'
     | '/docs'
     | '/studio'
     | '/api/auth/$'
@@ -455,11 +541,18 @@ export interface FileRouteTypes {
     | '/'
     | '/ai'
     | '/dashboard'
+    | '/demo'
     | '/login'
+    | '/pricing'
     | '/studio'
     | '/success'
     | '/api/provision-db'
     | '/api/seed-snapshots'
+    | '/demo/apps'
+    | '/demo/files'
+    | '/demo/network'
+    | '/demo/services'
+    | '/demo/variables'
     | '/docs/$'
     | '/studio/apps'
     | '/studio/checks'
@@ -487,6 +580,7 @@ export interface FileRouteTypes {
     | '/studio/team'
     | '/studio/terminal'
     | '/studio/variables'
+    | '/demo/'
     | '/docs/'
     | '/studio/'
     | '/api/auth/$'
@@ -497,7 +591,9 @@ export interface RootRouteChildren {
   IndexRoute: typeof IndexRoute
   AiRoute: typeof AiRoute
   DashboardRoute: typeof DashboardRoute
+  DemoRoute: typeof DemoRouteWithChildren
   LoginRoute: typeof LoginRoute
+  PricingRoute: typeof PricingRoute
   StudioRoute: typeof StudioRouteWithChildren
   SuccessRoute: typeof SuccessRoute
   ApiProvisionDbRoute: typeof ApiProvisionDbRoute
@@ -524,6 +620,13 @@ declare module '@tanstack/react-router' {
       preLoaderRoute: typeof StudioRouteImport
       parentRoute: typeof rootRouteImport
     }
+    '/pricing': {
+      id: '/pricing'
+      path: '/pricing'
+      fullPath: '/pricing'
+      preLoaderRoute: typeof PricingRouteImport
+      parentRoute: typeof rootRouteImport
+    }
     '/login': {
       id: '/login'
       path: '/login'
@@ -531,6 +634,13 @@ declare module '@tanstack/react-router' {
       preLoaderRoute: typeof LoginRouteImport
       parentRoute: typeof rootRouteImport
     }
+    '/demo': {
+      id: '/demo'
+      path: '/demo'
+      fullPath: '/demo'
+      preLoaderRoute: typeof DemoRouteImport
+      parentRoute: typeof rootRouteImport
+    }
     '/dashboard': {
       id: '/dashboard'
       path: '/dashboard'
@@ -566,6 +676,13 @@ declare module '@tanstack/react-router' {
       preLoaderRoute: typeof DocsIndexRouteImport
       parentRoute: typeof rootRouteImport
     }
+    '/demo/': {
+      id: '/demo/'
+      path: '/'
+      fullPath: '/demo/'
+      preLoaderRoute: typeof DemoIndexRouteImport
+      parentRoute: typeof DemoRoute
+    }
     '/studio/variables': {
       id: '/studio/variables'
       path: '/variables'
@@ -755,6 +872,41 @@ declare module '@tanstack/react-router' {
       preLoaderRoute: typeof DocsSplatRouteImport
       parentRoute: typeof rootRouteImport
     }
+    '/demo/variables': {
+      id: '/demo/variables'
+      path: '/variables'
+      fullPath: '/demo/variables'
+      preLoaderRoute: typeof DemoVariablesRouteImport
+      parentRoute: typeof DemoRoute
+    }
+    '/demo/services': {
+      id: '/demo/services'
+      path: '/services'
+      fullPath: '/demo/services'
+      preLoaderRoute: typeof DemoServicesRouteImport
+      parentRoute: typeof DemoRoute
+    }
+    '/demo/network': {
+      id: '/demo/network'
+      path: '/network'
+      fullPath: '/demo/network'
+      preLoaderRoute: typeof DemoNetworkRouteImport
+      parentRoute: typeof DemoRoute
+    }
+    '/demo/files': {
+      id: '/demo/files'
+      path: '/files'
+      fullPath: '/demo/files'
+      preLoaderRoute: typeof DemoFilesRouteImport
+      parentRoute: typeof DemoRoute
+    }
+    '/demo/apps': {
+      id: '/demo/apps'
+      path: '/apps'
+      fullPath: '/demo/apps'
+      preLoaderRoute: typeof DemoAppsRouteImport
+      parentRoute: typeof DemoRoute
+    }
     '/api/seed-snapshots': {
       id: '/api/seed-snapshots'
       path: '/api/seed-snapshots'
@@ -786,6 +938,26 @@ declare module '@tanstack/react-router' {
   }
 }
 
+interface DemoRouteChildren {
+  DemoAppsRoute: typeof DemoAppsRoute
+  DemoFilesRoute: typeof DemoFilesRoute
+  DemoNetworkRoute: typeof DemoNetworkRoute
+  DemoServicesRoute: typeof DemoServicesRoute
+  DemoVariablesRoute: typeof DemoVariablesRoute
+  DemoIndexRoute: typeof DemoIndexRoute
+}
+
+const DemoRouteChildren: DemoRouteChildren = {
+  DemoAppsRoute: DemoAppsRoute,
+  DemoFilesRoute: DemoFilesRoute,
+  DemoNetworkRoute: DemoNetworkRoute,
+  DemoServicesRoute: DemoServicesRoute,
+  DemoVariablesRoute: DemoVariablesRoute,
+  DemoIndexRoute: DemoIndexRoute,
+}
+
+const DemoRouteWithChildren = DemoRoute._addFileChildren(DemoRouteChildren)
+
 interface StudioRouteChildren {
   StudioAppsRoute: typeof StudioAppsRoute
   StudioChecksRoute: typeof StudioChecksRoute
@@ -853,7 +1025,9 @@ const rootRouteChildren: RootRouteChildren = {
   IndexRoute: IndexRoute,
   AiRoute: AiRoute,
   DashboardRoute: DashboardRoute,
+  DemoRoute: DemoRouteWithChildren,
   LoginRoute: LoginRoute,
+  PricingRoute: PricingRoute,
   StudioRoute: StudioRouteWithChildren,
   SuccessRoute: SuccessRoute,
   ApiProvisionDbRoute: ApiProvisionDbRoute,
diff --git a/apps/web/src/routes/__root.tsx b/apps/web/src/routes/__root.tsx
index 4b9cf8dd..05b3f2e0 100644
--- a/apps/web/src/routes/__root.tsx
+++ b/apps/web/src/routes/__root.tsx
@@ -14,6 +14,7 @@ import { TanStackRouterDevtools } from "@tanstack/react-router-devtools";
 import type { TRPCOptionsProxy } from "@trpc/tanstack-react-query";
 import { Toaster } from "@ui/sonner";
 import Header from "@/components/header";
+import { WaitlistProvider } from "@/components/landing/waitlist-dialog";
 import { ThemeProvider } from "@/components/theme-provider";
 import "@fontsource-variable/montserrat";
 import "@fontsource-variable/source-code-pro";
@@ -94,8 +95,10 @@ function RootDocument({ children }: { children: React.ReactNode }) {
 					<Scripts />
 				</head>
 				<body className={isStudio ? "studio" : ""}>
-					{!isFullScreenPage && <Header />}
-					<div className="grid h-svh grid-rows-[auto_1fr]">{children}</div>
+					<WaitlistProvider>
+						{!isFullScreenPage && <Header />}
+						<div className="grid h-svh grid-rows-[auto_1fr]">{children}</div>
+					</WaitlistProvider>
 					<Toaster richColors />
 					<TanStackRouterDevtools position="bottom-left" />
 					<ReactQueryDevtools buttonPosition="bottom-right" position="bottom" />
diff --git a/apps/web/src/routes/dashboard.tsx b/apps/web/src/routes/dashboard.tsx
index 809b9e95..76bf264f 100644
--- a/apps/web/src/routes/dashboard.tsx
+++ b/apps/web/src/routes/dashboard.tsx
@@ -1,6 +1,14 @@
-import { createFileRoute, redirect, Link } from "@tanstack/react-router";
-
+import { createFileRoute, Link, redirect } from "@tanstack/react-router";
 import { Button } from "@ui/button";
+import {
+	ArrowRight,
+	BookOpen,
+	Boxes,
+	Github,
+	KeyRound,
+	MonitorPlay,
+	Server,
+} from "lucide-react";
 import { getUser } from "@/functions/get-user";
 
 export const Route = createFileRoute("/dashboard")({
@@ -11,24 +19,147 @@ export const Route = createFileRoute("/dashboard")({
 	},
 	loader: async ({ context }) => {
 		if (!context.session) {
-			throw redirect({
-				to: "/login",
-			});
+			throw redirect({ to: "/login" });
 		}
 	},
 });
 
+const quickActions = [
+	{
+		icon: MonitorPlay,
+		title: "Open Studio",
+		description: "Browse apps, services, secrets, and generated files.",
+		to: "/studio",
+		cta: "Launch Studio",
+	},
+	{
+		icon: Server,
+		title: "Pair an agent",
+		description:
+			"Connect this account to a local Stackpanel agent on your machine.",
+		to: "/studio",
+		cta: "Pair agent",
+	},
+	{
+		icon: Boxes,
+		title: "Browse extensions",
+		description:
+			"One-click install Postgres, Redis, MinIO, Caddy, and more.",
+		to: "/studio",
+		cta: "View registry",
+	},
+	{
+		icon: KeyRound,
+		title: "Manage team keys",
+		description: "Add teammate AGE keys and rekey SOPS-encrypted secrets.",
+		to: "/studio",
+		cta: "Open secrets",
+	},
+];
+
+const resources = [
+	{
+		icon: BookOpen,
+		title: "Quick start",
+		href: "/docs/quick-start",
+		description: "Get a project running in under a minute.",
+	},
+	{
+		icon: Github,
+		title: "GitHub",
+		href: "https://github.com/darkmatter/stackpanel",
+		description: "Source code, issues, and discussions.",
+		external: true,
+	},
+];
+
 function RouteComponent() {
 	const { session } = Route.useRouteContext();
+	const name = session?.user.name?.split(" ")[0] ?? "there";
 
 	return (
-		<div className="flex min-h-screen flex-col items-center justify-center gap-4">
-			<h1 className="text-2xl font-bold">Dashboard</h1>
-			<p>Welcome, {session?.user.name ?? "User"}!</p>
-			<div className="flex gap-4">
-				<Button asChild>
-					<Link to="/studio">Go to Studio</Link>
-				</Button>
+		<div className="min-h-screen bg-background">
+			<div className="mx-auto max-w-6xl px-4 py-12 sm:px-6 lg:py-16">
+				<div className="flex flex-col gap-2">
+					<p className="font-medium text-accent text-sm">Welcome back</p>
+					<h1 className="font-bold font-[Montserrat] text-3xl text-foreground sm:text-4xl">
+						Hi {name} 👋
+					</h1>
+					<p className="max-w-xl text-muted-foreground">
+						Your Stackpanel account is ready. Pair a local agent to start
+						managing your dev environment, secrets, and services from one
+						place.
+					</p>
+				</div>
+
+				<div className="mt-10 grid gap-px overflow-hidden rounded-2xl border border-border bg-border sm:grid-cols-2">
+					{quickActions.map((action) => (
+						<div
+							className="flex flex-col gap-3 bg-card p-6 transition-colors hover:bg-card/80"
+							key={action.title}
+						>
+							<div className="flex h-11 w-11 items-center justify-center rounded-lg bg-accent/10 text-accent">
+								<action.icon className="h-5 w-5" />
+							</div>
+							<div>
+								<h2 className="font-semibold text-foreground text-lg">
+									{action.title}
+								</h2>
+								<p className="mt-1 text-muted-foreground text-sm leading-relaxed">
+									{action.description}
+								</p>
+							</div>
+							<Button asChild className="mt-auto w-fit" size="sm">
+								<Link to={action.to}>
+									{action.cta}
+									<ArrowRight className="ml-2 h-3.5 w-3.5" />
+								</Link>
+							</Button>
+						</div>
+					))}
+				</div>
+
+				<div className="mt-10 grid gap-4 sm:grid-cols-2">
+					{resources.map((resource) =>
+						resource.external ? (
+							<a
+								className="group flex items-start gap-4 rounded-xl border border-border bg-card p-5 transition-colors hover:border-accent/40"
+								href={resource.href}
+								key={resource.title}
+								rel="noopener noreferrer"
+								target="_blank"
+							>
+								<resource.icon className="mt-0.5 h-5 w-5 text-muted-foreground transition-colors group-hover:text-accent" />
+								<div className="flex-1">
+									<p className="font-medium text-foreground">
+										{resource.title}
+									</p>
+									<p className="mt-1 text-muted-foreground text-sm">
+										{resource.description}
+									</p>
+								</div>
+								<ArrowRight className="mt-1 h-4 w-4 text-muted-foreground transition-transform group-hover:translate-x-0.5" />
+							</a>
+						) : (
+							<a
+								className="group flex items-start gap-4 rounded-xl border border-border bg-card p-5 transition-colors hover:border-accent/40"
+								href={resource.href}
+								key={resource.title}
+							>
+								<resource.icon className="mt-0.5 h-5 w-5 text-muted-foreground transition-colors group-hover:text-accent" />
+								<div className="flex-1">
+									<p className="font-medium text-foreground">
+										{resource.title}
+									</p>
+									<p className="mt-1 text-muted-foreground text-sm">
+										{resource.description}
+									</p>
+								</div>
+								<ArrowRight className="mt-1 h-4 w-4 text-muted-foreground transition-transform group-hover:translate-x-0.5" />
+							</a>
+						),
+					)}
+				</div>
 			</div>
 		</div>
 	);
diff --git a/apps/web/src/routes/demo.tsx b/apps/web/src/routes/demo.tsx
new file mode 100644
index 00000000..60039250
--- /dev/null
+++ b/apps/web/src/routes/demo.tsx
@@ -0,0 +1,37 @@
+import { createFileRoute, Outlet } from "@tanstack/react-router";
+import {
+	SidebarInset,
+	SidebarProvider,
+} from "@/components/ui/sidebar";
+import { DemoBanner } from "@/components/demo/demo-banner";
+import { DemoHeader } from "@/components/demo/demo-header";
+import { DemoSidebar } from "@/components/demo/demo-sidebar";
+
+export const Route = createFileRoute("/demo")({
+	component: DemoLayout,
+	head: () => ({
+		meta: [
+			{ title: "Stackpanel Studio · Live demo" },
+			{
+				name: "description",
+				content:
+					"Click around a fully interactive Stackpanel Studio with realistic fixture data. No install required.",
+			},
+		],
+	}),
+});
+
+function DemoLayout() {
+	return (
+		<SidebarProvider>
+			<DemoSidebar />
+			<SidebarInset>
+				<DemoBanner />
+				<DemoHeader />
+				<main className="flex-1 overflow-auto">
+					<Outlet />
+				</main>
+			</SidebarInset>
+		</SidebarProvider>
+	);
+}
diff --git a/apps/web/src/routes/demo/apps.tsx b/apps/web/src/routes/demo/apps.tsx
new file mode 100644
index 00000000..62547197
--- /dev/null
+++ b/apps/web/src/routes/demo/apps.tsx
@@ -0,0 +1,194 @@
+import { createFileRoute } from "@tanstack/react-router";
+import { Badge } from "@ui/badge";
+import { Button } from "@ui/button";
+import { Card, CardContent, CardHeader, CardTitle } from "@ui/card";
+import {
+	AppWindow,
+	ArrowUpRight,
+	Cloud,
+	GitCommit,
+	Globe2,
+	Play,
+	RefreshCw,
+	Square,
+} from "lucide-react";
+import { toast } from "sonner";
+import { DEMO_APPS, type DemoApp } from "@/components/demo/demo-fixtures";
+import { cn } from "@/lib/utils";
+
+export const Route = createFileRoute("/demo/apps")({
+	component: DemoAppsPage,
+});
+
+function DemoAppsPage() {
+	return (
+		<div className="mx-auto max-w-7xl space-y-6 p-6">
+			<div className="flex flex-wrap items-start justify-between gap-3">
+				<div className="space-y-1">
+					<p className="text-xs uppercase tracking-[0.16em] text-muted-foreground">
+						Apps
+					</p>
+					<h1 className="font-bold font-[Montserrat] text-3xl text-foreground tracking-tight">
+						{DEMO_APPS.length} apps in this stack
+					</h1>
+					<p className="text-muted-foreground text-sm">
+						Each app gets a deterministic port, a real{" "}
+						<span className="font-mono">*.acme.local</span> domain via Caddy,
+						and a wired-up env package via{" "}
+						<span className="font-mono">@gen/env</span>.
+					</p>
+				</div>
+				<Button
+					variant="outline"
+					size="sm"
+					onClick={() => toast.info("Demo mode — refresh is a no-op.")}
+				>
+					<RefreshCw className="mr-2 h-3.5 w-3.5" />
+					Refresh
+				</Button>
+			</div>
+
+			<div className="grid gap-4 lg:grid-cols-2">
+				{DEMO_APPS.map((app) => (
+					<AppCard key={app.id} app={app} />
+				))}
+			</div>
+		</div>
+	);
+}
+
+function AppCard({ app }: { app: DemoApp }) {
+	return (
+		<Card>
+			<CardHeader className="flex-row items-start justify-between border-b border-border/60 pb-4">
+				<div className="flex min-w-0 items-start gap-3">
+					<div className="flex h-9 w-9 shrink-0 items-center justify-center rounded-lg bg-accent/15 text-accent">
+						<AppWindow className="h-4 w-4" />
+					</div>
+					<div className="min-w-0">
+						<div className="flex items-center gap-2">
+							<CardTitle className="font-mono text-base text-foreground">
+								{app.name}
+							</CardTitle>
+							<StatusBadge status={app.status} />
+						</div>
+						<p className="text-xs text-muted-foreground">{app.stack}</p>
+					</div>
+				</div>
+				<div className="flex items-center gap-1">
+					<Button
+						size="sm"
+						variant="ghost"
+						className="h-7 text-xs"
+						onClick={() =>
+							toast.info(
+								"Demo mode — start/stop sends a real `process-compose` signal in the live Studio.",
+							)
+						}
+					>
+						{app.status === "running" ? (
+							<>
+								<Square className="mr-1 h-3 w-3" /> Stop
+							</>
+						) : (
+							<>
+								<Play className="mr-1 h-3 w-3" /> Start
+							</>
+						)}
+					</Button>
+				</div>
+			</CardHeader>
+			<CardContent className="space-y-3 p-4 text-sm">
+				<KvRow icon={Globe2} label="Local URL">
+					<a
+						href={app.url}
+						target="_blank"
+						rel="noreferrer noopener"
+						className="font-mono text-xs text-foreground underline-offset-4 hover:text-accent hover:underline"
+						onClick={(e) => {
+							e.preventDefault();
+							toast.info(
+								`In a real Stackpanel devshell, ${app.domain} resolves to localhost:${app.port} with TLS.`,
+							);
+						}}
+					>
+						{app.url}
+						<ArrowUpRight className="ml-1 inline h-3 w-3" />
+					</a>
+				</KvRow>
+				<KvRow icon={Globe2} label="Port">
+					<span className="font-mono text-xs text-foreground">{app.port}</span>
+				</KvRow>
+				{app.previewUrl ? (
+					<KvRow icon={Cloud} label="Preview">
+						<span className="font-mono text-xs text-muted-foreground">
+							{app.previewUrl}
+						</span>
+					</KvRow>
+				) : null}
+				{app.deployTarget ? (
+					<KvRow icon={Cloud} label="Deploy target">
+						<Badge
+							variant="outline"
+							className="border-border/60 px-1.5 py-0 text-[10px] text-muted-foreground"
+						>
+							{app.deployTarget}
+						</Badge>
+					</KvRow>
+				) : null}
+				<KvRow icon={GitCommit} label="HEAD">
+					<span className="font-mono text-xs text-muted-foreground">
+						{app.commit}
+					</span>
+				</KvRow>
+				{app.uptime ? (
+					<KvRow icon={Globe2} label="Uptime">
+						<span className="text-xs text-muted-foreground">{app.uptime}</span>
+					</KvRow>
+				) : null}
+			</CardContent>
+		</Card>
+	);
+}
+
+function KvRow({
+	icon: Icon,
+	label,
+	children,
+}: {
+	icon: React.ElementType;
+	label: string;
+	children: React.ReactNode;
+}) {
+	return (
+		<div className="flex items-center justify-between gap-3">
+			<span className="flex items-center gap-2 text-muted-foreground">
+				<Icon className="h-3 w-3" />
+				{label}
+			</span>
+			<span className="min-w-0 truncate text-right">{children}</span>
+		</div>
+	);
+}
+
+function StatusBadge({
+	status,
+}: {
+	status: "running" | "stopped" | "building";
+}) {
+	const map = {
+		running: { color: "bg-emerald-400", label: "Running" },
+		stopped: { color: "bg-muted-foreground", label: "Stopped" },
+		building: { color: "bg-amber-400 animate-pulse", label: "Building" },
+	} as const;
+	const cfg = map[status];
+	return (
+		<Badge
+			variant="outline"
+			className="gap-1.5 border-border/60 px-1.5 py-0 text-[10px] font-normal text-muted-foreground"
+		>
+			<span className={cn("h-1.5 w-1.5 rounded-full", cfg.color)} />
+			{cfg.label}
+		</Badge>
+	);
+}
diff --git a/apps/web/src/routes/demo/files.tsx b/apps/web/src/routes/demo/files.tsx
new file mode 100644
index 00000000..85521995
--- /dev/null
+++ b/apps/web/src/routes/demo/files.tsx
@@ -0,0 +1,101 @@
+import { createFileRoute } from "@tanstack/react-router";
+import { Badge } from "@ui/badge";
+import { Card, CardContent } from "@ui/card";
+import { Clock, FileCode2 } from "lucide-react";
+import { DEMO_GENERATED_FILES } from "@/components/demo/demo-fixtures";
+
+export const Route = createFileRoute("/demo/files")({
+	component: DemoFilesPage,
+});
+
+function formatBytes(bytes: number): string {
+	if (bytes < 1024) return `${bytes} B`;
+	const kb = bytes / 1024;
+	if (kb < 1024) return `${kb.toFixed(1)} KB`;
+	return `${(kb / 1024).toFixed(2)} MB`;
+}
+
+function DemoFilesPage() {
+	return (
+		<div className="mx-auto max-w-7xl space-y-6 p-6">
+			<div className="space-y-1">
+				<p className="text-xs uppercase tracking-[0.16em] text-muted-foreground">
+					Generated files
+				</p>
+				<h1 className="font-bold font-[Montserrat] text-3xl text-foreground tracking-tight">
+					What Stackpanel writes for you
+				</h1>
+				<p className="text-muted-foreground text-sm">
+					You change <span className="font-mono">.stack/config.nix</span> — the
+					Stackpanel agent regenerates IDE settings, the Caddyfile, your{" "}
+					<span className="font-mono">@gen/env</span> packages, deploy
+					manifests, and more. Always atomic, always in sync with your team.
+				</p>
+			</div>
+
+			<Card className="overflow-hidden">
+				<CardContent className="p-0">
+					<table className="w-full text-sm">
+						<thead className="border-b border-border/60 bg-muted/30 text-left text-[11px] uppercase tracking-[0.12em] text-muted-foreground">
+							<tr>
+								<th className="px-4 py-2 font-medium">Path</th>
+								<th className="hidden px-4 py-2 font-medium md:table-cell">
+									Generated by
+								</th>
+								<th className="px-4 py-2 font-medium">Size</th>
+								<th className="hidden px-4 py-2 font-medium md:table-cell">
+									Updated
+								</th>
+							</tr>
+						</thead>
+						<tbody className="divide-y divide-border/40">
+							{DEMO_GENERATED_FILES.map((file) => (
+								<tr key={file.path} className="hover:bg-muted/20">
+									<td className="px-4 py-3">
+										<div className="flex items-center gap-2">
+											<FileCode2 className="h-3.5 w-3.5 text-accent" />
+											<span className="font-mono text-xs text-foreground">
+												{file.path}
+											</span>
+										</div>
+									</td>
+									<td className="hidden px-4 py-3 md:table-cell">
+										<Badge
+											variant="outline"
+											className="border-border/60 px-1.5 py-0 text-[10px] font-normal text-muted-foreground"
+										>
+											{file.tool}
+										</Badge>
+									</td>
+									<td className="px-4 py-3 font-mono text-[11px] text-muted-foreground">
+										{formatBytes(file.bytes)}
+									</td>
+									<td className="hidden px-4 py-3 md:table-cell">
+										<span className="flex items-center gap-1.5 text-xs text-muted-foreground">
+											<Clock className="h-3 w-3" />
+											{file.updated}
+										</span>
+									</td>
+								</tr>
+							))}
+						</tbody>
+					</table>
+				</CardContent>
+			</Card>
+
+			<Card>
+				<CardContent className="space-y-2 p-4 text-sm">
+					<p className="font-medium text-foreground">
+						Why generated files (and not symlinks)?
+					</p>
+					<p className="text-xs text-muted-foreground">
+						Stackpanel writes real files into your repo so they show up in PRs,
+						work in CI, and stay readable when your editor isn&apos;t inside
+						the devshell. The local Go agent debounces writes and rolls back
+						on errors, so you never end up with a half-written manifest.
+					</p>
+				</CardContent>
+			</Card>
+		</div>
+	);
+}
diff --git a/apps/web/src/routes/demo/index.tsx b/apps/web/src/routes/demo/index.tsx
new file mode 100644
index 00000000..ab7d2864
--- /dev/null
+++ b/apps/web/src/routes/demo/index.tsx
@@ -0,0 +1,325 @@
+import { Link, createFileRoute } from "@tanstack/react-router";
+import { Badge } from "@ui/badge";
+import { Button } from "@ui/button";
+import { Card, CardContent, CardHeader, CardTitle } from "@ui/card";
+import {
+	AppWindow,
+	ArrowRight,
+	CheckCircle2,
+	Clock,
+	Cloud,
+	Code2,
+	GitBranch,
+	KeyRound,
+	Network,
+	Rocket,
+	Server,
+	ShieldCheck,
+	Terminal,
+	Users,
+	Variable,
+} from "lucide-react";
+import { useWaitlist } from "@/components/landing/waitlist-dialog";
+import {
+	DEMO_ACTIVITY,
+	DEMO_APPS,
+	DEMO_HEALTH,
+	DEMO_PROJECT,
+	DEMO_SERVICES,
+} from "@/components/demo/demo-fixtures";
+import { cn } from "@/lib/utils";
+
+export const Route = createFileRoute("/demo/")({
+	component: DemoOverview,
+});
+
+const activityIconMap = {
+	deploy: Rocket,
+	secret: KeyRound,
+	shell: Terminal,
+	code: Code2,
+	warn: ShieldCheck,
+	user: Users,
+} as const;
+
+function DemoOverview() {
+	const waitlist = useWaitlist();
+	const runningServices = DEMO_SERVICES.filter(
+		(s) => s.status === "running",
+	).length;
+	const runningApps = DEMO_APPS.filter((a) => a.status === "running").length;
+
+	return (
+		<div className="mx-auto max-w-7xl space-y-6 p-6">
+			<div className="flex flex-wrap items-start justify-between gap-4">
+				<div className="space-y-1">
+					<p className="text-xs uppercase tracking-[0.16em] text-muted-foreground">
+						Project overview
+					</p>
+					<h1 className="font-bold font-[Montserrat] text-3xl text-foreground tracking-tight">
+						{DEMO_PROJECT.name}
+					</h1>
+					<p className="text-muted-foreground text-sm">
+						{DEMO_APPS.length} apps · {DEMO_SERVICES.length} services ·{" "}
+						{DEMO_PROJECT.team.length} team members
+					</p>
+				</div>
+				<div className="flex flex-wrap items-center gap-2">
+					<Button asChild variant="outline" size="sm">
+						<Link to="/demo/apps">
+							<AppWindow className="mr-2 h-3.5 w-3.5" />
+							View apps
+						</Link>
+					</Button>
+					<Button
+						size="sm"
+						className="bg-foreground text-background hover:bg-foreground/90"
+						onClick={() => waitlist.open({ source: "demo.overview" })}
+					>
+						Get early access
+						<ArrowRight className="ml-2 h-3.5 w-3.5" />
+					</Button>
+				</div>
+			</div>
+
+			<div className="grid gap-4 md:grid-cols-2 lg:grid-cols-4">
+				<HealthMetric
+					icon={CheckCircle2}
+					label="Devshell"
+					value="Healthy"
+					detail={`${DEMO_HEALTH.processesUp}/${DEMO_HEALTH.processesTotal} processes up`}
+					tone="ok"
+				/>
+				<HealthMetric
+					icon={AppWindow}
+					label="Apps running"
+					value={`${runningApps}/${DEMO_APPS.length}`}
+					detail="1 building (docs)"
+					tone="ok"
+				/>
+				<HealthMetric
+					icon={Server}
+					label="Services running"
+					value={`${runningServices}/${DEMO_SERVICES.length}`}
+					detail="Postgres · Redis · MinIO · Caddy"
+					tone="ok"
+				/>
+				<HealthMetric
+					icon={KeyRound}
+					label="Secrets"
+					value={`${DEMO_HEALTH.encryptedFiles} encrypted`}
+					detail={`${DEMO_HEALTH.teamRecipients} recipients`}
+					tone="ok"
+				/>
+			</div>
+
+			<div className="grid gap-4 lg:grid-cols-3">
+				<Card className="lg:col-span-2">
+					<CardHeader className="flex-row items-center justify-between border-b border-border/60 pb-3">
+						<CardTitle className="text-sm">Apps</CardTitle>
+						<Button asChild variant="ghost" size="sm" className="h-7 text-xs">
+							<Link to="/demo/apps">
+								Manage
+								<ArrowRight className="ml-1 h-3 w-3" />
+							</Link>
+						</Button>
+					</CardHeader>
+					<CardContent className="divide-y divide-border/40 p-0">
+						{DEMO_APPS.map((app) => (
+							<div
+								key={app.id}
+								className="flex items-center justify-between px-4 py-3"
+							>
+								<div className="flex min-w-0 items-center gap-3">
+									<div className="flex h-7 w-7 shrink-0 items-center justify-center rounded-md bg-muted text-foreground">
+										<AppWindow className="h-3.5 w-3.5" />
+									</div>
+									<div className="min-w-0">
+										<div className="flex items-center gap-2">
+											<p className="font-mono text-sm text-foreground">
+												{app.name}
+											</p>
+											<StatusDot status={app.status} />
+										</div>
+										<p className="truncate text-xs text-muted-foreground">
+											{app.stack}
+										</p>
+									</div>
+								</div>
+								<div className="hidden text-right md:block">
+									<p className="font-mono text-xs text-foreground">
+										{app.domain}
+									</p>
+									<p className="font-mono text-[10px] text-muted-foreground">
+										:{app.port}
+									</p>
+								</div>
+							</div>
+						))}
+					</CardContent>
+				</Card>
+
+				<Card>
+					<CardHeader className="border-b border-border/60 pb-3">
+						<CardTitle className="text-sm">At a glance</CardTitle>
+					</CardHeader>
+					<CardContent className="space-y-3 p-4 text-sm">
+						<KvRow icon={GitBranch} label="Branch" value={DEMO_PROJECT.branch} />
+						<KvRow
+							icon={Network}
+							label="Base port"
+							value={String(DEMO_PROJECT.basePort)}
+						/>
+						<KvRow
+							icon={ShieldCheck}
+							label="Flake check"
+							value={DEMO_HEALTH.flakeCheck}
+							valueClass="text-emerald-300"
+						/>
+						<KvRow
+							icon={Cloud}
+							label="Devshell hash"
+							value={DEMO_HEALTH.devshellHash}
+							mono
+						/>
+						<KvRow
+							icon={Variable}
+							label="Open ports"
+							value={String(DEMO_HEALTH.openPorts)}
+						/>
+						<KvRow icon={Users} label="Team" value={`${DEMO_PROJECT.team.length} members`} />
+					</CardContent>
+				</Card>
+			</div>
+
+			<Card>
+				<CardHeader className="border-b border-border/60 pb-3">
+					<CardTitle className="text-sm">Activity</CardTitle>
+				</CardHeader>
+				<CardContent className="divide-y divide-border/40 p-0">
+					{DEMO_ACTIVITY.map((event, idx) => {
+						const Icon = activityIconMap[event.icon];
+						return (
+							<div
+								key={`${event.actor}-${idx}`}
+								className="flex items-start gap-3 px-4 py-3"
+							>
+								<div className="mt-0.5 flex h-6 w-6 shrink-0 items-center justify-center rounded-md bg-muted text-foreground">
+									<Icon className="h-3 w-3" />
+								</div>
+								<div className="min-w-0 flex-1">
+									<div className="flex flex-wrap items-baseline justify-between gap-x-3">
+										<p className="text-sm text-foreground">{event.title}</p>
+										<p className="text-[11px] text-muted-foreground">
+											<Clock className="mr-1 inline h-3 w-3" />
+											{event.at}
+										</p>
+									</div>
+									{event.detail ? (
+										<p className="text-xs text-muted-foreground">
+											{event.detail}
+										</p>
+									) : null}
+									<p className="mt-0.5 font-mono text-[10px] text-muted-foreground/70">
+										{event.actor}
+									</p>
+								</div>
+							</div>
+						);
+					})}
+				</CardContent>
+			</Card>
+		</div>
+	);
+}
+
+function HealthMetric({
+	icon: Icon,
+	label,
+	value,
+	detail,
+	tone = "neutral",
+}: {
+	icon: React.ElementType;
+	label: string;
+	value: string;
+	detail?: string;
+	tone?: "ok" | "warn" | "neutral";
+}) {
+	const toneClass =
+		tone === "ok"
+			? "text-emerald-300"
+			: tone === "warn"
+				? "text-amber-300"
+				: "text-foreground";
+	return (
+		<Card>
+			<CardContent className="space-y-2 p-4">
+				<div className="flex items-center justify-between">
+					<p className="text-xs uppercase tracking-[0.12em] text-muted-foreground">
+						{label}
+					</p>
+					<div className={cn("flex h-7 w-7 items-center justify-center rounded-md bg-muted", toneClass)}>
+						<Icon className="h-3.5 w-3.5" />
+					</div>
+				</div>
+				<p className={cn("font-bold font-[Montserrat] text-2xl tracking-tight", toneClass)}>
+					{value}
+				</p>
+				{detail ? (
+					<p className="text-xs text-muted-foreground">{detail}</p>
+				) : null}
+			</CardContent>
+		</Card>
+	);
+}
+
+function StatusDot({ status }: { status: "running" | "stopped" | "building" }) {
+	const map: Record<typeof status, { bg: string; label: string }> = {
+		running: { bg: "bg-emerald-400", label: "Running" },
+		stopped: { bg: "bg-muted-foreground", label: "Stopped" },
+		building: { bg: "bg-amber-400 animate-pulse", label: "Building" },
+	};
+	const cfg = map[status];
+	return (
+		<Badge
+			variant="outline"
+			className="gap-1.5 border-border/60 px-1.5 py-0 text-[10px] font-normal text-muted-foreground"
+		>
+			<span className={cn("h-1.5 w-1.5 rounded-full", cfg.bg)} />
+			{cfg.label}
+		</Badge>
+	);
+}
+
+function KvRow({
+	icon: Icon,
+	label,
+	value,
+	mono,
+	valueClass,
+}: {
+	icon: React.ElementType;
+	label: string;
+	value: string;
+	mono?: boolean;
+	valueClass?: string;
+}) {
+	return (
+		<div className="flex items-center justify-between gap-3 text-sm">
+			<span className="flex items-center gap-2 text-muted-foreground">
+				<Icon className="h-3 w-3" />
+				{label}
+			</span>
+			<span
+				className={cn(
+					"truncate text-foreground",
+					mono && "font-mono text-xs",
+					valueClass,
+				)}
+			>
+				{value}
+			</span>
+		</div>
+	);
+}
diff --git a/apps/web/src/routes/demo/network.tsx b/apps/web/src/routes/demo/network.tsx
new file mode 100644
index 00000000..9e153924
--- /dev/null
+++ b/apps/web/src/routes/demo/network.tsx
@@ -0,0 +1,191 @@
+import { createFileRoute } from "@tanstack/react-router";
+import { Badge } from "@ui/badge";
+import { Card, CardContent, CardHeader, CardTitle } from "@ui/card";
+import {
+	ArrowRight,
+	Globe2,
+	Lock,
+	Network,
+	ShieldCheck,
+} from "lucide-react";
+import {
+	DEMO_NETWORK_ROUTES,
+	DEMO_PROJECT,
+} from "@/components/demo/demo-fixtures";
+
+export const Route = createFileRoute("/demo/network")({
+	component: DemoNetworkPage,
+});
+
+function DemoNetworkPage() {
+	return (
+		<div className="mx-auto max-w-7xl space-y-6 p-6">
+			<div className="space-y-1">
+				<p className="text-xs uppercase tracking-[0.16em] text-muted-foreground">
+					Network
+				</p>
+				<h1 className="font-bold font-[Montserrat] text-3xl text-foreground tracking-tight">
+					Real domains, real TLS, all local
+				</h1>
+				<p className="text-muted-foreground text-sm">
+					Caddy reverse-proxies <span className="font-mono">*.acme.local</span>{" "}
+					to your dev ports. Step CA issues per-device certs your OS already
+					trusts. No more <span className="font-mono">localhost:5173</span>{" "}
+					gymnastics.
+				</p>
+			</div>
+
+			<div className="grid gap-4 md:grid-cols-3">
+				<MetricCard
+					icon={Globe2}
+					label="Apex domain"
+					value={`${DEMO_PROJECT.name}.local`}
+					mono
+				/>
+				<MetricCard
+					icon={Network}
+					label="Active routes"
+					value={`${DEMO_NETWORK_ROUTES.length}`}
+				/>
+				<MetricCard
+					icon={ShieldCheck}
+					label="TLS"
+					value="Step CA · per-device"
+				/>
+			</div>
+
+			<Card>
+				<CardHeader className="border-b border-border/60 pb-3">
+					<CardTitle className="text-sm">Caddy routes</CardTitle>
+				</CardHeader>
+				<CardContent className="p-0">
+					<table className="w-full text-sm">
+						<thead className="border-b border-border/60 bg-muted/30 text-left text-[11px] uppercase tracking-[0.12em] text-muted-foreground">
+							<tr>
+								<th className="px-4 py-2 font-medium">Host</th>
+								<th className="hidden px-4 py-2 font-medium md:table-cell">
+									Forwards to
+								</th>
+								<th className="hidden px-4 py-2 font-medium md:table-cell">
+									App
+								</th>
+								<th className="px-4 py-2 font-medium">TLS</th>
+							</tr>
+						</thead>
+						<tbody className="divide-y divide-border/40">
+							{DEMO_NETWORK_ROUTES.map((route) => (
+								<tr key={route.host} className="hover:bg-muted/20">
+									<td className="px-4 py-3">
+										<div className="flex items-center gap-2">
+											<Globe2 className="h-3 w-3 text-muted-foreground" />
+											<span className="font-mono text-xs text-foreground">
+												{route.host}
+											</span>
+										</div>
+										{route.notes ? (
+											<p className="mt-0.5 text-xs text-muted-foreground">
+												{route.notes}
+											</p>
+										) : null}
+									</td>
+									<td className="hidden px-4 py-3 md:table-cell">
+										<div className="flex items-center gap-2 text-xs text-muted-foreground">
+											<ArrowRight className="h-3 w-3" />
+											<span className="font-mono text-foreground">
+												{route.target}
+											</span>
+										</div>
+									</td>
+									<td className="hidden px-4 py-3 md:table-cell">
+										{route.app ? (
+											<Badge
+												variant="outline"
+												className="border-accent/30 bg-accent/10 px-1.5 py-0 text-[10px] font-normal text-accent"
+											>
+												{route.app}
+											</Badge>
+										) : (
+											<span className="text-muted-foreground">—</span>
+										)}
+									</td>
+									<td className="px-4 py-3">
+										{route.tls ? (
+											<Badge
+												variant="outline"
+												className="gap-1 border-emerald-500/30 bg-emerald-500/10 px-1.5 py-0 text-[10px] font-normal text-emerald-300"
+											>
+												<Lock className="h-2.5 w-2.5" />
+												step-ca
+											</Badge>
+										) : (
+											<Badge
+												variant="outline"
+												className="border-border/60 px-1.5 py-0 text-[10px] font-normal text-muted-foreground"
+											>
+												http
+											</Badge>
+										)}
+									</td>
+								</tr>
+							))}
+						</tbody>
+					</table>
+				</CardContent>
+			</Card>
+
+			<Card>
+				<CardContent className="space-y-3 p-4">
+					<div className="flex items-start gap-3">
+						<ShieldCheck className="mt-0.5 h-4 w-4 shrink-0 text-emerald-300" />
+						<div>
+							<p className="font-medium text-foreground text-sm">
+								Browsers trust your dev URLs without warnings
+							</p>
+							<p className="text-xs text-muted-foreground">
+								Stackpanel runs a project-scoped Step CA and installs the root
+								into your OS trust store on first devshell entry. WebAuthn,
+								secure cookies and HTTPS-only APIs all just work — locally.
+							</p>
+						</div>
+					</div>
+				</CardContent>
+			</Card>
+		</div>
+	);
+}
+
+function MetricCard({
+	icon: Icon,
+	label,
+	value,
+	mono,
+}: {
+	icon: React.ElementType;
+	label: string;
+	value: string;
+	mono?: boolean;
+}) {
+	return (
+		<Card>
+			<CardContent className="space-y-2 p-4">
+				<div className="flex items-center justify-between">
+					<p className="text-xs uppercase tracking-[0.12em] text-muted-foreground">
+						{label}
+					</p>
+					<div className="flex h-7 w-7 items-center justify-center rounded-md bg-muted text-foreground">
+						<Icon className="h-3.5 w-3.5" />
+					</div>
+				</div>
+				<p
+					className={
+						mono
+							? "font-mono font-medium text-foreground text-base"
+							: "font-bold font-[Montserrat] text-foreground text-2xl tracking-tight"
+					}
+				>
+					{value}
+				</p>
+			</CardContent>
+		</Card>
+	);
+}
diff --git a/apps/web/src/routes/demo/services.tsx b/apps/web/src/routes/demo/services.tsx
new file mode 100644
index 00000000..d9cc2e9d
--- /dev/null
+++ b/apps/web/src/routes/demo/services.tsx
@@ -0,0 +1,224 @@
+import { createFileRoute } from "@tanstack/react-router";
+import { Badge } from "@ui/badge";
+import { Button } from "@ui/button";
+import { Card, CardContent } from "@ui/card";
+import {
+	Cpu,
+	Database,
+	HardDrive,
+	Network,
+	Play,
+	RefreshCw,
+	Server,
+	ShieldCheck,
+	Square,
+	Workflow,
+} from "lucide-react";
+import { toast } from "sonner";
+import { DEMO_SERVICES, type DemoService } from "@/components/demo/demo-fixtures";
+import { cn } from "@/lib/utils";
+
+export const Route = createFileRoute("/demo/services")({
+	component: DemoServicesPage,
+});
+
+const kindMap: Record<DemoService["kind"], { icon: React.ElementType; label: string }> = {
+	global: { icon: Database, label: "Global service" },
+	network: { icon: Network, label: "Network" },
+	orchestrator: { icon: Workflow, label: "Orchestrator" },
+};
+
+function DemoServicesPage() {
+	return (
+		<div className="mx-auto max-w-7xl space-y-6 p-6">
+			<div className="flex flex-wrap items-start justify-between gap-3">
+				<div className="space-y-1">
+					<p className="text-xs uppercase tracking-[0.16em] text-muted-foreground">
+						Services
+					</p>
+					<h1 className="font-bold font-[Montserrat] text-3xl text-foreground tracking-tight">
+						Real services. Local ports. No Docker required.
+					</h1>
+					<p className="text-muted-foreground text-sm">
+						Stackpanel orchestrates these via{" "}
+						<span className="font-mono">process-compose</span>. Each one gets a
+						deterministic port and an env var your apps can read directly.
+					</p>
+				</div>
+				<Button
+					variant="outline"
+					size="sm"
+					onClick={() => toast.info("Demo mode — refresh is a no-op.")}
+				>
+					<RefreshCw className="mr-2 h-3.5 w-3.5" />
+					Refresh
+				</Button>
+			</div>
+
+			<Card className="overflow-hidden">
+				<CardContent className="p-0">
+					<table className="w-full text-sm">
+						<thead className="border-b border-border/60 bg-muted/30 text-left text-[11px] uppercase tracking-[0.12em] text-muted-foreground">
+							<tr>
+								<th className="px-4 py-2 font-medium">Service</th>
+								<th className="hidden px-4 py-2 font-medium md:table-cell">
+									Kind
+								</th>
+								<th className="px-4 py-2 font-medium">Status</th>
+								<th className="hidden px-4 py-2 font-medium lg:table-cell">
+									Port / env
+								</th>
+								<th className="hidden px-4 py-2 font-medium lg:table-cell">
+									Resources
+								</th>
+								<th className="px-4 py-2"></th>
+							</tr>
+						</thead>
+						<tbody className="divide-y divide-border/40">
+							{DEMO_SERVICES.map((svc) => {
+								const KindIcon = kindMap[svc.kind].icon;
+								return (
+									<tr key={svc.id} className="hover:bg-muted/20">
+										<td className="px-4 py-3">
+											<div className="flex items-center gap-3">
+												<div className="flex h-7 w-7 items-center justify-center rounded-md bg-accent/10 text-accent">
+													<Server className="h-3 w-3" />
+												</div>
+												<div>
+													<p className="font-medium text-foreground">
+														{svc.name}
+													</p>
+													{svc.notes ? (
+														<p className="text-xs text-muted-foreground">
+															{svc.notes}
+														</p>
+													) : null}
+												</div>
+											</div>
+										</td>
+										<td className="hidden px-4 py-3 md:table-cell">
+											<Badge
+												variant="outline"
+												className="gap-1 border-border/60 px-1.5 py-0 text-[10px] font-normal text-muted-foreground"
+											>
+												<KindIcon className="h-3 w-3" />
+												{kindMap[svc.kind].label}
+											</Badge>
+										</td>
+										<td className="px-4 py-3">
+											<StatusBadge status={svc.status} uptime={svc.uptime} />
+										</td>
+										<td className="hidden px-4 py-3 lg:table-cell">
+											{svc.port ? (
+												<div>
+													<p className="font-mono text-xs text-foreground">
+														:{svc.port}
+													</p>
+													{svc.envVar ? (
+														<p className="font-mono text-[10px] text-muted-foreground">
+															{svc.envVar}
+														</p>
+													) : null}
+												</div>
+											) : (
+												<span className="text-muted-foreground">—</span>
+											)}
+										</td>
+										<td className="hidden px-4 py-3 lg:table-cell">
+											<div className="flex flex-col gap-0.5 text-xs text-muted-foreground">
+												{svc.cpu ? (
+													<span className="flex items-center gap-1">
+														<Cpu className="h-3 w-3" /> {svc.cpu}
+													</span>
+												) : null}
+												{svc.memory ? (
+													<span className="flex items-center gap-1">
+														<HardDrive className="h-3 w-3" /> {svc.memory}
+													</span>
+												) : null}
+											</div>
+										</td>
+										<td className="px-4 py-3 text-right">
+											<Button
+												size="sm"
+												variant="ghost"
+												className="h-7 text-xs"
+												onClick={() =>
+													toast.info(
+														"Demo mode — service control sends signals via process-compose in the live Studio.",
+													)
+												}
+											>
+												{svc.status === "running" ? (
+													<>
+														<Square className="mr-1 h-3 w-3" /> Stop
+													</>
+												) : (
+													<>
+														<Play className="mr-1 h-3 w-3" /> Start
+													</>
+												)}
+											</Button>
+										</td>
+									</tr>
+								);
+							})}
+						</tbody>
+					</table>
+				</CardContent>
+			</Card>
+
+			<Card>
+				<CardContent className="space-y-2 p-4 text-sm">
+					<div className="flex items-start gap-3">
+						<ShieldCheck className="mt-0.5 h-4 w-4 shrink-0 text-emerald-300" />
+						<div>
+							<p className="font-medium text-foreground">
+								All services come from your Nix flake
+							</p>
+							<p className="text-xs text-muted-foreground">
+								No Docker daemon, no runtime drift. The same packages your team
+								gets via{" "}
+								<span className="font-mono">stack.globalServices.postgres</span>{" "}
+								or <span className="font-mono">stack.globalServices.redis</span>{" "}
+								land on every machine, every time.
+							</p>
+						</div>
+					</div>
+				</CardContent>
+			</Card>
+		</div>
+	);
+}
+
+function StatusBadge({
+	status,
+	uptime,
+}: {
+	status: "running" | "stopped";
+	uptime?: string;
+}) {
+	if (status === "running") {
+		return (
+			<Badge
+				variant="outline"
+				className="gap-1.5 border-emerald-500/30 bg-emerald-500/10 px-1.5 py-0 text-[10px] font-normal text-emerald-300"
+			>
+				<span className={cn("h-1.5 w-1.5 rounded-full bg-emerald-400")} />
+				Running
+				{uptime ? (
+					<span className="text-emerald-300/60">· {uptime}</span>
+				) : null}
+			</Badge>
+		);
+	}
+	return (
+		<Badge
+			variant="outline"
+			className="gap-1.5 border-border/60 px-1.5 py-0 text-[10px] font-normal text-muted-foreground"
+		>
+			<span className="h-1.5 w-1.5 rounded-full bg-muted-foreground" />
+			Stopped
+		</Badge>
+	);
+}
diff --git a/apps/web/src/routes/demo/variables.tsx b/apps/web/src/routes/demo/variables.tsx
new file mode 100644
index 00000000..e1b488a0
--- /dev/null
+++ b/apps/web/src/routes/demo/variables.tsx
@@ -0,0 +1,222 @@
+import { createFileRoute } from "@tanstack/react-router";
+import { Badge } from "@ui/badge";
+import { Button } from "@ui/button";
+import { Card, CardContent } from "@ui/card";
+import { Input } from "@ui/input";
+import {
+	Eye,
+	EyeOff,
+	KeyRound,
+	Lock,
+	Search,
+	ShieldCheck,
+	Variable,
+} from "lucide-react";
+import { useMemo, useState } from "react";
+import { toast } from "sonner";
+import {
+	DEMO_PROJECT,
+	DEMO_VARIABLES,
+} from "@/components/demo/demo-fixtures";
+import { cn } from "@/lib/utils";
+
+export const Route = createFileRoute("/demo/variables")({
+	component: DemoVariablesPage,
+});
+
+function DemoVariablesPage() {
+	const [reveal, setReveal] = useState(false);
+	const [filter, setFilter] = useState("");
+	const visible = useMemo(() => {
+		if (!filter.trim()) return DEMO_VARIABLES;
+		const q = filter.trim().toLowerCase();
+		return DEMO_VARIABLES.filter(
+			(v) =>
+				v.key.toLowerCase().includes(q) ||
+				(v.app ?? "").toLowerCase().includes(q),
+		);
+	}, [filter]);
+
+	return (
+		<div className="mx-auto max-w-7xl space-y-6 p-6">
+			<div className="flex flex-wrap items-start justify-between gap-3">
+				<div className="space-y-1">
+					<p className="text-xs uppercase tracking-[0.16em] text-muted-foreground">
+						Variables &amp; secrets
+					</p>
+					<h1 className="font-bold font-[Montserrat] text-3xl text-foreground tracking-tight">
+						SOPS-encrypted, AGE-recipient based
+					</h1>
+					<p className="text-muted-foreground text-sm">
+						Edit per environment. Stackpanel re-keys files for every team
+						member, syncs them to Cloudflare / Fly / Workers, and ships a
+						type-safe <span className="font-mono">@gen/env</span> package to
+						each app.
+					</p>
+				</div>
+
+				<div className="flex items-center gap-2">
+					<div className="relative">
+						<Search className="-translate-y-1/2 absolute top-1/2 left-2.5 h-3.5 w-3.5 text-muted-foreground" />
+						<Input
+							value={filter}
+							onChange={(e) => setFilter(e.target.value)}
+							placeholder="Filter…"
+							className="h-8 w-44 pl-7 text-xs"
+						/>
+					</div>
+					<Button
+						variant="outline"
+						size="sm"
+						onClick={() => setReveal((r) => !r)}
+					>
+						{reveal ? (
+							<>
+								<EyeOff className="mr-1 h-3.5 w-3.5" /> Hide values
+							</>
+						) : (
+							<>
+								<Eye className="mr-1 h-3.5 w-3.5" /> Reveal values
+							</>
+						)}
+					</Button>
+				</div>
+			</div>
+
+			<Card className="overflow-hidden">
+				<CardContent className="p-0">
+					<table className="w-full text-sm">
+						<thead className="border-b border-border/60 bg-muted/30 text-left text-[11px] uppercase tracking-[0.12em] text-muted-foreground">
+							<tr>
+								<th className="px-4 py-2 font-medium">Key</th>
+								<th className="hidden px-4 py-2 font-medium md:table-cell">
+									Scope
+								</th>
+								<th className="px-4 py-2 font-medium">dev</th>
+								<th className="hidden px-4 py-2 font-medium md:table-cell">
+									staging
+								</th>
+								<th className="px-4 py-2 font-medium">prod</th>
+							</tr>
+						</thead>
+						<tbody className="divide-y divide-border/40">
+							{visible.map((v) => (
+								<tr key={v.key} className="hover:bg-muted/20">
+									<td className="px-4 py-3">
+										<div className="flex items-center gap-2">
+											<KeyRound className="h-3 w-3 text-muted-foreground" />
+											<span className="font-mono text-xs text-foreground">
+												{v.key}
+											</span>
+											{v.encrypted ? (
+												<Badge
+													variant="outline"
+													className="gap-1 border-border/60 px-1.5 py-0 text-[10px] font-normal text-muted-foreground"
+												>
+													<Lock className="h-2.5 w-2.5" />
+													SOPS
+												</Badge>
+											) : null}
+										</div>
+									</td>
+									<td className="hidden px-4 py-3 md:table-cell">
+										<Badge
+											variant="outline"
+											className={cn(
+												"px-1.5 py-0 text-[10px] font-normal",
+												v.scope === "shared"
+													? "border-border/60 text-muted-foreground"
+													: "border-accent/30 bg-accent/10 text-accent",
+											)}
+										>
+											{v.scope === "shared" ? "shared" : v.app}
+										</Badge>
+									</td>
+									<td className="px-4 py-3 font-mono text-[11px]">
+										<ValueCell value={v.dev} reveal={reveal} encrypted={v.encrypted} />
+									</td>
+									<td className="hidden px-4 py-3 font-mono text-[11px] md:table-cell">
+										<ValueCell
+											value={v.staging}
+											reveal={reveal}
+											encrypted={v.encrypted}
+										/>
+									</td>
+									<td className="px-4 py-3 font-mono text-[11px]">
+										<ValueCell value={v.prod} reveal={reveal} encrypted={v.encrypted} />
+									</td>
+								</tr>
+							))}
+						</tbody>
+					</table>
+				</CardContent>
+			</Card>
+
+			<Card>
+				<CardContent className="space-y-3 p-4">
+					<div className="flex items-start gap-3">
+						<ShieldCheck className="mt-0.5 h-4 w-4 shrink-0 text-emerald-300" />
+						<div>
+							<p className="font-medium text-foreground text-sm">
+								{DEMO_PROJECT.team.length} AGE recipients with access
+							</p>
+							<p className="text-xs text-muted-foreground">
+								Adding a teammate auto-rekeys every encrypted file. Removing
+								one rotates the affected secrets.
+							</p>
+						</div>
+					</div>
+					<div className="flex flex-wrap gap-2">
+						{DEMO_PROJECT.team.map((member) => (
+							<Badge
+								key={member.email}
+								variant="outline"
+								className="gap-1.5 border-border/60 bg-card/40 px-2 py-1 text-xs font-normal text-muted-foreground"
+							>
+								<span className="flex h-4 w-4 items-center justify-center rounded-full bg-accent/15 text-[10px] font-medium text-accent">
+									{member.name
+										.split(" ")
+										.map((part) => part[0])
+										.join("")}
+								</span>
+								<span className="text-foreground">{member.name}</span>
+								<span className="text-muted-foreground/70">
+									· {member.role}
+								</span>
+							</Badge>
+						))}
+						<Button
+							size="sm"
+							variant="outline"
+							className="h-7 text-xs"
+							onClick={() =>
+								toast.info(
+									"Demo mode — invite syncs AGE recipients in the live Studio.",
+								)
+							}
+						>
+							<Variable className="mr-1 h-3 w-3" /> Invite
+						</Button>
+					</div>
+				</CardContent>
+			</Card>
+		</div>
+	);
+}
+
+function ValueCell({
+	value,
+	reveal,
+	encrypted,
+}: {
+	value: string;
+	reveal: boolean;
+	encrypted?: boolean;
+}) {
+	if (encrypted && !reveal) {
+		return (
+			<span className="text-muted-foreground tracking-widest">••••••••</span>
+		);
+	}
+	return <span className="text-foreground">{value}</span>;
+}
diff --git a/apps/web/src/routes/index.tsx b/apps/web/src/routes/index.tsx
index 615e6f7d..19c19785 100644
--- a/apps/web/src/routes/index.tsx
+++ b/apps/web/src/routes/index.tsx
@@ -1,56 +1,44 @@
 import { createFileRoute } from "@tanstack/react-router";
-import { createServerFn } from "@tanstack/react-start";
 import {
+	ComparisonSection,
+	ConfigShowcaseSection,
 	CTASection,
 	DevExperienceSection,
 	FeaturesSection,
 	Footer,
 	Header,
 	HeroSection,
+	HowItWorksSection,
 	InfrastructureSection,
+	PricingSection,
+	ProductionStacksSection,
 	StatsSection,
 	TerminalSection,
 } from "@/components/landing";
-import { useState } from "react";
-
-export const getServerTime = createServerFn({
-  method: "GET",
-}).handler(() => ({
-  message: "Hello from a TanStack Start server function.",
-  time: new Date().toISOString(),
-}));
-
 
 export const Route = createFileRoute("/")({
-	loader: () => getServerTime(),
 	component: LandingPage,
 });
 
 function LandingPage() {
-	const initialData = Route.useLoaderData();
-	const [data, setData] = useState(initialData);
 	return (
 		<div className="min-h-screen bg-background">
 			<Header />
 			<main>
 				<HeroSection />
 				<StatsSection />
+				<HowItWorksSection />
 				<FeaturesSection />
+				<ConfigShowcaseSection />
 				<InfrastructureSection />
+				<ProductionStacksSection />
 				<DevExperienceSection />
 				<TerminalSection />
+				<ComparisonSection />
+				<PricingSection />
 				<CTASection />
 			</main>
 			<Footer />
-
-			<button
-				type="button"
-				onClick={async () => {
-					setData(await getServerTime());
-				}}
-			>
-				Refresh from server {JSON.stringify(data)}
-			</button>
 		</div>
 	);
 }
diff --git a/apps/web/src/routes/pricing.tsx b/apps/web/src/routes/pricing.tsx
new file mode 100644
index 00000000..e3d62492
--- /dev/null
+++ b/apps/web/src/routes/pricing.tsx
@@ -0,0 +1,417 @@
+import { createFileRoute } from "@tanstack/react-router";
+import { Button } from "@ui/button";
+import { ArrowRight, Check, Minus } from "lucide-react";
+import { Fragment } from "react";
+import { Footer, Header, PricingSection } from "@/components/landing";
+import { useWaitlist } from "@/components/landing/waitlist-dialog";
+import { cn } from "@/lib/utils";
+
+export const Route = createFileRoute("/pricing")({
+	component: PricingPage,
+	head: () => ({
+		meta: [
+			{ title: "Pricing · Stackpanel" },
+			{
+				name: "description",
+				content:
+					"Stackpanel core is MIT and free forever. Subscribe to outsource the maintenance of your production deploys to a team that does it full-time.",
+			},
+		],
+	}),
+});
+
+type Cell = "yes" | "no" | string;
+
+type Row = {
+	feature: string;
+	detail?: string;
+	community: Cell;
+	team: Cell;
+	business: Cell;
+	enterprise: Cell;
+};
+
+type Section = {
+	title: string;
+	rows: Row[];
+};
+
+const sections: Section[] = [
+	{
+		title: "Stackpanel core",
+		rows: [
+			{
+				feature: "Reproducible devshells",
+				detail: "Nix · devenv · IDE config · scripts on PATH",
+				community: "yes",
+				team: "yes",
+				business: "yes",
+				enterprise: "yes",
+			},
+			{
+				feature: "Encrypted secrets, deterministic ports, real HTTPS",
+				community: "yes",
+				team: "yes",
+				business: "yes",
+				enterprise: "yes",
+			},
+			{
+				feature: "Type-safe @gen/env per app",
+				community: "yes",
+				team: "yes",
+				business: "yes",
+				enterprise: "yes",
+			},
+			{
+				feature: "Studio (web + agent)",
+				community: "yes",
+				team: "yes",
+				business: "yes",
+				enterprise: "yes",
+			},
+		],
+	},
+	{
+		title: "Production Stacks",
+		rows: [
+			{
+				feature: "Alchemy · Colmena · Fly.io stacks",
+				community: "Community branch",
+				team: "Stable branch",
+				business: "Stable + early access",
+				enterprise: "Stable + early access + custom",
+			},
+			{
+				feature: "Update cadence",
+				community: "When merged",
+				team: "Same-day stable",
+				business: "Same-day + RC channel",
+				enterprise: "Custom backports",
+			},
+			{
+				feature: "Patch SLA",
+				community: "Best-effort",
+				team: "30 days",
+				business: "7 days",
+				enterprise: "24h critical CVE",
+			},
+			{
+				feature: "Marketplace stacks",
+				detail: "Coming soon — install third-party stacks via Studio",
+				community: "Public only",
+				team: "Public + paid",
+				business: "Public + paid",
+				enterprise: "Public + paid + private",
+			},
+		],
+	},
+	{
+		title: "Team & access",
+		rows: [
+			{
+				feature: "Seats",
+				community: "1",
+				team: "Unlimited",
+				business: "Unlimited",
+				enterprise: "Unlimited",
+			},
+			{
+				feature: "Multi-org",
+				community: "no",
+				team: "no",
+				business: "yes",
+				enterprise: "yes",
+			},
+			{
+				feature: "SSO (SAML / OIDC)",
+				community: "no",
+				team: "no",
+				business: "yes",
+				enterprise: "yes",
+			},
+			{
+				feature: "SCIM provisioning",
+				community: "no",
+				team: "no",
+				business: "no",
+				enterprise: "yes",
+			},
+			{
+				feature: "Audit log",
+				community: "no",
+				team: "no",
+				business: "90 days",
+				enterprise: "Unlimited + SIEM export",
+			},
+			{
+				feature: "Custom RBAC",
+				community: "no",
+				team: "no",
+				business: "no",
+				enterprise: "yes",
+			},
+		],
+	},
+	{
+		title: "Support",
+		rows: [
+			{
+				feature: "Channel",
+				community: "GitHub Discussions",
+				team: "Email",
+				business: "Discord + email",
+				enterprise: "Slack + on-call + named CSM",
+			},
+			{
+				feature: "Response time",
+				community: "Community",
+				team: "Next business day",
+				business: "4 business hours",
+				enterprise: "Custom (incl. 24/7)",
+			},
+			{
+				feature: "Migration assistance",
+				community: "no",
+				team: "no",
+				business: "Best-effort",
+				enterprise: "yes",
+			},
+		],
+	},
+	{
+		title: "Compliance & legal",
+		rows: [
+			{
+				feature: "Air-gapped mirror license",
+				detail: "Self-host the private flake mirror in your VPC",
+				community: "no",
+				team: "no",
+				business: "no",
+				enterprise: "yes",
+			},
+			{
+				feature: "Indemnification",
+				community: "no",
+				team: "no",
+				business: "no",
+				enterprise: "yes",
+			},
+			{
+				feature: "DPA / MSA / custom security review",
+				community: "no",
+				team: "no",
+				business: "DPA available",
+				enterprise: "Custom",
+			},
+		],
+	},
+];
+
+const tierHeaders = [
+	{ key: "community" as const, label: "Community" },
+	{ key: "team" as const, label: "Team", emphasis: true },
+	{ key: "business" as const, label: "Business" },
+	{ key: "enterprise" as const, label: "Enterprise" },
+];
+
+function CellContent({ value }: { value: Cell }) {
+	if (value === "yes") {
+		return (
+			<span className="inline-flex h-7 w-7 items-center justify-center rounded-full bg-accent/15 text-accent">
+				<Check className="h-4 w-4" />
+			</span>
+		);
+	}
+	if (value === "no") {
+		return (
+			<span className="inline-flex h-7 w-7 items-center justify-center rounded-full bg-muted/30 text-muted-foreground/60">
+				<Minus className="h-4 w-4" />
+			</span>
+		);
+	}
+	return <span className="text-foreground text-sm">{value}</span>;
+}
+
+const faqs: { q: string; a: string }[] = [
+	{
+		q: "Will the Stackpanel core ever stop being open source?",
+		a: "No. The core (CLI, agent, Studio web app, every dev-environment feature) is MIT and stays MIT. Subscriptions only fund the maintenance of the production-deploy stacks.",
+	},
+	{
+		q: "What does my subscription actually unlock?",
+		a: "Access to the private stable branch of every Production Stack via a token-gated Nix flake input, plus the SLA, support channel, and team features in your tier. The recipes themselves are visible in our docs — you're paying for the commitment to keep them working.",
+	},
+	{
+		q: "Can I use the community branch in production?",
+		a: "Yes. The community branch is the same source as the stable branch, just on a slower release cadence with no patch SLA. Many teams ship to production on it. The trade-off is that when nixpkgs ships a breaking change you wait for the community to merge a fix instead of getting a same-day patch.",
+	},
+	{
+		q: "Do I need a separate Stackpanel account per project?",
+		a: "No. One subscription covers every project under your organization. Add as many flakes as you want — the per-user pricing scales with your team, not your projects.",
+	},
+	{
+		q: "What happens if I cancel?",
+		a: "Your apps keep running — they're deployed to your infrastructure, not ours. You lose access to future stable patches via the private input, but you can switch any flake input back to the public community branch with a one-line config change.",
+	},
+	{
+		q: "Can I publish my own Production Stacks?",
+		a: "The Marketplace is in private beta — Stackpanel takes 20%, you keep 80%. If you have a stack you'd like to publish, get in touch.",
+	},
+	{
+		q: "Do you offer educational, non-profit, or open-source maintainer discounts?",
+		a: "Yes — get in touch and we'll set you up. Approved OSS maintainers get Team for free.",
+	},
+];
+
+function PricingPage() {
+	return (
+		<div className="min-h-screen bg-background">
+			<Header />
+			<main>
+				<PricingSection />
+
+				<section className="border-border border-b bg-secondary/10">
+					<div className="mx-auto max-w-7xl px-4 py-16 sm:px-6 lg:px-8">
+						<div className="text-center">
+							<p className="font-medium text-accent text-sm">
+								Compare every feature
+							</p>
+							<h2 className="mt-3 font-bold font-[Montserrat] text-3xl text-foreground sm:text-4xl">
+								Side-by-side
+							</h2>
+						</div>
+
+						<div className="mt-10 overflow-hidden rounded-2xl border border-border bg-card">
+							<div className="overflow-x-auto">
+								<table className="w-full min-w-[920px] text-left">
+									<thead className="border-border border-b bg-secondary/40">
+										<tr>
+											<th className="w-[28%] px-6 py-4 font-semibold text-foreground text-sm">
+												&nbsp;
+											</th>
+											{tierHeaders.map((h) => (
+												<th
+													className={cn(
+														"px-4 py-4 text-center font-semibold text-foreground text-sm",
+														h.emphasis && "text-accent",
+													)}
+													key={h.key}
+												>
+													{h.label}
+												</th>
+											))}
+										</tr>
+									</thead>
+									<tbody>
+										{sections.map((section) => (
+											<Fragment key={section.title}>
+												<tr className="border-border border-y bg-secondary/20">
+													<td
+														className="px-6 py-3 font-medium text-foreground text-xs tracking-[0.06em] uppercase"
+														colSpan={5}
+													>
+														{section.title}
+													</td>
+												</tr>
+												{section.rows.map((row) => (
+													<tr
+														className="border-border/40 border-b last:border-b-0 transition-colors hover:bg-secondary/20"
+														key={`${section.title}-${row.feature}`}
+													>
+														<td className="px-6 py-4">
+															<p className="font-medium text-foreground text-sm">
+																{row.feature}
+															</p>
+															{row.detail ? (
+																<p className="mt-0.5 text-muted-foreground text-xs">
+																	{row.detail}
+																</p>
+															) : null}
+														</td>
+														{tierHeaders.map((h) => (
+															<td
+																className={cn(
+																	"px-4 py-4 text-center align-middle",
+																	h.emphasis && "bg-accent/[0.04]",
+																)}
+																key={`${section.title}-${row.feature}-${h.key}`}
+															>
+																<div className="flex justify-center">
+																	<CellContent value={row[h.key]} />
+																</div>
+															</td>
+														))}
+													</tr>
+												))}
+											</Fragment>
+										))}
+									</tbody>
+								</table>
+							</div>
+						</div>
+					</div>
+				</section>
+
+				<section className="border-border border-b">
+					<div className="mx-auto max-w-3xl px-4 py-20 sm:px-6 lg:px-8">
+						<div className="text-center">
+							<p className="font-medium text-accent text-sm">FAQ</p>
+							<h2 className="mt-3 font-bold font-[Montserrat] text-3xl text-foreground sm:text-4xl">
+								Answers, in plain English
+							</h2>
+						</div>
+
+						<div className="mt-10 divide-y divide-border/60 rounded-2xl border border-border bg-card">
+							{faqs.map((faq) => (
+								<div className="p-6" key={faq.q}>
+									<h3 className="font-semibold text-foreground">{faq.q}</h3>
+									<p className="mt-2 text-muted-foreground text-sm leading-relaxed">
+										{faq.a}
+									</p>
+								</div>
+							))}
+						</div>
+
+						<div className="mt-10 flex flex-col items-center gap-3 rounded-2xl border border-border bg-secondary/30 p-8 text-center">
+							<p className="text-muted-foreground text-sm">
+								Still have questions?
+							</p>
+							<div className="flex flex-wrap justify-center gap-3">
+								<Button
+									asChild
+									className="bg-foreground text-background hover:bg-foreground/90"
+								>
+									<a href="mailto:hello@stackpanel.dev">
+										Email us
+										<ArrowRight className="ml-2 h-4 w-4" />
+									</a>
+								</Button>
+								<JoinWaitlistButton variant="outline" source="pricing.faq">
+									Join the waitlist
+								</JoinWaitlistButton>
+							</div>
+						</div>
+					</div>
+				</section>
+			</main>
+			<Footer />
+		</div>
+	);
+}
+
+function JoinWaitlistButton({
+	children,
+	source,
+	variant = "default",
+}: {
+	children: React.ReactNode;
+	source: string;
+	variant?: "default" | "outline";
+}) {
+	const waitlist = useWaitlist();
+	return (
+		<Button variant={variant} onClick={() => waitlist.open({ source })}>
+			{children}
+		</Button>
+	);
+}
diff --git a/apps/web/src/routes/success.tsx b/apps/web/src/routes/success.tsx
index faa93dc7..80acf126 100644
--- a/apps/web/src/routes/success.tsx
+++ b/apps/web/src/routes/success.tsx
@@ -1,4 +1,6 @@
-import { createFileRoute, useSearch } from "@tanstack/react-router";
+import { createFileRoute, Link, useSearch } from "@tanstack/react-router";
+import { Button } from "@ui/button";
+import { ArrowRight, CheckCircle2, MonitorPlay } from "lucide-react";
 
 export const Route = createFileRoute("/success")({
 	component: SuccessPage,
@@ -11,9 +13,43 @@ function SuccessPage() {
 	const { checkout_id } = useSearch({ from: "/success" });
 
 	return (
-		<div className="container mx-auto px-4 py-8">
-			<h1>Payment Successful!</h1>
-			{checkout_id && <p>Checkout ID: {checkout_id}</p>}
+		<div className="flex min-h-screen items-center justify-center bg-background px-4 py-16">
+			<div className="w-full max-w-xl rounded-2xl border border-border bg-card p-8 text-center sm:p-12">
+				<div className="mx-auto flex h-14 w-14 items-center justify-center rounded-full bg-accent/15 text-accent">
+					<CheckCircle2 className="h-7 w-7" />
+				</div>
+				<h1 className="mt-6 font-bold font-[Montserrat] text-2xl text-foreground sm:text-3xl">
+					You&apos;re all set.
+				</h1>
+				<p className="mt-3 text-muted-foreground">
+					Thanks for upgrading. Your account now has access to the full
+					Stackpanel experience.
+				</p>
+
+				{checkout_id ? (
+					<p className="mx-auto mt-4 max-w-md break-all rounded-md bg-secondary/50 px-3 py-2 font-mono text-muted-foreground text-xs">
+						Receipt: {checkout_id}
+					</p>
+				) : null}
+
+				<div className="mt-8 flex flex-wrap justify-center gap-3">
+					<Button
+						asChild
+						className="bg-foreground text-background hover:bg-foreground/90"
+					>
+						<Link to="/dashboard">
+							Go to dashboard
+							<ArrowRight className="ml-2 h-4 w-4" />
+						</Link>
+					</Button>
+					<Button asChild variant="outline">
+						<Link to="/studio">
+							<MonitorPlay className="mr-2 h-4 w-4" />
+							Open Studio
+						</Link>
+					</Button>
+				</div>
+			</div>
 		</div>
 	);
 }
diff --git a/bun.lock b/bun.lock
index 4ba66a38..1ad4df31 100644
--- a/bun.lock
+++ b/bun.lock
@@ -5,14 +5,14 @@
     "": {
       "name": "stackpanel",
       "dependencies": {
-        "@effect/platform": "^0.96.0",
+        "@effect/platform-bun": "4.0.0-beta.48",
         "@fontsource-variable/open-sans": "^5.2.7",
         "@intellectronica/ruler": "^0.3.18",
         "@pulumi/aws": "^7.15.0",
         "@pulumi/command": "^1.1.3",
         "db": "^6.0.3",
         "dotenv": "^17.2.2",
-        "effect": "^3.21.0",
+        "effect": "4.0.0-beta.48",
         "infra": "^1.0.3",
         "sst": "^3.17.25",
         "zod": "^4.1.11",
@@ -30,7 +30,7 @@
         "@pulumi/pulumi": "^3.213.0",
         "@types/node": "^22.13.11",
         "@typescript/native-preview": "^7.0.0-dev.20260317.1",
-        "alchemy": "^0.77.0",
+        "alchemy": "2.0.0-beta.20",
         "bun2nix": "^2.0.6",
         "cloudflare": "^5.2.0",
         "rolldown": "1.0.0-rc.13",
@@ -45,10 +45,19 @@
       "name": "api",
       "version": "0.0.1",
       "dependencies": {
+        "@distilled.cloud/cloudflare": "catalog:",
+        "@distilled.cloud/fly-io": "catalog:",
+        "@stackpanel/api": "workspace:*",
+        "@stackpanel/auth": "workspace:*",
+        "@stackpanel/db": "workspace:*",
+        "@trpc/server": "catalog:",
+        "alchemy-effect": "catalog:",
+        "effect": "catalog:",
         "hono": "catalog:",
       },
       "devDependencies": {
         "@types/bun": "latest",
+        "@types/node": "^22.13.11",
         "typescript": "^5",
       },
     },
@@ -275,6 +284,7 @@
         "@trpc/client": "catalog:",
         "@trpc/server": "catalog:",
         "ai": "catalog:",
+        "aws4fetch": "^1.0.20",
         "dotenv": "catalog:",
         "drizzle-orm": "^0.45.1",
         "hono": "catalog:",
@@ -297,6 +307,7 @@
         "@stackpanel/db": "workspace:*",
         "better-auth": "catalog:",
         "dotenv": "catalog:",
+        "drizzle-orm": "^0.45.1",
         "zod": "^4.1.11",
       },
       "devDependencies": {
@@ -406,12 +417,15 @@
         "@gen/config": "workspace:*",
         "@gen/env": "workspace:*",
         "@pulumi/aws": "^7.15.0",
+        "@stackpanel/api": "workspace:*",
         "@stackpanel/config": "workspace:*",
+        "@trpc/client": "catalog:",
         "alchemy": "^0.81.2",
         "alchemy-effect": "catalog:",
         "better-auth": "^1.6.1",
         "effect": "catalog:",
         "sst": "^3.17.25",
+        "superjson": "^2.2.6",
       },
       "devDependencies": {
         "bun2nix": "latest",
@@ -557,6 +571,7 @@
     "@distilled.cloud/cloudflare": "^0.10.0",
     "@distilled.cloud/cloudflare-bundler": "0.2.1",
     "@distilled.cloud/core": "^0.10.0",
+    "@distilled.cloud/fly-io": "^0.11.0",
     "@effect/language-service": "^0.85.1",
     "@effect/platform-bun": "4.0.0-beta.48",
     "@effect/platform-node": "4.0.0-beta.48",
@@ -593,7 +608,7 @@
 
     "@ai-sdk/openai": ["@ai-sdk/openai@3.0.53", "", { "dependencies": { "@ai-sdk/provider": "3.0.8", "@ai-sdk/provider-utils": "4.0.23" }, "peerDependencies": { "zod": "^3.25.76 || ^4.1.8" } }, "sha512-Wld+Rbc05KaUn08uBt06eEuwcgalcIFtIl32Yp+GxuZXUQwOb6YeAuq+C6da4ch6BurFoqEaLemJVwjBb7x+PQ=="],
 
-    "@ai-sdk/provider": ["@ai-sdk/provider@2.0.1", "", { "dependencies": { "json-schema": "^0.4.0" } }, "sha512-KCUwswvsC5VsW2PWFqF8eJgSCu5Ysj7m1TxiHTVA6g7k360bk0RNQENT8KTMAYEs+8fWPD3Uu4dEmzGHc+jGng=="],
+    "@ai-sdk/provider": ["@ai-sdk/provider@3.0.8", "", { "dependencies": { "json-schema": "^0.4.0" } }, "sha512-oGMAgGoQdBXbZqNG0Ze56CHjDZ1IDYOwGYxYjO5KLSlz5HiNQ9udIXsPZ61VWaHGZ5XW/jyjmr6t2xz2jGVwbQ=="],
 
     "@ai-sdk/provider-utils": ["@ai-sdk/provider-utils@3.0.23", "", { "dependencies": { "@ai-sdk/provider": "2.0.1", "@standard-schema/spec": "^1.0.0", "eventsource-parser": "^3.0.6" }, "peerDependencies": { "zod": "^3.25.76 || ^4.1.8" } }, "sha512-60GYsRj5wIJQRcq5YwYJq4KhwLeStceXEJiZdecP1miiH+6FMmrnc7lZDOJoQ6m9lrudEb+uI4LEwddLz5+rPQ=="],
 
@@ -933,7 +948,9 @@
 
     "@dimforge/rapier2d-simd-compat": ["@dimforge/rapier2d-simd-compat@0.17.3", "", {}, "sha512-bijvwWz6NHsNj5e5i1vtd3dU2pDhthSaTUZSh14DUGGKJfw8eMnlWZsxwHBxB/a3AXVNDjL9abuHw1k9FGR+jg=="],
 
-    "@distilled.cloud/aws": ["@distilled.cloud/aws@0.10.2", "", { "dependencies": { "@aws-crypto/crc32": "^5.2.0", "@aws-crypto/util": "^5.2.0", "@aws-sdk/credential-providers": "^3.994.0", "@aws-sdk/types": "^3.973.1", "@distilled.cloud/core": "0.10.2", "@smithy/shared-ini-file-loader": "^4.4.3", "@smithy/types": "^4.12.0", "@smithy/util-base64": "^4.3.0", "aws4fetch": "^1.0.20", "effect": "4.0.0-beta.48", "fast-xml-parser": "^5.3.2" } }, "sha512-4HxtkXMnR80yEikp4EVGlYIjz4iq0JBn1E7O5UFV3iEY73k47aqHDBrHi0uEGCXl7bYjbCdznRl5P+oZStFOXQ=="],
+    "@distilled.cloud/aws": ["@distilled.cloud/aws@0.13.0", "", { "dependencies": { "@aws-crypto/crc32": "^5.2.0", "@aws-crypto/util": "^5.2.0", "@aws-sdk/credential-providers": "^3.994.0", "@aws-sdk/types": "^3.973.1", "@distilled.cloud/core": "0.13.0", "@smithy/shared-ini-file-loader": "^4.4.3", "@smithy/types": "^4.12.0", "@smithy/util-base64": "^4.3.0", "aws4fetch": "^1.0.20", "effect": "4.0.0-beta.58", "fast-xml-parser": "^5.3.2" } }, "sha512-KG28DKZ9oHSCqiGy6dbu+t26MoFwBNergLrQX9RoMrcCvAhYbo/pr5UoRujoWolSkiNMbyLlLWznv0ywn/DxRw=="],
+
+    "@distilled.cloud/axiom": ["@distilled.cloud/axiom@0.13.0", "", { "dependencies": { "@distilled.cloud/core": "0.13.0", "effect": "4.0.0-beta.58" } }, "sha512-9TLCTRwB9gxniuCCMo9q6Y+tmPkjDELPkcdm3Q4vIVgYZr/OSuvXJVSJhqn+0DGcwPal7uZnxiJcSIt8TU5LMg=="],
 
     "@distilled.cloud/cloudflare": ["@distilled.cloud/cloudflare@0.10.2", "", { "dependencies": { "@distilled.cloud/core": "0.10.2", "effect": "4.0.0-beta.48" } }, "sha512-IfbqNHlxTeXNsURWVNWTkB8A3fEAw6gfmjDOJj5/vt33YN3vlsy1DXcnweOELTCGs37FRFdpuV0dNVPxSbJnpQ=="],
 
@@ -941,7 +958,9 @@
 
     "@distilled.cloud/cloudflare-vite-plugin": ["@distilled.cloud/cloudflare-vite-plugin@0.1.0", "", { "dependencies": { "@distilled.cloud/cloudflare-rolldown-plugin": "0.2.0" }, "peerDependencies": { "vite": "^8.0.0" } }, "sha512-Brluigro6OXOmGKea8LCbs43u+pI7NsxtvEFLU8eO2Go2hDqcwLQ3fc4YiXq4Y6nRYUpkoiGV2ITynttV+/suA=="],
 
-    "@distilled.cloud/core": ["@distilled.cloud/core@0.10.2", "", { "dependencies": { "effect": "4.0.0-beta.48" } }, "sha512-j7phS+p6yx4pyacMe1askeJ8v/mu8etwUvAH/9RlUYJYP9vuY+U38XwEO6KLFXWFGT6Y9xXdH8El3BjiYwQlRQ=="],
+    "@distilled.cloud/core": ["@distilled.cloud/core@0.13.0", "", { "dependencies": { "effect": "4.0.0-beta.58" } }, "sha512-Xu0oGfVUD0SkuKso93g5TkWC0Tjd2imDZyrefdbnLHdkWdPubFodaurwLJj4Kk3lr1n+oYx1dwCafpjbbRxnHQ=="],
+
+    "@distilled.cloud/fly-io": ["@distilled.cloud/fly-io@0.11.0", "", { "dependencies": { "@distilled.cloud/core": "0.11.0", "effect": "4.0.0-beta.48" } }, "sha512-zJHd0lDSMrnQlgX1BaGNFUvt3wuHTDvmw/v6O0a53dMfHonWnJW5H2RkUG31MZl42bxiHsaF7aFr0bTFuR7YeA=="],
 
     "@distilled.cloud/neon": ["@distilled.cloud/neon@0.10.2", "", { "dependencies": { "@distilled.cloud/core": "0.10.2", "effect": "4.0.0-beta.48" } }, "sha512-XjDJufRnESqdguy10cecnJjSeMwqZAKbqorBg92rLVWEit9XuciUea/SMGLr1HEHTukBp5qnar50u9iNkPj8Sg=="],
 
@@ -963,7 +982,7 @@
 
     "@effect/platform-node-shared": ["@effect/platform-node-shared@4.0.0-beta.48", "", { "dependencies": { "@types/ws": "^8.18.1", "ws": "^8.20.0" }, "peerDependencies": { "effect": "^4.0.0-beta.48" } }, "sha512-wlhcdDHyacydCgiWdM8JwtQkViQhZsC8uJZ9wMoZXYxlCTvqfdzLeWw4A1UVMoq7sS6/KR1aZVeFkUjrqonncQ=="],
 
-    "@effect/vitest": ["@effect/vitest@4.0.0-beta.48", "", { "peerDependencies": { "effect": "^4.0.0-beta.48", "vitest": "^3.0.0 || ^4.0.0" } }, "sha512-ONG24EIfUXTrJzIDJctIr6y6JOeml97eoZ53WRUNdwp/tHIAU+U3ME5uUdmtLBKSFeyivYjXGPvEP2DW8f/bCQ=="],
+    "@effect/vitest": ["@effect/vitest@4.0.0-beta.58", "", { "peerDependencies": { "effect": "^4.0.0-beta.58", "vitest": "^3.0.0 || ^4.0.0" } }, "sha512-smbZFxaznzlvbzsfq8r8lCZy6Ym3aAMv5LxmuZSm2DMcyL07jcg0qOrs7FCGvqneUvCEKkkZ8tkcEporBduH7A=="],
 
     "@emnapi/core": ["@emnapi/core@1.9.1", "", { "dependencies": { "@emnapi/wasi-threads": "1.2.0", "tslib": "^2.4.0" } }, "sha512-mukuNALVsoix/w1BJwFzwXBN/dHeejQtuVzcDsfOEsdpCumXb/E9j8w11h5S54tT1xhifGfbbSm/ICrObRb3KA=="],
 
@@ -1409,29 +1428,29 @@
 
     "@npmcli/run-script": ["@npmcli/run-script@10.0.4", "", { "dependencies": { "@npmcli/node-gyp": "^5.0.0", "@npmcli/package-json": "^7.0.0", "@npmcli/promise-spawn": "^9.0.0", "node-gyp": "^12.1.0", "proc-log": "^6.0.0" } }, "sha512-mGUWr1uMnf0le2TwfOZY4SFxZGXGfm4Jtay/nwAa2FLNAKXUoUwaGwBMNH36UHPtinWfTSJ3nqFQr0091CxVGg=="],
 
-    "@octokit/auth-token": ["@octokit/auth-token@5.1.2", "", {}, "sha512-JcQDsBdg49Yky2w2ld20IHAlwr8d/d8N6NiOXbtuoPCqzbsiJgF633mVUw3x4mo0H5ypataQIX7SFu3yy44Mpw=="],
+    "@octokit/auth-token": ["@octokit/auth-token@6.0.0", "", {}, "sha512-P4YJBPdPSpWTQ1NU4XYdvHvXJJDxM6YwpS0FZHRgP7YFkdVxsWcpWGy/NVqlAA7PcPCnMacXlRm1y2PFZRWL/w=="],
 
-    "@octokit/core": ["@octokit/core@6.1.6", "", { "dependencies": { "@octokit/auth-token": "^5.0.0", "@octokit/graphql": "^8.2.2", "@octokit/request": "^9.2.3", "@octokit/request-error": "^6.1.8", "@octokit/types": "^14.0.0", "before-after-hook": "^3.0.2", "universal-user-agent": "^7.0.0" } }, "sha512-kIU8SLQkYWGp3pVKiYzA5OSaNF5EE03P/R8zEmmrG6XwOg5oBjXyQVVIauQ0dgau4zYhpZEhJrvIYt6oM+zZZA=="],
+    "@octokit/core": ["@octokit/core@7.0.6", "", { "dependencies": { "@octokit/auth-token": "^6.0.0", "@octokit/graphql": "^9.0.3", "@octokit/request": "^10.0.6", "@octokit/request-error": "^7.0.2", "@octokit/types": "^16.0.0", "before-after-hook": "^4.0.0", "universal-user-agent": "^7.0.0" } }, "sha512-DhGl4xMVFGVIyMwswXeyzdL4uXD5OGILGX5N8Y+f6W7LhC1Ze2poSNrkF/fedpVDHEEZ+PHFW0vL14I+mm8K3Q=="],
 
-    "@octokit/endpoint": ["@octokit/endpoint@10.1.4", "", { "dependencies": { "@octokit/types": "^14.0.0", "universal-user-agent": "^7.0.2" } }, "sha512-OlYOlZIsfEVZm5HCSR8aSg02T2lbUWOsCQoPKfTXJwDzcHQBrVBGdGXb89dv2Kw2ToZaRtudp8O3ZIYoaOjKlA=="],
+    "@octokit/endpoint": ["@octokit/endpoint@11.0.3", "", { "dependencies": { "@octokit/types": "^16.0.0", "universal-user-agent": "^7.0.2" } }, "sha512-FWFlNxghg4HrXkD3ifYbS/IdL/mDHjh9QcsNyhQjN8dplUoZbejsdpmuqdA76nxj2xoWPs7p8uX2SNr9rYu0Ag=="],
 
-    "@octokit/graphql": ["@octokit/graphql@8.2.2", "", { "dependencies": { "@octokit/request": "^9.2.3", "@octokit/types": "^14.0.0", "universal-user-agent": "^7.0.0" } }, "sha512-Yi8hcoqsrXGdt0yObxbebHXFOiUA+2v3n53epuOg1QUgOB6c4XzvisBNVXJSl8RYA5KrDuSL2yq9Qmqe5N0ryA=="],
+    "@octokit/graphql": ["@octokit/graphql@9.0.3", "", { "dependencies": { "@octokit/request": "^10.0.6", "@octokit/types": "^16.0.0", "universal-user-agent": "^7.0.0" } }, "sha512-grAEuupr/C1rALFnXTv6ZQhFuL1D8G5y8CN04RgrO4FIPMrtm+mcZzFG7dcBm+nq+1ppNixu+Jd78aeJOYxlGA=="],
 
-    "@octokit/openapi-types": ["@octokit/openapi-types@25.1.0", "", {}, "sha512-idsIggNXUKkk0+BExUn1dQ92sfysJrje03Q0bv0e+KPLrvyqZF8MnBpFz8UNfYDwB3Ie7Z0TByjWfzxt7vseaA=="],
+    "@octokit/openapi-types": ["@octokit/openapi-types@27.0.0", "", {}, "sha512-whrdktVs1h6gtR+09+QsNk2+FO+49j6ga1c55YZudfEG+oKJVvJLQi3zkOm5JjiUXAagWK2tI2kTGKJ2Ys7MGA=="],
 
-    "@octokit/plugin-paginate-rest": ["@octokit/plugin-paginate-rest@11.6.0", "", { "dependencies": { "@octokit/types": "^13.10.0" }, "peerDependencies": { "@octokit/core": ">=6" } }, "sha512-n5KPteiF7pWKgBIBJSk8qzoZWcUkza2O6A0za97pMGVrGfPdltxrfmfF5GucHYvHGZD8BdaZmmHGz5cX/3gdpw=="],
+    "@octokit/plugin-paginate-rest": ["@octokit/plugin-paginate-rest@14.0.0", "", { "dependencies": { "@octokit/types": "^16.0.0" }, "peerDependencies": { "@octokit/core": ">=6" } }, "sha512-fNVRE7ufJiAA3XUrha2omTA39M6IXIc6GIZLvlbsm8QOQCYvpq/LkMNGyFlB1d8hTDzsAXa3OKtybdMAYsV/fw=="],
 
-    "@octokit/plugin-request-log": ["@octokit/plugin-request-log@5.3.1", "", { "peerDependencies": { "@octokit/core": ">=6" } }, "sha512-n/lNeCtq+9ofhC15xzmJCNKP2BWTv8Ih2TTy+jatNCCq/gQP/V7rK3fjIfuz0pDWDALO/o/4QY4hyOF6TQQFUw=="],
+    "@octokit/plugin-request-log": ["@octokit/plugin-request-log@6.0.0", "", { "peerDependencies": { "@octokit/core": ">=6" } }, "sha512-UkOzeEN3W91/eBq9sPZNQ7sUBvYCqYbrrD8gTbBuGtHEuycE4/awMXcYvx6sVYo7LypPhmQwwpUe4Yyu4QZN5Q=="],
 
-    "@octokit/plugin-rest-endpoint-methods": ["@octokit/plugin-rest-endpoint-methods@13.5.0", "", { "dependencies": { "@octokit/types": "^13.10.0" }, "peerDependencies": { "@octokit/core": ">=6" } }, "sha512-9Pas60Iv9ejO3WlAX3maE1+38c5nqbJXV5GrncEfkndIpZrJ/WPMRd2xYDcPPEt5yzpxcjw9fWNoPhsSGzqKqw=="],
+    "@octokit/plugin-rest-endpoint-methods": ["@octokit/plugin-rest-endpoint-methods@17.0.0", "", { "dependencies": { "@octokit/types": "^16.0.0" }, "peerDependencies": { "@octokit/core": ">=6" } }, "sha512-B5yCyIlOJFPqUUeiD0cnBJwWJO8lkJs5d8+ze9QDP6SvfiXSz1BF+91+0MeI1d2yxgOhU/O+CvtiZ9jSkHhFAw=="],
 
-    "@octokit/request": ["@octokit/request@9.2.4", "", { "dependencies": { "@octokit/endpoint": "^10.1.4", "@octokit/request-error": "^6.1.8", "@octokit/types": "^14.0.0", "fast-content-type-parse": "^2.0.0", "universal-user-agent": "^7.0.2" } }, "sha512-q8ybdytBmxa6KogWlNa818r0k1wlqzNC+yNkcQDECHvQo8Vmstrg18JwqJHdJdUiHD2sjlwBgSm9kHkOKe2iyA=="],
+    "@octokit/request": ["@octokit/request@10.0.8", "", { "dependencies": { "@octokit/endpoint": "^11.0.3", "@octokit/request-error": "^7.0.2", "@octokit/types": "^16.0.0", "fast-content-type-parse": "^3.0.0", "json-with-bigint": "^3.5.3", "universal-user-agent": "^7.0.2" } }, "sha512-SJZNwY9pur9Agf7l87ywFi14W+Hd9Jg6Ifivsd33+/bGUQIjNujdFiXII2/qSlN2ybqUHfp5xpekMEjIBTjlSw=="],
 
-    "@octokit/request-error": ["@octokit/request-error@6.1.8", "", { "dependencies": { "@octokit/types": "^14.0.0" } }, "sha512-WEi/R0Jmq+IJKydWlKDmryPcmdYSVjL3ekaiEL1L9eo1sUnqMJ+grqmC9cjk7CA7+b2/T397tO5d8YLOH3qYpQ=="],
+    "@octokit/request-error": ["@octokit/request-error@7.1.0", "", { "dependencies": { "@octokit/types": "^16.0.0" } }, "sha512-KMQIfq5sOPpkQYajXHwnhjCC0slzCNScLHs9JafXc4RAJI+9f+jNDlBNaIMTvazOPLgb4BnlhGJOTbnN0wIjPw=="],
 
-    "@octokit/rest": ["@octokit/rest@21.1.1", "", { "dependencies": { "@octokit/core": "^6.1.4", "@octokit/plugin-paginate-rest": "^11.4.2", "@octokit/plugin-request-log": "^5.3.1", "@octokit/plugin-rest-endpoint-methods": "^13.3.0" } }, "sha512-sTQV7va0IUVZcntzy1q3QqPm/r8rWtDCqpRAmb8eXXnKkjoQEtFe3Nt5GTVsHft+R6jJoHeSiVLcgcvhtue/rg=="],
+    "@octokit/rest": ["@octokit/rest@22.0.1", "", { "dependencies": { "@octokit/core": "^7.0.6", "@octokit/plugin-paginate-rest": "^14.0.0", "@octokit/plugin-request-log": "^6.0.0", "@octokit/plugin-rest-endpoint-methods": "^17.0.0" } }, "sha512-Jzbhzl3CEexhnivb1iQ0KJ7s5vvjMWcmRtq5aUsKmKDrRW6z3r84ngmiFKFvpZjpiU/9/S6ITPFRpn5s/3uQJw=="],
 
-    "@octokit/types": ["@octokit/types@14.1.0", "", { "dependencies": { "@octokit/openapi-types": "^25.1.0" } }, "sha512-1y6DgTy8Jomcpu33N+p5w58l6xyt55Ar2I91RPiIA0xCJBXyUAhXCcmZaDWSANiha7R9a6qJJ2CRomGPZ6f46g=="],
+    "@octokit/types": ["@octokit/types@16.0.0", "", { "dependencies": { "@octokit/openapi-types": "^27.0.0" } }, "sha512-sKq+9r1Mm4efXW1FCk7hFSeJo4QKreL/tTbR0rz/qx/r1Oa2VV83LTA/H/MuCOX7uCIJmQVRKBcbmWoySjAnSg=="],
 
     "@oozcitak/dom": ["@oozcitak/dom@2.0.2", "", { "dependencies": { "@oozcitak/infra": "^2.0.2", "@oozcitak/url": "^3.0.0", "@oozcitak/util": "^10.0.0" } }, "sha512-GjpKhkSYC3Mj4+lfwEyI1dqnsKTgwGy48ytZEhm4A/xnH/8z9M3ZVXKr/YGQi3uCLs1AEBS+x5T2JPiueEDW8w=="],
 
@@ -2305,6 +2324,8 @@
 
     "@types/katex": ["@types/katex@0.16.8", "", {}, "sha512-trgaNyfU+Xh2Tc+ABIb44a5AYUpicB3uwirOioeOkNPPbmgRNtcWyDeeFRzjPZENO9Vq8gvVqfhaaXWLlevVwg=="],
 
+    "@types/libsodium-wrappers": ["@types/libsodium-wrappers@0.8.2", "", { "dependencies": { "libsodium-wrappers": "*" } }, "sha512-+2IDfSULPUskSjIYfZl9suIUsIE5PXwoKZiE/j0MZWd+M9nEGvJDsk/ztMZKNhL1lBL+1CaypW0dQSjqPW2dMg=="],
+
     "@types/lodash": ["@types/lodash@4.17.24", "", {}, "sha512-gIW7lQLZbue7lRSWEFql49QJJWThrTFFeIMJdp3eH4tKoxm1OvEPg02rm4wCCSHS0cL3/Fizimb35b7k8atwsQ=="],
 
     "@types/mdast": ["@types/mdast@4.0.4", "", { "dependencies": { "@types/unist": "*" } }, "sha512-kGaNbPh1k7AFzgpud/gMdvIm5xuECykRR+JnWKQno9TAXVa6WIVCGTPvYGekIDL4uwCZQSYbUxNBSb1aUo79oA=="],
@@ -2483,7 +2504,7 @@
 
     "ajv-formats": ["ajv-formats@3.0.1", "", { "dependencies": { "ajv": "^8.0.0" } }, "sha512-8iUql50EUR+uUcdRQ3HDqa6EVyo3docL8g5WJ3FNcWmu62IbkGUue/pEyLBW8VGKKucTPgqeks4fIU1DA4yowQ=="],
 
-    "alchemy": ["alchemy@0.77.5", "", { "dependencies": { "@aws-sdk/credential-providers": "^3.0.0", "@cloudflare/unenv-preset": "2.7.7", "@cloudflare/workers-types": "^4.20250805.0", "@iarna/toml": "^2.2.5", "@octokit/rest": "^21.1.1", "@smithy/node-config-provider": "^4.0.0", "@smithy/types": "^4.6.0", "aws4fetch": "^1.0.20", "env-paths": "^3.0.0", "esbuild": "^0.25.1", "execa": "^9.6.0", "fast-json-patch": "^3.1.1", "fast-xml-parser": "^5.2.5", "find-process": "^2.0.0", "glob": "^10.0.0", "jszip": "^3.0.0", "libsodium-wrappers": "^0.7.15", "miniflare": "^4.20250906.0", "neverthrow": "^8.2.0", "open": "^10.1.2", "openapi-types": "^12.1.3", "pathe": "^2.0.3", "picocolors": "^1.1.1", "proper-lockfile": "^4.1.2", "signal-exit": "^4.1.0", "unenv": "2.0.0-rc.21", "ws": "^8.18.3", "yaml": "^2.0.0" }, "peerDependencies": { "@astrojs/cloudflare": "^12.6.4", "@aws-sdk/client-dynamodb": "^3.0.0", "@aws-sdk/client-iam": "^3.0.0", "@aws-sdk/client-lambda": "^3.0.0", "@aws-sdk/client-s3": "^3.0.0", "@aws-sdk/client-sesv2": "^3.0.0", "@aws-sdk/client-sqs": "^3.0.0", "@aws-sdk/client-ssm": "^3.0.0", "@aws-sdk/client-sts": "^3.0.0", "@cloudflare/vite-plugin": "^1.13.14", "@coinbase/cdp-sdk": "^0.10.0", "@libsql/client": "^0.15.12", "@opennextjs/cloudflare": "^1.6.5", "astro": "^5.13.2", "drizzle-orm": "^0.44.2", "rwsdk": "^0.1.36", "stripe": "^18.5.0", "vite": ">=6.0.0", "wrangler": "^4.42.2" }, "optionalPeers": ["@astrojs/cloudflare", "@aws-sdk/client-dynamodb", "@aws-sdk/client-iam", "@aws-sdk/client-lambda", "@aws-sdk/client-s3", "@aws-sdk/client-sesv2", "@aws-sdk/client-sqs", "@aws-sdk/client-ssm", "@aws-sdk/client-sts", "@cloudflare/vite-plugin", "@coinbase/cdp-sdk", "@libsql/client", "@opennextjs/cloudflare", "astro", "drizzle-orm", "rwsdk", "stripe", "vite"], "bin": { "alchemy": "bin/alchemy.js" } }, "sha512-5p8fMYw43ioJAZp52RTCJw7+aAdHWXZ0ycCVxtGyr/pz5+X6+n1MsohfqbhCp49BiEJg4bfMIcCMG6i3mZJv4Q=="],
+    "alchemy": ["alchemy@2.0.0-beta.20", "", { "dependencies": { "@ai-sdk/anthropic": "^3.0.31", "@ai-sdk/openai": "^3.0.23", "@ai-sdk/provider": "^3.0.8", "@aws-sdk/credential-providers": "^3.0.0", "@clack/prompts": "^0.11.0", "@distilled.cloud/aws": "^0.13.0", "@distilled.cloud/axiom": "^0.13.0", "@distilled.cloud/cloudflare": "^0.13.0", "@distilled.cloud/cloudflare-rolldown-plugin": "0.3.0", "@distilled.cloud/cloudflare-vite-plugin": "0.2.0", "@distilled.cloud/core": "^0.13.0", "@effect/vitest": "4.0.0-beta.58", "@libsql/client": "^0.17.0", "@octokit/rest": "^22.0.1", "@smithy/node-config-provider": "^4.0.0", "@smithy/shared-ini-file-loader": "^4.3.4", "@smithy/types": "^4.8.1", "@types/aws-lambda": "^8.10.152", "@types/libsodium-wrappers": "^0.8.2", "ai": "^6.0.62", "aws4fetch": "^1.0.20", "capnp-es": "^0.0.14", "cloudflare": "^5.2.0", "fast-glob": "^3.3.2", "fast-xml-parser": "^5.3.4", "foreground-child": "^4.0.3", "ignore": "^7.0.5", "jszip": "^3.10.1", "libsodium-wrappers": "^0.8.3", "magic-string": "^0.30.21", "picomatch": "^4.0.4", "rolldown": "1.0.0-rc.13", "sonda": "^0.11.1", "web-tree-sitter": "0.25.10", "workerd": "1.20260417.1", "yaml": "^2.0.0" }, "peerDependencies": { "@effect/platform-bun": "4.0.0-beta.58", "@effect/platform-node": "4.0.0-beta.58", "effect": "4.0.0-beta.58", "vite": "^8.0.7" }, "optionalPeers": ["@effect/platform-bun", "@effect/platform-node", "vite"], "bin": { "alchemy": "bin/cli.js" } }, "sha512-jSwrh3PHqwIXM271RaJtEF0uo8c4V5kvvPKHIkYA3eG9RFcMfvME/QoHiYjPDy1kViJAkPwuveM0koB4jubRow=="],
 
     "alchemy-effect": ["alchemy-effect@0.12.0", "", { "dependencies": { "@ai-sdk/anthropic": "^3.0.31", "@ai-sdk/openai": "^3.0.23", "@ai-sdk/provider": "^3.0.8", "@aws-sdk/credential-providers": "^3.0.0", "@distilled.cloud/aws": "^0.10.0", "@distilled.cloud/cloudflare": "^0.10.0", "@distilled.cloud/cloudflare-rolldown-plugin": "0.2.0", "@distilled.cloud/cloudflare-vite-plugin": "0.1.0", "@distilled.cloud/core": "^0.10.0", "@effect/vitest": "4.0.0-beta.48", "@libsql/client": "^0.17.0", "@smithy/node-config-provider": "^4.0.0", "@smithy/shared-ini-file-loader": "^4.3.4", "@smithy/types": "^4.8.1", "@types/aws-lambda": "^8.10.152", "ai": "^6.0.62", "aws4fetch": "^1.0.20", "capnp-es": "^0.0.14", "cloudflare": "^5.2.0", "fast-glob": "^3.3.2", "fast-xml-parser": "^5.3.4", "ignore": "^7.0.5", "jszip": "^3.10.1", "rolldown": "1.0.0-rc.13", "solid-js": "latest", "sonda": "^0.11.1", "web-tree-sitter": "0.25.10", "workerd": "1.20260412.1", "yaml": "^2.0.0" }, "peerDependencies": { "@effect/platform-bun": "*", "@effect/platform-node": "*", "effect": "*", "vite": "^8.0.7" }, "optionalPeers": ["@effect/platform-bun", "@effect/platform-node", "effect", "vite"], "bin": { "alchemy": "bin/alchemy-effect.sh", "alchemy-effect": "bin/alchemy-effect.sh" } }, "sha512-ecbA4YRV7ijCtCgaUf1mfpH4gYrNLqwnHBmlxwg/eutU8GFzv0dN3UGlqnyjVCTWehakqCV5HAEtH7BNNm+1HA=="],
 
@@ -2593,7 +2614,7 @@
 
     "bcrypt-pbkdf": ["bcrypt-pbkdf@1.0.2", "", { "dependencies": { "tweetnacl": "^0.14.3" } }, "sha512-qeFIXtP4MSoi6NLqO12WfqARWWuCKi2Rn/9hJLEmtB5yTNr9DqFWkJRCf2qShWzPeAMRnOgCrq0sg/KLv5ES9w=="],
 
-    "before-after-hook": ["before-after-hook@3.0.2", "", {}, "sha512-Nik3Sc0ncrMK4UUdXQmAnRtzmNQTAAXmXIopizwZ1W1t8QmfJj+zL4OA2I7XPTPW5z5TDqv4hRo/JzouDJnX3A=="],
+    "before-after-hook": ["before-after-hook@4.0.0", "", {}, "sha512-q6tR3RPqIB1pMiTRMFcZwuG5T8vwp+vUvEG0vuI6B+Rikh5BfPp2fQ82c925FOs+b0lcFQ8CFrL+KbilfZFhOQ=="],
 
     "better-auth": ["better-auth@1.6.5", "", { "dependencies": { "@better-auth/core": "1.6.5", "@better-auth/drizzle-adapter": "1.6.5", "@better-auth/kysely-adapter": "1.6.5", "@better-auth/memory-adapter": "1.6.5", "@better-auth/mongo-adapter": "1.6.5", "@better-auth/prisma-adapter": "1.6.5", "@better-auth/telemetry": "1.6.5", "@better-auth/utils": "0.4.0", "@better-fetch/fetch": "1.1.21", "@noble/ciphers": "^2.1.1", "@noble/hashes": "^2.0.1", "better-call": "1.3.5", "defu": "^6.1.4", "jose": "^6.1.3", "kysely": "^0.28.14", "nanostores": "^1.1.1", "zod": "^4.3.6" }, "peerDependencies": { "@lynx-js/react": "*", "@prisma/client": "^5.0.0 || ^6.0.0 || ^7.0.0", "@sveltejs/kit": "^2.0.0", "@tanstack/react-start": "^1.0.0", "@tanstack/solid-start": "^1.0.0", "better-sqlite3": "^12.0.0", "drizzle-kit": ">=0.31.4", "drizzle-orm": "^0.45.2", "mongodb": "^6.0.0 || ^7.0.0", "mysql2": "^3.0.0", "next": "^14.0.0 || ^15.0.0 || ^16.0.0", "pg": "^8.0.0", "prisma": "^5.0.0 || ^6.0.0 || ^7.0.0", "react": "^18.0.0 || ^19.0.0", "react-dom": "^18.0.0 || ^19.0.0", "solid-js": "^1.0.0", "svelte": "^4.0.0 || ^5.0.0", "vitest": "^2.0.0 || ^3.0.0 || ^4.0.0", "vue": "^3.0.0" }, "optionalPeers": ["@lynx-js/react", "@prisma/client", "@sveltejs/kit", "@tanstack/react-start", "@tanstack/solid-start", "better-sqlite3", "drizzle-kit", "drizzle-orm", "mongodb", "mysql2", "next", "pg", "prisma", "react", "react-dom", "solid-js", "svelte", "vitest", "vue"] }, "sha512-rSt8JtJOJK0MqPShXINCmM6DV30GsDvnCTlIxQIzP9OpUx/umA40nUc4ALZHQyqAPbw1ib/a549kIWw/WyxxKA=="],
 
@@ -3161,7 +3182,7 @@
 
     "fast-check": ["fast-check@4.7.0", "", { "dependencies": { "pure-rand": "^8.0.0" } }, "sha512-NsZRtqvSSoCP0HbNjUD+r1JH8zqZalyp6gLY9e7OYs7NK9b6AHOs2baBFeBG7bVNsuoukh89x2Yg3rPsul8ziQ=="],
 
-    "fast-content-type-parse": ["fast-content-type-parse@2.0.1", "", {}, "sha512-nGqtvLrj5w0naR6tDPfB4cUmYCqouzyQiz6C5y/LtcDllJdrcc6WaWW6iXyIIOErTa/XRybj28aasdn4LkVk6Q=="],
+    "fast-content-type-parse": ["fast-content-type-parse@3.0.0", "", {}, "sha512-ZvLdcY8P+N8mGQJahJV5G4U88CSvT1rP8ApL6uETe88MBXrBHAkZlSEySdUlyztF7ccb+Znos3TFqaepHxdhBg=="],
 
     "fast-deep-equal": ["fast-deep-equal@3.1.3", "", {}, "sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q=="],
 
@@ -3223,7 +3244,7 @@
 
     "for-each": ["for-each@0.3.5", "", { "dependencies": { "is-callable": "^1.2.7" } }, "sha512-dKx12eRCVIzqCxFGplyFKJMPvLEWgmNtUrpTiJIR5u97zEhRG8ySrtboPHZXx7daLxQVrl643cTzbab2tkQjxg=="],
 
-    "foreground-child": ["foreground-child@3.3.1", "", { "dependencies": { "cross-spawn": "^7.0.6", "signal-exit": "^4.0.1" } }, "sha512-gIXjKqtFuWEgzFRJA9WCQeSJLZDjgJUOMCMzxtvFq/37KojM1BFGufqsCy0r4qSQmYLsZYMeyRqzIWOMup03sw=="],
+    "foreground-child": ["foreground-child@4.0.3", "", { "dependencies": { "signal-exit": "^4.0.1" } }, "sha512-yeXZaNbCBGaT9giTpLPBdtedzjwhlJBUoL/R4BVQU5mn0TQXOHwVIl1Q2DMuBIdNno4ktA1abZ7dQFVxD6uHxw=="],
 
     "form-data": ["form-data@4.0.5", "", { "dependencies": { "asynckit": "^0.4.0", "combined-stream": "^1.0.8", "es-set-tostringtag": "^2.1.0", "hasown": "^2.0.2", "mime-types": "^2.1.12" } }, "sha512-8RipRLol37bNs2bhoV67fiTEvdTrbMUYcFTiy3+wuuOnUog2QBHCZWXDRijWQfAkhBj2Uf5UnVaiWwA5vdd82w=="],
 
@@ -3295,7 +3316,7 @@
 
     "github-slugger": ["github-slugger@2.0.0", "", {}, "sha512-IaOQ9puYtjrkq7Y0Ygl9KDZnrf/aiUJYUpVf89y8kyaxbRG7Y1SrX/jaumrv81vc61+kiMempujsM3Yw7w5qcw=="],
 
-    "glob": ["glob@10.5.0", "", { "dependencies": { "foreground-child": "^3.1.0", "jackspeak": "^3.1.2", "minimatch": "^9.0.4", "minipass": "^7.1.2", "package-json-from-dist": "^1.0.0", "path-scurry": "^1.11.1" }, "bin": { "glob": "dist/esm/bin.mjs" } }, "sha512-DfXN8DfhJ7NH3Oe7cFmu3NCu1wKbkReJ8TorzSAFbSKrlNaQSKfIzqYqVY8zlbs2NLBbWpRiU52GX2PbaBVNkg=="],
+    "glob": ["glob@13.0.6", "", { "dependencies": { "minimatch": "^10.2.2", "minipass": "^7.1.3", "path-scurry": "^2.0.2" } }, "sha512-Wjlyrolmm8uDpm/ogGyXZXb1Z+Ca2B8NbJwqBVg0axK9GbBeoS7yGV6vjXnYdGm6X53iehEuxxbyiKp8QmN4Vw=="],
 
     "glob-parent": ["glob-parent@6.0.2", "", { "dependencies": { "is-glob": "^4.0.3" } }, "sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A=="],
 
@@ -3665,6 +3686,8 @@
 
     "json-stringify-nice": ["json-stringify-nice@1.1.4", "", {}, "sha512-5Z5RFW63yxReJ7vANgW6eZFGWaQvnPE3WNmZoOJrSkGju2etKA2L5rrOa1sm877TVTFt57A80BH1bArcmlLfPw=="],
 
+    "json-with-bigint": ["json-with-bigint@3.5.8", "", {}, "sha512-eq/4KP6K34kwa7TcFdtvnftvHCD9KvHOGGICWwMFc4dOOKF5t4iYqnfLK8otCRCRv06FXOzGGyqE8h8ElMvvdw=="],
+
     "json5": ["json5@2.2.3", "", { "bin": { "json5": "lib/cli.js" } }, "sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg=="],
 
     "jsonc-parser": ["jsonc-parser@3.3.1", "", {}, "sha512-HUgH65KyejrUFPvHFPbqOY0rsFip3Bo5wb4ngvdi1EpCYWUQDC5V+Y7mZws+DLkr4M//zQJoanu1SP+87Dv1oQ=="],
@@ -3703,9 +3726,9 @@
 
     "levn": ["levn@0.4.1", "", { "dependencies": { "prelude-ls": "^1.2.1", "type-check": "~0.4.0" } }, "sha512-+bT2uH4E5LGE7h/n3evcS/sQlJXCpIp6ym8OWJ5eV6+67Dsql/LaaT7qJBAt2rzfoa/5QBGBhxDix1dMt2kQKQ=="],
 
-    "libsodium": ["libsodium@0.7.16", "", {}, "sha512-3HrzSPuzm6Yt9aTYCDxYEG8x8/6C0+ag655Y7rhhWZM9PT4NpdnbqlzXhGZlDnkgR6MeSTnOt/VIyHLs9aSf+Q=="],
+    "libsodium": ["libsodium@0.8.4", "", {}, "sha512-lMcYaRi0zcs7tarATsQUYC7rstliIXZuoq0c6zXSgNtSNtdvBgkSegjWhpMJAXzKX3SUSwIp7+zEsob+j3LuRw=="],
 
-    "libsodium-wrappers": ["libsodium-wrappers@0.7.16", "", { "dependencies": { "libsodium": "^0.7.16" } }, "sha512-Gtr/WBx4dKjvRL1pvfwZqu7gO6AfrQ0u9vFL+kXihtHf6NfkROR8pjYWn98MFDI3jN19Ii1ZUfPR9afGiPyfHg=="],
+    "libsodium-wrappers": ["libsodium-wrappers@0.8.4", "", { "dependencies": { "libsodium": "^0.8.0" } }, "sha512-mu8aAWucZjTB5O/BtGXtW4e1agy7uHxNYG7zPthmmD1jU43LCDmSWZLN4JhflbdPXj3yDO4lxM1O9hLDgIOXDw=="],
 
     "libsql": ["libsql@0.5.29", "", { "dependencies": { "@neon-rs/load": "^0.0.4", "detect-libc": "2.0.2" }, "optionalDependencies": { "@libsql/darwin-arm64": "0.5.29", "@libsql/darwin-x64": "0.5.29", "@libsql/linux-arm-gnueabihf": "0.5.29", "@libsql/linux-arm-musleabihf": "0.5.29", "@libsql/linux-arm64-gnu": "0.5.29", "@libsql/linux-arm64-musl": "0.5.29", "@libsql/linux-x64-gnu": "0.5.29", "@libsql/linux-x64-musl": "0.5.29", "@libsql/win32-x64-msvc": "0.5.29" }, "os": [ "linux", "win32", "darwin", ], "cpu": [ "arm", "x64", "arm64", ] }, "sha512-8lMP8iMgiBzzoNbAPQ59qdVcj6UaE/Vnm+fiwX4doX4Narook0a4GPKWBEv+CR8a1OwbfkgL18uBfBjWdF0Fzg=="],
 
@@ -4177,7 +4200,7 @@
 
     "path-parse": ["path-parse@1.0.7", "", {}, "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw=="],
 
-    "path-scurry": ["path-scurry@1.11.1", "", { "dependencies": { "lru-cache": "^10.2.0", "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0" } }, "sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA=="],
+    "path-scurry": ["path-scurry@2.0.2", "", { "dependencies": { "lru-cache": "^11.0.0", "minipass": "^7.1.2" } }, "sha512-3O/iVVsJAPsOnpwWIeD+d6z/7PmqApyQePUtCndjatj/9I5LylHvt5qluFaBT3I5h3r1ejfR056c+FCv+NnNXg=="],
 
     "path-to-regexp": ["path-to-regexp@6.3.0", "", {}, "sha512-Yhpw4T9C6hPpgPeA28us07OJeqZ5EzQTkbfwuhsUg0c237RomFoETJgmp2sa3F/41gfLE6G5cqcYwznmeEeOlQ=="],
 
@@ -5053,14 +5076,16 @@
 
     "zwitch": ["zwitch@2.0.4", "", {}, "sha512-bXE4cR/kVZhKZX/RjPEflHaKVhUVl85noU3v6b8apfQEc1x4A+zBxjZ4lN8LqGd6WZ3dl98pY4o717VFmoPp+A=="],
 
-    "@ai-sdk/anthropic/@ai-sdk/provider": ["@ai-sdk/provider@3.0.8", "", { "dependencies": { "json-schema": "^0.4.0" } }, "sha512-oGMAgGoQdBXbZqNG0Ze56CHjDZ1IDYOwGYxYjO5KLSlz5HiNQ9udIXsPZ61VWaHGZ5XW/jyjmr6t2xz2jGVwbQ=="],
-
     "@ai-sdk/anthropic/@ai-sdk/provider-utils": ["@ai-sdk/provider-utils@4.0.23", "", { "dependencies": { "@ai-sdk/provider": "3.0.8", "@standard-schema/spec": "^1.1.0", "eventsource-parser": "^3.0.6" }, "peerDependencies": { "zod": "^3.25.76 || ^4.1.8" } }, "sha512-z8GlDaCmRSDlqkMF2f4/RFgWxdarvIbyuk+m6WXT1LYgsnGiXRJGTD2Z1+SDl3LqtFuRtGX1aghYvQLoHL/9pg=="],
 
-    "@ai-sdk/openai/@ai-sdk/provider": ["@ai-sdk/provider@3.0.8", "", { "dependencies": { "json-schema": "^0.4.0" } }, "sha512-oGMAgGoQdBXbZqNG0Ze56CHjDZ1IDYOwGYxYjO5KLSlz5HiNQ9udIXsPZ61VWaHGZ5XW/jyjmr6t2xz2jGVwbQ=="],
+    "@ai-sdk/gateway/@ai-sdk/provider": ["@ai-sdk/provider@2.0.1", "", { "dependencies": { "json-schema": "^0.4.0" } }, "sha512-KCUwswvsC5VsW2PWFqF8eJgSCu5Ysj7m1TxiHTVA6g7k360bk0RNQENT8KTMAYEs+8fWPD3Uu4dEmzGHc+jGng=="],
+
+    "@ai-sdk/google/@ai-sdk/provider": ["@ai-sdk/provider@2.0.1", "", { "dependencies": { "json-schema": "^0.4.0" } }, "sha512-KCUwswvsC5VsW2PWFqF8eJgSCu5Ysj7m1TxiHTVA6g7k360bk0RNQENT8KTMAYEs+8fWPD3Uu4dEmzGHc+jGng=="],
 
     "@ai-sdk/openai/@ai-sdk/provider-utils": ["@ai-sdk/provider-utils@4.0.23", "", { "dependencies": { "@ai-sdk/provider": "3.0.8", "@standard-schema/spec": "^1.1.0", "eventsource-parser": "^3.0.6" }, "peerDependencies": { "zod": "^3.25.76 || ^4.1.8" } }, "sha512-z8GlDaCmRSDlqkMF2f4/RFgWxdarvIbyuk+m6WXT1LYgsnGiXRJGTD2Z1+SDl3LqtFuRtGX1aghYvQLoHL/9pg=="],
 
+    "@ai-sdk/provider-utils/@ai-sdk/provider": ["@ai-sdk/provider@2.0.1", "", { "dependencies": { "json-schema": "^0.4.0" } }, "sha512-KCUwswvsC5VsW2PWFqF8eJgSCu5Ysj7m1TxiHTVA6g7k360bk0RNQENT8KTMAYEs+8fWPD3Uu4dEmzGHc+jGng=="],
+
     "@ai-sdk/react/@ai-sdk/provider-utils": ["@ai-sdk/provider-utils@4.0.23", "", { "dependencies": { "@ai-sdk/provider": "3.0.8", "@standard-schema/spec": "^1.1.0", "eventsource-parser": "^3.0.6" }, "peerDependencies": { "zod": "^3.25.76 || ^4.1.8" } }, "sha512-z8GlDaCmRSDlqkMF2f4/RFgWxdarvIbyuk+m6WXT1LYgsnGiXRJGTD2Z1+SDl3LqtFuRtGX1aghYvQLoHL/9pg=="],
 
     "@ai-sdk/react/ai": ["ai@6.0.168", "", { "dependencies": { "@ai-sdk/gateway": "3.0.104", "@ai-sdk/provider": "3.0.8", "@ai-sdk/provider-utils": "4.0.23", "@opentelemetry/api": "1.9.0" }, "peerDependencies": { "zod": "^3.25.76 || ^4.1.8" } }, "sha512-2HqCJuO+1V2aV7vfYs5LFEUfxbkGX+5oa54q/gCCTL7KLTdbxcCu5D7TdLA5kwsrs3Szgjah9q6D9tpjHM3hUQ=="],
@@ -5107,6 +5132,12 @@
 
     "@cspotcode/source-map-support/@jridgewell/trace-mapping": ["@jridgewell/trace-mapping@0.3.9", "", { "dependencies": { "@jridgewell/resolve-uri": "^3.0.3", "@jridgewell/sourcemap-codec": "^1.4.10" } }, "sha512-3Belt6tdc8bPgAtbcmdtNJlirVoTmEb5e2gC94PnkwEW9jI6CAHUeoG85tjWP5WquqfavoMtMwiG4P926ZKKuQ=="],
 
+    "@distilled.cloud/cloudflare/@distilled.cloud/core": ["@distilled.cloud/core@0.10.2", "", { "dependencies": { "effect": "4.0.0-beta.48" } }, "sha512-j7phS+p6yx4pyacMe1askeJ8v/mu8etwUvAH/9RlUYJYP9vuY+U38XwEO6KLFXWFGT6Y9xXdH8El3BjiYwQlRQ=="],
+
+    "@distilled.cloud/fly-io/@distilled.cloud/core": ["@distilled.cloud/core@0.11.0", "", { "dependencies": { "effect": "4.0.0-beta.48" } }, "sha512-nts4YpsKjUrwofiLu7xTcyfdQGVbIXr5Z+6uAg7b/lFiyl11XW8Ccto7aUVtcuv5gmpavj+qE0Kzt+EjssRbGg=="],
+
+    "@distilled.cloud/neon/@distilled.cloud/core": ["@distilled.cloud/core@0.10.2", "", { "dependencies": { "effect": "4.0.0-beta.48" } }, "sha512-j7phS+p6yx4pyacMe1askeJ8v/mu8etwUvAH/9RlUYJYP9vuY+U38XwEO6KLFXWFGT6Y9xXdH8El3BjiYwQlRQ=="],
+
     "@docker/node-sdk/undici": ["undici@6.25.0", "", {}, "sha512-ZgpWDC5gmNiuY9CnLVXEH8rl50xhRCuLNA97fAUnKi8RRuV4E6KG31pDTsLVUKnohJE0I3XDrTeEydAXRw47xg=="],
 
     "@dotenvx/dotenvx/commander": ["commander@11.1.0", "", {}, "sha512-yPVavfyCcRhmorC7rWlkHn15b4wDVgVmBA7kV4QVBsF7kv/9TKJAbAXVTxvTnwP8HHKjRCJDClKbciiYS7p0DQ=="],
@@ -5225,18 +5256,10 @@
 
     "@npmcli/git/which": ["which@6.0.1", "", { "dependencies": { "isexe": "^4.0.0" }, "bin": { "node-which": "bin/which.js" } }, "sha512-oGLe46MIrCRqX7ytPUf66EAYvdeMIZYn3WaocqqKZAxrBpkqHfL/qvTyJ/bTk5+AqHCjXmrv3CEWgy368zhRUg=="],
 
-    "@npmcli/map-workspaces/glob": ["glob@13.0.6", "", { "dependencies": { "minimatch": "^10.2.2", "minipass": "^7.1.3", "path-scurry": "^2.0.2" } }, "sha512-Wjlyrolmm8uDpm/ogGyXZXb1Z+Ca2B8NbJwqBVg0axK9GbBeoS7yGV6vjXnYdGm6X53iehEuxxbyiKp8QmN4Vw=="],
-
     "@npmcli/map-workspaces/minimatch": ["minimatch@10.2.5", "", { "dependencies": { "brace-expansion": "^5.0.5" } }, "sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg=="],
 
-    "@npmcli/package-json/glob": ["glob@13.0.6", "", { "dependencies": { "minimatch": "^10.2.2", "minipass": "^7.1.3", "path-scurry": "^2.0.2" } }, "sha512-Wjlyrolmm8uDpm/ogGyXZXb1Z+Ca2B8NbJwqBVg0axK9GbBeoS7yGV6vjXnYdGm6X53iehEuxxbyiKp8QmN4Vw=="],
-
     "@npmcli/promise-spawn/which": ["which@6.0.1", "", { "dependencies": { "isexe": "^4.0.0" }, "bin": { "node-which": "bin/which.js" } }, "sha512-oGLe46MIrCRqX7ytPUf66EAYvdeMIZYn3WaocqqKZAxrBpkqHfL/qvTyJ/bTk5+AqHCjXmrv3CEWgy368zhRUg=="],
 
-    "@octokit/plugin-paginate-rest/@octokit/types": ["@octokit/types@13.10.0", "", { "dependencies": { "@octokit/openapi-types": "^24.2.0" } }, "sha512-ifLaO34EbbPj0Xgro4G5lP5asESjwHracYJvVaPIyXMuiuXLlhic3S47cBdTb+jfODkTE5YtGCLt3Ay3+J97sA=="],
-
-    "@octokit/plugin-rest-endpoint-methods/@octokit/types": ["@octokit/types@13.10.0", "", { "dependencies": { "@octokit/openapi-types": "^24.2.0" } }, "sha512-ifLaO34EbbPj0Xgro4G5lP5asESjwHracYJvVaPIyXMuiuXLlhic3S47cBdTb+jfODkTE5YtGCLt3Ay3+J97sA=="],
-
     "@opennextjs/aws/@aws-sdk/client-s3": ["@aws-sdk/client-s3@3.984.0", "", { "dependencies": { "@aws-crypto/sha1-browser": "5.2.0", "@aws-crypto/sha256-browser": "5.2.0", "@aws-crypto/sha256-js": "5.2.0", "@aws-sdk/core": "^3.973.6", "@aws-sdk/credential-provider-node": "^3.972.5", "@aws-sdk/middleware-bucket-endpoint": "^3.972.3", "@aws-sdk/middleware-expect-continue": "^3.972.3", "@aws-sdk/middleware-flexible-checksums": "^3.972.4", "@aws-sdk/middleware-host-header": "^3.972.3", "@aws-sdk/middleware-location-constraint": "^3.972.3", "@aws-sdk/middleware-logger": "^3.972.3", "@aws-sdk/middleware-recursion-detection": "^3.972.3", "@aws-sdk/middleware-sdk-s3": "^3.972.6", "@aws-sdk/middleware-ssec": "^3.972.3", "@aws-sdk/middleware-user-agent": "^3.972.6", "@aws-sdk/region-config-resolver": "^3.972.3", "@aws-sdk/signature-v4-multi-region": "3.984.0", "@aws-sdk/types": "^3.973.1", "@aws-sdk/util-endpoints": "3.984.0", "@aws-sdk/util-user-agent-browser": "^3.972.3", "@aws-sdk/util-user-agent-node": "^3.972.4", "@smithy/config-resolver": "^4.4.6", "@smithy/core": "^3.22.0", "@smithy/eventstream-serde-browser": "^4.2.8", "@smithy/eventstream-serde-config-resolver": "^4.3.8", "@smithy/eventstream-serde-node": "^4.2.8", "@smithy/fetch-http-handler": "^5.3.9", "@smithy/hash-blob-browser": "^4.2.9", "@smithy/hash-node": "^4.2.8", "@smithy/hash-stream-node": "^4.2.8", "@smithy/invalid-dependency": "^4.2.8", "@smithy/md5-js": "^4.2.8", "@smithy/middleware-content-length": "^4.2.8", "@smithy/middleware-endpoint": "^4.4.12", "@smithy/middleware-retry": "^4.4.29", "@smithy/middleware-serde": "^4.2.9", "@smithy/middleware-stack": "^4.2.8", "@smithy/node-config-provider": "^4.3.8", "@smithy/node-http-handler": "^4.4.8", "@smithy/protocol-http": "^5.3.8", "@smithy/smithy-client": "^4.11.1", "@smithy/types": "^4.12.0", "@smithy/url-parser": "^4.2.8", "@smithy/util-base64": "^4.3.0", "@smithy/util-body-length-browser": "^4.2.0", "@smithy/util-body-length-node": "^4.2.1", "@smithy/util-defaults-mode-browser": "^4.3.28", "@smithy/util-defaults-mode-node": "^4.2.31", "@smithy/util-endpoints": "^3.2.8", "@smithy/util-middleware": "^4.2.8", "@smithy/util-retry": "^4.2.8", "@smithy/util-stream": "^4.5.10", "@smithy/util-utf8": "^4.2.0", "@smithy/util-waiter": "^4.2.8", "tslib": "^2.6.2" } }, "sha512-7ny2Slr93Y+QniuluvcfWwyDi32zWQfznynL56Tk0vVh7bWrvS/odm8WP2nInKicRVNipcJHY2YInur6Q/9V0A=="],
 
     "@opennextjs/aws/chalk": ["chalk@5.6.2", "", {}, "sha512-7NzBL0rN6fMUW+f7A6Io4h40qQlG+xGmtMxfbnH/K7TAtt8JQWVQK+6g0UXKMeVJoyV5EkkNsErQ8pVD3bLHbA=="],
@@ -5379,17 +5402,27 @@
 
     "accepts/mime-types": ["mime-types@3.0.2", "", { "dependencies": { "mime-db": "^1.54.0" } }, "sha512-Lbgzdk0h4juoQ9fCKXW4by0UJqj+nOOrI9MJ1sSj4nI8aI2eo1qmvQEie4VD1glsS250n15LsWsYtCugiStS5A=="],
 
+    "ai/@ai-sdk/provider": ["@ai-sdk/provider@2.0.1", "", { "dependencies": { "json-schema": "^0.4.0" } }, "sha512-KCUwswvsC5VsW2PWFqF8eJgSCu5Ysj7m1TxiHTVA6g7k360bk0RNQENT8KTMAYEs+8fWPD3Uu4dEmzGHc+jGng=="],
+
     "ai/@opentelemetry/api": ["@opentelemetry/api@1.9.0", "", {}, "sha512-3giAOQvZiH5F9bMlMiv8+GSPMeqg0dbaeo58/0SlA9sxSqZhnUtxzX9/2FzyhS9sWQf5S0GJE0AKBrFqjpeYcg=="],
 
     "ajv-formats/ajv": ["ajv@8.18.0", "", { "dependencies": { "fast-deep-equal": "^3.1.3", "fast-uri": "^3.0.1", "json-schema-traverse": "^1.0.0", "require-from-string": "^2.0.2" } }, "sha512-PlXPeEWMXMZ7sPYOHqmDyCJzcfNrUr3fGNKtezX14ykXOEIvyK81d+qydx89KY5O71FKMPaQ2vBfBFI5NHR63A=="],
 
-    "alchemy/@cloudflare/unenv-preset": ["@cloudflare/unenv-preset@2.7.7", "", { "peerDependencies": { "unenv": "2.0.0-rc.21", "workerd": "^1.20250927.0" }, "optionalPeers": ["workerd"] }, "sha512-HtZuh166y0Olbj9bqqySckz0Rw9uHjggJeoGbDx5x+sgezBXlxO6tQSig2RZw5tgObF8mWI8zaPvQMkQZtAODw=="],
+    "alchemy/@distilled.cloud/cloudflare": ["@distilled.cloud/cloudflare@0.13.0", "", { "dependencies": { "@distilled.cloud/core": "0.13.0", "effect": "4.0.0-beta.58" } }, "sha512-iHgRiFZfy+zmfM1phyrqMLGBVcfpBfhZU09SRaYOlbnhI94VsoTXodk9JZK/rPrJjiXOGhmF2G084kbLPNzkNw=="],
+
+    "alchemy/@distilled.cloud/cloudflare-rolldown-plugin": ["@distilled.cloud/cloudflare-rolldown-plugin@0.3.0", "", { "dependencies": { "@cloudflare/unenv-preset": "^2.16.0", "unenv": "^2.0.0-rc.24" }, "peerDependencies": { "rolldown": "^1.0.0-rc.9" } }, "sha512-6DIPmARCtlWR/ZsPYkaQzWV1AcUBYs9fs/NRnRMxVjKKJo0YtmCYICJ2dggWxZ6nmhukYEWK3GpMPZfq6WlGdw=="],
+
+    "alchemy/@distilled.cloud/cloudflare-vite-plugin": ["@distilled.cloud/cloudflare-vite-plugin@0.2.0", "", { "dependencies": { "@distilled.cloud/cloudflare-rolldown-plugin": "0.2.0" }, "peerDependencies": { "vite": "^7.0.0 || ^8.0.0" } }, "sha512-yLk+q5EUQthiVU5nIEyF8mL1CujaO8bZp5Z7DQsxKkqwtwKLXapXjDsnknAGwv5xJuEyZG9rbSKNY2cVVRPdZQ=="],
 
-    "alchemy/execa": ["execa@9.6.1", "", { "dependencies": { "@sindresorhus/merge-streams": "^4.0.0", "cross-spawn": "^7.0.6", "figures": "^6.1.0", "get-stream": "^9.0.0", "human-signals": "^8.0.1", "is-plain-obj": "^4.1.0", "is-stream": "^4.0.1", "npm-run-path": "^6.0.0", "pretty-ms": "^9.2.0", "signal-exit": "^4.1.0", "strip-final-newline": "^4.0.0", "yoctocolors": "^2.1.1" } }, "sha512-9Be3ZoN4LmYR90tUoVu2te2BsbzHfhJyfEiAVfz7N5/zv+jduIfLrV2xdQXOHbaD6KgpGdO9PRPM1Y4Q9QkPkA=="],
+    "alchemy/ai": ["ai@6.0.168", "", { "dependencies": { "@ai-sdk/gateway": "3.0.104", "@ai-sdk/provider": "3.0.8", "@ai-sdk/provider-utils": "4.0.23", "@opentelemetry/api": "1.9.0" }, "peerDependencies": { "zod": "^3.25.76 || ^4.1.8" } }, "sha512-2HqCJuO+1V2aV7vfYs5LFEUfxbkGX+5oa54q/gCCTL7KLTdbxcCu5D7TdLA5kwsrs3Szgjah9q6D9tpjHM3hUQ=="],
 
-    "alchemy/unenv": ["unenv@2.0.0-rc.21", "", { "dependencies": { "defu": "^6.1.4", "exsolve": "^1.0.7", "ohash": "^2.0.11", "pathe": "^2.0.3", "ufo": "^1.6.1" } }, "sha512-Wj7/AMtE9MRnAXa6Su3Lk0LNCfqDYgfwVjwRFVum9U7wsto1imuHqk4kTm7Jni+5A0Hn7dttL6O/zjvUvoo+8A=="],
+    "alchemy/workerd": ["workerd@1.20260417.1", "", { "optionalDependencies": { "@cloudflare/workerd-darwin-64": "1.20260417.1", "@cloudflare/workerd-darwin-arm64": "1.20260417.1", "@cloudflare/workerd-linux-64": "1.20260417.1", "@cloudflare/workerd-linux-arm64": "1.20260417.1", "@cloudflare/workerd-windows-64": "1.20260417.1" }, "bin": { "workerd": "bin/workerd" } }, "sha512-X7YnHxHVGsp1wMN14FSHzNwe5VHJQdnrkwSu5pCcA+TFxLfiA3KOXyymdopMROH1AZVQ3ggX70ha/qE+7Uq5sw=="],
 
-    "alchemy-effect/@ai-sdk/provider": ["@ai-sdk/provider@3.0.8", "", { "dependencies": { "json-schema": "^0.4.0" } }, "sha512-oGMAgGoQdBXbZqNG0Ze56CHjDZ1IDYOwGYxYjO5KLSlz5HiNQ9udIXsPZ61VWaHGZ5XW/jyjmr6t2xz2jGVwbQ=="],
+    "alchemy-effect/@distilled.cloud/aws": ["@distilled.cloud/aws@0.10.2", "", { "dependencies": { "@aws-crypto/crc32": "^5.2.0", "@aws-crypto/util": "^5.2.0", "@aws-sdk/credential-providers": "^3.994.0", "@aws-sdk/types": "^3.973.1", "@distilled.cloud/core": "0.10.2", "@smithy/shared-ini-file-loader": "^4.4.3", "@smithy/types": "^4.12.0", "@smithy/util-base64": "^4.3.0", "aws4fetch": "^1.0.20", "effect": "4.0.0-beta.48", "fast-xml-parser": "^5.3.2" } }, "sha512-4HxtkXMnR80yEikp4EVGlYIjz4iq0JBn1E7O5UFV3iEY73k47aqHDBrHi0uEGCXl7bYjbCdznRl5P+oZStFOXQ=="],
+
+    "alchemy-effect/@distilled.cloud/core": ["@distilled.cloud/core@0.10.2", "", { "dependencies": { "effect": "4.0.0-beta.48" } }, "sha512-j7phS+p6yx4pyacMe1askeJ8v/mu8etwUvAH/9RlUYJYP9vuY+U38XwEO6KLFXWFGT6Y9xXdH8El3BjiYwQlRQ=="],
+
+    "alchemy-effect/@effect/vitest": ["@effect/vitest@4.0.0-beta.48", "", { "peerDependencies": { "effect": "^4.0.0-beta.48", "vitest": "^3.0.0 || ^4.0.0" } }, "sha512-ONG24EIfUXTrJzIDJctIr6y6JOeml97eoZ53WRUNdwp/tHIAU+U3ME5uUdmtLBKSFeyivYjXGPvEP2DW8f/bCQ=="],
 
     "alchemy-effect/ai": ["ai@6.0.168", "", { "dependencies": { "@ai-sdk/gateway": "3.0.104", "@ai-sdk/provider": "3.0.8", "@ai-sdk/provider-utils": "4.0.23", "@opentelemetry/api": "1.9.0" }, "peerDependencies": { "zod": "^3.25.76 || ^4.1.8" } }, "sha512-2HqCJuO+1V2aV7vfYs5LFEUfxbkGX+5oa54q/gCCTL7KLTdbxcCu5D7TdLA5kwsrs3Szgjah9q6D9tpjHM3hUQ=="],
 
@@ -5413,8 +5446,6 @@
 
     "bun-types/@types/node": ["@types/node@24.12.2", "", { "dependencies": { "undici-types": "~7.16.0" } }, "sha512-A1sre26ke7HDIuY/M23nd9gfB+nrmhtYyMINbjI1zHJxYteKR6qSMX56FsmjMcDb3SMcjJg5BiRRgOCC/yBD0g=="],
 
-    "cacache/glob": ["glob@13.0.6", "", { "dependencies": { "minimatch": "^10.2.2", "minipass": "^7.1.3", "path-scurry": "^2.0.2" } }, "sha512-Wjlyrolmm8uDpm/ogGyXZXb1Z+Ca2B8NbJwqBVg0axK9GbBeoS7yGV6vjXnYdGm6X53iehEuxxbyiKp8QmN4Vw=="],
-
     "chalk/ansi-styles": ["ansi-styles@4.3.0", "", { "dependencies": { "color-convert": "^2.0.1" } }, "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg=="],
 
     "cheerio/undici": ["undici@7.24.8", "", {}, "sha512-6KQ/+QxK49Z/p3HO6E5ZCZWNnCasyZLa5ExaVYyvPxUwKtbCPMKELJOqh7EqOle0t9cH/7d2TaaTRRa6Nhs4YQ=="],
@@ -5515,7 +5546,7 @@
 
     "fumadocs-ui/tailwind-merge": ["tailwind-merge@3.5.0", "", {}, "sha512-I8K9wewnVDkL1NTGoqWmVEIlUcB9gFriAEkXkfCjX5ib8ezGxtR3xD7iZIxrfArjEsH7F1CHD4RFUtxefdqV/A=="],
 
-    "glob/minimatch": ["minimatch@9.0.9", "", { "dependencies": { "brace-expansion": "^2.0.2" } }, "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg=="],
+    "glob/minimatch": ["minimatch@10.2.5", "", { "dependencies": { "brace-expansion": "^5.0.5" } }, "sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg=="],
 
     "h3/rou3": ["rou3@0.8.1", "", {}, "sha512-ePa+XGk00/3HuCqrEnK3LxJW7I0SdNg6EFzKUJG73hMAdDcOUC/i/aSz7LSDwLrGr33kal/rqOGydzwl6U7zBA=="],
 
@@ -5691,8 +5722,6 @@
 
     "parse5/entities": ["entities@6.0.1", "", {}, "sha512-aN97NXWF6AWBTahfVOIrB/NShkzi5H7F9r1s9mD3cDj4Ko5f2qhhVoYMibXF7GlLveb/D2ioWay8lxI97Ven3g=="],
 
-    "path-scurry/lru-cache": ["lru-cache@10.4.3", "", {}, "sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ=="],
-
     "pixelmatch/pngjs": ["pngjs@6.0.0", "", {}, "sha512-TRzzuFRRmEoSW/p1KVAmiOgPco2Irlah+bGFCeNfJXxxYGwSw7YwAOAcd7X28K/m5bjBWKsC29KyoMfHbypayg=="],
 
     "pkg-dir/find-up": ["find-up@4.1.0", "", { "dependencies": { "locate-path": "^5.0.0", "path-exists": "^4.0.0" } }, "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw=="],
@@ -5815,8 +5844,6 @@
 
     "type-is/mime-types": ["mime-types@3.0.2", "", { "dependencies": { "mime-db": "^1.54.0" } }, "sha512-Lbgzdk0h4juoQ9fCKXW4by0UJqj+nOOrI9MJ1sSj4nI8aI2eo1qmvQEie4VD1glsS250n15LsWsYtCugiStS5A=="],
 
-    "ultracite/glob": ["glob@13.0.6", "", { "dependencies": { "minimatch": "^10.2.2", "minipass": "^7.1.3", "path-scurry": "^2.0.2" } }, "sha512-Wjlyrolmm8uDpm/ogGyXZXb1Z+Ca2B8NbJwqBVg0axK9GbBeoS7yGV6vjXnYdGm6X53iehEuxxbyiKp8QmN4Vw=="],
-
     "uri-js/punycode": ["punycode@2.3.1", "", {}, "sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg=="],
 
     "validate-npm-package-license/spdx-expression-parse": ["spdx-expression-parse@3.0.1", "", { "dependencies": { "spdx-exceptions": "^2.1.0", "spdx-license-ids": "^3.0.0" } }, "sha512-cbqHunsQWnJNE6KhVSMsMeH5H/L9EpymbzqTQ3uLwNCLZ1Q481oWaofqH7nO6V07xlXwY6PhQdQ2IedWx/ZK4Q=="],
@@ -5863,12 +5890,8 @@
 
     "znv/zod": ["zod@4.1.13", "", {}, "sha512-AvvthqfqrAhNH9dnfmrfKzX5upOdjUVJYFqNSlkmGf64gRaTzlPwz99IHYnVs28qYAybvAlBV+H7pn0saFY4Ig=="],
 
-    "@ai-sdk/react/@ai-sdk/provider-utils/@ai-sdk/provider": ["@ai-sdk/provider@3.0.8", "", { "dependencies": { "json-schema": "^0.4.0" } }, "sha512-oGMAgGoQdBXbZqNG0Ze56CHjDZ1IDYOwGYxYjO5KLSlz5HiNQ9udIXsPZ61VWaHGZ5XW/jyjmr6t2xz2jGVwbQ=="],
-
     "@ai-sdk/react/ai/@ai-sdk/gateway": ["@ai-sdk/gateway@3.0.104", "", { "dependencies": { "@ai-sdk/provider": "3.0.8", "@ai-sdk/provider-utils": "4.0.23", "@vercel/oidc": "3.2.0" }, "peerDependencies": { "zod": "^3.25.76 || ^4.1.8" } }, "sha512-ZKX5n74io8VIRlhIMSLWVlvT3sXC8Z7cZ9GHuWBWZDVi96+62AIsWuLGvMfcBA1STYuSoDrp6rIziZmvrTq0TA=="],
 
-    "@ai-sdk/react/ai/@ai-sdk/provider": ["@ai-sdk/provider@3.0.8", "", { "dependencies": { "json-schema": "^0.4.0" } }, "sha512-oGMAgGoQdBXbZqNG0Ze56CHjDZ1IDYOwGYxYjO5KLSlz5HiNQ9udIXsPZ61VWaHGZ5XW/jyjmr6t2xz2jGVwbQ=="],
-
     "@ai-sdk/react/ai/@opentelemetry/api": ["@opentelemetry/api@1.9.0", "", {}, "sha512-3giAOQvZiH5F9bMlMiv8+GSPMeqg0dbaeo58/0SlA9sxSqZhnUtxzX9/2FzyhS9sWQf5S0GJE0AKBrFqjpeYcg=="],
 
     "@aws-crypto/sha1-browser/@smithy/util-utf8/@smithy/util-buffer-from": ["@smithy/util-buffer-from@2.2.0", "", { "dependencies": { "@smithy/is-array-buffer": "^2.2.0", "tslib": "^2.6.2" } }, "sha512-IJdWBbTcMQ6DA0gdNhh/BwrLkDR+ADW5Kr1aZmd4k3DIF6ezMV4R2NIAmT08wQJ3yUK82thHWmC/TnK/wpMMIA=="],
@@ -5929,10 +5952,16 @@
 
     "@gen/infra/alchemy/@cloudflare/unenv-preset": ["@cloudflare/unenv-preset@2.7.7", "", { "peerDependencies": { "unenv": "2.0.0-rc.21", "workerd": "^1.20250927.0" }, "optionalPeers": ["workerd"] }, "sha512-HtZuh166y0Olbj9bqqySckz0Rw9uHjggJeoGbDx5x+sgezBXlxO6tQSig2RZw5tgObF8mWI8zaPvQMkQZtAODw=="],
 
+    "@gen/infra/alchemy/@octokit/rest": ["@octokit/rest@21.1.1", "", { "dependencies": { "@octokit/core": "^6.1.4", "@octokit/plugin-paginate-rest": "^11.4.2", "@octokit/plugin-request-log": "^5.3.1", "@octokit/plugin-rest-endpoint-methods": "^13.3.0" } }, "sha512-sTQV7va0IUVZcntzy1q3QqPm/r8rWtDCqpRAmb8eXXnKkjoQEtFe3Nt5GTVsHft+R6jJoHeSiVLcgcvhtue/rg=="],
+
     "@gen/infra/alchemy/drizzle-orm": ["drizzle-orm@0.44.7", "", { "peerDependencies": { "@aws-sdk/client-rds-data": ">=3", "@cloudflare/workers-types": ">=4", "@electric-sql/pglite": ">=0.2.0", "@libsql/client": ">=0.10.0", "@libsql/client-wasm": ">=0.10.0", "@neondatabase/serverless": ">=0.10.0", "@op-engineering/op-sqlite": ">=2", "@opentelemetry/api": "^1.4.1", "@planetscale/database": ">=1.13", "@prisma/client": "*", "@tidbcloud/serverless": "*", "@types/better-sqlite3": "*", "@types/pg": "*", "@types/sql.js": "*", "@upstash/redis": ">=1.34.7", "@vercel/postgres": ">=0.8.0", "@xata.io/client": "*", "better-sqlite3": ">=7", "bun-types": "*", "expo-sqlite": ">=14.0.0", "gel": ">=2", "knex": "*", "kysely": "*", "mysql2": ">=2", "pg": ">=8", "postgres": ">=3", "sql.js": ">=1", "sqlite3": ">=5" }, "optionalPeers": ["@aws-sdk/client-rds-data", "@cloudflare/workers-types", "@electric-sql/pglite", "@libsql/client", "@libsql/client-wasm", "@neondatabase/serverless", "@op-engineering/op-sqlite", "@opentelemetry/api", "@planetscale/database", "@prisma/client", "@tidbcloud/serverless", "@types/better-sqlite3", "@types/pg", "@types/sql.js", "@upstash/redis", "@vercel/postgres", "@xata.io/client", "better-sqlite3", "bun-types", "expo-sqlite", "gel", "knex", "kysely", "mysql2", "pg", "postgres", "sql.js", "sqlite3"] }, "sha512-quIpnYznjU9lHshEOAYLoZ9s3jweleHlZIAWR/jX9gAWNg/JhQ1wj0KGRf7/Zm+obRrYd9GjPVJg790QY9N5AQ=="],
 
     "@gen/infra/alchemy/execa": ["execa@9.6.1", "", { "dependencies": { "@sindresorhus/merge-streams": "^4.0.0", "cross-spawn": "^7.0.6", "figures": "^6.1.0", "get-stream": "^9.0.0", "human-signals": "^8.0.1", "is-plain-obj": "^4.1.0", "is-stream": "^4.0.1", "npm-run-path": "^6.0.0", "pretty-ms": "^9.2.0", "signal-exit": "^4.1.0", "strip-final-newline": "^4.0.0", "yoctocolors": "^2.1.1" } }, "sha512-9Be3ZoN4LmYR90tUoVu2te2BsbzHfhJyfEiAVfz7N5/zv+jduIfLrV2xdQXOHbaD6KgpGdO9PRPM1Y4Q9QkPkA=="],
 
+    "@gen/infra/alchemy/glob": ["glob@10.5.0", "", { "dependencies": { "foreground-child": "^3.1.0", "jackspeak": "^3.1.2", "minimatch": "^9.0.4", "minipass": "^7.1.2", "package-json-from-dist": "^1.0.0", "path-scurry": "^1.11.1" }, "bin": { "glob": "dist/esm/bin.mjs" } }, "sha512-DfXN8DfhJ7NH3Oe7cFmu3NCu1wKbkReJ8TorzSAFbSKrlNaQSKfIzqYqVY8zlbs2NLBbWpRiU52GX2PbaBVNkg=="],
+
+    "@gen/infra/alchemy/libsodium-wrappers": ["libsodium-wrappers@0.7.16", "", { "dependencies": { "libsodium": "^0.7.16" } }, "sha512-Gtr/WBx4dKjvRL1pvfwZqu7gO6AfrQ0u9vFL+kXihtHf6NfkROR8pjYWn98MFDI3jN19Ii1ZUfPR9afGiPyfHg=="],
+
     "@gen/infra/alchemy/unenv": ["unenv@2.0.0-rc.21", "", { "dependencies": { "defu": "^6.1.4", "exsolve": "^1.0.7", "ohash": "^2.0.11", "pathe": "^2.0.3", "ufo": "^1.6.1" } }, "sha512-Wj7/AMtE9MRnAXa6Su3Lk0LNCfqDYgfwVjwRFVum9U7wsto1imuHqk4kTm7Jni+5A0Hn7dttL6O/zjvUvoo+8A=="],
 
     "@grpc/proto-loader/yargs/cliui": ["cliui@8.0.1", "", { "dependencies": { "string-width": "^4.2.0", "strip-ansi": "^6.0.1", "wrap-ansi": "^7.0.0" } }, "sha512-BSeNnyus75C4//NQ9gQt1/csTXyo/8Sb+afLAkzAptFuMsod9HFokGNudZpi/oQV73hnVK+sR+5PVRMd+Dr7YQ=="],
@@ -5971,24 +6000,16 @@
 
     "@node-minify/core/glob/minipass": ["minipass@4.2.8", "", {}, "sha512-fNzuVyifolSLFL4NzpF+wEF4qrgqaaKX0haXPQEdQ7NKAN+WecoKMHV09YcuL/DHxrUsYQOK3MiuDf7Ip2OXfQ=="],
 
+    "@node-minify/core/glob/path-scurry": ["path-scurry@1.11.1", "", { "dependencies": { "lru-cache": "^10.2.0", "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0" } }, "sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA=="],
+
     "@npmcli/arborist/minimatch/brace-expansion": ["brace-expansion@5.0.5", "", { "dependencies": { "balanced-match": "^4.0.2" } }, "sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ=="],
 
     "@npmcli/git/which/isexe": ["isexe@4.0.0", "", {}, "sha512-FFUtZMpoZ8RqHS3XeXEmHWLA4thH+ZxCv2lOiPIn1Xc7CxrqhWzNSDzD+/chS/zbYezmiwWLdQC09JdQKmthOw=="],
 
-    "@npmcli/map-workspaces/glob/path-scurry": ["path-scurry@2.0.2", "", { "dependencies": { "lru-cache": "^11.0.0", "minipass": "^7.1.2" } }, "sha512-3O/iVVsJAPsOnpwWIeD+d6z/7PmqApyQePUtCndjatj/9I5LylHvt5qluFaBT3I5h3r1ejfR056c+FCv+NnNXg=="],
-
     "@npmcli/map-workspaces/minimatch/brace-expansion": ["brace-expansion@5.0.5", "", { "dependencies": { "balanced-match": "^4.0.2" } }, "sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ=="],
 
-    "@npmcli/package-json/glob/minimatch": ["minimatch@10.2.5", "", { "dependencies": { "brace-expansion": "^5.0.5" } }, "sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg=="],
-
-    "@npmcli/package-json/glob/path-scurry": ["path-scurry@2.0.2", "", { "dependencies": { "lru-cache": "^11.0.0", "minipass": "^7.1.2" } }, "sha512-3O/iVVsJAPsOnpwWIeD+d6z/7PmqApyQePUtCndjatj/9I5LylHvt5qluFaBT3I5h3r1ejfR056c+FCv+NnNXg=="],
-
     "@npmcli/promise-spawn/which/isexe": ["isexe@4.0.0", "", {}, "sha512-FFUtZMpoZ8RqHS3XeXEmHWLA4thH+ZxCv2lOiPIn1Xc7CxrqhWzNSDzD+/chS/zbYezmiwWLdQC09JdQKmthOw=="],
 
-    "@octokit/plugin-paginate-rest/@octokit/types/@octokit/openapi-types": ["@octokit/openapi-types@24.2.0", "", {}, "sha512-9sIH3nSUttelJSXUrmGzl7QUBFul0/mB8HRYl3fOlgHbIWG+WnYDXU3v/2zMtAvuzZ/ed00Ei6on975FhBfzrg=="],
-
-    "@octokit/plugin-rest-endpoint-methods/@octokit/types/@octokit/openapi-types": ["@octokit/openapi-types@24.2.0", "", {}, "sha512-9sIH3nSUttelJSXUrmGzl7QUBFul0/mB8HRYl3fOlgHbIWG+WnYDXU3v/2zMtAvuzZ/ed00Ei6on975FhBfzrg=="],
-
     "@opennextjs/aws/@aws-sdk/client-s3/@aws-sdk/signature-v4-multi-region": ["@aws-sdk/signature-v4-multi-region@3.984.0", "", { "dependencies": { "@aws-sdk/middleware-sdk-s3": "^3.972.6", "@aws-sdk/types": "^3.973.1", "@smithy/protocol-http": "^5.3.8", "@smithy/signature-v4": "^5.3.8", "@smithy/types": "^4.12.0", "tslib": "^2.6.2" } }, "sha512-TaWbfYCwnuOSvDSrgs7QgoaoXse49E7LzUkVOUhoezwB7bkmhp+iojADm7UepCEu4021SquD7NG1xA+WCvmldA=="],
 
     "@opennextjs/aws/@aws-sdk/client-s3/@aws-sdk/util-endpoints": ["@aws-sdk/util-endpoints@3.984.0", "", { "dependencies": { "@aws-sdk/types": "^3.973.1", "@smithy/types": "^4.12.0", "@smithy/url-parser": "^4.2.8", "@smithy/util-endpoints": "^3.2.8", "tslib": "^2.6.2" } }, "sha512-9ebjLA0hMKHeVvXEtTDCCOBtwjb0bOXiuUV06HNeVdgAjH6gj4x4Zwt4IBti83TiyTGOCl5YfZqGx4ehVsasbQ=="],
@@ -6045,12 +6066,12 @@
 
     "@opennextjs/cloudflare/cloudflare/@types/node": ["@types/node@18.19.130", "", { "dependencies": { "undici-types": "~5.26.4" } }, "sha512-GRaXQx6jGfL8sKfaIDD6OupbIHBr9jv7Jnaml9tB7l4v068PAOXqfcujMMo5PhbIs6ggR1XODELqahT2R8v0fg=="],
 
+    "@opennextjs/cloudflare/glob/foreground-child": ["foreground-child@3.3.1", "", { "dependencies": { "cross-spawn": "^7.0.6", "signal-exit": "^4.0.1" } }, "sha512-gIXjKqtFuWEgzFRJA9WCQeSJLZDjgJUOMCMzxtvFq/37KojM1BFGufqsCy0r4qSQmYLsZYMeyRqzIWOMup03sw=="],
+
     "@opennextjs/cloudflare/glob/jackspeak": ["jackspeak@4.2.3", "", { "dependencies": { "@isaacs/cliui": "^9.0.0" } }, "sha512-ykkVRwrYvFm1nb2AJfKKYPr0emF6IiXDYUaFx4Zn9ZuIH7MrzEZ3sD5RlqGXNRpHtvUHJyOnCEFxOlNDtGo7wg=="],
 
     "@opennextjs/cloudflare/glob/minimatch": ["minimatch@10.2.5", "", { "dependencies": { "brace-expansion": "^5.0.5" } }, "sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg=="],
 
-    "@opennextjs/cloudflare/glob/path-scurry": ["path-scurry@2.0.2", "", { "dependencies": { "lru-cache": "^11.0.0", "minipass": "^7.1.2" } }, "sha512-3O/iVVsJAPsOnpwWIeD+d6z/7PmqApyQePUtCndjatj/9I5LylHvt5qluFaBT3I5h3r1ejfR056c+FCv+NnNXg=="],
-
     "@polar-sh/ui/recharts/eventemitter3": ["eventemitter3@5.0.4", "", {}, "sha512-mlsTRyGaPBjPedk6Bvw+aqbsXDtoAyAzm5MO7JgU+yVRyMQ5O8bD4Kcci7BS85f93veegeCPkL8R4GLClnjLFw=="],
 
     "@polar-sh/ui/recharts/victory-vendor": ["victory-vendor@37.3.6", "", { "dependencies": { "@types/d3-array": "^3.0.3", "@types/d3-ease": "^3.0.0", "@types/d3-interpolate": "^3.0.1", "@types/d3-scale": "^4.0.2", "@types/d3-shape": "^3.1.0", "@types/d3-time": "^3.0.0", "@types/d3-timer": "^3.0.0", "d3-array": "^3.1.6", "d3-ease": "^3.0.1", "d3-interpolate": "^3.0.1", "d3-scale": "^4.0.2", "d3-shape": "^3.1.0", "d3-time": "^3.0.0", "d3-timer": "^3.0.1" } }, "sha512-SbPDPdDBYp+5MJHhBCAyI7wKM3d5ivekigc2Dk2s7pgbZ9wIgIBYGVw4zGHBml/qTFbexrofXW6Gu4noGxrOwQ=="],
@@ -6067,18 +6088,30 @@
 
     "@stackpanel/infra/alchemy/@cloudflare/unenv-preset": ["@cloudflare/unenv-preset@2.7.7", "", { "peerDependencies": { "unenv": "2.0.0-rc.21", "workerd": "^1.20250927.0" }, "optionalPeers": ["workerd"] }, "sha512-HtZuh166y0Olbj9bqqySckz0Rw9uHjggJeoGbDx5x+sgezBXlxO6tQSig2RZw5tgObF8mWI8zaPvQMkQZtAODw=="],
 
+    "@stackpanel/infra/alchemy/@octokit/rest": ["@octokit/rest@21.1.1", "", { "dependencies": { "@octokit/core": "^6.1.4", "@octokit/plugin-paginate-rest": "^11.4.2", "@octokit/plugin-request-log": "^5.3.1", "@octokit/plugin-rest-endpoint-methods": "^13.3.0" } }, "sha512-sTQV7va0IUVZcntzy1q3QqPm/r8rWtDCqpRAmb8eXXnKkjoQEtFe3Nt5GTVsHft+R6jJoHeSiVLcgcvhtue/rg=="],
+
     "@stackpanel/infra/alchemy/drizzle-orm": ["drizzle-orm@0.44.7", "", { "peerDependencies": { "@aws-sdk/client-rds-data": ">=3", "@cloudflare/workers-types": ">=4", "@electric-sql/pglite": ">=0.2.0", "@libsql/client": ">=0.10.0", "@libsql/client-wasm": ">=0.10.0", "@neondatabase/serverless": ">=0.10.0", "@op-engineering/op-sqlite": ">=2", "@opentelemetry/api": "^1.4.1", "@planetscale/database": ">=1.13", "@prisma/client": "*", "@tidbcloud/serverless": "*", "@types/better-sqlite3": "*", "@types/pg": "*", "@types/sql.js": "*", "@upstash/redis": ">=1.34.7", "@vercel/postgres": ">=0.8.0", "@xata.io/client": "*", "better-sqlite3": ">=7", "bun-types": "*", "expo-sqlite": ">=14.0.0", "gel": ">=2", "knex": "*", "kysely": "*", "mysql2": ">=2", "pg": ">=8", "postgres": ">=3", "sql.js": ">=1", "sqlite3": ">=5" }, "optionalPeers": ["@aws-sdk/client-rds-data", "@cloudflare/workers-types", "@electric-sql/pglite", "@libsql/client", "@libsql/client-wasm", "@neondatabase/serverless", "@op-engineering/op-sqlite", "@opentelemetry/api", "@planetscale/database", "@prisma/client", "@tidbcloud/serverless", "@types/better-sqlite3", "@types/pg", "@types/sql.js", "@upstash/redis", "@vercel/postgres", "@xata.io/client", "better-sqlite3", "bun-types", "expo-sqlite", "gel", "knex", "kysely", "mysql2", "pg", "postgres", "sql.js", "sqlite3"] }, "sha512-quIpnYznjU9lHshEOAYLoZ9s3jweleHlZIAWR/jX9gAWNg/JhQ1wj0KGRf7/Zm+obRrYd9GjPVJg790QY9N5AQ=="],
 
     "@stackpanel/infra/alchemy/execa": ["execa@9.6.1", "", { "dependencies": { "@sindresorhus/merge-streams": "^4.0.0", "cross-spawn": "^7.0.6", "figures": "^6.1.0", "get-stream": "^9.0.0", "human-signals": "^8.0.1", "is-plain-obj": "^4.1.0", "is-stream": "^4.0.1", "npm-run-path": "^6.0.0", "pretty-ms": "^9.2.0", "signal-exit": "^4.1.0", "strip-final-newline": "^4.0.0", "yoctocolors": "^2.1.1" } }, "sha512-9Be3ZoN4LmYR90tUoVu2te2BsbzHfhJyfEiAVfz7N5/zv+jduIfLrV2xdQXOHbaD6KgpGdO9PRPM1Y4Q9QkPkA=="],
 
+    "@stackpanel/infra/alchemy/glob": ["glob@10.5.0", "", { "dependencies": { "foreground-child": "^3.1.0", "jackspeak": "^3.1.2", "minimatch": "^9.0.4", "minipass": "^7.1.2", "package-json-from-dist": "^1.0.0", "path-scurry": "^1.11.1" }, "bin": { "glob": "dist/esm/bin.mjs" } }, "sha512-DfXN8DfhJ7NH3Oe7cFmu3NCu1wKbkReJ8TorzSAFbSKrlNaQSKfIzqYqVY8zlbs2NLBbWpRiU52GX2PbaBVNkg=="],
+
+    "@stackpanel/infra/alchemy/libsodium-wrappers": ["libsodium-wrappers@0.7.16", "", { "dependencies": { "libsodium": "^0.7.16" } }, "sha512-Gtr/WBx4dKjvRL1pvfwZqu7gO6AfrQ0u9vFL+kXihtHf6NfkROR8pjYWn98MFDI3jN19Ii1ZUfPR9afGiPyfHg=="],
+
     "@stackpanel/infra/alchemy/unenv": ["unenv@2.0.0-rc.21", "", { "dependencies": { "defu": "^6.1.4", "exsolve": "^1.0.7", "ohash": "^2.0.11", "pathe": "^2.0.3", "ufo": "^1.6.1" } }, "sha512-Wj7/AMtE9MRnAXa6Su3Lk0LNCfqDYgfwVjwRFVum9U7wsto1imuHqk4kTm7Jni+5A0Hn7dttL6O/zjvUvoo+8A=="],
 
     "@stackpanel/sdk/alchemy/@cloudflare/unenv-preset": ["@cloudflare/unenv-preset@2.7.7", "", { "peerDependencies": { "unenv": "2.0.0-rc.21", "workerd": "^1.20250927.0" }, "optionalPeers": ["workerd"] }, "sha512-HtZuh166y0Olbj9bqqySckz0Rw9uHjggJeoGbDx5x+sgezBXlxO6tQSig2RZw5tgObF8mWI8zaPvQMkQZtAODw=="],
 
+    "@stackpanel/sdk/alchemy/@octokit/rest": ["@octokit/rest@21.1.1", "", { "dependencies": { "@octokit/core": "^6.1.4", "@octokit/plugin-paginate-rest": "^11.4.2", "@octokit/plugin-request-log": "^5.3.1", "@octokit/plugin-rest-endpoint-methods": "^13.3.0" } }, "sha512-sTQV7va0IUVZcntzy1q3QqPm/r8rWtDCqpRAmb8eXXnKkjoQEtFe3Nt5GTVsHft+R6jJoHeSiVLcgcvhtue/rg=="],
+
     "@stackpanel/sdk/alchemy/drizzle-orm": ["drizzle-orm@0.44.7", "", { "peerDependencies": { "@aws-sdk/client-rds-data": ">=3", "@cloudflare/workers-types": ">=4", "@electric-sql/pglite": ">=0.2.0", "@libsql/client": ">=0.10.0", "@libsql/client-wasm": ">=0.10.0", "@neondatabase/serverless": ">=0.10.0", "@op-engineering/op-sqlite": ">=2", "@opentelemetry/api": "^1.4.1", "@planetscale/database": ">=1.13", "@prisma/client": "*", "@tidbcloud/serverless": "*", "@types/better-sqlite3": "*", "@types/pg": "*", "@types/sql.js": "*", "@upstash/redis": ">=1.34.7", "@vercel/postgres": ">=0.8.0", "@xata.io/client": "*", "better-sqlite3": ">=7", "bun-types": "*", "expo-sqlite": ">=14.0.0", "gel": ">=2", "knex": "*", "kysely": "*", "mysql2": ">=2", "pg": ">=8", "postgres": ">=3", "sql.js": ">=1", "sqlite3": ">=5" }, "optionalPeers": ["@aws-sdk/client-rds-data", "@cloudflare/workers-types", "@electric-sql/pglite", "@libsql/client", "@libsql/client-wasm", "@neondatabase/serverless", "@op-engineering/op-sqlite", "@opentelemetry/api", "@planetscale/database", "@prisma/client", "@tidbcloud/serverless", "@types/better-sqlite3", "@types/pg", "@types/sql.js", "@upstash/redis", "@vercel/postgres", "@xata.io/client", "better-sqlite3", "bun-types", "expo-sqlite", "gel", "knex", "kysely", "mysql2", "pg", "postgres", "sql.js", "sqlite3"] }, "sha512-quIpnYznjU9lHshEOAYLoZ9s3jweleHlZIAWR/jX9gAWNg/JhQ1wj0KGRf7/Zm+obRrYd9GjPVJg790QY9N5AQ=="],
 
     "@stackpanel/sdk/alchemy/execa": ["execa@9.6.1", "", { "dependencies": { "@sindresorhus/merge-streams": "^4.0.0", "cross-spawn": "^7.0.6", "figures": "^6.1.0", "get-stream": "^9.0.0", "human-signals": "^8.0.1", "is-plain-obj": "^4.1.0", "is-stream": "^4.0.1", "npm-run-path": "^6.0.0", "pretty-ms": "^9.2.0", "signal-exit": "^4.1.0", "strip-final-newline": "^4.0.0", "yoctocolors": "^2.1.1" } }, "sha512-9Be3ZoN4LmYR90tUoVu2te2BsbzHfhJyfEiAVfz7N5/zv+jduIfLrV2xdQXOHbaD6KgpGdO9PRPM1Y4Q9QkPkA=="],
 
+    "@stackpanel/sdk/alchemy/glob": ["glob@10.5.0", "", { "dependencies": { "foreground-child": "^3.1.0", "jackspeak": "^3.1.2", "minimatch": "^9.0.4", "minipass": "^7.1.2", "package-json-from-dist": "^1.0.0", "path-scurry": "^1.11.1" }, "bin": { "glob": "dist/esm/bin.mjs" } }, "sha512-DfXN8DfhJ7NH3Oe7cFmu3NCu1wKbkReJ8TorzSAFbSKrlNaQSKfIzqYqVY8zlbs2NLBbWpRiU52GX2PbaBVNkg=="],
+
+    "@stackpanel/sdk/alchemy/libsodium-wrappers": ["libsodium-wrappers@0.7.16", "", { "dependencies": { "libsodium": "^0.7.16" } }, "sha512-Gtr/WBx4dKjvRL1pvfwZqu7gO6AfrQ0u9vFL+kXihtHf6NfkROR8pjYWn98MFDI3jN19Ii1ZUfPR9afGiPyfHg=="],
+
     "@stackpanel/sdk/alchemy/unenv": ["unenv@2.0.0-rc.21", "", { "dependencies": { "defu": "^6.1.4", "exsolve": "^1.0.7", "ohash": "^2.0.11", "pathe": "^2.0.3", "ufo": "^1.6.1" } }, "sha512-Wj7/AMtE9MRnAXa6Su3Lk0LNCfqDYgfwVjwRFVum9U7wsto1imuHqk4kTm7Jni+5A0Hn7dttL6O/zjvUvoo+8A=="],
 
     "@tanstack/router-plugin/chokidar/glob-parent": ["glob-parent@5.1.2", "", { "dependencies": { "is-glob": "^4.0.1" } }, "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow=="],
@@ -6119,23 +6152,27 @@
 
     "alchemy-effect/ai/@opentelemetry/api": ["@opentelemetry/api@1.9.0", "", {}, "sha512-3giAOQvZiH5F9bMlMiv8+GSPMeqg0dbaeo58/0SlA9sxSqZhnUtxzX9/2FzyhS9sWQf5S0GJE0AKBrFqjpeYcg=="],
 
-    "alchemy/execa/get-stream": ["get-stream@9.0.1", "", { "dependencies": { "@sec-ant/readable-stream": "^0.4.1", "is-stream": "^4.0.1" } }, "sha512-kVCxPF3vQM/N0B1PmoqVUqgHP+EeVjmZSQn+1oCRPxd2P21P2F19lIgbR3HBosbB1PUhOAoctJnfEn2GbN2eZA=="],
+    "alchemy/@distilled.cloud/cloudflare-vite-plugin/@distilled.cloud/cloudflare-rolldown-plugin": ["@distilled.cloud/cloudflare-rolldown-plugin@0.2.0", "", { "dependencies": { "@cloudflare/unenv-preset": "^2.16.0", "unenv": "^2.0.0-rc.24" }, "peerDependencies": { "rolldown": "^1.0.0-rc.9" } }, "sha512-zZFzGzp+6sy+zP3fOxkJ0pXyTXd08pLrOw/9ooIR4NkcyL1D1k2NxNPuan0X5pttebigTVCP8Ny3e62gUe9MBg=="],
 
-    "alchemy/execa/human-signals": ["human-signals@8.0.1", "", {}, "sha512-eKCa6bwnJhvxj14kZk5NCPc6Hb6BdsU9DZcOnmQKSnO1VKrfV0zCvtttPZUsBvjmNDn8rpcJfpwSYnHBjc95MQ=="],
+    "alchemy/ai/@ai-sdk/gateway": ["@ai-sdk/gateway@3.0.104", "", { "dependencies": { "@ai-sdk/provider": "3.0.8", "@ai-sdk/provider-utils": "4.0.23", "@vercel/oidc": "3.2.0" }, "peerDependencies": { "zod": "^3.25.76 || ^4.1.8" } }, "sha512-ZKX5n74io8VIRlhIMSLWVlvT3sXC8Z7cZ9GHuWBWZDVi96+62AIsWuLGvMfcBA1STYuSoDrp6rIziZmvrTq0TA=="],
 
-    "alchemy/execa/is-stream": ["is-stream@4.0.1", "", {}, "sha512-Dnz92NInDqYckGEUJv689RbRiTSEHCQ7wOVeALbkOz999YpqT46yMRIGtSNl2iCL1waAZSx40+h59NV/EwzV/A=="],
+    "alchemy/ai/@ai-sdk/provider-utils": ["@ai-sdk/provider-utils@4.0.23", "", { "dependencies": { "@ai-sdk/provider": "3.0.8", "@standard-schema/spec": "^1.1.0", "eventsource-parser": "^3.0.6" }, "peerDependencies": { "zod": "^3.25.76 || ^4.1.8" } }, "sha512-z8GlDaCmRSDlqkMF2f4/RFgWxdarvIbyuk+m6WXT1LYgsnGiXRJGTD2Z1+SDl3LqtFuRtGX1aghYvQLoHL/9pg=="],
 
-    "alchemy/execa/npm-run-path": ["npm-run-path@6.0.0", "", { "dependencies": { "path-key": "^4.0.0", "unicorn-magic": "^0.3.0" } }, "sha512-9qny7Z9DsQU8Ou39ERsPU4OZQlSTP47ShQzuKZ6PRXpYLtIFgl/DEBYEXKlvcEa+9tHVcK8CF81Y2V72qaZhWA=="],
+    "alchemy/ai/@opentelemetry/api": ["@opentelemetry/api@1.9.0", "", {}, "sha512-3giAOQvZiH5F9bMlMiv8+GSPMeqg0dbaeo58/0SlA9sxSqZhnUtxzX9/2FzyhS9sWQf5S0GJE0AKBrFqjpeYcg=="],
 
-    "alchemy/execa/strip-final-newline": ["strip-final-newline@4.0.0", "", {}, "sha512-aulFJcD6YK8V1G7iRB5tigAP4TsHBZZrOV8pjV++zdUwmeV8uzbY7yn6h9MswN62adStNZFuCIx4haBnRuMDaw=="],
+    "alchemy/workerd/@cloudflare/workerd-darwin-64": ["@cloudflare/workerd-darwin-64@1.20260417.1", "", { "os": "darwin", "cpu": "x64" }, "sha512-7x1pQ79Npv18jBj7FiYKGCoVlV7RAei+bvnmvQf6V3npZZ86gz3wfLOLPKjQ5Osro8V8hoUoJPJJS+rI+ttaxA=="],
 
-    "babel-plugin-istanbul/istanbul-lib-instrument/semver": ["semver@6.3.1", "", { "bin": { "semver": "bin/semver.js" } }, "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA=="],
+    "alchemy/workerd/@cloudflare/workerd-darwin-arm64": ["@cloudflare/workerd-darwin-arm64@1.20260417.1", "", { "os": "darwin", "cpu": "arm64" }, "sha512-cX80Zy67Jt+pFunlywWRjrjpqALY6guM+obLQDXm1F/GXzl6oapE8j9w26HA/pvitUIq34CVC50XnK1Sr67e6g=="],
 
-    "bun-types/@types/node/undici-types": ["undici-types@7.16.0", "", {}, "sha512-Zz+aZWSj8LE6zoxD+xrjh4VfkIG8Ya6LvYkZqtUQGJPZjYl53ypCaUwWqo7eI0x66KBGeRo+mlBEkMSeSZ38Nw=="],
+    "alchemy/workerd/@cloudflare/workerd-linux-64": ["@cloudflare/workerd-linux-64@1.20260417.1", "", { "os": "linux", "cpu": "x64" }, "sha512-gJv5IgMHvczgvq2fNd+mEeOSu2wXtsWV17wv2c81E6mkeup6RvllNj50Ae13Lw8fG11viQjoKGzDpN+YoORdxA=="],
 
-    "cacache/glob/minimatch": ["minimatch@10.2.5", "", { "dependencies": { "brace-expansion": "^5.0.5" } }, "sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg=="],
+    "alchemy/workerd/@cloudflare/workerd-linux-arm64": ["@cloudflare/workerd-linux-arm64@1.20260417.1", "", { "os": "linux", "cpu": "arm64" }, "sha512-CTB9EWaRfmXxW8Z2qJs+MsL/qkc4UAjcNp9wlYtIBI1L+Ex2B/px1qeodwr4LxpVFqhMfGm7bP3HcMeK2yBQQw=="],
 
-    "cacache/glob/path-scurry": ["path-scurry@2.0.2", "", { "dependencies": { "lru-cache": "^11.0.0", "minipass": "^7.1.2" } }, "sha512-3O/iVVsJAPsOnpwWIeD+d6z/7PmqApyQePUtCndjatj/9I5LylHvt5qluFaBT3I5h3r1ejfR056c+FCv+NnNXg=="],
+    "alchemy/workerd/@cloudflare/workerd-windows-64": ["@cloudflare/workerd-windows-64@1.20260417.1", "", { "os": "win32", "cpu": "x64" }, "sha512-F/s7F0Ejd7W4E00su/Nqpnqgw2JIeAc9o1ya0fIHJMtJMzhAljjMaf/8mopZJastzSIhipETxX9mkMefbPnWbw=="],
+
+    "babel-plugin-istanbul/istanbul-lib-instrument/semver": ["semver@6.3.1", "", { "bin": { "semver": "bin/semver.js" } }, "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA=="],
+
+    "bun-types/@types/node/undici-types": ["undici-types@7.16.0", "", {}, "sha512-Zz+aZWSj8LE6zoxD+xrjh4VfkIG8Ya6LvYkZqtUQGJPZjYl53ypCaUwWqo7eI0x66KBGeRo+mlBEkMSeSZ38Nw=="],
 
     "chalk/ansi-styles/color-convert": ["color-convert@2.0.1", "", { "dependencies": { "color-name": "~1.1.4" } }, "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ=="],
 
@@ -6225,7 +6262,7 @@
 
     "fumadocs-mdx/js-yaml/argparse": ["argparse@2.0.1", "", {}, "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q=="],
 
-    "glob/minimatch/brace-expansion": ["brace-expansion@2.1.0", "", { "dependencies": { "balanced-match": "^1.0.0" } }, "sha512-TN1kCZAgdgweJhWWpgKYrQaMNHcDULHkWwQIspdtjV4Y5aurRdZpjAqn6yX3FPqTA9ngHCc4hJxMAMgGfve85w=="],
+    "glob/minimatch/brace-expansion": ["brace-expansion@5.0.5", "", { "dependencies": { "balanced-match": "^4.0.2" } }, "sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ=="],
 
     "happy-dom/@types/node/undici-types": ["undici-types@7.16.0", "", {}, "sha512-Zz+aZWSj8LE6zoxD+xrjh4VfkIG8Ya6LvYkZqtUQGJPZjYl53ypCaUwWqo7eI0x66KBGeRo+mlBEkMSeSZ38Nw=="],
 
@@ -6433,10 +6470,6 @@
 
     "type-is/mime-types/mime-db": ["mime-db@1.54.0", "", {}, "sha512-aU5EJuIN2WDemCcAp2vFBfp/m4EAhWJnUNSSw0ixs7/kXbd6Pg64EmwJkNdFhB8aWt1sH2CTXrLxo/iAGV3oPQ=="],
 
-    "ultracite/glob/minimatch": ["minimatch@10.2.5", "", { "dependencies": { "brace-expansion": "^5.0.5" } }, "sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg=="],
-
-    "ultracite/glob/path-scurry": ["path-scurry@2.0.2", "", { "dependencies": { "lru-cache": "^11.0.0", "minipass": "^7.1.2" } }, "sha512-3O/iVVsJAPsOnpwWIeD+d6z/7PmqApyQePUtCndjatj/9I5LylHvt5qluFaBT3I5h3r1ejfR056c+FCv+NnNXg=="],
-
     "vite/rolldown/@oxc-project/types": ["@oxc-project/types@0.124.0", "", {}, "sha512-VBFWMTBvHxS11Z5Lvlr3IWgrwhMTXV+Md+EQF0Xf60+wAdsGFTBx7X7K/hP4pi8N7dcm1RvcHwDxZ16Qx8keUg=="],
 
     "vite/rolldown/@rolldown/binding-android-arm64": ["@rolldown/binding-android-arm64@1.0.0-rc.15", "", { "os": "android", "cpu": "arm64" }, "sha512-YYe6aWruPZDtHNpwu7+qAHEMbQ/yRl6atqb/AhznLTnD3UY99Q1jE7ihLSahNWkF4EqRPVC4SiR4O0UkLK02tA=="],
@@ -6473,8 +6506,6 @@
 
     "web/ai/@ai-sdk/gateway": ["@ai-sdk/gateway@3.0.104", "", { "dependencies": { "@ai-sdk/provider": "3.0.8", "@ai-sdk/provider-utils": "4.0.23", "@vercel/oidc": "3.2.0" }, "peerDependencies": { "zod": "^3.25.76 || ^4.1.8" } }, "sha512-ZKX5n74io8VIRlhIMSLWVlvT3sXC8Z7cZ9GHuWBWZDVi96+62AIsWuLGvMfcBA1STYuSoDrp6rIziZmvrTq0TA=="],
 
-    "web/ai/@ai-sdk/provider": ["@ai-sdk/provider@3.0.8", "", { "dependencies": { "json-schema": "^0.4.0" } }, "sha512-oGMAgGoQdBXbZqNG0Ze56CHjDZ1IDYOwGYxYjO5KLSlz5HiNQ9udIXsPZ61VWaHGZ5XW/jyjmr6t2xz2jGVwbQ=="],
-
     "web/ai/@ai-sdk/provider-utils": ["@ai-sdk/provider-utils@4.0.23", "", { "dependencies": { "@ai-sdk/provider": "3.0.8", "@standard-schema/spec": "^1.1.0", "eventsource-parser": "^3.0.6" }, "peerDependencies": { "zod": "^3.25.76 || ^4.1.8" } }, "sha512-z8GlDaCmRSDlqkMF2f4/RFgWxdarvIbyuk+m6WXT1LYgsnGiXRJGTD2Z1+SDl3LqtFuRtGX1aghYvQLoHL/9pg=="],
 
     "web/ai/@opentelemetry/api": ["@opentelemetry/api@1.9.0", "", {}, "sha512-3giAOQvZiH5F9bMlMiv8+GSPMeqg0dbaeo58/0SlA9sxSqZhnUtxzX9/2FzyhS9sWQf5S0GJE0AKBrFqjpeYcg=="],
@@ -6557,6 +6588,14 @@
 
     "@aws-crypto/util/@smithy/util-utf8/@smithy/util-buffer-from/@smithy/is-array-buffer": ["@smithy/is-array-buffer@2.2.0", "", { "dependencies": { "tslib": "^2.6.2" } }, "sha512-GGP3O9QFD24uGeAXYUjwSTXARoqpZykHadOmA8G5vfJPK0/DC67qa//0qvqrJzL1xc8WQWX7/yc7fwudjPHPhA=="],
 
+    "@gen/infra/alchemy/@octokit/rest/@octokit/core": ["@octokit/core@6.1.6", "", { "dependencies": { "@octokit/auth-token": "^5.0.0", "@octokit/graphql": "^8.2.2", "@octokit/request": "^9.2.3", "@octokit/request-error": "^6.1.8", "@octokit/types": "^14.0.0", "before-after-hook": "^3.0.2", "universal-user-agent": "^7.0.0" } }, "sha512-kIU8SLQkYWGp3pVKiYzA5OSaNF5EE03P/R8zEmmrG6XwOg5oBjXyQVVIauQ0dgau4zYhpZEhJrvIYt6oM+zZZA=="],
+
+    "@gen/infra/alchemy/@octokit/rest/@octokit/plugin-paginate-rest": ["@octokit/plugin-paginate-rest@11.6.0", "", { "dependencies": { "@octokit/types": "^13.10.0" }, "peerDependencies": { "@octokit/core": ">=6" } }, "sha512-n5KPteiF7pWKgBIBJSk8qzoZWcUkza2O6A0za97pMGVrGfPdltxrfmfF5GucHYvHGZD8BdaZmmHGz5cX/3gdpw=="],
+
+    "@gen/infra/alchemy/@octokit/rest/@octokit/plugin-request-log": ["@octokit/plugin-request-log@5.3.1", "", { "peerDependencies": { "@octokit/core": ">=6" } }, "sha512-n/lNeCtq+9ofhC15xzmJCNKP2BWTv8Ih2TTy+jatNCCq/gQP/V7rK3fjIfuz0pDWDALO/o/4QY4hyOF6TQQFUw=="],
+
+    "@gen/infra/alchemy/@octokit/rest/@octokit/plugin-rest-endpoint-methods": ["@octokit/plugin-rest-endpoint-methods@13.5.0", "", { "dependencies": { "@octokit/types": "^13.10.0" }, "peerDependencies": { "@octokit/core": ">=6" } }, "sha512-9Pas60Iv9ejO3WlAX3maE1+38c5nqbJXV5GrncEfkndIpZrJ/WPMRd2xYDcPPEt5yzpxcjw9fWNoPhsSGzqKqw=="],
+
     "@gen/infra/alchemy/execa/get-stream": ["get-stream@9.0.1", "", { "dependencies": { "@sec-ant/readable-stream": "^0.4.1", "is-stream": "^4.0.1" } }, "sha512-kVCxPF3vQM/N0B1PmoqVUqgHP+EeVjmZSQn+1oCRPxd2P21P2F19lIgbR3HBosbB1PUhOAoctJnfEn2GbN2eZA=="],
 
     "@gen/infra/alchemy/execa/human-signals": ["human-signals@8.0.1", "", {}, "sha512-eKCa6bwnJhvxj14kZk5NCPc6Hb6BdsU9DZcOnmQKSnO1VKrfV0zCvtttPZUsBvjmNDn8rpcJfpwSYnHBjc95MQ=="],
@@ -6567,6 +6606,14 @@
 
     "@gen/infra/alchemy/execa/strip-final-newline": ["strip-final-newline@4.0.0", "", {}, "sha512-aulFJcD6YK8V1G7iRB5tigAP4TsHBZZrOV8pjV++zdUwmeV8uzbY7yn6h9MswN62adStNZFuCIx4haBnRuMDaw=="],
 
+    "@gen/infra/alchemy/glob/foreground-child": ["foreground-child@3.3.1", "", { "dependencies": { "cross-spawn": "^7.0.6", "signal-exit": "^4.0.1" } }, "sha512-gIXjKqtFuWEgzFRJA9WCQeSJLZDjgJUOMCMzxtvFq/37KojM1BFGufqsCy0r4qSQmYLsZYMeyRqzIWOMup03sw=="],
+
+    "@gen/infra/alchemy/glob/minimatch": ["minimatch@9.0.9", "", { "dependencies": { "brace-expansion": "^2.0.2" } }, "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg=="],
+
+    "@gen/infra/alchemy/glob/path-scurry": ["path-scurry@1.11.1", "", { "dependencies": { "lru-cache": "^10.2.0", "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0" } }, "sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA=="],
+
+    "@gen/infra/alchemy/libsodium-wrappers/libsodium": ["libsodium@0.7.16", "", {}, "sha512-3HrzSPuzm6Yt9aTYCDxYEG8x8/6C0+ag655Y7rhhWZM9PT4NpdnbqlzXhGZlDnkgR6MeSTnOt/VIyHLs9aSf+Q=="],
+
     "@grpc/proto-loader/yargs/cliui/wrap-ansi": ["wrap-ansi@7.0.0", "", { "dependencies": { "ansi-styles": "^4.0.0", "string-width": "^4.1.0", "strip-ansi": "^6.0.0" } }, "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q=="],
 
     "@grpc/proto-loader/yargs/string-width/emoji-regex": ["emoji-regex@8.0.0", "", {}, "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A=="],
@@ -6575,18 +6622,28 @@
 
     "@node-minify/core/glob/minimatch/brace-expansion": ["brace-expansion@2.1.0", "", { "dependencies": { "balanced-match": "^1.0.0" } }, "sha512-TN1kCZAgdgweJhWWpgKYrQaMNHcDULHkWwQIspdtjV4Y5aurRdZpjAqn6yX3FPqTA9ngHCc4hJxMAMgGfve85w=="],
 
+    "@node-minify/core/glob/path-scurry/lru-cache": ["lru-cache@10.4.3", "", {}, "sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ=="],
+
+    "@node-minify/core/glob/path-scurry/minipass": ["minipass@7.1.3", "", {}, "sha512-tEBHqDnIoM/1rXME1zgka9g6Q2lcoCkxHLuc7ODJ5BxbP5d4c2Z5cGgtXAku59200Cx7diuHTOYfSBD8n6mm8A=="],
+
     "@npmcli/arborist/minimatch/brace-expansion/balanced-match": ["balanced-match@4.0.4", "", {}, "sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA=="],
 
     "@npmcli/map-workspaces/minimatch/brace-expansion/balanced-match": ["balanced-match@4.0.4", "", {}, "sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA=="],
 
-    "@npmcli/package-json/glob/minimatch/brace-expansion": ["brace-expansion@5.0.5", "", { "dependencies": { "balanced-match": "^4.0.2" } }, "sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ=="],
-
     "@opennextjs/cloudflare/cloudflare/@types/node/undici-types": ["undici-types@5.26.5", "", {}, "sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA=="],
 
     "@opennextjs/cloudflare/glob/jackspeak/@isaacs/cliui": ["@isaacs/cliui@9.0.0", "", {}, "sha512-AokJm4tuBHillT+FpMtxQ60n8ObyXBatq7jD2/JA9dxbDDokKQm8KMht5ibGzLVU9IJDIKK4TPKgMHEYMn3lMg=="],
 
     "@opennextjs/cloudflare/glob/minimatch/brace-expansion": ["brace-expansion@5.0.5", "", { "dependencies": { "balanced-match": "^4.0.2" } }, "sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ=="],
 
+    "@stackpanel/infra/alchemy/@octokit/rest/@octokit/core": ["@octokit/core@6.1.6", "", { "dependencies": { "@octokit/auth-token": "^5.0.0", "@octokit/graphql": "^8.2.2", "@octokit/request": "^9.2.3", "@octokit/request-error": "^6.1.8", "@octokit/types": "^14.0.0", "before-after-hook": "^3.0.2", "universal-user-agent": "^7.0.0" } }, "sha512-kIU8SLQkYWGp3pVKiYzA5OSaNF5EE03P/R8zEmmrG6XwOg5oBjXyQVVIauQ0dgau4zYhpZEhJrvIYt6oM+zZZA=="],
+
+    "@stackpanel/infra/alchemy/@octokit/rest/@octokit/plugin-paginate-rest": ["@octokit/plugin-paginate-rest@11.6.0", "", { "dependencies": { "@octokit/types": "^13.10.0" }, "peerDependencies": { "@octokit/core": ">=6" } }, "sha512-n5KPteiF7pWKgBIBJSk8qzoZWcUkza2O6A0za97pMGVrGfPdltxrfmfF5GucHYvHGZD8BdaZmmHGz5cX/3gdpw=="],
+
+    "@stackpanel/infra/alchemy/@octokit/rest/@octokit/plugin-request-log": ["@octokit/plugin-request-log@5.3.1", "", { "peerDependencies": { "@octokit/core": ">=6" } }, "sha512-n/lNeCtq+9ofhC15xzmJCNKP2BWTv8Ih2TTy+jatNCCq/gQP/V7rK3fjIfuz0pDWDALO/o/4QY4hyOF6TQQFUw=="],
+
+    "@stackpanel/infra/alchemy/@octokit/rest/@octokit/plugin-rest-endpoint-methods": ["@octokit/plugin-rest-endpoint-methods@13.5.0", "", { "dependencies": { "@octokit/types": "^13.10.0" }, "peerDependencies": { "@octokit/core": ">=6" } }, "sha512-9Pas60Iv9ejO3WlAX3maE1+38c5nqbJXV5GrncEfkndIpZrJ/WPMRd2xYDcPPEt5yzpxcjw9fWNoPhsSGzqKqw=="],
+
     "@stackpanel/infra/alchemy/execa/get-stream": ["get-stream@9.0.1", "", { "dependencies": { "@sec-ant/readable-stream": "^0.4.1", "is-stream": "^4.0.1" } }, "sha512-kVCxPF3vQM/N0B1PmoqVUqgHP+EeVjmZSQn+1oCRPxd2P21P2F19lIgbR3HBosbB1PUhOAoctJnfEn2GbN2eZA=="],
 
     "@stackpanel/infra/alchemy/execa/human-signals": ["human-signals@8.0.1", "", {}, "sha512-eKCa6bwnJhvxj14kZk5NCPc6Hb6BdsU9DZcOnmQKSnO1VKrfV0zCvtttPZUsBvjmNDn8rpcJfpwSYnHBjc95MQ=="],
@@ -6597,6 +6654,22 @@
 
     "@stackpanel/infra/alchemy/execa/strip-final-newline": ["strip-final-newline@4.0.0", "", {}, "sha512-aulFJcD6YK8V1G7iRB5tigAP4TsHBZZrOV8pjV++zdUwmeV8uzbY7yn6h9MswN62adStNZFuCIx4haBnRuMDaw=="],
 
+    "@stackpanel/infra/alchemy/glob/foreground-child": ["foreground-child@3.3.1", "", { "dependencies": { "cross-spawn": "^7.0.6", "signal-exit": "^4.0.1" } }, "sha512-gIXjKqtFuWEgzFRJA9WCQeSJLZDjgJUOMCMzxtvFq/37KojM1BFGufqsCy0r4qSQmYLsZYMeyRqzIWOMup03sw=="],
+
+    "@stackpanel/infra/alchemy/glob/minimatch": ["minimatch@9.0.9", "", { "dependencies": { "brace-expansion": "^2.0.2" } }, "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg=="],
+
+    "@stackpanel/infra/alchemy/glob/path-scurry": ["path-scurry@1.11.1", "", { "dependencies": { "lru-cache": "^10.2.0", "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0" } }, "sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA=="],
+
+    "@stackpanel/infra/alchemy/libsodium-wrappers/libsodium": ["libsodium@0.7.16", "", {}, "sha512-3HrzSPuzm6Yt9aTYCDxYEG8x8/6C0+ag655Y7rhhWZM9PT4NpdnbqlzXhGZlDnkgR6MeSTnOt/VIyHLs9aSf+Q=="],
+
+    "@stackpanel/sdk/alchemy/@octokit/rest/@octokit/core": ["@octokit/core@6.1.6", "", { "dependencies": { "@octokit/auth-token": "^5.0.0", "@octokit/graphql": "^8.2.2", "@octokit/request": "^9.2.3", "@octokit/request-error": "^6.1.8", "@octokit/types": "^14.0.0", "before-after-hook": "^3.0.2", "universal-user-agent": "^7.0.0" } }, "sha512-kIU8SLQkYWGp3pVKiYzA5OSaNF5EE03P/R8zEmmrG6XwOg5oBjXyQVVIauQ0dgau4zYhpZEhJrvIYt6oM+zZZA=="],
+
+    "@stackpanel/sdk/alchemy/@octokit/rest/@octokit/plugin-paginate-rest": ["@octokit/plugin-paginate-rest@11.6.0", "", { "dependencies": { "@octokit/types": "^13.10.0" }, "peerDependencies": { "@octokit/core": ">=6" } }, "sha512-n5KPteiF7pWKgBIBJSk8qzoZWcUkza2O6A0za97pMGVrGfPdltxrfmfF5GucHYvHGZD8BdaZmmHGz5cX/3gdpw=="],
+
+    "@stackpanel/sdk/alchemy/@octokit/rest/@octokit/plugin-request-log": ["@octokit/plugin-request-log@5.3.1", "", { "peerDependencies": { "@octokit/core": ">=6" } }, "sha512-n/lNeCtq+9ofhC15xzmJCNKP2BWTv8Ih2TTy+jatNCCq/gQP/V7rK3fjIfuz0pDWDALO/o/4QY4hyOF6TQQFUw=="],
+
+    "@stackpanel/sdk/alchemy/@octokit/rest/@octokit/plugin-rest-endpoint-methods": ["@octokit/plugin-rest-endpoint-methods@13.5.0", "", { "dependencies": { "@octokit/types": "^13.10.0" }, "peerDependencies": { "@octokit/core": ">=6" } }, "sha512-9Pas60Iv9ejO3WlAX3maE1+38c5nqbJXV5GrncEfkndIpZrJ/WPMRd2xYDcPPEt5yzpxcjw9fWNoPhsSGzqKqw=="],
+
     "@stackpanel/sdk/alchemy/execa/get-stream": ["get-stream@9.0.1", "", { "dependencies": { "@sec-ant/readable-stream": "^0.4.1", "is-stream": "^4.0.1" } }, "sha512-kVCxPF3vQM/N0B1PmoqVUqgHP+EeVjmZSQn+1oCRPxd2P21P2F19lIgbR3HBosbB1PUhOAoctJnfEn2GbN2eZA=="],
 
     "@stackpanel/sdk/alchemy/execa/human-signals": ["human-signals@8.0.1", "", {}, "sha512-eKCa6bwnJhvxj14kZk5NCPc6Hb6BdsU9DZcOnmQKSnO1VKrfV0zCvtttPZUsBvjmNDn8rpcJfpwSYnHBjc95MQ=="],
@@ -6607,6 +6680,14 @@
 
     "@stackpanel/sdk/alchemy/execa/strip-final-newline": ["strip-final-newline@4.0.0", "", {}, "sha512-aulFJcD6YK8V1G7iRB5tigAP4TsHBZZrOV8pjV++zdUwmeV8uzbY7yn6h9MswN62adStNZFuCIx4haBnRuMDaw=="],
 
+    "@stackpanel/sdk/alchemy/glob/foreground-child": ["foreground-child@3.3.1", "", { "dependencies": { "cross-spawn": "^7.0.6", "signal-exit": "^4.0.1" } }, "sha512-gIXjKqtFuWEgzFRJA9WCQeSJLZDjgJUOMCMzxtvFq/37KojM1BFGufqsCy0r4qSQmYLsZYMeyRqzIWOMup03sw=="],
+
+    "@stackpanel/sdk/alchemy/glob/minimatch": ["minimatch@9.0.9", "", { "dependencies": { "brace-expansion": "^2.0.2" } }, "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg=="],
+
+    "@stackpanel/sdk/alchemy/glob/path-scurry": ["path-scurry@1.11.1", "", { "dependencies": { "lru-cache": "^10.2.0", "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0" } }, "sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA=="],
+
+    "@stackpanel/sdk/alchemy/libsodium-wrappers/libsodium": ["libsodium@0.7.16", "", {}, "sha512-3HrzSPuzm6Yt9aTYCDxYEG8x8/6C0+ag655Y7rhhWZM9PT4NpdnbqlzXhGZlDnkgR6MeSTnOt/VIyHLs9aSf+Q=="],
+
     "@tanstack/router-plugin/chokidar/readdirp/picomatch": ["picomatch@2.3.2", "", {}, "sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA=="],
 
     "@ts-morph/common/minimatch/brace-expansion/balanced-match": ["balanced-match@4.0.4", "", {}, "sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA=="],
@@ -6621,9 +6702,7 @@
 
     "alchemy-effect/ai/@ai-sdk/gateway/@vercel/oidc": ["@vercel/oidc@3.2.0", "", {}, "sha512-UycprH3T6n3jH0k44NHMa7pnFHGu/N05MjojYr+Mc6I7obkoLIJujSWwin1pCvdy/eOxrI/l3uDLQsmcrOb4ug=="],
 
-    "alchemy/execa/npm-run-path/path-key": ["path-key@4.0.0", "", {}, "sha512-haREypq7xkM7ErfgIyA0z+Bj4AGKlMSdlQE2jvJo6huWD1EdkKYV+G/T4nq0YEF2vgTT8kqMFKo1uHn950r4SQ=="],
-
-    "cacache/glob/minimatch/brace-expansion": ["brace-expansion@5.0.5", "", { "dependencies": { "balanced-match": "^4.0.2" } }, "sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ=="],
+    "alchemy/ai/@ai-sdk/gateway/@vercel/oidc": ["@vercel/oidc@3.2.0", "", {}, "sha512-UycprH3T6n3jH0k44NHMa7pnFHGu/N05MjojYr+Mc6I7obkoLIJujSWwin1pCvdy/eOxrI/l3uDLQsmcrOb4ug=="],
 
     "chalk/ansi-styles/color-convert/color-name": ["color-name@1.1.4", "", {}, "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="],
 
@@ -6631,6 +6710,8 @@
 
     "cli-highlight/yargs/string-width/emoji-regex": ["emoji-regex@8.0.0", "", {}, "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A=="],
 
+    "glob/minimatch/brace-expansion/balanced-match": ["balanced-match@4.0.4", "", {}, "sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA=="],
+
     "ignore-walk/minimatch/brace-expansion/balanced-match": ["balanced-match@4.0.4", "", {}, "sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA=="],
 
     "jest-cli/yargs/cliui/wrap-ansi": ["wrap-ansi@7.0.0", "", { "dependencies": { "ansi-styles": "^4.0.0", "string-width": "^4.1.0", "strip-ansi": "^6.0.0" } }, "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q=="],
@@ -6669,8 +6750,6 @@
 
     "shadcn/ts-morph/@ts-morph/common/minimatch": ["minimatch@10.2.5", "", { "dependencies": { "brace-expansion": "^5.0.5" } }, "sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg=="],
 
-    "ultracite/glob/minimatch/brace-expansion": ["brace-expansion@5.0.5", "", { "dependencies": { "balanced-match": "^4.0.2" } }, "sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ=="],
-
     "vite/rolldown/@rolldown/binding-wasm32-wasi/@emnapi/core": ["@emnapi/core@1.9.2", "", { "dependencies": { "@emnapi/wasi-threads": "1.2.1", "tslib": "^2.4.0" } }, "sha512-UC+ZhH3XtczQYfOlu3lNEkdW/p4dsJ1r/bP7H8+rhao3TTTMO1ATq/4DdIi23XuGoFY+Cz0JmCbdVl0hz9jZcA=="],
 
     "vite/rolldown/@rolldown/binding-wasm32-wasi/@emnapi/runtime": ["@emnapi/runtime@1.9.2", "", { "dependencies": { "tslib": "^2.4.0" } }, "sha512-3U4+MIWHImeyu1wnmVygh5WlgfYDtyf0k8AbLhMFxOipihf6nrWC4syIm/SwEeec0mNSafiiNnMJwbza/Is6Lw=="],
@@ -6679,21 +6758,77 @@
 
     "wrap-ansi-cjs/ansi-styles/color-convert/color-name": ["color-name@1.1.4", "", {}, "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="],
 
+    "@gen/infra/alchemy/@octokit/rest/@octokit/core/@octokit/auth-token": ["@octokit/auth-token@5.1.2", "", {}, "sha512-JcQDsBdg49Yky2w2ld20IHAlwr8d/d8N6NiOXbtuoPCqzbsiJgF633mVUw3x4mo0H5ypataQIX7SFu3yy44Mpw=="],
+
+    "@gen/infra/alchemy/@octokit/rest/@octokit/core/@octokit/graphql": ["@octokit/graphql@8.2.2", "", { "dependencies": { "@octokit/request": "^9.2.3", "@octokit/types": "^14.0.0", "universal-user-agent": "^7.0.0" } }, "sha512-Yi8hcoqsrXGdt0yObxbebHXFOiUA+2v3n53epuOg1QUgOB6c4XzvisBNVXJSl8RYA5KrDuSL2yq9Qmqe5N0ryA=="],
+
+    "@gen/infra/alchemy/@octokit/rest/@octokit/core/@octokit/request": ["@octokit/request@9.2.4", "", { "dependencies": { "@octokit/endpoint": "^10.1.4", "@octokit/request-error": "^6.1.8", "@octokit/types": "^14.0.0", "fast-content-type-parse": "^2.0.0", "universal-user-agent": "^7.0.2" } }, "sha512-q8ybdytBmxa6KogWlNa818r0k1wlqzNC+yNkcQDECHvQo8Vmstrg18JwqJHdJdUiHD2sjlwBgSm9kHkOKe2iyA=="],
+
+    "@gen/infra/alchemy/@octokit/rest/@octokit/core/@octokit/request-error": ["@octokit/request-error@6.1.8", "", { "dependencies": { "@octokit/types": "^14.0.0" } }, "sha512-WEi/R0Jmq+IJKydWlKDmryPcmdYSVjL3ekaiEL1L9eo1sUnqMJ+grqmC9cjk7CA7+b2/T397tO5d8YLOH3qYpQ=="],
+
+    "@gen/infra/alchemy/@octokit/rest/@octokit/core/@octokit/types": ["@octokit/types@14.1.0", "", { "dependencies": { "@octokit/openapi-types": "^25.1.0" } }, "sha512-1y6DgTy8Jomcpu33N+p5w58l6xyt55Ar2I91RPiIA0xCJBXyUAhXCcmZaDWSANiha7R9a6qJJ2CRomGPZ6f46g=="],
+
+    "@gen/infra/alchemy/@octokit/rest/@octokit/core/before-after-hook": ["before-after-hook@3.0.2", "", {}, "sha512-Nik3Sc0ncrMK4UUdXQmAnRtzmNQTAAXmXIopizwZ1W1t8QmfJj+zL4OA2I7XPTPW5z5TDqv4hRo/JzouDJnX3A=="],
+
+    "@gen/infra/alchemy/@octokit/rest/@octokit/plugin-paginate-rest/@octokit/types": ["@octokit/types@13.10.0", "", { "dependencies": { "@octokit/openapi-types": "^24.2.0" } }, "sha512-ifLaO34EbbPj0Xgro4G5lP5asESjwHracYJvVaPIyXMuiuXLlhic3S47cBdTb+jfODkTE5YtGCLt3Ay3+J97sA=="],
+
+    "@gen/infra/alchemy/@octokit/rest/@octokit/plugin-rest-endpoint-methods/@octokit/types": ["@octokit/types@13.10.0", "", { "dependencies": { "@octokit/openapi-types": "^24.2.0" } }, "sha512-ifLaO34EbbPj0Xgro4G5lP5asESjwHracYJvVaPIyXMuiuXLlhic3S47cBdTb+jfODkTE5YtGCLt3Ay3+J97sA=="],
+
     "@gen/infra/alchemy/execa/npm-run-path/path-key": ["path-key@4.0.0", "", {}, "sha512-haREypq7xkM7ErfgIyA0z+Bj4AGKlMSdlQE2jvJo6huWD1EdkKYV+G/T4nq0YEF2vgTT8kqMFKo1uHn950r4SQ=="],
 
+    "@gen/infra/alchemy/glob/minimatch/brace-expansion": ["brace-expansion@2.1.0", "", { "dependencies": { "balanced-match": "^1.0.0" } }, "sha512-TN1kCZAgdgweJhWWpgKYrQaMNHcDULHkWwQIspdtjV4Y5aurRdZpjAqn6yX3FPqTA9ngHCc4hJxMAMgGfve85w=="],
+
+    "@gen/infra/alchemy/glob/path-scurry/lru-cache": ["lru-cache@10.4.3", "", {}, "sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ=="],
+
     "@grpc/proto-loader/yargs/cliui/wrap-ansi/ansi-styles": ["ansi-styles@4.3.0", "", { "dependencies": { "color-convert": "^2.0.1" } }, "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg=="],
 
     "@istanbuljs/load-nyc-config/find-up/locate-path/p-locate/p-limit": ["p-limit@2.3.0", "", { "dependencies": { "p-try": "^2.0.0" } }, "sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w=="],
 
-    "@npmcli/package-json/glob/minimatch/brace-expansion/balanced-match": ["balanced-match@4.0.4", "", {}, "sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA=="],
-
     "@opennextjs/cloudflare/glob/minimatch/brace-expansion/balanced-match": ["balanced-match@4.0.4", "", {}, "sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA=="],
 
+    "@stackpanel/infra/alchemy/@octokit/rest/@octokit/core/@octokit/auth-token": ["@octokit/auth-token@5.1.2", "", {}, "sha512-JcQDsBdg49Yky2w2ld20IHAlwr8d/d8N6NiOXbtuoPCqzbsiJgF633mVUw3x4mo0H5ypataQIX7SFu3yy44Mpw=="],
+
+    "@stackpanel/infra/alchemy/@octokit/rest/@octokit/core/@octokit/graphql": ["@octokit/graphql@8.2.2", "", { "dependencies": { "@octokit/request": "^9.2.3", "@octokit/types": "^14.0.0", "universal-user-agent": "^7.0.0" } }, "sha512-Yi8hcoqsrXGdt0yObxbebHXFOiUA+2v3n53epuOg1QUgOB6c4XzvisBNVXJSl8RYA5KrDuSL2yq9Qmqe5N0ryA=="],
+
+    "@stackpanel/infra/alchemy/@octokit/rest/@octokit/core/@octokit/request": ["@octokit/request@9.2.4", "", { "dependencies": { "@octokit/endpoint": "^10.1.4", "@octokit/request-error": "^6.1.8", "@octokit/types": "^14.0.0", "fast-content-type-parse": "^2.0.0", "universal-user-agent": "^7.0.2" } }, "sha512-q8ybdytBmxa6KogWlNa818r0k1wlqzNC+yNkcQDECHvQo8Vmstrg18JwqJHdJdUiHD2sjlwBgSm9kHkOKe2iyA=="],
+
+    "@stackpanel/infra/alchemy/@octokit/rest/@octokit/core/@octokit/request-error": ["@octokit/request-error@6.1.8", "", { "dependencies": { "@octokit/types": "^14.0.0" } }, "sha512-WEi/R0Jmq+IJKydWlKDmryPcmdYSVjL3ekaiEL1L9eo1sUnqMJ+grqmC9cjk7CA7+b2/T397tO5d8YLOH3qYpQ=="],
+
+    "@stackpanel/infra/alchemy/@octokit/rest/@octokit/core/@octokit/types": ["@octokit/types@14.1.0", "", { "dependencies": { "@octokit/openapi-types": "^25.1.0" } }, "sha512-1y6DgTy8Jomcpu33N+p5w58l6xyt55Ar2I91RPiIA0xCJBXyUAhXCcmZaDWSANiha7R9a6qJJ2CRomGPZ6f46g=="],
+
+    "@stackpanel/infra/alchemy/@octokit/rest/@octokit/core/before-after-hook": ["before-after-hook@3.0.2", "", {}, "sha512-Nik3Sc0ncrMK4UUdXQmAnRtzmNQTAAXmXIopizwZ1W1t8QmfJj+zL4OA2I7XPTPW5z5TDqv4hRo/JzouDJnX3A=="],
+
+    "@stackpanel/infra/alchemy/@octokit/rest/@octokit/plugin-paginate-rest/@octokit/types": ["@octokit/types@13.10.0", "", { "dependencies": { "@octokit/openapi-types": "^24.2.0" } }, "sha512-ifLaO34EbbPj0Xgro4G5lP5asESjwHracYJvVaPIyXMuiuXLlhic3S47cBdTb+jfODkTE5YtGCLt3Ay3+J97sA=="],
+
+    "@stackpanel/infra/alchemy/@octokit/rest/@octokit/plugin-rest-endpoint-methods/@octokit/types": ["@octokit/types@13.10.0", "", { "dependencies": { "@octokit/openapi-types": "^24.2.0" } }, "sha512-ifLaO34EbbPj0Xgro4G5lP5asESjwHracYJvVaPIyXMuiuXLlhic3S47cBdTb+jfODkTE5YtGCLt3Ay3+J97sA=="],
+
     "@stackpanel/infra/alchemy/execa/npm-run-path/path-key": ["path-key@4.0.0", "", {}, "sha512-haREypq7xkM7ErfgIyA0z+Bj4AGKlMSdlQE2jvJo6huWD1EdkKYV+G/T4nq0YEF2vgTT8kqMFKo1uHn950r4SQ=="],
 
+    "@stackpanel/infra/alchemy/glob/minimatch/brace-expansion": ["brace-expansion@2.1.0", "", { "dependencies": { "balanced-match": "^1.0.0" } }, "sha512-TN1kCZAgdgweJhWWpgKYrQaMNHcDULHkWwQIspdtjV4Y5aurRdZpjAqn6yX3FPqTA9ngHCc4hJxMAMgGfve85w=="],
+
+    "@stackpanel/infra/alchemy/glob/path-scurry/lru-cache": ["lru-cache@10.4.3", "", {}, "sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ=="],
+
+    "@stackpanel/sdk/alchemy/@octokit/rest/@octokit/core/@octokit/auth-token": ["@octokit/auth-token@5.1.2", "", {}, "sha512-JcQDsBdg49Yky2w2ld20IHAlwr8d/d8N6NiOXbtuoPCqzbsiJgF633mVUw3x4mo0H5ypataQIX7SFu3yy44Mpw=="],
+
+    "@stackpanel/sdk/alchemy/@octokit/rest/@octokit/core/@octokit/graphql": ["@octokit/graphql@8.2.2", "", { "dependencies": { "@octokit/request": "^9.2.3", "@octokit/types": "^14.0.0", "universal-user-agent": "^7.0.0" } }, "sha512-Yi8hcoqsrXGdt0yObxbebHXFOiUA+2v3n53epuOg1QUgOB6c4XzvisBNVXJSl8RYA5KrDuSL2yq9Qmqe5N0ryA=="],
+
+    "@stackpanel/sdk/alchemy/@octokit/rest/@octokit/core/@octokit/request": ["@octokit/request@9.2.4", "", { "dependencies": { "@octokit/endpoint": "^10.1.4", "@octokit/request-error": "^6.1.8", "@octokit/types": "^14.0.0", "fast-content-type-parse": "^2.0.0", "universal-user-agent": "^7.0.2" } }, "sha512-q8ybdytBmxa6KogWlNa818r0k1wlqzNC+yNkcQDECHvQo8Vmstrg18JwqJHdJdUiHD2sjlwBgSm9kHkOKe2iyA=="],
+
+    "@stackpanel/sdk/alchemy/@octokit/rest/@octokit/core/@octokit/request-error": ["@octokit/request-error@6.1.8", "", { "dependencies": { "@octokit/types": "^14.0.0" } }, "sha512-WEi/R0Jmq+IJKydWlKDmryPcmdYSVjL3ekaiEL1L9eo1sUnqMJ+grqmC9cjk7CA7+b2/T397tO5d8YLOH3qYpQ=="],
+
+    "@stackpanel/sdk/alchemy/@octokit/rest/@octokit/core/@octokit/types": ["@octokit/types@14.1.0", "", { "dependencies": { "@octokit/openapi-types": "^25.1.0" } }, "sha512-1y6DgTy8Jomcpu33N+p5w58l6xyt55Ar2I91RPiIA0xCJBXyUAhXCcmZaDWSANiha7R9a6qJJ2CRomGPZ6f46g=="],
+
+    "@stackpanel/sdk/alchemy/@octokit/rest/@octokit/core/before-after-hook": ["before-after-hook@3.0.2", "", {}, "sha512-Nik3Sc0ncrMK4UUdXQmAnRtzmNQTAAXmXIopizwZ1W1t8QmfJj+zL4OA2I7XPTPW5z5TDqv4hRo/JzouDJnX3A=="],
+
+    "@stackpanel/sdk/alchemy/@octokit/rest/@octokit/plugin-paginate-rest/@octokit/types": ["@octokit/types@13.10.0", "", { "dependencies": { "@octokit/openapi-types": "^24.2.0" } }, "sha512-ifLaO34EbbPj0Xgro4G5lP5asESjwHracYJvVaPIyXMuiuXLlhic3S47cBdTb+jfODkTE5YtGCLt3Ay3+J97sA=="],
+
+    "@stackpanel/sdk/alchemy/@octokit/rest/@octokit/plugin-rest-endpoint-methods/@octokit/types": ["@octokit/types@13.10.0", "", { "dependencies": { "@octokit/openapi-types": "^24.2.0" } }, "sha512-ifLaO34EbbPj0Xgro4G5lP5asESjwHracYJvVaPIyXMuiuXLlhic3S47cBdTb+jfODkTE5YtGCLt3Ay3+J97sA=="],
+
     "@stackpanel/sdk/alchemy/execa/npm-run-path/path-key": ["path-key@4.0.0", "", {}, "sha512-haREypq7xkM7ErfgIyA0z+Bj4AGKlMSdlQE2jvJo6huWD1EdkKYV+G/T4nq0YEF2vgTT8kqMFKo1uHn950r4SQ=="],
 
-    "cacache/glob/minimatch/brace-expansion/balanced-match": ["balanced-match@4.0.4", "", {}, "sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA=="],
+    "@stackpanel/sdk/alchemy/glob/minimatch/brace-expansion": ["brace-expansion@2.1.0", "", { "dependencies": { "balanced-match": "^1.0.0" } }, "sha512-TN1kCZAgdgweJhWWpgKYrQaMNHcDULHkWwQIspdtjV4Y5aurRdZpjAqn6yX3FPqTA9ngHCc4hJxMAMgGfve85w=="],
+
+    "@stackpanel/sdk/alchemy/glob/path-scurry/lru-cache": ["lru-cache@10.4.3", "", {}, "sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ=="],
 
     "cli-highlight/yargs/cliui/wrap-ansi/ansi-styles": ["ansi-styles@4.3.0", "", { "dependencies": { "color-convert": "^2.0.1" } }, "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg=="],
 
@@ -6707,12 +6842,40 @@
 
     "shadcn/ts-morph/@ts-morph/common/minimatch/brace-expansion": ["brace-expansion@5.0.5", "", { "dependencies": { "balanced-match": "^4.0.2" } }, "sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ=="],
 
-    "ultracite/glob/minimatch/brace-expansion/balanced-match": ["balanced-match@4.0.4", "", {}, "sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA=="],
-
     "vite/rolldown/@rolldown/binding-wasm32-wasi/@emnapi/core/@emnapi/wasi-threads": ["@emnapi/wasi-threads@1.2.1", "", { "dependencies": { "tslib": "^2.4.0" } }, "sha512-uTII7OYF+/Mes/MrcIOYp5yOtSMLBWSIoLPpcgwipoiKbli6k322tcoFsxoIIxPDqW01SQGAgko4EzZi2BNv2w=="],
 
+    "@gen/infra/alchemy/@octokit/rest/@octokit/core/@octokit/request/@octokit/endpoint": ["@octokit/endpoint@10.1.4", "", { "dependencies": { "@octokit/types": "^14.0.0", "universal-user-agent": "^7.0.2" } }, "sha512-OlYOlZIsfEVZm5HCSR8aSg02T2lbUWOsCQoPKfTXJwDzcHQBrVBGdGXb89dv2Kw2ToZaRtudp8O3ZIYoaOjKlA=="],
+
+    "@gen/infra/alchemy/@octokit/rest/@octokit/core/@octokit/request/fast-content-type-parse": ["fast-content-type-parse@2.0.1", "", {}, "sha512-nGqtvLrj5w0naR6tDPfB4cUmYCqouzyQiz6C5y/LtcDllJdrcc6WaWW6iXyIIOErTa/XRybj28aasdn4LkVk6Q=="],
+
+    "@gen/infra/alchemy/@octokit/rest/@octokit/core/@octokit/types/@octokit/openapi-types": ["@octokit/openapi-types@25.1.0", "", {}, "sha512-idsIggNXUKkk0+BExUn1dQ92sfysJrje03Q0bv0e+KPLrvyqZF8MnBpFz8UNfYDwB3Ie7Z0TByjWfzxt7vseaA=="],
+
+    "@gen/infra/alchemy/@octokit/rest/@octokit/plugin-paginate-rest/@octokit/types/@octokit/openapi-types": ["@octokit/openapi-types@24.2.0", "", {}, "sha512-9sIH3nSUttelJSXUrmGzl7QUBFul0/mB8HRYl3fOlgHbIWG+WnYDXU3v/2zMtAvuzZ/ed00Ei6on975FhBfzrg=="],
+
+    "@gen/infra/alchemy/@octokit/rest/@octokit/plugin-rest-endpoint-methods/@octokit/types/@octokit/openapi-types": ["@octokit/openapi-types@24.2.0", "", {}, "sha512-9sIH3nSUttelJSXUrmGzl7QUBFul0/mB8HRYl3fOlgHbIWG+WnYDXU3v/2zMtAvuzZ/ed00Ei6on975FhBfzrg=="],
+
     "@grpc/proto-loader/yargs/cliui/wrap-ansi/ansi-styles/color-convert": ["color-convert@2.0.1", "", { "dependencies": { "color-name": "~1.1.4" } }, "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ=="],
 
+    "@stackpanel/infra/alchemy/@octokit/rest/@octokit/core/@octokit/request/@octokit/endpoint": ["@octokit/endpoint@10.1.4", "", { "dependencies": { "@octokit/types": "^14.0.0", "universal-user-agent": "^7.0.2" } }, "sha512-OlYOlZIsfEVZm5HCSR8aSg02T2lbUWOsCQoPKfTXJwDzcHQBrVBGdGXb89dv2Kw2ToZaRtudp8O3ZIYoaOjKlA=="],
+
+    "@stackpanel/infra/alchemy/@octokit/rest/@octokit/core/@octokit/request/fast-content-type-parse": ["fast-content-type-parse@2.0.1", "", {}, "sha512-nGqtvLrj5w0naR6tDPfB4cUmYCqouzyQiz6C5y/LtcDllJdrcc6WaWW6iXyIIOErTa/XRybj28aasdn4LkVk6Q=="],
+
+    "@stackpanel/infra/alchemy/@octokit/rest/@octokit/core/@octokit/types/@octokit/openapi-types": ["@octokit/openapi-types@25.1.0", "", {}, "sha512-idsIggNXUKkk0+BExUn1dQ92sfysJrje03Q0bv0e+KPLrvyqZF8MnBpFz8UNfYDwB3Ie7Z0TByjWfzxt7vseaA=="],
+
+    "@stackpanel/infra/alchemy/@octokit/rest/@octokit/plugin-paginate-rest/@octokit/types/@octokit/openapi-types": ["@octokit/openapi-types@24.2.0", "", {}, "sha512-9sIH3nSUttelJSXUrmGzl7QUBFul0/mB8HRYl3fOlgHbIWG+WnYDXU3v/2zMtAvuzZ/ed00Ei6on975FhBfzrg=="],
+
+    "@stackpanel/infra/alchemy/@octokit/rest/@octokit/plugin-rest-endpoint-methods/@octokit/types/@octokit/openapi-types": ["@octokit/openapi-types@24.2.0", "", {}, "sha512-9sIH3nSUttelJSXUrmGzl7QUBFul0/mB8HRYl3fOlgHbIWG+WnYDXU3v/2zMtAvuzZ/ed00Ei6on975FhBfzrg=="],
+
+    "@stackpanel/sdk/alchemy/@octokit/rest/@octokit/core/@octokit/request/@octokit/endpoint": ["@octokit/endpoint@10.1.4", "", { "dependencies": { "@octokit/types": "^14.0.0", "universal-user-agent": "^7.0.2" } }, "sha512-OlYOlZIsfEVZm5HCSR8aSg02T2lbUWOsCQoPKfTXJwDzcHQBrVBGdGXb89dv2Kw2ToZaRtudp8O3ZIYoaOjKlA=="],
+
+    "@stackpanel/sdk/alchemy/@octokit/rest/@octokit/core/@octokit/request/fast-content-type-parse": ["fast-content-type-parse@2.0.1", "", {}, "sha512-nGqtvLrj5w0naR6tDPfB4cUmYCqouzyQiz6C5y/LtcDllJdrcc6WaWW6iXyIIOErTa/XRybj28aasdn4LkVk6Q=="],
+
+    "@stackpanel/sdk/alchemy/@octokit/rest/@octokit/core/@octokit/types/@octokit/openapi-types": ["@octokit/openapi-types@25.1.0", "", {}, "sha512-idsIggNXUKkk0+BExUn1dQ92sfysJrje03Q0bv0e+KPLrvyqZF8MnBpFz8UNfYDwB3Ie7Z0TByjWfzxt7vseaA=="],
+
+    "@stackpanel/sdk/alchemy/@octokit/rest/@octokit/plugin-paginate-rest/@octokit/types/@octokit/openapi-types": ["@octokit/openapi-types@24.2.0", "", {}, "sha512-9sIH3nSUttelJSXUrmGzl7QUBFul0/mB8HRYl3fOlgHbIWG+WnYDXU3v/2zMtAvuzZ/ed00Ei6on975FhBfzrg=="],
+
+    "@stackpanel/sdk/alchemy/@octokit/rest/@octokit/plugin-rest-endpoint-methods/@octokit/types/@octokit/openapi-types": ["@octokit/openapi-types@24.2.0", "", {}, "sha512-9sIH3nSUttelJSXUrmGzl7QUBFul0/mB8HRYl3fOlgHbIWG+WnYDXU3v/2zMtAvuzZ/ed00Ei6on975FhBfzrg=="],
+
     "cli-highlight/yargs/cliui/wrap-ansi/ansi-styles/color-convert": ["color-convert@2.0.1", "", { "dependencies": { "color-name": "~1.1.4" } }, "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ=="],
 
     "jest-cli/yargs/cliui/wrap-ansi/ansi-styles/color-convert": ["color-convert@2.0.1", "", { "dependencies": { "color-name": "~1.1.4" } }, "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ=="],
diff --git a/flake.lock b/flake.lock
index 266aef2a..6014f06f 100644
--- a/flake.lock
+++ b/flake.lock
@@ -713,11 +713,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1767430085,
-        "narHash": "sha256-SiXJ6xv4pS2MDUqfj0/mmG746cGeJrMQGmoFgHLS25Y=",
+        "lastModified": 1775487831,
+        "narHash": "sha256-2lguQpLPQaxpQCJjXhmEEAfabwsAhkP29Z7fgLzHARA=",
         "owner": "nlewo",
         "repo": "nix2container",
-        "rev": "66f4b8a47e92aa744ec43acbb5e9185078983909",
+        "rev": "76be9608a7f4d6c985d28b0e7be903ae2547df3e",
         "type": "github"
       },
       "original": {
@@ -853,6 +853,7 @@
         "nixpkgs": "nixpkgs",
         "nixtest": "nixtest",
         "process-compose-flake": "process-compose-flake",
+        "stackpanel-root": "stackpanel-root",
         "treefmt-nix": "treefmt-nix_4"
       }
     },
@@ -888,6 +889,18 @@
         "type": "github"
       }
     },
+    "stackpanel-root": {
+      "flake": false,
+      "locked": {
+        "path": "./.stackpanel-root",
+        "type": "path"
+      },
+      "original": {
+        "path": "./.stackpanel-root",
+        "type": "path"
+      },
+      "parent": []
+    },
     "systems": {
       "locked": {
         "lastModified": 1681028828,
diff --git a/flake.nix b/flake.nix
index 3d73c70b..d10f6b39 100644
--- a/flake.nix
+++ b/flake.nix
@@ -53,9 +53,10 @@
     microvm.inputs.nixpkgs.follows = "nixpkgs";
     # stackpanel-root contains the absolute path to the project root
     # Created by .envrc: echo "$PWD" > .stackpanel-root
-    # This enables pure evaluation (nix flake check, nix flake show)
-    # stackpanel-root.url = "path:./.stackpanel-root";
-    # stackpanel-root.flake = false;
+    # Read by exports.readStackpanelRoot so the containers/fly modules can
+    # locate the project root without relying on PWD at evaluation time.
+    stackpanel-root.url = "path:./.stackpanel-root";
+    stackpanel-root.flake = false;
 		#inputs.sops-nix.url = "github:Mic92/sops-nix";
 		#inputs.sops-nix.inputs.nixpkgs.follows = "nixpkgs";
   };
@@ -121,6 +122,10 @@
             self
             system
             ;
+          # Project root for containers + infra modules. Read from the
+          # `stackpanel-root` flake input (which points at .stackpanel-root)
+          # so eval is pure — no reliance on $PWD or impure paths.
+          projectRoot = exports.lib.readStackpanelRoot { inherit inputs; };
           stackpanelImports =
             if builtins.pathExists (self + "/.stack/nix") then [ (self + "/.stack/nix") ]
             else if builtins.pathExists (self + "/.stackpanel/nix") then [ (self + "/.stackpanel/nix") ]
diff --git a/nix/flake/per-system-outputs.nix b/nix/flake/per-system-outputs.nix
index 57e52e23..5fba4561 100644
--- a/nix/flake/per-system-outputs.nix
+++ b/nix/flake/per-system-outputs.nix
@@ -25,6 +25,9 @@
   system,
   # Optional: additional stackpanel module imports
   stackpanelImports ? [],
+  # Optional: project root for pure eval (containers, fly deploy, etc.).
+  # Read by exports.readStackpanelRoot from the stackpanel-root flake input.
+  projectRoot ? null,
 }: let
   lib = pkgs.lib;
 
@@ -66,6 +69,11 @@
         ../stackpanel
         stackpanelConfigModule
       ]
+      ++ lib.optional (projectRoot != null) {
+        # Injected so containers + infra modules resolve files relative
+        # to the user's working tree, not the read-only Nix store copy.
+        stackpanel.root = projectRoot;
+      }
       ++ stackpanelImports;
     specialArgs = {
       inherit
diff --git a/nix/stackpanel/core/options/default.nix b/nix/stackpanel/core/options/default.nix
index 064e7eeb..481444aa 100644
--- a/nix/stackpanel/core/options/default.nix
+++ b/nix/stackpanel/core/options/default.nix
@@ -29,6 +29,7 @@
     ./cli.nix
     # codegen.nix -- colocated into modules/env-codegen/options.nix
     ./core.nix
+    ./deploy.nix
     ./devshell.nix
     # dns.nix -- colocated into network/dns.nix
     ./envs.nix
diff --git a/nix/stackpanel/core/options/deploy.nix b/nix/stackpanel/core/options/deploy.nix
new file mode 100644
index 00000000..311660ea
--- /dev/null
+++ b/nix/stackpanel/core/options/deploy.nix
@@ -0,0 +1,82 @@
+# ==============================================================================
+# deploy.nix
+#
+# Deploy-time options for Stackpanel — currently the alchemy state backend
+# toggle. Hosted backend requires a Pro subscription on api.stackpanel.com;
+# local backend preserves the filesystem default (.alchemy/state/) and
+# works without network access.
+#
+# The toggle contributes entries to `stackpanel.envs.deploy` so the codegen
+# pipeline serializes them into the deploy-scope env loader. At deploy time
+# (both local and CI) those values are exported as env vars, which the
+# HostedState alchemy-effect adapter in packages/infra reads.
+# ==============================================================================
+{ lib, config, ... }:
+let
+  cfg = config.stackpanel.deploy;
+  hostedSelected = cfg.stateBackend == "hosted";
+in
+{
+  options.stackpanel.deploy = {
+    stateBackend = lib.mkOption {
+      type = lib.types.enum [ "hosted" "local" ];
+      default = "local";
+      description = ''
+        Which backend alchemy-effect uses for deploy state.
+
+        - `local`: filesystem at .alchemy/state/ (default). No network,
+          no account, works offline. State lives on whichever machine
+          ran the deploy, so CI runners orphan resources across runs.
+
+        - `hosted`: api.stackpanel.com stores encrypted state per
+          organization. Survives runner churn, enables true team
+          deploys, audited via the studio's State panel. Requires an
+          active Pro subscription.
+      '';
+    };
+
+    apiUrl = lib.mkOption {
+      type = lib.types.str;
+      default = "https://api.stackpanel.com";
+      description = ''
+        Base URL of the stackpanel cloud API. Override for self-hosted
+        or staging environments. The alchemy-effect adapter reads this
+        from STACKPANEL_API_URL at deploy time.
+      '';
+    };
+  };
+
+  config.stackpanel.envs.deploy = lib.mkMerge [
+    {
+      # Non-secret knobs surface as literal env values — same shape whether
+      # hosted or local is selected, so flipping the toggle and re-generating
+      # the env package is enough to switch backends.
+      STACKPANEL_STATE_BACKEND = {
+        description = "Alchemy state backend — 'hosted' or 'local'.";
+        value = cfg.stateBackend;
+        required = false;
+      };
+      STACKPANEL_API_URL = {
+        description = "Base URL for the stackpanel cloud API.";
+        value = cfg.apiUrl;
+        required = false;
+      };
+    }
+    # ALCHEMY_STATE_TOKEN is a secret required only when hosted is selected.
+    # The SOPS reference is intentionally left unset here — users supply it
+    # via `.stack/secrets/vars/shared.sops.yaml` (alongside CLOUDFLARE_API_TOKEN
+    # etc.) to avoid baking a specific SOPS path into core options. Marking
+    # `required = true` makes preflight fail fast if the secret is missing,
+    # rather than hitting a 401 on first deploy.
+    (lib.mkIf hostedSelected {
+      ALCHEMY_STATE_TOKEN = {
+        description = ''
+          Bearer token for api.stackpanel.com. Obtain via
+          `stackpanel auth login` or GitHub Actions secret.
+        '';
+        required = true;
+        secret = true;
+      };
+    })
+  ];
+}
diff --git a/nix/stackpanel/lib/containers.nix b/nix/stackpanel/lib/containers.nix
index 9dd53868..d1c4ffc1 100644
--- a/nix/stackpanel/lib/containers.nix
+++ b/nix/stackpanel/lib/containers.nix
@@ -201,13 +201,32 @@ let
       null
     else
       let
+        # The flake's store copy lives at `projectRoot`. It excludes git-
+        # ignored directories like `.output` (produced by `bun build`,
+        # `vite build`, OpenNext). So `${projectRoot}/apps/<app>/.output`
+        # typically doesn't exist in the store even when the build has
+        # just run on the host filesystem.
+        #
+        # Fall back to an absolute path injected via STACKPANEL_ROOT_ABSOLUTE
+        # (set by the deploy workflow to ${GITHUB_WORKSPACE}) so the nix
+        # build can import freshly-built output without requiring it to be
+        # committed to git. Requires `--impure` which we already use.
         fullBuildPath = "${projectRoot}/${buildOutputPath}";
-        buildOutputExists = builtins.pathExists fullBuildPath;
+        absoluteRoot = builtins.getEnv "STACKPANEL_ROOT_ABSOLUTE";
+        absolutePath =
+          if absoluteRoot != "" then "${absoluteRoot}/${buildOutputPath}" else null;
+        chosenPath =
+          if absolutePath != null && builtins.pathExists absolutePath
+          then absolutePath
+          else if builtins.pathExists fullBuildPath
+          then fullBuildPath
+          else null;
+        buildOutputExists = chosenPath != null;
 
         webOutput =
           if buildOutputExists then
             builtins.path {
-              path = /. + fullBuildPath;
+              path = /. + chosenPath;
               name = "${name}-output";
             }
           else
diff --git a/package.json b/package.json
index 118aeecf..360d98ab 100644
--- a/package.json
+++ b/package.json
@@ -16,8 +16,7 @@
       "ai": "^5.0.49",
       "@ai-sdk/google": "^2.0.13",
       "dotenv": "^17.2.2",
-      "alchemy": "^0.77.0",
-      "alchemy-effect": "^0.12.0",
+      "alchemy": "2.0.0-beta.20",
       "@aws-sdk/credential-providers": "^3.0.0",
       "@cloudflare/containers": "^0.1.1",
       "@cloudflare/vite-plugin": "^1.13.12",
@@ -26,6 +25,7 @@
       "@distilled.cloud/cloudflare-bundler": "0.2.1",
       "@distilled.cloud/cloudflare": "^0.10.0",
       "@distilled.cloud/core": "^0.10.0",
+      "@distilled.cloud/fly-io": "^0.11.0",
       "@effect/language-service": "^0.85.1",
       "@effect/platform-node-shared": "4.0.0-beta.48",
       "@effect/platform-node": "4.0.0-beta.48",
@@ -55,6 +55,7 @@
     }
   },
   "scripts": {
+    "postinstall": "bun scripts/apply-alchemy-effect-opennext-assets.ts",
     "check": "vp lint && vp fmt --write",
     "lint": "vp lint .",
     "ruler:apply": "bunx @intellectronica/ruler@latest apply --local-only",
@@ -73,15 +74,12 @@
     "destroy": "alchemy destroy"
   },
   "dependencies": {
-    "@effect/platform": "^0.96.0",
     "@fontsource-variable/open-sans": "^5.2.7",
     "@intellectronica/ruler": "^0.3.18",
     "@pulumi/aws": "^7.15.0",
     "@pulumi/command": "^1.1.3",
     "db": "^6.0.3",
     "dotenv": "^17.2.2",
-    "effect": "^3.21.0",
-    "infra": "^1.0.3",
     "sst": "^3.17.25",
     "zod": "^4.1.11"
   },
@@ -91,14 +89,14 @@
     "@cloudflare/workers-types": "^4.20250822.0",
     "@distilled.cloud/cloudflare-rolldown-plugin": "0.2.0",
     "@distilled.cloud/cloudflare-vite-plugin": "0.1.0",
-    "@effect/language-service": "^0.77.0",
+    "@effect/language-service": "^0.85.1",
     "@gen/config": "workspace:*",
     "@gen/env": "workspace:*",
     "@mdx-js/rollup": "^3.1.1",
     "@pulumi/pulumi": "^3.213.0",
     "@types/node": "^22.13.11",
     "@typescript/native-preview": "^7.0.0-dev.20260317.1",
-    "alchemy": "^0.77.0",
+    "alchemy": "2.0.0-beta.20",
     "bun2nix": "^2.0.6",
     "cloudflare": "^5.2.0",
     "rolldown": "1.0.0-rc.13",
diff --git a/packages/api/package.json b/packages/api/package.json
index 5a91dd11..540fc3df 100644
--- a/packages/api/package.json
+++ b/packages/api/package.json
@@ -19,6 +19,7 @@
 	"dependencies": {
 		"@ai-sdk/google": "catalog:",
 		"@prisma/client": "catalog:",
+		"aws4fetch": "^1.0.20",
 		"@stackpanel/auth": "workspace:*",
 		"@stackpanel/db": "workspace:*",
 		"@trpc/client": "catalog:",
diff --git a/packages/api/src/lib/encryption.ts b/packages/api/src/lib/encryption.ts
new file mode 100644
index 00000000..a7d69519
--- /dev/null
+++ b/packages/api/src/lib/encryption.ts
@@ -0,0 +1,244 @@
+import { getDb, state as stateSchema } from "@stackpanel/db";
+import { AwsClient } from "aws4fetch";
+import { eq } from "drizzle-orm";
+
+/**
+ * Envelope encryption for organization state.
+ *
+ * Data flow:
+ *   master KMS key  ─encrypts─▶  per-org DEK (32 random bytes)
+ *                                       │ (stored as ciphertext in `organization_dek`)
+ *                                       ▼
+ *                               AES-256-GCM encrypts state blob
+ *                                       │ (stored in `organization_state`)
+ *                                       ▼
+ *                               ciphertext + nonce + auth tag
+ *
+ * Plaintext DEK never touches disk. Master key never leaves AWS KMS.
+ * Runs on both Node and Cloudflare Workers: Web Crypto API for AES-GCM,
+ * aws4fetch for KMS calls (no Node-only AWS SDK handler).
+ *
+ * One KMS call per read/write per org — cheap enough without a cache for v1.
+ * Add a TTL cache for the decrypted DEK if KMS call volume becomes a concern.
+ */
+
+const DEFAULT_KMS_ALIAS = "alias/stackpanel-secrets";
+const DEK_BYTES = 32;
+const NONCE_BYTES = 12;
+const GCM_TAG_BYTES = 16;
+
+function kmsAlias(): string {
+	return getEnv("STACKPANEL_KMS_ALIAS") ?? DEFAULT_KMS_ALIAS;
+}
+
+function awsRegion(): string {
+	return getEnv("AWS_REGION") ?? "us-east-1";
+}
+
+/**
+ * Env lookup that works on both runtimes:
+ *  - Node / Bun: `process.env`
+ *  - CF Workers: bindings injected on the request context via a globalThis shim
+ *
+ * apps/api wires the Worker's `env` into `globalThis.__env` at request entry so
+ * library code can read secrets without threading env through every call site.
+ */
+function getEnv(name: string): string | undefined {
+	const globalEnv = (globalThis as { __env?: Record<string, string> }).__env;
+	if (globalEnv && name in globalEnv) return globalEnv[name];
+	if (typeof process !== "undefined" && process.env) return process.env[name];
+	return undefined;
+}
+
+let _kms: AwsClient | undefined;
+function kms(): AwsClient {
+	if (_kms) return _kms;
+	const accessKeyId = getEnv("AWS_ACCESS_KEY_ID");
+	const secretAccessKey = getEnv("AWS_SECRET_ACCESS_KEY");
+	if (!accessKeyId || !secretAccessKey) {
+		throw new Error(
+			"AWS credentials missing — set AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY",
+		);
+	}
+	_kms = new AwsClient({
+		accessKeyId,
+		secretAccessKey,
+		service: "kms",
+		region: awsRegion(),
+	});
+	return _kms;
+}
+
+/**
+ * KMS Encrypt via the JSON POST API (no SDK). Returns the wrapped DEK.
+ */
+async function kmsEncrypt(plaintext: Uint8Array, keyId: string): Promise<Uint8Array> {
+	const url = `https://kms.${awsRegion()}.amazonaws.com/`;
+	const body = JSON.stringify({
+		KeyId: keyId,
+		Plaintext: toBase64(plaintext),
+	});
+	const res = await kms().fetch(url, {
+		method: "POST",
+		headers: {
+			"Content-Type": "application/x-amz-json-1.1",
+			"X-Amz-Target": "TrentService.Encrypt",
+		},
+		body,
+	});
+	if (!res.ok) {
+		throw new Error(`KMS Encrypt failed: ${res.status} ${await res.text()}`);
+	}
+	const payload = (await res.json()) as { CiphertextBlob: string };
+	return fromBase64(payload.CiphertextBlob);
+}
+
+async function kmsDecrypt(
+	ciphertext: Uint8Array,
+	keyId: string,
+): Promise<Uint8Array> {
+	const url = `https://kms.${awsRegion()}.amazonaws.com/`;
+	const body = JSON.stringify({
+		KeyId: keyId,
+		CiphertextBlob: toBase64(ciphertext),
+	});
+	const res = await kms().fetch(url, {
+		method: "POST",
+		headers: {
+			"Content-Type": "application/x-amz-json-1.1",
+			"X-Amz-Target": "TrentService.Decrypt",
+		},
+		body,
+	});
+	if (!res.ok) {
+		throw new Error(`KMS Decrypt failed: ${res.status} ${await res.text()}`);
+	}
+	const payload = (await res.json()) as { Plaintext: string };
+	return fromBase64(payload.Plaintext);
+}
+
+/**
+ * Resolve the organization's raw DEK, creating a new wrapped DEK via KMS
+ * on first access. Caller receives 32 plaintext bytes — MUST NOT persist.
+ */
+async function resolveDek(organizationId: string): Promise<Uint8Array> {
+	const db = getDb();
+	const existing = await db
+		.select()
+		.from(stateSchema.organizationDek)
+		.where(eq(stateSchema.organizationDek.organizationId, organizationId))
+		.limit(1);
+
+	if (existing[0]) {
+		return kmsDecrypt(
+			new Uint8Array(existing[0].encryptedDek),
+			existing[0].kmsKeyAlias,
+		);
+	}
+
+	const alias = kmsAlias();
+	const dek = new Uint8Array(DEK_BYTES);
+	crypto.getRandomValues(dek);
+	const encryptedDek = await kmsEncrypt(dek, alias);
+
+	await db
+		.insert(stateSchema.organizationDek)
+		.values({
+			organizationId,
+			encryptedDek: Buffer.from(encryptedDek),
+			kmsKeyAlias: alias,
+		})
+		.onConflictDoNothing();
+
+	return dek;
+}
+
+export type EncryptedPayload = {
+	nonce: Buffer;
+	ciphertext: Buffer;
+};
+
+/**
+ * Encrypt an arbitrary UTF-8 string (typically JSON) with the organization's
+ * DEK. The Web Crypto AES-GCM implementation already appends the 16-byte auth
+ * tag to the ciphertext — no separate column needed.
+ */
+export async function encryptForOrganization(
+	organizationId: string,
+	plaintext: string,
+): Promise<EncryptedPayload> {
+	const dek = await resolveDek(organizationId);
+	const nonce = new Uint8Array(NONCE_BYTES);
+	crypto.getRandomValues(nonce);
+	const key = await crypto.subtle.importKey(
+		"raw",
+		toBufferSource(dek),
+		{ name: "AES-GCM" },
+		false,
+		["encrypt"],
+	);
+	const encoded = new TextEncoder().encode(plaintext);
+	const encrypted = await crypto.subtle.encrypt(
+		{ name: "AES-GCM", iv: toBufferSource(nonce), tagLength: GCM_TAG_BYTES * 8 },
+		key,
+		toBufferSource(encoded),
+	);
+	return {
+		nonce: Buffer.from(nonce),
+		ciphertext: Buffer.from(new Uint8Array(encrypted)),
+	};
+}
+
+/**
+ * Decrypt a payload previously produced by `encryptForOrganization`.
+ * Throws if the auth tag doesn't verify (integrity failure) or the DEK
+ * can't be unwrapped.
+ */
+export async function decryptForOrganization(
+	organizationId: string,
+	payload: EncryptedPayload,
+): Promise<string> {
+	const dek = await resolveDek(organizationId);
+	const key = await crypto.subtle.importKey(
+		"raw",
+		toBufferSource(dek),
+		{ name: "AES-GCM" },
+		false,
+		["decrypt"],
+	);
+	const plaintext = await crypto.subtle.decrypt(
+		{
+			name: "AES-GCM",
+			iv: toBufferSource(payload.nonce),
+			tagLength: GCM_TAG_BYTES * 8,
+		},
+		key,
+		toBufferSource(payload.ciphertext),
+	);
+	return new TextDecoder().decode(plaintext);
+}
+
+/**
+ * Web Crypto's `BufferSource` narrowed past TS 5.7 rejects
+ * `Uint8Array<ArrayBufferLike>` (which may alias SharedArrayBuffer). Copy
+ * into a fresh ArrayBuffer-backed view before handing to subtle.
+ */
+function toBufferSource(input: Uint8Array | Buffer): ArrayBuffer {
+	const view = input instanceof Buffer ? new Uint8Array(input) : input;
+	const copy = new ArrayBuffer(view.byteLength);
+	new Uint8Array(copy).set(view);
+	return copy;
+}
+
+function toBase64(bytes: Uint8Array): string {
+	let binary = "";
+	for (let i = 0; i < bytes.byteLength; i++) binary += String.fromCharCode(bytes[i]!);
+	return btoa(binary);
+}
+
+function fromBase64(b64: string): Uint8Array {
+	const binary = atob(b64);
+	const bytes = new Uint8Array(binary.length);
+	for (let i = 0; i < binary.length; i++) bytes[i] = binary.charCodeAt(i);
+	return bytes;
+}
diff --git a/packages/api/src/lib/subscription.ts b/packages/api/src/lib/subscription.ts
new file mode 100644
index 00000000..a5c39cdf
--- /dev/null
+++ b/packages/api/src/lib/subscription.ts
@@ -0,0 +1,44 @@
+import { getDb, subscription as subSchema } from "@stackpanel/db";
+import { eq } from "drizzle-orm";
+
+export type PlanId = "free" | "pro";
+
+export type Entitlement = {
+	plan: PlanId;
+	status: string;
+	/** True when `plan !== "free"` and `status ∈ {active, trialing}`. */
+	paid: boolean;
+	/** Current period end (null for free plans). */
+	currentPeriodEnd: Date | null;
+};
+
+const PAID_STATUSES = new Set(["active", "trialing"]);
+const PAID_PLANS: ReadonlySet<PlanId> = new Set(["pro"]);
+
+/**
+ * Resolve a user's current entitlement by reading the local subscription
+ * mirror. Always returns — absence of a row means the user is on free.
+ */
+export async function getUserEntitlement(userId: string): Promise<Entitlement> {
+	const rows = await getDb()
+		.select()
+		.from(subSchema.userSubscription)
+		.where(eq(subSchema.userSubscription.userId, userId))
+		.limit(1);
+
+	const row = rows[0];
+	if (!row) {
+		return { plan: "free", status: "active", paid: false, currentPeriodEnd: null };
+	}
+
+	const plan = (row.plan as PlanId) ?? "free";
+	const status = row.status;
+	const paid = PAID_PLANS.has(plan) && PAID_STATUSES.has(status);
+
+	return {
+		plan,
+		status,
+		paid,
+		currentPeriodEnd: row.currentPeriodEnd,
+	};
+}
diff --git a/packages/api/src/routers/alchemy-state.ts b/packages/api/src/routers/alchemy-state.ts
new file mode 100644
index 00000000..ec3ef06a
--- /dev/null
+++ b/packages/api/src/routers/alchemy-state.ts
@@ -0,0 +1,265 @@
+import { getDb, state as stateSchema } from "@stackpanel/db";
+import { TRPCError } from "@trpc/server";
+import { and, desc, eq } from "drizzle-orm";
+import { z } from "zod/v4";
+import {
+	decryptForOrganization,
+	encryptForOrganization,
+} from "../lib/encryption";
+import { createTRPCRouter, paidProcedure } from "../trpc";
+
+/**
+ * Hosted alchemy state backend router (Pro feature).
+ *
+ * Every procedure is gated on `paidProcedure`; free/expired users receive a
+ * FORBIDDEN/402 error. Resources are scoped to the caller's active
+ * organization — we never accept an arbitrary `organizationId` from the
+ * client.
+ */
+
+const SLUG = /^[a-z0-9][a-z0-9-_.]{0,63}$/;
+const stackInput = z.string().regex(SLUG, "Invalid stack name");
+const stageInput = z.string().regex(SLUG, "Invalid stage name");
+const fqnInput = z.string().min(1).max(256);
+
+/**
+ * Resolve the organization scope for this request. MVP: require the session
+ * to have an active organization. Callers without one get a clear error
+ * pointing them to switch or create one.
+ */
+function requireActiveOrg(session: { user: { id: string } } & { activeOrganizationId?: string | null }) {
+	const orgId = session.activeOrganizationId;
+	if (!orgId) {
+		throw new TRPCError({
+			code: "PRECONDITION_FAILED",
+			message: "No active organization. Switch or create one before using hosted state.",
+		});
+	}
+	return orgId;
+}
+
+export const alchemyStateRouter = createTRPCRouter({
+	/**
+	 * Fetch a single state entry — or null if it doesn't exist yet.
+	 * Returns the decoded JSON payload and its current version (for optimistic
+	 * concurrency on subsequent writes).
+	 */
+	get: paidProcedure
+		.input(z.object({ stack: stackInput, stage: stageInput, fqn: fqnInput }))
+		.query(async ({ ctx, input }) => {
+			const organizationId = requireActiveOrg(ctx.session as never);
+			const rows = await getDb()
+				.select()
+				.from(stateSchema.organizationState)
+				.where(
+					and(
+						eq(stateSchema.organizationState.organizationId, organizationId),
+						eq(stateSchema.organizationState.stack, input.stack),
+						eq(stateSchema.organizationState.stage, input.stage),
+						eq(stateSchema.organizationState.fqn, input.fqn),
+					),
+				)
+				.limit(1);
+
+			const row = rows[0];
+			if (!row) return null;
+
+			const plaintext = await decryptForOrganization(organizationId, {
+				nonce: row.nonce,
+				ciphertext: row.encryptedBlob,
+			});
+			return {
+				version: row.version,
+				updatedAt: row.updatedAt,
+				payload: JSON.parse(plaintext),
+			};
+		}),
+
+	/**
+	 * Insert or update a state entry. Clients pass the version they last
+	 * observed (0 for first write); a mismatch returns CONFLICT so callers
+	 * can refetch + retry rather than silently clobbering a concurrent write.
+	 */
+	put: paidProcedure
+		.input(
+			z.object({
+				stack: stackInput,
+				stage: stageInput,
+				fqn: fqnInput,
+				/**
+				 * Optional optimistic-concurrency check. When provided and the
+				 * server's stored version differs, throws CONFLICT so the caller
+				 * can refetch + retry. Omit for last-writer-wins semantics
+				 * (matches alchemy-effect's LocalState behavior).
+				 */
+				expectedVersion: z.number().int().min(0).optional(),
+				payload: z.unknown(),
+			}),
+		)
+		.mutation(async ({ ctx, input }) => {
+			const organizationId = requireActiveOrg(ctx.session as never);
+			const plaintext = JSON.stringify(input.payload);
+			const { nonce, ciphertext } = await encryptForOrganization(
+				organizationId,
+				plaintext,
+			);
+
+			const db = getDb();
+			const existing = await db
+				.select()
+				.from(stateSchema.organizationState)
+				.where(
+					and(
+						eq(stateSchema.organizationState.organizationId, organizationId),
+						eq(stateSchema.organizationState.stack, input.stack),
+						eq(stateSchema.organizationState.stage, input.stage),
+						eq(stateSchema.organizationState.fqn, input.fqn),
+					),
+				)
+				.limit(1);
+
+			const prior = existing[0];
+			if (prior) {
+				if (
+					input.expectedVersion !== undefined &&
+					prior.version !== input.expectedVersion
+				) {
+					throw new TRPCError({
+						code: "CONFLICT",
+						message: `Version mismatch: expected ${input.expectedVersion}, server is at ${prior.version}`,
+						cause: { currentVersion: prior.version },
+					});
+				}
+				const updated = await db
+					.update(stateSchema.organizationState)
+					.set({
+						nonce,
+						encryptedBlob: ciphertext,
+						version: prior.version + 1,
+					})
+					.where(eq(stateSchema.organizationState.id, prior.id))
+					.returning({ version: stateSchema.organizationState.version });
+				return { version: updated[0]?.version ?? prior.version + 1 };
+			}
+
+			if (input.expectedVersion !== undefined && input.expectedVersion !== 0) {
+				throw new TRPCError({
+					code: "CONFLICT",
+					message: "Entry does not exist — expectedVersion must be 0 for first write",
+					cause: { currentVersion: 0 },
+				});
+			}
+
+			const inserted = await db
+				.insert(stateSchema.organizationState)
+				.values({
+					id: crypto.randomUUID(),
+					organizationId,
+					stack: input.stack,
+					stage: input.stage,
+					fqn: input.fqn,
+					nonce,
+					encryptedBlob: ciphertext,
+					version: 1,
+				})
+				.returning({ version: stateSchema.organizationState.version });
+			return { version: inserted[0]?.version ?? 1 };
+		}),
+
+	/**
+	 * List all entries in a stack+stage. Cheap — doesn't decrypt blobs.
+	 * Use `get` to fetch individual payloads.
+	 */
+	list: paidProcedure
+		.input(z.object({ stack: stackInput, stage: stageInput }))
+		.query(async ({ ctx, input }) => {
+			const organizationId = requireActiveOrg(ctx.session as never);
+			const rows = await getDb()
+				.select({
+					fqn: stateSchema.organizationState.fqn,
+					version: stateSchema.organizationState.version,
+					updatedAt: stateSchema.organizationState.updatedAt,
+				})
+				.from(stateSchema.organizationState)
+				.where(
+					and(
+						eq(stateSchema.organizationState.organizationId, organizationId),
+						eq(stateSchema.organizationState.stack, input.stack),
+						eq(stateSchema.organizationState.stage, input.stage),
+					),
+				)
+				.orderBy(desc(stateSchema.organizationState.updatedAt));
+			return rows;
+		}),
+
+	/**
+	 * Delete a state entry. Version required so we don't race with a
+	 * concurrent writer. Returns `{ deleted: true }` on success, throws NOT_FOUND
+	 * if the entry doesn't exist.
+	 */
+	delete: paidProcedure
+		.input(
+			z.object({
+				stack: stackInput,
+				stage: stageInput,
+				fqn: fqnInput,
+				/** Optional concurrency check; omit for unconditional delete. */
+				expectedVersion: z.number().int().min(1).optional(),
+			}),
+		)
+		.mutation(async ({ ctx, input }) => {
+			const organizationId = requireActiveOrg(ctx.session as never);
+			const conditions = [
+				eq(stateSchema.organizationState.organizationId, organizationId),
+				eq(stateSchema.organizationState.stack, input.stack),
+				eq(stateSchema.organizationState.stage, input.stage),
+				eq(stateSchema.organizationState.fqn, input.fqn),
+			];
+			if (input.expectedVersion !== undefined) {
+				conditions.push(
+					eq(stateSchema.organizationState.version, input.expectedVersion),
+				);
+			}
+			const deleted = await getDb()
+				.delete(stateSchema.organizationState)
+				.where(and(...conditions))
+				.returning({ id: stateSchema.organizationState.id });
+
+			// Idempotent: deleting a non-existent entry is a no-op, not an error.
+			return { deleted: deleted.length > 0 };
+		}),
+
+	/**
+	 * Enumerate all distinct stacks that have any state entries for the
+	 * calling organization. Mirrors `StateService.listStacks` in the
+	 * alchemy-effect contract.
+	 */
+	listStacks: paidProcedure.query(async ({ ctx }) => {
+		const organizationId = requireActiveOrg(ctx.session as never);
+		const rows = await getDb()
+			.selectDistinct({ stack: stateSchema.organizationState.stack })
+			.from(stateSchema.organizationState)
+			.where(eq(stateSchema.organizationState.organizationId, organizationId));
+		return rows.map((r) => r.stack);
+	}),
+
+	/**
+	 * Enumerate the distinct stages that have state under a given stack.
+	 * Used by the studio's state panel for the stage dropdown.
+	 */
+	listStages: paidProcedure
+		.input(z.object({ stack: stackInput }))
+		.query(async ({ ctx, input }) => {
+			const organizationId = requireActiveOrg(ctx.session as never);
+			const rows = await getDb()
+				.selectDistinct({ stage: stateSchema.organizationState.stage })
+				.from(stateSchema.organizationState)
+				.where(
+					and(
+						eq(stateSchema.organizationState.organizationId, organizationId),
+						eq(stateSchema.organizationState.stack, input.stack),
+					),
+				);
+			return rows.map((r) => r.stage);
+		}),
+});
diff --git a/packages/api/src/routers/index.ts b/packages/api/src/routers/index.ts
index 063e5411..10b1dc74 100644
--- a/packages/api/src/routers/index.ts
+++ b/packages/api/src/routers/index.ts
@@ -1,10 +1,14 @@
 import { createTRPCRouter } from "../trpc";
 import { agentRouter } from "./agent";
+import { alchemyStateRouter } from "./alchemy-state";
 import { githubRouter } from "./github";
+import { waitlistRouter } from "./waitlist";
 
 export const appRouter = createTRPCRouter({
   agent: agentRouter,
+  alchemyState: alchemyStateRouter,
   github: githubRouter,
+  waitlist: waitlistRouter,
 });
 
 export type AppRouter = typeof appRouter;
diff --git a/packages/api/src/routers/waitlist.ts b/packages/api/src/routers/waitlist.ts
new file mode 100644
index 00000000..41cfe8b6
--- /dev/null
+++ b/packages/api/src/routers/waitlist.ts
@@ -0,0 +1,107 @@
+import { TRPCError } from "@trpc/server";
+import { eq } from "drizzle-orm";
+import { z } from "zod/v4";
+
+import { waitlist } from "@stackpanel/db";
+
+import { createTRPCRouter, publicProcedure } from "../trpc";
+
+const joinInput = z.object({
+	email: z.email().max(254),
+	name: z.string().trim().min(1).max(120).optional(),
+	company: z.string().trim().max(120).optional(),
+	role: z.string().trim().max(120).optional(),
+	notes: z.string().trim().max(2000).optional(),
+	source: z.string().trim().max(60).optional(),
+	referrer: z.string().trim().max(2000).optional(),
+});
+
+function generateId(): string {
+	const bytes = new Uint8Array(16);
+	if (typeof crypto !== "undefined" && typeof crypto.getRandomValues === "function") {
+		crypto.getRandomValues(bytes);
+	} else {
+		for (let i = 0; i < bytes.length; i++) {
+			bytes[i] = Math.floor(Math.random() * 256);
+		}
+	}
+	return Array.from(bytes)
+		.map((b) => b.toString(16).padStart(2, "0"))
+		.join("");
+}
+
+async function hashIp(ip: string | null | undefined): Promise<string | null> {
+	if (!ip) return null;
+	try {
+		if (typeof crypto !== "undefined" && crypto.subtle) {
+			const data = new TextEncoder().encode(ip);
+			const digest = await crypto.subtle.digest("SHA-256", data);
+			return Array.from(new Uint8Array(digest))
+				.map((b) => b.toString(16).padStart(2, "0"))
+				.join("")
+				.slice(0, 32);
+		}
+	} catch {
+		// fall through
+	}
+	return null;
+}
+
+export const waitlistRouter = createTRPCRouter({
+	/**
+	 * Join the beta waitlist. Idempotent on `email` — re-submitting with
+	 * the same email returns `{ ok: true, alreadyOnList: true }` without
+	 * mutating the existing row, so we don't lose attribution from the
+	 * first signup.
+	 */
+	join: publicProcedure
+		.input(joinInput)
+		.mutation(async ({ ctx, input }) => {
+			const email = input.email.trim().toLowerCase();
+
+			const existing = await ctx.db
+				.select({ id: waitlist.betaWaitlist.id })
+				.from(waitlist.betaWaitlist)
+				.where(eq(waitlist.betaWaitlist.email, email))
+				.limit(1);
+
+			if (existing.length > 0) {
+				return { ok: true, alreadyOnList: true } as const;
+			}
+
+			const userAgent =
+				ctx.headers?.get?.("user-agent") ?? ctx.headers?.get?.("User-Agent") ?? null;
+			const forwarded = ctx.headers?.get?.("x-forwarded-for") ?? null;
+			const ip = forwarded ? forwarded.split(",")[0]?.trim() ?? null : null;
+			const ipHash = await hashIp(ip);
+
+			try {
+				await ctx.db.insert(waitlist.betaWaitlist).values({
+					id: generateId(),
+					email,
+					name: input.name ?? null,
+					company: input.company ?? null,
+					role: input.role ?? null,
+					source: input.source ?? null,
+					notes: input.notes ?? null,
+					referrer: input.referrer ?? null,
+					userAgent,
+					ipHash,
+				});
+			} catch (err) {
+				if (
+					err instanceof Error &&
+					/duplicate key|unique constraint/i.test(err.message)
+				) {
+					return { ok: true, alreadyOnList: true } as const;
+				}
+				throw new TRPCError({
+					code: "INTERNAL_SERVER_ERROR",
+					message: "Could not save waitlist entry. Please try again.",
+					cause: err,
+				});
+			}
+
+			return { ok: true, alreadyOnList: false } as const;
+		}),
+});
diff --git a/packages/api/src/trpc.ts b/packages/api/src/trpc.ts
index f3126341..52aab68c 100644
--- a/packages/api/src/trpc.ts
+++ b/packages/api/src/trpc.ts
@@ -12,6 +12,7 @@ import { db } from "@stackpanel/db";
 import { initTRPC, TRPCError } from "@trpc/server";
 import superjson from "superjson";
 import { ZodError, z } from "zod/v4";
+import { getUserEntitlement } from "./lib/subscription";
 
 /**
  * 1. CONTEXT
@@ -38,6 +39,7 @@ export const createTRPCContext = async (opts: {
 		authApi,
 		session,
 		db,
+		headers: opts.headers,
 	};
 };
 /**
@@ -126,3 +128,31 @@ export const protectedProcedure = t.procedure
 			},
 		});
 	});
+
+/**
+ * Paid procedure — gates cloud features to users on an active paid plan.
+ *
+ * Extends `protectedProcedure`: reads the local subscription mirror
+ * (populated by Polar webhooks) and refuses when `plan === "free"` or
+ * status is inactive. Callers receive a 402-shaped TRPCError carrying the
+ * upgrade URL in `cause`.
+ *
+ * `entitlement` is injected into ctx so downstream procedures can branch
+ * on tier without a second lookup.
+ */
+export const paidProcedure = protectedProcedure.use(async ({ ctx, next }) => {
+	const entitlement = await getUserEntitlement(ctx.session.user.id);
+	if (!entitlement.paid) {
+		throw new TRPCError({
+			code: "FORBIDDEN",
+			message: "This feature requires an active Pro subscription.",
+			cause: {
+				reason: "subscription_required",
+				plan: entitlement.plan,
+				status: entitlement.status,
+				upgradeUrl: "/pricing",
+			},
+		});
+	}
+	return next({ ctx: { ...ctx, entitlement } });
+});
diff --git a/packages/auth/package.json b/packages/auth/package.json
index 541bd48f..a9dac9a5 100644
--- a/packages/auth/package.json
+++ b/packages/auth/package.json
@@ -21,6 +21,7 @@
     "@polar-sh/better-auth": "catalog:",
     "@polar-sh/sdk": "^0.34.16",
     "dotenv": "catalog:",
+    "drizzle-orm": "^0.45.1",
     "zod": "^4.1.11",
     "@stackpanel/db": "workspace:*",
     "@gen/env": "workspace:*"
diff --git a/packages/auth/src/index.ts b/packages/auth/src/index.ts
index ef34b2c2..331aae2b 100644
--- a/packages/auth/src/index.ts
+++ b/packages/auth/src/index.ts
@@ -1,40 +1,72 @@
-import { checkout, polar, portal } from "@polar-sh/better-auth";
+import { checkout, polar, portal, webhooks } from "@polar-sh/better-auth";
 import { db } from "@stackpanel/db";
 import type { BetterAuthPlugin } from "better-auth";
 import { betterAuth } from "better-auth";
 import { drizzleAdapter } from "better-auth/adapters/drizzle";
+import { organization } from "better-auth/plugins";
 import { polarClient } from "./lib/payments";
+import { polarProducts } from "./lib/polar-products";
+import { polarSubscriptionCallbacks } from "./lib/polar-webhooks";
 
 // Build plugins array - only include Polar if configured
-const plugins: BetterAuthPlugin[] = [];
+const plugins: BetterAuthPlugin[] = [
+	organization({
+		// A user's first login auto-creates a personal organization so every
+		// session has an active organization. Paid features are scoped to the
+		// active organization, not the user.
+		allowUserToCreateOrganization: true,
+		organizationLimit: 10,
+	}),
+];
 
 if (polarClient) {
+  const products = polarProducts();
+  const polarUse: Parameters<typeof polar>[0]["use"] = [
+    checkout({
+      products: [
+        { productId: products.pro, slug: "Pro" },
+        { productId: products.free, slug: "Free" },
+      ],
+      successUrl: process.env.POLAR_SUCCESS_URL,
+      authenticatedUsersOnly: true,
+    }),
+    portal(),
+  ];
+
+  // Wire webhooks only when the secret is configured. Missing secret ->
+  // skip webhook mount so the server still boots; subscription mirror
+  // stays at whatever the DB says, and paid features refuse everyone.
+  if (process.env.POLAR_WEBHOOK_SECRET) {
+    polarUse.push(
+      webhooks({
+        secret: process.env.POLAR_WEBHOOK_SECRET,
+        ...polarSubscriptionCallbacks(),
+      }),
+    );
+  }
+
   plugins.push(
     polar({
       client: polarClient,
       createCustomerOnSignUp: true,
       enableCustomerPortal: true,
-      use: [
-        checkout({
-          products: [
-            {
-              productId: "5fb4014e-d879-4b28-966a-9efcf60b6c24",
-              slug: "Pro",
-            },
-            {
-              productId: "70acf138-0b13-4fd0-8c25-78c63f09a122",
-              slug: "Free",
-            },
-          ],
-          successUrl: process.env.POLAR_SUCCESS_URL,
-          authenticatedUsersOnly: true,
-        }),
-        portal(),
-      ],
+      use: polarUse,
     }) as unknown as BetterAuthPlugin,
   );
 }
 
+// In production both stackpanel.com and local.stackpanel.com serve the same
+// app, and the API at api.stackpanel.com sets the session cookie. Scoping
+// the cookie to `.stackpanel.com` lets a sign-in from the apex carry into
+// the studio subdomain. Outside production we leave it host-only — preview
+// stages live on per-PR subdomains that share nothing with each other, and
+// local dev runs on localhost where a domain attribute would be ignored.
+const deployEnv = process.env.STACKPANEL_DEPLOY_ENV;
+const crossSubDomainCookies =
+  deployEnv === "production"
+    ? { enabled: true as const, domain: ".stackpanel.com" }
+    : undefined;
+
 export const auth = betterAuth({
   database: drizzleAdapter(db, {
     provider: "pg",
@@ -49,6 +81,7 @@ export const auth = betterAuth({
       secure: true,
       httpOnly: true,
     },
+    ...(crossSubDomainCookies ? { crossSubDomainCookies } : {}),
   },
   plugins,
 });
diff --git a/packages/auth/src/lib/polar-products.ts b/packages/auth/src/lib/polar-products.ts
new file mode 100644
index 00000000..eff37fad
--- /dev/null
+++ b/packages/auth/src/lib/polar-products.ts
@@ -0,0 +1,74 @@
+/**
+ * Polar product IDs keyed by deploy environment.
+ *
+ * Single source of truth so the Better-Auth checkout plugin and the
+ * webhook handler agree on which Polar product maps to which internal
+ * plan. Production IDs come from env at runtime — sandbox IDs are hard-
+ * coded so local dev and preview builds work without secrets configured.
+ *
+ * Environment resolution:
+ *   STACKPANEL_DEPLOY_ENV = "dev" | "preview" | "production"
+ *   (falls back to "dev" for unset / unrecognized values)
+ */
+
+export type DeployEnv = "dev" | "preview" | "production";
+export type PlanId = "pro" | "free";
+
+const SANDBOX_PRO = "5fb4014e-d879-4b28-966a-9efcf60b6c24";
+const SANDBOX_FREE = "70acf138-0b13-4fd0-8c25-78c63f09a122";
+
+/**
+ * Product IDs per env. Production values are overridden at runtime by
+ * POLAR_PRO_PRODUCT_ID_PRODUCTION / POLAR_FREE_PRODUCT_ID_PRODUCTION —
+ * those are the *only* values that should ever live in production Fly
+ * secrets. Dev + preview stay on the sandbox IDs so preview deploys
+ * don't charge real cards.
+ */
+export function polarProducts(
+	env: DeployEnv = resolveDeployEnv(),
+): Record<PlanId, string> {
+	switch (env) {
+		case "production":
+			return {
+				pro: process.env.POLAR_PRO_PRODUCT_ID_PRODUCTION ?? SANDBOX_PRO,
+				free: process.env.POLAR_FREE_PRODUCT_ID_PRODUCTION ?? SANDBOX_FREE,
+			};
+		case "preview":
+		case "dev":
+		default:
+			return { pro: SANDBOX_PRO, free: SANDBOX_FREE };
+	}
+}
+
+export function resolveDeployEnv(): DeployEnv {
+	const raw = (
+		process.env.STACKPANEL_DEPLOY_ENV ??
+		process.env.DEPLOY_ENV ??
+		process.env.NODE_ENV ??
+		"dev"
+	).toLowerCase();
+	if (raw === "production" || raw === "prod") return "production";
+	if (raw === "preview" || raw === "staging") return "preview";
+	return "dev";
+}
+
+/**
+ * Inverse lookup: given a Polar product id, return the internal plan.
+ * Used by the webhook handler to translate product-id payloads into plan
+ * claims without coupling to any specific env.
+ *
+ * Walks all envs so a subscription opened against a sandbox product in
+ * dev still resolves correctly if the webhook hits production (e.g.,
+ * a customer migrated to prod mid-cycle).
+ */
+export function planForProduct(productId: string | null | undefined): PlanId | "unknown" {
+	if (!productId) return "unknown";
+	const envs: DeployEnv[] = ["production", "preview", "dev"];
+	for (const env of envs) {
+		const products = polarProducts(env);
+		for (const [plan, id] of Object.entries(products) as [PlanId, string][]) {
+			if (id === productId) return plan;
+		}
+	}
+	return "unknown";
+}
diff --git a/packages/auth/src/lib/polar-webhooks.ts b/packages/auth/src/lib/polar-webhooks.ts
new file mode 100644
index 00000000..6a09ef25
--- /dev/null
+++ b/packages/auth/src/lib/polar-webhooks.ts
@@ -0,0 +1,178 @@
+import {
+	getDb,
+	subscription as subSchema,
+} from "@stackpanel/db";
+import { eq } from "drizzle-orm";
+import { planForProduct as resolvePlan } from "./polar-products";
+
+/**
+ * Narrow the shared plan lookup to { free | pro }. The shared helper
+ * reports "unknown" for products not in the env map (forward-compat for
+ * future paid tiers); we fold that into "free" for the webhook handler
+ * because an unrecognized product should never unlock paid access.
+ */
+function planForProduct(productId: string | undefined | null): "free" | "pro" {
+	const plan = resolvePlan(productId);
+	return plan === "pro" ? "pro" : "free";
+}
+
+function resolveUserId(customer: {
+	externalId?: string | null;
+	metadata?: Record<string, unknown> | null;
+}): string | null {
+	if (customer.externalId) return customer.externalId;
+	const metaUserId = customer.metadata?.userId;
+	return typeof metaUserId === "string" ? metaUserId : null;
+}
+
+/**
+ * Subscription fields we need. Narrower than the Polar SDK's Subscription
+ * type — accepts structural shape instead of importing the SDK model, which
+ * keeps us resilient to Polar adding fields without affecting our code.
+ */
+type SubscriptionShape = {
+	id: string;
+	status: string;
+	productId?: string | null;
+	currentPeriodEnd?: Date | string | null;
+	cancelAtPeriodEnd?: boolean | null;
+	customer: {
+		id: string;
+		externalId?: string | null;
+		metadata?: Record<string, unknown> | null;
+	};
+};
+
+type PayloadShape = {
+	type: string;
+	data: SubscriptionShape;
+};
+
+async function recordEvent(eventType: string, payload: PayloadShape) {
+	// Polar's webhook dispatcher doesn't include the outer event id in the
+	// per-event callbacks — use the subscription id + eventType as our
+	// idempotency key. Good enough: same subscription cannot transition
+	// through the same state twice.
+	const key = `${eventType}:${payload.data.id}`;
+	try {
+		await getDb()
+			.insert(subSchema.polarEvent)
+			.values({
+				id: crypto.randomUUID(),
+				polarEventId: key,
+				eventType,
+				payload: JSON.stringify(payload),
+			})
+			.onConflictDoNothing();
+	} catch (error) {
+		console.error("[polar-webhooks] failed to record event", { key, error });
+	}
+}
+
+async function upsertFromSubscription(
+	sub: SubscriptionShape,
+	overrides: Partial<{ plan: "free" | "pro"; status: string }> = {},
+) {
+	const userId = resolveUserId(sub.customer);
+	if (!userId) {
+		console.warn("[polar-webhooks] subscription without mappable user", {
+			subscriptionId: sub.id,
+			customerId: sub.customer.id,
+		});
+		return;
+	}
+
+	const plan = overrides.plan ?? planForProduct(sub.productId);
+	const status = overrides.status ?? sub.status;
+	const currentPeriodEnd = sub.currentPeriodEnd
+		? new Date(sub.currentPeriodEnd)
+		: null;
+	const cancelAtPeriodEnd = sub.cancelAtPeriodEnd != null
+		? String(sub.cancelAtPeriodEnd)
+		: null;
+
+	const db = getDb();
+	const existing = await db
+		.select({ id: subSchema.userSubscription.id })
+		.from(subSchema.userSubscription)
+		.where(eq(subSchema.userSubscription.userId, userId))
+		.limit(1);
+
+	if (existing[0]) {
+		await db
+			.update(subSchema.userSubscription)
+			.set({
+				polarCustomerId: sub.customer.id,
+				polarSubscriptionId: sub.id,
+				plan,
+				status,
+				currentPeriodEnd,
+				cancelAtPeriodEnd,
+			})
+			.where(eq(subSchema.userSubscription.id, existing[0].id));
+	} else {
+		await db.insert(subSchema.userSubscription).values({
+			id: crypto.randomUUID(),
+			userId,
+			polarCustomerId: sub.customer.id,
+			polarSubscriptionId: sub.id,
+			plan,
+			status,
+			currentPeriodEnd,
+			cancelAtPeriodEnd,
+		});
+	}
+}
+
+/**
+ * Callbacks bundle passed to the Polar `webhooks` plugin.
+ *
+ * We accept each handler's payload as `any` internally — the Polar SDK
+ * validates structure before calling us, and the types are a sprawling
+ * discriminated union we don't want to couple to. The private
+ * SubscriptionShape constrains what we actually read.
+ */
+export function polarSubscriptionCallbacks() {
+	const asSub = (p: unknown): PayloadShape => p as PayloadShape;
+
+	return {
+		onSubscriptionCreated: async (payload: unknown) => {
+			const event = asSub(payload);
+			await recordEvent("subscription.created", event);
+			await upsertFromSubscription(event.data);
+		},
+		onSubscriptionActive: async (payload: unknown) => {
+			const event = asSub(payload);
+			await recordEvent("subscription.active", event);
+			await upsertFromSubscription(event.data, { status: "active" });
+		},
+		onSubscriptionUpdated: async (payload: unknown) => {
+			const event = asSub(payload);
+			await recordEvent("subscription.updated", event);
+			await upsertFromSubscription(event.data);
+		},
+		onSubscriptionUncanceled: async (payload: unknown) => {
+			const event = asSub(payload);
+			await recordEvent("subscription.uncanceled", event);
+			await upsertFromSubscription(event.data);
+		},
+		onSubscriptionCanceled: async (payload: unknown) => {
+			// Polar "canceled" usually means cancel_at_period_end=true — the
+			// user retains access until currentPeriodEnd. Keep plan unchanged;
+			// flip to free only on `revoked`.
+			const event = asSub(payload);
+			await recordEvent("subscription.canceled", event);
+			await upsertFromSubscription(event.data, { status: "canceled" });
+		},
+		onSubscriptionRevoked: async (payload: unknown) => {
+			// Access terminated (period ended after cancellation, or admin
+			// revoke). Downgrade to free.
+			const event = asSub(payload);
+			await recordEvent("subscription.revoked", event);
+			await upsertFromSubscription(event.data, {
+				plan: "free",
+				status: "revoked",
+			});
+		},
+	};
+}
diff --git a/packages/db/src/index.hyperdrive.ts b/packages/db/src/index.hyperdrive.ts
index b5a2a299..2e2178ae 100644
--- a/packages/db/src/index.hyperdrive.ts
+++ b/packages/db/src/index.hyperdrive.ts
@@ -2,7 +2,7 @@ import { getCloudflareContext } from "@opennextjs/cloudflare";
 import { cache } from "react";
 import { getDb as getDbBase } from "./index";
 
-export { auth } from "./index";
+export { auth, organization } from "./index";
 
 declare global {
   interface CloudflareEnv {
diff --git a/packages/db/src/index.ts b/packages/db/src/index.ts
index f5e5a199..3154d4a2 100644
--- a/packages/db/src/index.ts
+++ b/packages/db/src/index.ts
@@ -1,8 +1,18 @@
 import { drizzle } from "drizzle-orm/node-postgres";
 import { Pool } from "pg";
 import * as auth from "./schema/auth";
+import * as organization from "./schema/organization";
+import * as state from "./schema/state";
+import * as subscription from "./schema/subscription";
+import * as waitlist from "./schema/waitlist";
 
-const schema = { ...auth };
+const schema = {
+  ...auth,
+  ...organization,
+  ...subscription,
+  ...state,
+  ...waitlist,
+};
 
 let _db: ReturnType<typeof drizzle> | undefined;
 
@@ -32,4 +42,4 @@ export const db = new Proxy({} as ReturnType<typeof drizzle>, {
   },
 });
 
-export { auth };
+export { auth, organization, state, subscription, waitlist };
diff --git a/packages/db/src/infra/docker.container.ts b/packages/db/src/infra/docker.container.ts
index 4174427b..01ef9807 100644
--- a/packages/db/src/infra/docker.container.ts
+++ b/packages/db/src/infra/docker.container.ts
@@ -1,3 +1,4 @@
+import * as Provider from "alchemy-effect/Provider";
 import { Resource } from "alchemy-effect/Resource";
 import * as Effect from "effect/Effect";
 import * as Layer from "effect/Layer";
@@ -69,9 +70,10 @@ function buildRunArgs(props: ContainerProps): string[] {
  * @returns A provider that creates a Docker container.
  */
 export const ContainerProvider = () =>
-  Container.provider.effect(
+  Provider.effect(
+    Container,
     Effect.succeed(
-      Container.provider.of({
+      Container.Provider.of({
         stables: ["containerId"],
         create: Effect.fnUntraced(function* ({ news }) {
           yield* docker("rm", "-f", news.name).pipe(Effect.ignore);
diff --git a/packages/db/src/infra/docker.volume.ts b/packages/db/src/infra/docker.volume.ts
index 6efa1fcb..82c0f4f9 100644
--- a/packages/db/src/infra/docker.volume.ts
+++ b/packages/db/src/infra/docker.volume.ts
@@ -1,3 +1,4 @@
+import * as Provider from "alchemy-effect/Provider";
 import { Resource } from "alchemy-effect/Resource";
 import * as Effect from "effect/Effect";
 import { docker } from "./exec";
@@ -19,9 +20,10 @@ export const Volume = Resource<Volume>("Docker.Volume");
  * @returns A provider that creates a Docker volume.
  */
 export const VolumeProvider = () =>
-  Volume.provider.effect(
+  Provider.effect(
+    Volume,
     Effect.succeed(
-      Volume.provider.of({
+      Volume.Provider.of({
         stables: ["volumeName"],
         create: Effect.fnUntraced(function* ({ news }) {
           yield* docker("volume", "create", news.name);
diff --git a/packages/db/src/infra/neon.project.ts b/packages/db/src/infra/neon.project.ts
index c2f932cc..465bd84d 100644
--- a/packages/db/src/infra/neon.project.ts
+++ b/packages/db/src/infra/neon.project.ts
@@ -1,4 +1,3 @@
-import { Resource } from "alchemy-effect/Resource";
 import * as Neon from "@distilled.cloud/neon";
 import {
   createProject,
@@ -6,6 +5,8 @@ import {
   getConnectionURI,
   getProject,
 } from "@distilled.cloud/neon/Operations";
+import * as Provider from "alchemy-effect/Provider";
+import { Resource } from "alchemy-effect/Resource";
 import * as Effect from "effect/Effect";
 import * as Layer from "effect/Layer";
 import * as Redacted from "effect/Redacted";
@@ -35,9 +36,10 @@ export interface NeonProject
 export const NeonProject = Resource<NeonProject>("Neon.Project");
 
 export const NeonProjectProvider = () =>
-  NeonProject.provider.effect(
+  Provider.effect(
+    NeonProject,
     Effect.succeed(
-      NeonProject.provider.of({
+      NeonProject.Provider.of({
         stables: ["projectId"],
 
         read: Effect.fnUntraced(function* ({ output }) {
diff --git a/packages/db/src/schema/auth.ts b/packages/db/src/schema/auth.ts
index 0435a7b2..b06c1733 100644
--- a/packages/db/src/schema/auth.ts
+++ b/packages/db/src/schema/auth.ts
@@ -29,6 +29,7 @@ export const session = pgTable(
 		userId: text("user_id")
 			.notNull()
 			.references(() => user.id, { onDelete: "cascade" }),
+		activeOrganizationId: text("active_organization_id"),
 	},
 	(table) => [index("session_userId_idx").on(table.userId)],
 );
diff --git a/packages/db/src/schema/organization.ts b/packages/db/src/schema/organization.ts
new file mode 100644
index 00000000..d5b4f188
--- /dev/null
+++ b/packages/db/src/schema/organization.ts
@@ -0,0 +1,81 @@
+import { relations } from "drizzle-orm";
+import { index, pgTable, text, timestamp, uniqueIndex } from "drizzle-orm/pg-core";
+import { user } from "./auth";
+
+export const organization = pgTable(
+	"organization",
+	{
+		id: text("id").primaryKey(),
+		name: text("name").notNull(),
+		slug: text("slug").notNull(),
+		logo: text("logo"),
+		metadata: text("metadata"),
+		createdAt: timestamp("created_at").defaultNow().notNull(),
+	},
+	(table) => [uniqueIndex("organization_slug_idx").on(table.slug)],
+);
+
+export const member = pgTable(
+	"member",
+	{
+		id: text("id").primaryKey(),
+		organizationId: text("organization_id")
+			.notNull()
+			.references(() => organization.id, { onDelete: "cascade" }),
+		userId: text("user_id")
+			.notNull()
+			.references(() => user.id, { onDelete: "cascade" }),
+		role: text("role").notNull(),
+		createdAt: timestamp("created_at").defaultNow().notNull(),
+	},
+	(table) => [
+		uniqueIndex("member_org_user_idx").on(table.organizationId, table.userId),
+		index("member_user_idx").on(table.userId),
+	],
+);
+
+export const invitation = pgTable(
+	"invitation",
+	{
+		id: text("id").primaryKey(),
+		email: text("email").notNull(),
+		inviterId: text("inviter_id")
+			.notNull()
+			.references(() => user.id, { onDelete: "cascade" }),
+		organizationId: text("organization_id")
+			.notNull()
+			.references(() => organization.id, { onDelete: "cascade" }),
+		role: text("role"),
+		status: text("status").notNull(),
+		createdAt: timestamp("created_at").defaultNow().notNull(),
+		expiresAt: timestamp("expires_at").notNull(),
+	},
+	(table) => [index("invitation_org_idx").on(table.organizationId)],
+);
+
+export const organizationRelations = relations(organization, ({ many }) => ({
+	members: many(member),
+	invitations: many(invitation),
+}));
+
+export const memberRelations = relations(member, ({ one }) => ({
+	organization: one(organization, {
+		fields: [member.organizationId],
+		references: [organization.id],
+	}),
+	user: one(user, {
+		fields: [member.userId],
+		references: [user.id],
+	}),
+}));
+
+export const invitationRelations = relations(invitation, ({ one }) => ({
+	organization: one(organization, {
+		fields: [invitation.organizationId],
+		references: [organization.id],
+	}),
+	inviter: one(user, {
+		fields: [invitation.inviterId],
+		references: [user.id],
+	}),
+}));
diff --git a/packages/db/src/schema/state.ts b/packages/db/src/schema/state.ts
new file mode 100644
index 00000000..906f1df1
--- /dev/null
+++ b/packages/db/src/schema/state.ts
@@ -0,0 +1,99 @@
+import { relations } from "drizzle-orm";
+import {
+	customType,
+	index,
+	integer,
+	pgTable,
+	text,
+	timestamp,
+	uniqueIndex,
+} from "drizzle-orm/pg-core";
+import { organization } from "./organization";
+
+/**
+ * Drizzle doesn't expose `bytea` directly on node-postgres — declare it.
+ * Values travel as Buffer on the wire.
+ */
+const bytea = customType<{ data: Buffer; notNull: false; default: false }>({
+	dataType() {
+		return "bytea";
+	},
+});
+
+/**
+ * Per-organization Data Encryption Key, wrapped by the master KMS key.
+ *
+ * Each organization has exactly one DEK. On write:
+ *   KMS.Decrypt(encryptedDek) -> raw DEK -> AES-GCM encrypt blob.
+ * On read:
+ *   KMS.Decrypt(encryptedDek) -> raw DEK -> AES-GCM decrypt blob.
+ *
+ * Plaintext DEK is never persisted. The master KMS key never leaves AWS.
+ * Rotation: insert new DEK row, re-encrypt all org state in a background
+ * job, then retire the old row (out of scope for v1).
+ */
+export const organizationDek = pgTable("organization_dek", {
+	organizationId: text("organization_id")
+		.primaryKey()
+		.references(() => organization.id, { onDelete: "cascade" }),
+	encryptedDek: bytea("encrypted_dek").notNull(),
+	kmsKeyAlias: text("kms_key_alias").notNull(),
+	createdAt: timestamp("created_at").defaultNow().notNull(),
+});
+
+/**
+ * Encrypted alchemy state entries, one row per (org, stack, stage, fqn).
+ *
+ * The unique index is the identity of a state entry — alchemy refers to
+ * resources by fqn within a stack+stage. `version` enables optimistic
+ * concurrency: clients pass the version they read, we reject on mismatch.
+ *
+ * `nonce` is the 12-byte AES-GCM IV, stored alongside the ciphertext.
+ */
+export const organizationState = pgTable(
+	"organization_state",
+	{
+		id: text("id").primaryKey(),
+		organizationId: text("organization_id")
+			.notNull()
+			.references(() => organization.id, { onDelete: "cascade" }),
+		stack: text("stack").notNull(),
+		stage: text("stage").notNull(),
+		fqn: text("fqn").notNull(),
+		nonce: bytea("nonce").notNull(),
+		encryptedBlob: bytea("encrypted_blob").notNull(),
+		version: integer("version").notNull().default(1),
+		createdAt: timestamp("created_at").defaultNow().notNull(),
+		updatedAt: timestamp("updated_at")
+			.defaultNow()
+			.$onUpdate(() => /* @__PURE__ */ new Date())
+			.notNull(),
+	},
+	(table) => [
+		uniqueIndex("organization_state_unique_idx").on(
+			table.organizationId,
+			table.stack,
+			table.stage,
+			table.fqn,
+		),
+		index("organization_state_stage_idx").on(
+			table.organizationId,
+			table.stack,
+			table.stage,
+		),
+	],
+);
+
+export const organizationDekRelations = relations(organizationDek, ({ one }) => ({
+	organization: one(organization, {
+		fields: [organizationDek.organizationId],
+		references: [organization.id],
+	}),
+}));
+
+export const organizationStateRelations = relations(organizationState, ({ one }) => ({
+	organization: one(organization, {
+		fields: [organizationState.organizationId],
+		references: [organization.id],
+	}),
+}));
diff --git a/packages/db/src/schema/subscription.ts b/packages/db/src/schema/subscription.ts
new file mode 100644
index 00000000..c6470f3c
--- /dev/null
+++ b/packages/db/src/schema/subscription.ts
@@ -0,0 +1,66 @@
+import { relations } from "drizzle-orm";
+import { index, pgTable, text, timestamp, uniqueIndex } from "drizzle-orm/pg-core";
+import { user } from "./auth";
+
+/**
+ * Per-user subscription mirror for Polar.
+ *
+ * Populated by the Polar webhook handler on subscription lifecycle events.
+ * Queried by `protectedPaidProcedure` to gate cloud features cheaply without
+ * a round-trip to Polar on every API call.
+ *
+ * `plan` is a stable internal identifier ("free" | "pro") — NOT the Polar
+ * product id. Webhook translates Polar products → plan identifiers, so we can
+ * change Polar product ids without rewriting gating logic.
+ *
+ * `status` follows Polar's subscription states: active, trialing, canceled,
+ * past_due, incomplete, incomplete_expired, unpaid. Only `active` and
+ * `trialing` grant paid access.
+ */
+export const userSubscription = pgTable(
+	"user_subscription",
+	{
+		id: text("id").primaryKey(),
+		userId: text("user_id")
+			.notNull()
+			.references(() => user.id, { onDelete: "cascade" }),
+		polarCustomerId: text("polar_customer_id").notNull(),
+		polarSubscriptionId: text("polar_subscription_id"),
+		plan: text("plan").notNull().default("free"),
+		status: text("status").notNull().default("active"),
+		currentPeriodEnd: timestamp("current_period_end"),
+		cancelAtPeriodEnd: text("cancel_at_period_end"),
+		createdAt: timestamp("created_at").defaultNow().notNull(),
+		updatedAt: timestamp("updated_at")
+			.defaultNow()
+			.$onUpdate(() => /* @__PURE__ */ new Date())
+			.notNull(),
+	},
+	(table) => [
+		uniqueIndex("user_subscription_user_idx").on(table.userId),
+		index("user_subscription_polar_customer_idx").on(table.polarCustomerId),
+	],
+);
+
+/**
+ * Polar webhook event log — every webhook we process produces a row here.
+ * Used for idempotency (dedupe on polar_event_id) and audit/debugging.
+ */
+export const polarEvent = pgTable(
+	"polar_event",
+	{
+		id: text("id").primaryKey(),
+		polarEventId: text("polar_event_id").notNull(),
+		eventType: text("event_type").notNull(),
+		payload: text("payload").notNull(),
+		processedAt: timestamp("processed_at").defaultNow().notNull(),
+	},
+	(table) => [uniqueIndex("polar_event_polar_id_idx").on(table.polarEventId)],
+);
+
+export const userSubscriptionRelations = relations(userSubscription, ({ one }) => ({
+	user: one(user, {
+		fields: [userSubscription.userId],
+		references: [user.id],
+	}),
+}));
diff --git a/packages/db/src/schema/waitlist.ts b/packages/db/src/schema/waitlist.ts
new file mode 100644
index 00000000..14cb4b6d
--- /dev/null
+++ b/packages/db/src/schema/waitlist.ts
@@ -0,0 +1,34 @@
+import { index, pgTable, text, timestamp, uniqueIndex } from "drizzle-orm/pg-core";
+
+/**
+ * Beta waitlist signups for the Stackpanel public launch.
+ *
+ * One row per email. Optional `source` tracks where the signup came from
+ * (e.g. `landing.hero`, `landing.cta`, `pricing.team`) so we can attribute
+ * which page was most effective. Optional `notes` captures the freeform
+ * "what would you build?" answer when provided.
+ */
+export const betaWaitlist = pgTable(
+	"beta_waitlist",
+	{
+		id: text("id").primaryKey(),
+		email: text("email").notNull(),
+		name: text("name"),
+		company: text("company"),
+		role: text("role"),
+		source: text("source"),
+		notes: text("notes"),
+		referrer: text("referrer"),
+		userAgent: text("user_agent"),
+		ipHash: text("ip_hash"),
+		invitedAt: timestamp("invited_at"),
+		createdAt: timestamp("created_at").defaultNow().notNull(),
+	},
+	(table) => [
+		uniqueIndex("beta_waitlist_email_uniq").on(table.email),
+		index("beta_waitlist_created_idx").on(table.createdAt),
+	],
+);
+
+export type BetaWaitlistRow = typeof betaWaitlist.$inferSelect;
+export type NewBetaWaitlistRow = typeof betaWaitlist.$inferInsert;
diff --git a/packages/gen/config/src/config.ts b/packages/gen/config/src/config.ts
index 8322721f..c13b33fc 100644
--- a/packages/gen/config/src/config.ts
+++ b/packages/gen/config/src/config.ts
@@ -1,6 +1,6 @@
 // Auto-generated by Stackpanel — do not edit manually.
 // Evaluated stackpanel config, regenerated on each devshell entry.
 
-export const PROJECT_CONFIG = {"apps":{"docs":{"domain":"docs.stackpanel.lan","path":null,"port":5738,"tls":true,"url":"https://docs.stackpanel.lan"},"stackpanel-go":{"domain":null,"path":null,"port":5797,"tls":false,"url":null},"web":{"domain":"@.stackpanel.lan","path":null,"port":5775,"tls":true,"url":"https://@.stackpanel.lan"}},"basePort":6400,"binaryCache":{"cachix":{"cache":"darkmatter","enable":true},"enable":true},"colmena":{"enable":true,"flake":"."},"deployment":{"aws":{"instanceType":"t3.small","port":80,"region":"us-west-2"}},"projectName":"stackpanel","services":{"minio":{"key":"MINIO","name":"Minio","port":6498},"minio_console":{"key":"MINIO_CONSOLE","name":"Minio Console","port":6436},"postgres":{"key":"POSTGRES","name":"PostgreSQL","port":6404},"redis":{"key":"REDIS","name":"Redis","port":6494}},"version":1} as const;
+export const PROJECT_CONFIG = {"apps":{"api":{"domain":null,"path":null,"port":5721,"tls":false,"url":null},"docs":{"domain":"docs.stackpanel.lan","path":null,"port":5738,"tls":true,"url":"https://docs.stackpanel.lan"},"stackpanel-go":{"domain":null,"path":null,"port":5797,"tls":false,"url":null},"web":{"domain":"@.stackpanel.lan","path":null,"port":5775,"tls":true,"url":"https://@.stackpanel.lan"}},"basePort":6400,"binaryCache":{"cachix":{"cache":"darkmatter","enable":true},"enable":true},"colmena":{"enable":true,"flake":"."},"deployment":{"aws":{"instanceType":"t3.small","port":80,"region":"us-west-2"}},"projectName":"stackpanel","services":{"minio":{"key":"MINIO","name":"Minio","port":6498},"minio_console":{"key":"MINIO_CONSOLE","name":"Minio Console","port":6436},"postgres":{"key":"POSTGRES","name":"PostgreSQL","port":6404},"redis":{"key":"REDIS","name":"Redis","port":6494}},"version":1} as const;
 
 export type ProjectConfig = typeof PROJECT_CONFIG;
diff --git a/packages/gen/env/README.md b/packages/gen/env/README.md
index 16434e90..e2c3b7f8 100644
--- a/packages/gen/env/README.md
+++ b/packages/gen/env/README.md
@@ -3,22 +3,22 @@
 > Auto-generated by Stack — do not edit manually.
 > Regenerate with `write-files` or restart devshell.
 
-Type-safe generated environment access for 3 apps.
+Type-safe generated environment access for 4 apps.
 
 ## Quick Start
 
 ```typescript
-import { docs } from "@gen/env";
+import { api } from "@gen/env";
 
 // Async, decrypts the embedded SOPS payload for the chosen environment.
 // Return type is inferred against the per-app `Env` shape, so all keys
 // (and their availability per env) are statically discoverable.
-const env = await docs.dev();
+const env = await api.dev();
 console.log(env.PORT);
 ```
 
 Each app exposes the environments declared via `app.environmentIds` as
-async loaders (`docs.dev`, `docs.prod`, …). Pass
+async loaders (`api.dev`, `api.prod`, …). Pass
 `LoadEnvOptions` to override the SOPS secret key, disable injection into
 `process.env`, etc.
 
@@ -26,12 +26,24 @@ For sync access against `process.env` (no decryption), import the per-app
 module directly:
 
 ```typescript
-import { env } from "@gen/env/docs";
+import { env } from "@gen/env/api";
 console.log(env.PORT);
 ```
 
 ## Apps
 
+### api
+
+Environments: `dev`, `prod`, `staging`
+
+Variables: `BETTER_AUTH_SECRET`, `BETTER_AUTH_URL`, `CORS_ORIGIN`, `POLAR_ACCESS_TOKEN`, `POLAR_SUCCESS_URL`, `PORT`, `POSTGRES_URL`
+
+```typescript
+import { api } from "@gen/env";
+const env = await api.dev();
+console.log(env.BETTER_AUTH_SECRET);
+```
+
 ### docs
 
 Environments: `dev`, `prod`, `staging`
diff --git a/packages/gen/env/data/_envs/deploy.sops.json b/packages/gen/env/data/_envs/deploy.sops.json
index 1ab6c5a9..c2c615df 100644
--- a/packages/gen/env/data/_envs/deploy.sops.json
+++ b/packages/gen/env/data/_envs/deploy.sops.json
@@ -1,76 +1,87 @@
 {
-	"ALCHEMY_STATE_TOKEN": "",
-	"AWS_SANDBOX_ACCESS_KEY_ID": "ENC[AES256_GCM,data:XICwKPfZ/w1zH1q8Pmq/XWXPRK4=,iv:m1gQLdlTL7u+cB4KK0rqo/ZzyIampJM3G/elyhEv/1U=,tag:9DrDtJaOzDE5+OC8N6GVTQ==,type:str]",
-	"AWS_SANDBOX_SECRET_ACCESS_KEY": "ENC[AES256_GCM,data:gzkitoWy4VUF5hJtHBo5YpLxydXW+ufuIOgK3WxmvU+yS5PSX4nx7w==,iv:Gb5R6y82e6mdnv6wFHNRGT1TmDIcUUkSvRzK6KV49Es=,tag:CrVTGNW6tkVU4VFLCo0z7w==,type:str]",
-	"CLOUDFLARE_ACCOUNT_ID": "ENC[AES256_GCM,data:pQstpIklFneXF1nbhFWube/hkAFYJwxQQl0Ya1/9CRQ=,iv:MqGYAy1s34Bwh3ayYtQhsOV5rOIC7QQRri5Qrilrg2w=,tag:wcPi4lXWcoK7muvetYWx1w==,type:str]",
-	"CLOUDFLARE_API_TOKEN": "ENC[AES256_GCM,data:XuhGe84tLZvSuzsIeBOgRWWuyumClDzvAVCp0mix6Dy7GIb4VHHJYZBuVXuFXKfchuXR++E=,iv:7YYkkKOSY1nLjyBsOrzpqs6/JhkyzvJuXqjqWFaLr8E=,tag:rbEFWO5YcGCIr2CysTm0yw==,type:str]",
-	"CLOUDFLARE_SERVICE_ACCOUNT_CLIENT_ID": "ENC[AES256_GCM,data:ta7Q/QxNoOBHq2Qk4nvvacpkN33dmw3h8EAbGEBAgwRsnfvreWA5,iv:sF5YqliVrD9/ObjxPd3eSQ1hL8Ayc63RMrPaAxbySts=,tag:ietyFrydgQt6fzTSs5Wpxw==,type:str]",
-	"CLOUDFLARE_SERVICE_ACCOUNT_CLIENT_SECRET": "ENC[AES256_GCM,data:PB29rwt90UALiz3hTwQIRrXnB/TzWy8KUmShgLO6w58pe9swXNtl9l7GPNvU3g8pYf3z3j63VfZBUWjB3kC63A==,iv:uJvceIG5DqhdHU9QAXYzuDZLBXbvNV4oXrcOu4aXfc8=,tag:mrzQD78vgq5YVzhvpNztyg==,type:str]",
-	"HETZNER_API_KEY": "ENC[AES256_GCM,data:IQSSX4mQEFt68qMFm4a9K+YBOlhjCCzpLBvMOfSyOSabG8gPBui1KKr+p1cYg9FSK6pSjAZ0+ussURVi+o6z4w==,iv:XmnuYXCvKO1niWk6+bcMF4r1yQ6FiVjtbQ3xZRfkx2Y=,tag:rkpZViGlVMq//0nBUZbC1Q==,type:str]",
-	"NEON_API_KEY": "ENC[AES256_GCM,data:jf1Gtnq5Btg857dikMmhYAeMrdrFPJ+s8dF/6aYu+IhfH3MwNy2VoPu9KV3bj9HC5ODjHLnCoMl7my+bEuO+f0aqMpdV,iv:PwIMPOzSJ7OzIpsS8lCjOJjJQB5/hm66bC7Ud3+ROtY=,tag:W8UpNst3H34QCTrVh4Pxug==,type:str]",
-	"POSTGRES_URL": "ENC[AES256_GCM,data:Jk0J0NNl164n7RqI2HYVZr26f8dWZms3FghgWbiMcB9QEdL1IHp3ObFp2fTu6Bra8VRCOCHOqbjMX9LeqqhT+fD4rak5CS8vvbnX2wJ0gnEO+ERVYFDunHpm/EtgmawySoT+YOS0ZV3DRXux8ot7UOsMn6Q3sktAZW8B8rtej54eBCqiFuReBJdWUS4GijXeHtvHBIbNc6MIiZhDwNVXyTdXSwF5tXq3Rw==,iv:DDWbjqoKyRrzIRNcIVcEmKD4lRudTcEql6iwpHMr1m4=,tag:a7batxIcCEqNv00MTyoaLA==,type:str]",
+	"ALCHEMY_STATE_TOKEN": "ENC[AES256_GCM,data:Aotsrq4z+o4aLGT02CI2XNXW7mf25vxA+IU=,iv:xd7bMzfYPYh0TG81/PMP7pXt+Ml98UM98h/ROFJsPsA=,tag:V3V1u+IMqiMSkpOK2PxouA==,type:str]",
+	"AWS_SANDBOX_ACCESS_KEY_ID": "ENC[AES256_GCM,data:+zRB/bRORGYoZfG6g/A89pPpV3k=,iv:acYs1lFIAHCIxLl8CDQqYlCZx6F2Ms0gjgq8dlxZcwY=,tag:iJPTAHsUWR964Bv89kK0MA==,type:str]",
+	"AWS_SANDBOX_SECRET_ACCESS_KEY": "ENC[AES256_GCM,data:7dr/l5Kfr/h0amsVk5TNJL7ckLXUfqYeuYbxMp3aDwyTf3robr+wFQ==,iv:+56W3LtkDFXR6WyxUvSVqJ153NARzaXRx9nTHtkaSXA=,tag:9qAMBz1QAwMGQhAfbMTnaQ==,type:str]",
+	"BETTER_AUTH_SECRET": "ENC[AES256_GCM,data:PYAFDfZ3nJychGu9LHRyfwpDPH+GOURbhX3PuhiYLyrq/nTM6mcDCnMwcRs=,iv:HFSXFKGwhA5AdCfcHSccqHgd2FHcPGo17Xpou1LCt48=,tag:oPqmIAcjHIG/sXCRbgIXjA==,type:str]",
+	"CLOUDFLARE_ACCOUNT_ID": "ENC[AES256_GCM,data:R8fULLSkPJiTYIaFAVDwXgg8Mn97UB3j0SUawxkHpvY=,iv:SuMOJOKikGlvyTF9tm9d8d9ZfoJoSYz2AMrlu6e+0Ps=,tag:gNfAM2Owyay9CC9d3ItgxA==,type:str]",
+	"CLOUDFLARE_API_TOKEN": "ENC[AES256_GCM,data:RiyRBv81VmVqWzWmkbzkurAxGQPCxZuQKjs9z3jSXzEXhpTRijQRbG5cPgORRX5cklsilf0=,iv:x7yUytk4f1UyxTnFRWMvQcC8SUd/Th5GEwf9g0Ng0oc=,tag:O8Z7IxCzTI/g4IrWHEzmLQ==,type:str]",
+	"CLOUDFLARE_SERVICE_ACCOUNT_CLIENT_ID": "ENC[AES256_GCM,data:4VcByevmUFX7k57LKI5ygwS2Es+VjP+NXVWMcb9mdWHEY9sX7syd,iv:NwJIL8VbnLYDXswglP5jPBz09QKV2C+aXmCOAf6Vurg=,tag:Von3VASfpCM9SVEa/ysncw==,type:str]",
+	"CLOUDFLARE_SERVICE_ACCOUNT_CLIENT_SECRET": "ENC[AES256_GCM,data:CHgM197AzKXy1DGq+HobH+/m8HOPs48tIliCVrmZcmDotubzHnVKm+1S/P5t/VQ3audwSvNxAAGqGzN8W+V1vQ==,iv:zrgVyzFZdvuFyD3Y/A/BD3gP7X0sNyrk90IWNTD7hHo=,tag:+QDWLLyUwo5wC1oxL2silw==,type:str]",
+	"HETZNER_API_KEY": "ENC[AES256_GCM,data:bVGqthWDohJ4fxE2/5laTf62LlyNnBFPI5ruPlxSq+m5T2fZY9ZiOw6mmGg69BBrCY1ynSq9eO64BtbGkuzS+Q==,iv:uCdK0ea9RVlLp7HHs1jV8I9UlTN0bo7nUGiqMZTmBWE=,tag:nBWyn2wUbospAij7JG4b4g==,type:str]",
+	"NEON_API_KEY": "ENC[AES256_GCM,data:luNyT/qMHFgXorF9HzECWfw83c7yUb+hrv+BMJxarr3Nns+AgLrgZ8HPb1Flt8HnQgPidMZEaNt/9+ftr0fYvUAiPwZS,iv:ZkHoxFCIFgmwbTu5c282CD1i5VQbzxU6OlxxjwRdoYI=,tag:pdaVvwq1bMA4T8ItS+RoKQ==,type:str]",
+	"POLAR_ACCESS_TOKEN": "ENC[AES256_GCM,data:YmV/weFmuR/wRbHkCovJCaLwX5O51q3p1TjM92fD1s92HeS1Wss=,iv:vU11QemYKMkZfhr0hPv9h/xq6pIkB33GX42VZ98oQmw=,tag:sisvXxMaglO1cfBCfKRk4g==,type:str]",
+	"POLAR_FREE_PRODUCT_ID_PRODUCTION": "ENC[AES256_GCM,data:wXzK7Mret7Q+ekUVzaunGYMnwqDxmeOq,iv:IMJe+jkUiGuNKrjol6g7O86RQzJwFtSs8vXOqcWAjjc=,tag:UUiT6J3dkNUqQKk0bcZp6g==,type:str]",
+	"POLAR_PRO_PRODUCT_ID_PRODUCTION": "ENC[AES256_GCM,data:JCIJxtcAZdlEL89x/raHo3G3xO7WZL8=,iv:iemiAPSibZNhR0c6w7FPRKtQf9AgcQzLA1wbNYx125U=,tag:m6q8xdMVv1UnHjLgyfekWQ==,type:str]",
+	"POLAR_WEBHOOK_SECRET": "ENC[AES256_GCM,data:X3ztWWXaRIH4cbWu8G3UB/Hq6wELyYYSR7uq7Dir3xIIYw==,iv:Ecqb4gsSPU+DrhsEr2rb/t9YMk0h7zZp+MaaeR9LSHA=,tag:PhxPbJ9peu9AOpmpVx4vFw==,type:str]",
+	"POSTGRES_URL": "ENC[AES256_GCM,data:ccHTSBCIgkxVUxppfuit52LuxBQIKcVOZPWhLxNOBzMTcJM2WahLEjzBN6dyutSdUvNi9g1TlajcX1jVKzlIF4A1U/GC7QIoCEv8di6xWFO13uOu/9jG7wZheqNxJZ1Lbs6/bVGUmenwH4WRDYl/WmlanGmalTk+ymlgHCbltnr86yIRdaHskFWfM1By8DODMVe7tlt6n6YkjKndG3u1MCrq1KZfBm5KIA==,iv:x9JXNs71Cf7wDjWog73SbHcVnEiWq1O9rbQLSqua2rE=,tag:1R/SimohTvN8u8goBgA08w==,type:str]",
+	"STACKPANEL_API_URL": "ENC[AES256_GCM,data:327iGdJu7I3VAYYfxZtmRtMSx7+hC+JXwQY=,iv:K1TFF18jliW0CW413ECN5+W6CLaTHlZ89SWJVDtXU2M=,tag:XoTdOqYmnljYg5OP4NbLcQ==,type:str]",
+	"STACKPANEL_STATE_BACKEND": "ENC[AES256_GCM,data:KtBKkNM=,iv:9GHDL7I1K5N95FSipe4IuTRiO17+o4BpoT0diYEHGaw=,tag:deTxpVPQ6W7RKj8xbh0VWw==,type:str]",
 	"sops": {
 		"age": [
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjMrEzKQSq/0eePzgUGXM349sBm6GVCXoz+tJZJaBVT",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHZMYWFYZyBUOXRl\nZnc3RU5aaWNWaHUxT01oMDJieTlOUS9aZGVZeFpzcGZNcWo0cFQ0CkxwZmd4ZFRE\nUVdqaGlQd0g5WFNqS0hKT1Y2TW1OOFo4MVROMlRWbnp0aXMKLS0tIGZOYlJmbytz\nakVMS1oxZWN3TnNDelJpeE9xMkE4VjBKMTJjS05ydllVNnMKG5dOG3Ai5mJamILC\nezRzZR81PloNd8RZuXXKOkJjFvY6fmBPDT7yJgEmkrx4X52iMunP5ZvI39uWAGqd\nng3/7Q==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHZMYWFYZyBvM2dH\nQUJIQUZmeENVdDVNeWhwV2pZZkhia0dyZ0QzUEVPUFhrZ2Z4N1g4CkVZSlJ1K2RD\nV0w2S0JMVHdkM2tONjM2aDVkekdtSnNOa0t0bmFKRnhpM2cKLS0tIE85Vys0WEc5\nZnhDaXlLVklsM2R4elpDYzVYYjliMTIrd2xjekVXanZoSDAK322/4GVbOhE4KtRp\nQUF0Rxq+vFpaVT9X2KrWsuTdtAd7zDQrwMN/6mA5UCuDYelCxLReTjfDeSDgG3Lb\nyoSNkg==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIoX0wKjybps6ZHuvA+uwE1ThfWl87MApDLxCjCDUCC9",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEtlVWxBdyBHNVdU\nWCtPbzBJK0FCcHZFVHJJeTA4c2EwbW12NVk5R2xud1RYS2JrR1RFCkdqTEE4Um9x\nRDA1RUZ5L3BLOHVla1Y3bThDdzArVWJmWnRhS1FMRjFwdUkKLS0tIE5RRUxSV0dy\neGVIeTM4RnNPQWc1dU9OSSs5eHVEMGY2NFIyU1QzRmZsZkEK30Ua/tBqp1qPPc+a\nyUcWN2FIXFgtOcRLWWnaRC3x/N8mZtY1m13M0d7wLJTQpRQ5yX8biNr1EcKnIIt0\nEzAbNw==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEtlVWxBdyBzWmxz\nbjVUQ1RvZ3dUV1BpTC9ubHh1ZFlpZjJBQ0VVK2VtN0JzNjAzZ0M0CnlNUStjNzJv\nSmIzaHdBL3pxQzR5M2FxalJDSjc2SmxuL3NnNHo2M2NOUmsKLS0tIG0zM1ljdWpl\ncExqeDkyODRQQXpoWHR2V3N5Q2x6djJiQ1lQbk9HcCtnM2MKU+P/lgGaHoIRAld/\nHkomfMa99CGgBw9BkMkmHPmNPb4b5Og8xDYqACO5OaDbvuglDoWcB5+ffE13MNpH\nQYxfcg==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKZPhznHjTDifGroHiGRD3hwWz69B8NsSSPNbwWjfzgW",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFNdXZydyBCRE43\ncTkwSk9tSDFzdjNuSFhPRXhhSXBONVBiRDJEUGhuYTZ2QkVhbGxNCkFOVno0YUxO\na3FsNDRadHFIU3l1Qit2eDM0blFyampJa0lqdEhMUDE2VmMKLS0tIGpQVHZ6RjAx\nbm1WRmlNZURlcnU4ZjVtN00wUGErbVd5R0UwY3VWYnByM3MKdQVv/Qo+GoYJs82W\nqdsPGpy7aLXtMbk4YuWxrIz0N2thIg4I4/FbeTNkbN8mRUl7o4009XI+aSWrurOX\nM3P0wg==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFNdXZydyA0ZWJB\nejlUL1JzNVl0YWwyRmpURm5vbmhUaGtGbjA5QThTaktqdEFNQlRvClR5NEpLZllH\nejdMRXN0SkMyMFpIZHkrVVV1ZmdMMTBMTnFVUHR3OGFVTmsKLS0tIFl6RTFJWjVM\nNnZpbCtPTXA2NWw4SmNaUTk2SncwSnVPNytxRUU2RDgxWEkKJvGi45WF0ZvT8PGa\nbhmjqSJs6B6mT134x4h5SVHwKBmLZ6kr8Sn6OPK2PSDZeQWMKTIA7G8mt1zUdpcF\nWgvCoA==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJF9kzudl00FVTQA7nnSaicAJW2MoBKm47G7wefb6uSm",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGw3N2NtUSBEV0dT\nNHRTZjhTV29oMnBRaXFsL0V6TU9RRG4zWk1ZVmVsM0dvY05SSldrClNsam1QbDk4\ndHR3TzdZUE5aWEtMZjMrVTZMRXA0UHVxalFtR0YvS3RWRlEKLS0tIFY0dDdxd3JH\ndlA1eU5aWG10K1pPRFVkanc3dWxnM28vamFQdXVnYnFTdzAKrTgjqXv/EMYsFtGp\nadmqrv1WfEvp2EHcR59W6kXVR7BtPc7CC9X5OnGpMr1uZxIG7Leld1gVArg75X5l\niz4FrA==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGw3N2NtUSB5eEVp\nM1RNbVN2Wm5OTmMwVXdYUlczMUI2MS9uTU9jckZZb3U3QjNhSjNjCldqN0M1Szlt\nZlAwQXU5b2VIUEdaRUhNS2RqREpUb0h2bmtLcy9zYTkzV0UKLS0tIGVLeit5Rm96\nS3kxazg5M1N2TmJZbU16MS9xZWpXR0VTQytaQUcwd0FIT2cKTOIeqXTFEoWHO06q\ngp9OjW6ZcQX6alN8vOH8tijxGUyRtfiwQmOjyIuwl0wdd86+wrQ1py5W2HqvrZyy\n8VI3MA==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDmZV9Oi9hrckXTpqBnDKRrY9mgwj+SJeVBGWmne2+q5",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpUeE1RUSBXeGFs\nb2szQ2NDNDFQMlA2TEJYbHpxYXJmblJzbW9XZFVpaTZucE11d0dFCjNBOThuREpL\nQnpWbzBaVExUTTRQYnVVWkg2b1NsUXNvVmNqOTlZeEgvREkKLS0tIFRhQzgvam4w\nZ2dOeGFJYUFMNEdiVWlFYlplbHRUQXppT21RczJsZHhvMDgKQjnPtBECdwpotPd7\nwuaWd8rf0MPkisWt9QQ6m9cYcY0zOp3OxkqWk4SRLqYdw73Lmdvwe50dR5ZZL0fn\nHtHjhw==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpUeE1RUSAvUWtt\nT2JBWWVJdHZibnlsckN4VlgyZTVmWVRiSGdNcElBUFF5NERnVW1JClJQdEJWN2pi\nUmxoeDY4YWhESlZlM2pjT0hRMTJzL2FnOUNyTW8zRFFZZWcKLS0tIEh5eDlZMDhQ\nZTh1Q3YrWnliL3A0ZHcrNjhHWCthSXNlNmZTY3BndlRES0kKcKcJrkuOGAFfqn2Y\n/RW0TytJZPQuL55UgX9naCUEk81f6hFVQEx0JqqrNtAP1AD80FRQZ9onmxMOHdYL\nnv6+4g==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA+M/DHDlKgayM6wsiX6r704pE+2qENOsKcytC7sBhKA",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDF2bHNJdyBIM1RS\nYlVBcmFPaWhsNjQ3dzR2WkJnK2hSUm1vcXRGYmRkWnlxM3p6UlR3CnJNb0xkNG1s\nenBDU2xBb29hYkFWQmI0SHZFREVDcENGT29RM0tvSnU0NkkKLS0tIDk0RjhocThR\nZFJmbEorUDZFNk90RFJVcGZhOUNVVzhNODlPT3FCY2VLZ28KcOdyUAtsy1DjwZBq\njpaB1mK145C2IINqVVZw/WuOas5mQKSnymmwp2av7dZAbfnBJUokiYR84a2kJmrm\nVBlulA==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDF2bHNJdyB4QkJs\nUncxV09YaEZqbWN1SG1hRzhPTEhTdzRXclZOTVFNcDQ5MHV6dDI0Cnptd0hXUjkx\nUGdLUklFcjhPSkVIUFVQR0pCdElMYUFVV1V2MnN2cUJoaUEKLS0tIEJhZmozK0lP\nd01IcXdBQ01xWExBVk1aR3h5bGsyU0M0a2xLdDdtdEp5R0kKzqW+uSBff154eqqo\ntEa8/43Fk7ajlzexMPLYTQ/e2fUHzHE4RhZmDGDOZaniHgTWXBTdgHFHxEwojzvk\n3bdbjA==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINh0gA7reCRW+zQ5pPpIjoJGpaFQSbC/4K8B6vMXJVr+",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSBkaWhz\nZ1h4NWd0SXUyTzhuWStHekFFSG91VnNTQ0pRZHVhb2hieit1YmxJCjF1NUwxaUlU\nVTVHUU12c2JQWUtiOUJuYlpKRGkyOUE1ZmcwLzFER3pZQUEKLS0tIFB0UG1vNmg2\nYUxZRnpKU1BpaTJoOFA3ZS9tNHFGMXdlYzJpK2ViZHFUcTAKm6HyxY3URBubjhlO\nYEXTFTKahPsf/l/1eBGX4fQTBUn7Fol2xzrILQ7/kqFLaCIt2DClbc9m/dk4WUF6\n0tfLUg==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSB5ZFZ2\nd1BQdnZzU2c2Q1RsODRFcUZ3bytBSWlqK29Odkl4S2lXM3RLM2pJCmtyUnlVMjFs\neWtqeE5yU0d6OVZJSytpOGw4TXRYTTBKRmROSnJ6S245RWcKLS0tIGVzTUVlR0Ey\nNWxDYUx1SXF5amRyZytBZmFwWm5MbXRqT3V1RFlOcVpsUnMKxjVWWx7du6CGFvEg\nim5waR/9lDflNoKdR6WJEdVEkTOuO7YzfVk8+p7aj/depvLQrjvVboCH9k9PxqKZ\nG4GDTw==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEmYihgWHfnLw0f8uTfLokCwToLavzV/+k/GggBA4Sz/",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtNZGJ1ZyBYNXZu\nVmlWNVVPMERRdzNYMzNSSC9ZcXl2WGMxazJaR25mSFRZMFd0RHdNCm1pL01kRnNt\nOGtQcDIvOVNBbW1wbTVuRTRBYWlRblJOYm9mSlI1ZWxDeDAKLS0tIDkzN1dJdjRk\nUDE1UnB4OXJwSERzUGF3YS9yb1hXWk51cG9hYjl5UHlPaEkKirNUSJF+HlELjKQx\nusAuEjnl2cUOwET9wHzORqs1eN2y+g+la6E2BYPdXz4b1VDYLz+eM0VWYGRvrSno\naV+OAg==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtNZGJ1ZyBYSDJm\nZnpyeFRoMjJXRytBK3dBaUlBdlNJV0lzNEJUY2JMN0tjeGZZVVNrCkVEYWVGQ0FT\ndWNndlk1RHNmTFN1UndsU0FOc1E3SWxsTUZHTTdRSVZqM1EKLS0tIDdxbjNJdWZa\ncUExWjRsTmZodHNGK1JTanhVMFp2VjRYSkJycC96cHd5QWsK7yp9AX8QegDINv6Q\n6ea0bJv3pzdh3TzbZpDm5VRWo859tgFme5WaD1RQIbtBdlQ8we44ieKSKbv2p46T\n3UI9AQ==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvT1RvcTidgpVYE0OPknc3f5HcAVpyk+rXXrW4AcbzG",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFFONEwvUSB2bHZE\namxhTFBtV3FtSVU0Sk1TZnEwM1BVN2ovTHdKekR2ZjVGcDkyelIwCmJmMU9BUjdO\nRWpDWFBSR2VPYVdKblVOYWJSZXpUQUlONEhKbTRmMFpPVm8KLS0tIFVady9Dci9M\nbjkrdlJMdVRaNmpoUlZWcDV4S0ZzSEtLdGliWExEL2lPSFkKMpC9wrVWRELS4N+G\n+krr6f/35VhOELzGSsgh1jjJ89pni7xaJW+3JPGrDp6pd10vWf2nZdT5q8tPu1K2\nyg4qzA==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFFONEwvUSBYS2dC\najNrTjVUVnJtMVJ6b0FMZkZSS1pwSUNJT3RSby9iZTRhMTJnQ0NjCkNCQ1UvbTM0\nZklwb0FvSXduRGEwK3BBeHNOS2FKVHNXN0dNYWc1TjRuMlkKLS0tIDI0YVF5ekI1\nN3RIOWVnTGFHRTMvZUtmOWUrTmttWUdNSTJwWUtLMmU4WjQKs6xqhfAPpJsDJ7MT\net1Rp+wkVK/MkYFrFOkNqtmAwotrt75ujs9GmeoG0vkg2hENP0+dJu4MqQcMxe7i\noKUVRg==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEijeq50HS1g27BTRfJ8XWIPrAX9UVkap5fgIOCOtA5+",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDhjWXRrdyA3ZTVJ\nQVUzakJ4NWxWVE1xMHVPSVZUQXRlWW5qdlpXR2ZodmR4VlM1bFhnCjVmckNDcjhQ\nUThDak9UY2RiZDBnMVZMN0V6SjRvTWVZS1FIVkk3Mmt2ZHMKLS0tIE5YdExnR01P\nZ1ZRL1l3OUIyN2hycWl3cmpPWnBoQ28zY3oybUkyTjVSaVUKo7OiTpi0gqAV90ZA\ngnNbbltv40ZFk4rR7LU9nHGG3DR1GWtkgsFRiZE+qnUVwTwLt0OO2ymhG15VlAzr\nj9Jo8Q==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDhjWXRrdyBoQytm\nSm10OW0xSVZQc1drZmt3M3RlSi9IMWFtVnBPQjZMZkE3ajFvTVhjCmRuQm9FRGtx\nUDhYbEpId1dldGV5bmxPaE0zTjI0T3VIOXh0elQxR2N6SjAKLS0tIGJhbkNoUVhi\nU3N6dFAvQVR0VnAzeGJZY0poVm1vUGNyQlFDbXNDL1puKzAK5xa2UrLhLJEh9umT\nnzh64W/mWPF90NxxMmrfQcxuYmV9pZNmZXWhYxtmSBAkdvjit2qRm+k6WsrX6gXg\n/yo+FA==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
-				"recipient": "age1eqcj2g0fdekj2wpqp4y0fg9c5myydjdt9zlr5scr0grk6fxszymqkpw5jf",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBELzBTTGV1b3ZiU0pnYi9u\nTXZjSk5KMnpTM1RUVm9lamEyTW13U0d1dlZvCitjQ0lZN2VVZ2h5OVdtTGZwTGFS\neW42YVdtUnBnMlRTMTJHZ3NCWUNxeGMKLS0tIHNyVHJsRmFZYWtKU2dtTlFJaHhJ\nRXVQd2FNUHQ2Wnk4RDFiMzNtbTJKMlkKDEKYVMF0dC8MVDQTPtplZWYHCiIYVjDy\nK2PHhJGbkbnRcj/k1uwvYnw02OkzX86Rm3PIKr8ZcJEZy/eJQZlFvA==\n-----END AGE ENCRYPTED FILE-----\n"
+				"recipient": "age1d9h9mm3u5qalmpl2pf62pyzqj8t654n435emn93rutv0cg9sr32sg64fdj",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3eTZTMmRTZlJtbjRDNnNR\naHRZU0pCSGc1c2oyTElCSFVWVE5mQmtXN2hrCkdNWDVMQlBUTmJ3SktYVjNKUXRx\nYm5Na2FuODlmY05TbVVYQWJjRlZjQUEKLS0tIGNSZXBzZ3NIRmJ6ODcvY21uakZU\nNGNZWEI5UndKVFlCYWRCZVl4cDhlTjQK8piipRSmgIyx33W4UkwLPtqjVeBNyTd5\nGhdHGIuwKLZYB5wQo12bVLOSkZsl7n1QiY+IDIYYFWkKqWcpx1VmSw==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDuzbgoXZccZ2w/9HGgUyT9nJH7lG2/jfQCZJudY4yAN",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG05VmtkdyBFakVT\nRkJKZk42cVJHaWdKM1kwWjV1a0FYbUdJRUh1aGdLSUZoVFZRSFVjCmFGVVJGSkNU\ncEltVFRIcGRVMDNRRjBzUGNKa29PQnJXeUtPUzBYTXFtUDAKLS0tIGFyeEViQ1F0\nOFduTU9KbjUrQ1FJMEdLa2pRZlZkREFzb0pzcWVoTURXalUKAeU6rHN8V1KOcLed\nAX1aiIypxVLjiYm6WmWFZ5+Mfo78IUfzo8xiNYQjnZVGGdrBVebgKmpj67mwLIzd\nKKvc7w==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG05VmtkdyBTNnN6\nc1BrZWtWNXFGZUwxemo2c2Jpdi9UM3h4NjUwb3Fnb1V3aDFtRUQ0ClUxL1RvQ1hz\naXlyc0ZlNnBDYkhzQUJyNUFzMlozUzRNdmhlL3BUNkExQ1kKLS0tIEdYYVNRQ3NC\nUm1ST1RBNjY2WVoycTlscTQrQllkbzNhRTNMZkNnWUw5WEEKmr2VyUZb6jgipTEz\n9RQY3/WTIzI0tLMDdr3RqrURj1aMima44M/S51xEQ4hdj+6Jw2bSN56uKm22PqgP\nzwZlXQ==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age16rkvks3tljju3y6xu0l7luhjzx634et97g3xe58xf2dgfn2865rqkq6t8f",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCcnh0REl0clRyVXB5QlB4\nYjVlV0I1c2diNEU5OW5DQjdrcjBKbUxSeGswCmtZWXVyeE9OaXNrUTZDdGdRVzFC\nS3V1SFhPOThxSTlhRndrRGV6OUlNM00KLS0tIEw5RVd1T1lBL0FZSlBRZFpNZmxO\nb0YxNDVWc1hnd1hEU2lYcmFaTXA4NVkK0O68a8nxik3/4uSzNjbIn60XMSP49vu4\noGw68+WN0q9ka99go38WACYNoTRkUnysUzR7M/BbmOfNnmlR7MOVLQ==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFStro05R+CPmjWMHWtzXUKfGll+OosoZtXAyPtngN7T",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDRTOW45QSBUaGFZ\nTURJZ3d1Vk0rZ0JLL3hqemcweGRRK1gyTHkrZ3ZIL01WZm1Iem5ZCjgydVFTMGNW\nUi82QzI5eW4yQ0xqYmcrZkZOMlBxMmpVT1hJcVlSN0k2KzQKLS0tIHAzRHhCa0xT\nSWpzU3BpTVk0b29JRUxuWDc0YWVRZUFieGk3Qlp0WFpINk0Ks2zblBBQRTHrb+I5\nwQLtkv+wq+dc4x9oSXArtPSnfVh7AZDHo9v10Dqp+iot4jfLrzEwIf+1Sw/g5VBR\nZlEbQQ==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDRTOW45QSBxZlRm\nbk83bEVEU21VOFVCQ3ZsYzRtRVhWdk5qUEROaXRBYWk2OHJPNVJFCk1Eb0QyaWo5\nRmxOR2hGVjVBakpnTVJxaTdwUFFoYVlDOGNIclM4MVoySDgKLS0tIFZUNWlwa1Bn\nNlNJZEpOS05xNWU1SG9EOGQyZVQ0R0tGcXFEMERPbm9qS00K7EkxUK8mveTycTsH\nue1AGw9rrbveWudNk7YyRqYfhn2hFXtZvaSuH3Uvb6sBMaEMsXT/IkEg5RhxAlUo\n6GX7Fg==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO5qner13Q0fm5NhdXMx2nkt5kxjC0/SVY2FXh01OiHN",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDVucGlodyBKYWpU\nbGw4QWw5dUlVT2lEZ3ZqcFhUc0JSMDJ5dTNTY3h2RUhiMWs1bUJZCm80SFkyVFEr\nV3NOOFhpQnRCNnhBSlJHOTFJS2U5bHdpRzhCRXFQNloxNWcKLS0tIDl6WmQ3UzZJ\nUVRrTGI4dVYvdjhCSmxaRWFMWE84alRYVWpKbUlzbXNmMnMKoHqnp7993B4/dRd9\n8TSauKg/dy+B2jhIPoZyYkboLnNp9vb3qb9/TgNcOdG+JCG5oC4e62RJPMjQ+loy\nlzyOAg==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDVucGlodyBIS3Y3\nb01yWHVjWUFXNnJEa2NrVmZBcDVLNkVtdjl5ckc2dGllcDAxZFVFCk1GT2xndS9B\ndDlZU1pIcFJ4ejROeW1leERPaGZQMmVMaUQvdDlWQVAyK1EKLS0tIGpOdHg1aVd3\naENPbEhiK0wvdnBWSE1ESUVNSjB1dTVNTnhIWVZ3OVBvRzQKlEXpYjWJwph7KrSN\nGxdLMlzV5apHfwHWgFTQxmZpV/klMTIDodNn+QuFLdP5pq0jPpnWdRNFbLSSErHS\nvct0NA==\n-----END AGE ENCRYPTED FILE-----\n"
 			}
 		],
-		"lastmodified": "2026-04-24T02:42:10Z",
-		"mac": "ENC[AES256_GCM,data:oOdM5xzjOwUxVcsEOSQEX2rKEzObDWZRpVQX3NpDUAuJqcFCJWJboOBEDpTWESxbwxGwnbo2Aj0p9nyG9CvxymWel9L4JznJLP2MvHZKRzk2uBpsdtkO9zXAoRt2ymLLv2g6OCJMquAgPhIFmbU0mhn7/C7oOpxBHWgcGesiRR0=,iv:WvMyDSddbwW0J7FW3sy/BBGuSCXzkb5LDsn70BwSkMg=,tag:EVuKjRKikxOUgTWkCDoFVg==,type:str]",
+		"lastmodified": "2026-04-24T17:26:17Z",
+		"mac": "ENC[AES256_GCM,data:k0kp1jPb12hjXHt0dX6lEsPeHrVsqgY1wBtEn/9YkUryeUxyUPVz2Par6GwVFBRJseckADp3dmx68iD3dRbJKmv6h35HmF6BNmTAQt6R1JCbRxLA2UaC3w8q3ZXbPvTSiIDCtSOUQNUHzWCp1cZz54jrU1VbT5NxahITNIEXl38=,iv:rMWVhUrT/Z9czG0FbJyOh+bj35Gj0pySxro3V5F4MPI=,tag:EnTAbXVu+NQK3Q0IwWRpfw==,type:str]",
 		"unencrypted_comment_regex": ".*",
-		"version": "3.12.1"
+		"version": "3.11.0"
 	}
 }
diff --git a/packages/gen/env/data/dev/api.sops.json b/packages/gen/env/data/dev/api.sops.json
new file mode 100644
index 00000000..0857aa10
--- /dev/null
+++ b/packages/gen/env/data/dev/api.sops.json
@@ -0,0 +1,81 @@
+{
+	"BETTER_AUTH_SECRET": "",
+	"BETTER_AUTH_URL": "",
+	"CORS_ORIGIN": "",
+	"POLAR_ACCESS_TOKEN": "",
+	"POLAR_SUCCESS_URL": "",
+	"PORT": "ENC[AES256_GCM,data:Tikwrw==,iv:YlopsWejr/GIrjSq9S6n6sF6dt5OFj4HfN/uMJaSRP0=,tag:f1g5n+kJsBgsc9fRlEzxZA==,type:str]",
+	"POSTGRES_URL": "ENC[AES256_GCM,data:u7SsVRZoV1run1BUCC0/CQaZ1UjTYt6NAdVBm6Aj12ev6Ujk/l0oaN5YyUEROK9I/QP6ae6LUuCsWBKxVC4ehMG+xA92s73vPJfcTME/ntGVK2rR7+vFjbQQwV2+6YeDBEmxCsUDxYbZbI0eujzc2QgAeCcFUZv1Rs0wqdkjIxv6Q/I1Wkn04bB+kAvy0w/trx5A842U3Z+2lfp1qTwWybgmdMCUyEMRrg==,iv:m2vmiHbOwNgyrWyxdPJj+rxOu+oATg11iytULgrnFJg=,tag:V3V42uHiQo3l1PnmuvDEbQ==,type:str]",
+	"sops": {
+		"age": [
+			{
+				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjMrEzKQSq/0eePzgUGXM349sBm6GVCXoz+tJZJaBVT",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHZMYWFYZyBBbmVk\nWk9PbXAraUhVVzVGcmdwd3I0aTNmS2F2V2V5TWc1UXVOSFl2REFnCm10UEhFRmJ0\nYytUeXJnWEkvZDRnNk84cTdGWml5RWlTeDdqczFZYitXYWsKLS0tIExuNEY2cWww\nK1FvYkxUOTAwVTBPQ09YbUtmWFY3QlVaM3dlaWtvZmhkeHMKHHei7Kvfd5NOA2xu\nhHnJTZ5jkFnHe000msiLmzFOCCpya7QrkpFUVwJ3n7Qaf25jlTcSDfer2/PYHVL9\nsSiBQw==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIoX0wKjybps6ZHuvA+uwE1ThfWl87MApDLxCjCDUCC9",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEtlVWxBdyBLR0RC\nNXJrUFo3ZFVSOTVOdm5tallzc2pnTmZLQUxCcldFL3ZVRnRLVGxVCmFiTUJRaG9Y\ncWt5bkpmRUwvR1NYZXkrTUFiRnFWeGsyS0J2dzlSZlprY2MKLS0tIFlUYUlTc0tJ\nNUc4RTMwSDYwTDNvUjh0UklORXA2MFZCckx6ZjNJb1dRTEkKMJ3wF5VawHpT9jfr\nmqGsDxKI+3h1jtRpZKf+PD8ARepEU3HLbIF/n9yecuiQR68ldRIaSUcQu2hozLgg\nBoePTQ==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKZPhznHjTDifGroHiGRD3hwWz69B8NsSSPNbwWjfzgW",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFNdXZydyB4SS9U\nN1JBbWlUUVlncHA4cHhGTHIrVDVPd1JFL2ZJYWJvNnpBWWJLYzI4ClRwSGdYcExP\nNldlNEtQd0FkK0JqWTlob3dhZEY5RkNZQzE4VCtsYWpaMm8KLS0tIEdWeVRwUUt4\nM2hmTEdyQStWbDlqTkJuUjdDQW5aMmR0d3VXaXRDSUd2aDQKkcjl5Oo2K+0y6Ife\n4QAAj6rgzUB67VXAUiO953xHEezHL52/CeguWRQjpm/uSa7BK3Gqn4sfHAIMDlzz\nEXFt2Q==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJF9kzudl00FVTQA7nnSaicAJW2MoBKm47G7wefb6uSm",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGw3N2NtUSBVWkdn\nbDlRN0tJWEQrYk0zclA4VXVSWTZnZ0x0M1BZSXF5TWcwaDk4c0RZCjdNZHFUWm12\neXFxV1ZueFB4dzlLZDJ0bEJ1OWptSm85SnJYeXZWcG9GZ3MKLS0tIDBwYkovY3ZP\nS2NYS0xjemNaQWxjOGFIb3pvVmhYZkVTdHpONnE4OXp3VUUKAPbFJ5mC85eooCzz\n3MuhO/XkfdIKj+6rX6G2J7kpk7RxCl9RGFoI1XasvaF7InoeQj4yVYhRzDSTD8QQ\n3szoRQ==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDmZV9Oi9hrckXTpqBnDKRrY9mgwj+SJeVBGWmne2+q5",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpUeE1RUSBxaWMv\nT3JLMGFGeXUrenJQcjBuV2xhLzlra3E3NC8ydzIzdVRLeXd6UHpZClNyTm1oTXZw\ndnI3RmNvWmgwSHpBUmJPTE8wZ21Jekw3QzZ4Z04yTTVXcG8KLS0tIDBnbzJhVEtr\nYktiVXk5QUhTM09MVTIyWFZ2aHJZUHBJUWpNalFrcUhwQ1kKBW/rWVhKLaZne1Wq\nEJa4vlhBqdR+ZhYqf54Qo/f86+birA/SD2x+KR0XTrfIXOIPrT4Xpv0YoP/Ld8Q3\nMR046g==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA+M/DHDlKgayM6wsiX6r704pE+2qENOsKcytC7sBhKA",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDF2bHNJdyB2SFZw\nQVRaUlVyZXI5YWxkMlBZc1VHblVSZ3lsZGJRVFZYcG1iUTFrUGpVCm5UL05ZNlhH\nNk1OMDltbWEwYVFweGw3YmI5UlFTR2tXYjZuNnFiT2RNZk0KLS0tIEp1MmhicVZR\nM296aHhHZkxPbkNKemtFZURLMUlzQXZCcmlPL1NQYkJjTEkKKCGhFk48QMziE64O\nmEvKXDf34aBdIaN+FXRjlPiQYozkATYUkGZn2dML5fmyeX0SAR09iFGRlziX+BFN\n00eU6A==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINh0gA7reCRW+zQ5pPpIjoJGpaFQSbC/4K8B6vMXJVr+",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSB1dFlY\nd3M2U3oyYTBuRkVzQTNOZWJpNWl6SXJnL1pkMkJORVVMVHBySUZNCmpBL1lCeTJx\nV3RDTHVub1hiVURvdkVmbURuQ1Z0OXlRTVYyVWlkQ3M5TTAKLS0tIDh0TFRVUFR4\nRWFIVXlNWFg0WTNOZHVtWEtZclZSc21kK0xFd2RJY2dBVFkKhUQ8Wp4MWaA6hE6W\ne+IyffHAGA7X6NLKTf+poGSZwV80mAvQX3XVUGOjtclAR+dtnYuMLE82nKaaH7ff\nW30tlw==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEmYihgWHfnLw0f8uTfLokCwToLavzV/+k/GggBA4Sz/",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtNZGJ1ZyBxRnNn\nWFdxZVoxNjg4VGtyTU8yREd0R1MrcDUyZzVGTTZsUmU3citjVEZRCkJVM3hsVDZE\nQmdtMHZPa2JPL3JhREJFcENFSTFUZi8vNjhYbE94SWIvTUUKLS0tIE9nVWFhNEVC\nRFlycnJLNld5WGt2S3NSRWVWK3ptKzI1bTg4bHZXOWNwUE0KCOQGE6zxGQtZaa3y\nQTXbQ/3NeFkTm5z/V4d/6gxJxPugyprhxlcD8PfIymhyJpSyV0e8xZ6XK+EfhT22\nL3DY9g==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvT1RvcTidgpVYE0OPknc3f5HcAVpyk+rXXrW4AcbzG",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFFONEwvUSB4Z0dJ\nQXFydldEcUFZelZwSm5yblFPb1YydVpMU1dzQ2hHWmdGeGpENmdRCkxhWS9LZWMv\nM3gyaER6MDdWb1FTRjM4eUVRbjQ2M0kxeTRudVUvQjdrbVEKLS0tIE02cmxsYXBt\ndHFIYS8vMjVxeGxPUUxtdDZ4dnpYekpnUEdNRktEK1BEZVUKwQycFBywK9PkuK0c\nQ/RoTJIPOJvdMqFkuMBOUMAyOiqTjXC0b3E/kYrU/VhymbrLdH20NEFbHi1JNFRn\nR9TEHw==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEijeq50HS1g27BTRfJ8XWIPrAX9UVkap5fgIOCOtA5+",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDhjWXRrdyBwZk93\nL3R4dTVqMGFvZUdEQ2RsM21BUDZad25QUnpaYlZ1VmtsZWlZcndZCnMranMvSllG\nNzBDRS9MYWNENGJKZTdJeEgvUDFGQmVtcFQ5OVlnYXRDeXMKLS0tIFFjZzlHUU54\nTEplbXB2YisrRnA4QzdPSXFmRndxU0EySDFmVGUvWE92TUEKuPoVqdD16XJc8GuV\nMX7D4DKPGVhTMqSpNo8PLwjW9W6S5D3uXGXdZNzBr+GS4ehX9kqXWAs3RCJk7Uuk\nfMD1KA==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1d9h9mm3u5qalmpl2pf62pyzqj8t654n435emn93rutv0cg9sr32sg64fdj",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVRVlVUlJPRXU5d080WllO\nU2lHRm9BTXg0V1FmOEVLdmRtUGE5UzdEd1Q0CmNPS0xRd0RYbGN4bFJHSS9QTm82\neXF3b2d0WjdXeG91Y0pHb2V5OWFNU1kKLS0tIHg5b1dYeHdCc0VRczBaOXpENG83\neDdNcjJCNTFYL1RXZUk4dEY2elhYUmcKIbFcYo7pIZs1oPpKka9ktz/nBenbUsef\n7sGZEuS5CfrZaeoBdbuYLsthtHLCtHy5pd517uQUY90bS+u488iwaQ==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDuzbgoXZccZ2w/9HGgUyT9nJH7lG2/jfQCZJudY4yAN",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG05VmtkdyBxYm4v\nUUsrTVNybW42aW9KU1U0L3g1SEYzay9OZEhRWXUyS2hGd3NLZ25nCnVtL0tKR0JN\nZzc1TGxSZ1duRWN1bTV2bW5rMmVJVS9rL2dScTJpT3FzWkEKLS0tIHI2NFczL0ZI\nbFpFSzdJODZtK01wWXhiSzZRckNGdEY5YmZ6Rkh3U2paK0kKW+e4+KOWpwaNSgo9\nJYT9ynjQVZuJsOCWDAfFbVeOYXSkiSmpB3vw5hDZyIhJCC8mdHMFnARPYyWdr3PY\n7snhUg==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age16wuzuxnkcgfuxzvzgk5e5a5f6hhs386adjewyv54m9esr4yj6uuslpn6tp",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxTWFkQW9XbUFxZ1FzNEpk\nTFo4RkhGVmQ3L0R0bnI0RjZ0Q2k4bUFwcW5rCml2MkEzVnZXd1JDSDIyYTVsQS9M\nVkoyTGV4TE9qb3JudksrbldJNjdYa0EKLS0tIGFGMDJaRlN5T0dZbFlIUnJ0MDdx\na3lYc3hKQm1sZ3pZYkdxNzkrUEJxU3MKJRrK6wxd7YZgWeaW3CAaO/A/XiVWvPLN\njEvMRYVNZqcAXPLmHqXd2HWA0IKTRfX7xyhVge24nCA13LqmQcFcbw==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age16rkvks3tljju3y6xu0l7luhjzx634et97g3xe58xf2dgfn2865rqkq6t8f",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAveitWa1NSOE5BSmwzalFm\nV3kwS1YwcTFDdmhwZ1V0R0ZqbjM1N0pIUUNVCmdodVd2R3hEdXlUTXpOVGFmV3lk\nbmVGT29BNU55allrejE2ZTc2aXc3UDgKLS0tIFp4WGgwMENRQ1RDTkhJaThxbzVV\nWWxEZzZ5MEY1czlrc1dNaEttcitQbkUKTx6F+a/RLD4vhBVJkmDbjuJqadytBRsu\nx1u1YazcTaiD6Ce+Pso5eBRUU9bzpEaxpyiafziuGKamOBRhLoJ9mw==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFStro05R+CPmjWMHWtzXUKfGll+OosoZtXAyPtngN7T",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDRTOW45QSBVYW9z\nQzVyV0lwRzRRbUYxWXRlelh3WUFrZXVsWVBYUVBlSGloRHArWWp3Ck1wTld5akN0\nbW1TbTZlMllCQ0t0VmpaK2NYVVJjTlF6cnNaODBVdjZWMTAKLS0tIFpoODM4clZD\nTDVXdlRRTVNjSUd5bUVYUmtKdEtINXQ3THd0N3ordWoyZG8Kcz3Webr9VxT51TOV\n/VL4SACyS7KepENr0IUgKLXT7Au5YwXDoT1o2op/38/87BrWrnczqipjGIkbuh0Y\nHKMFuw==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO5qner13Q0fm5NhdXMx2nkt5kxjC0/SVY2FXh01OiHN",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDVucGlodyBqZ3E5\nTGdOd0EzQXVJNWFjb2IrSE9UZmlIa2RGZE1Cekt6b1RLNlRHWTNzCnIyYk8vV3pY\nbldIOStGczZKcGttTEsrVGJObEpVLzZZYkE3ZFFlNGpuMDQKLS0tIEczME9BWm1k\nZlVsUG9mZlBsSDY1cHdUcCs3aldsVGg2TTdLNmRZejRheWcKFb1T4ZijnPplasG0\nrMP0GX/cyD/UliHIJ7WEMZum22WKfQfdaxJwTCbh0U6L79qzOBFLKlBx2yGxOyA3\n/m8GwA==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2026-04-24T14:30:26Z",
+		"mac": "ENC[AES256_GCM,data:xqnGLG0yJzoPSsYJf2KEzOMEEF2z4ImFScBWqcSpZUfk6YP6B/touJvVH+8Obvg1AJO3oZK9u9qj4k6n00iCmb3F4/WUkwMlIpw4Q517hXtjN9/pVRhFGPBuGNT3+f+gBHkwN/L+vYhbwN33cUHSzllb0LQ2+pWCqUSYgRf0Vvo=,iv:9CItEd6sBeNFDhII4B5V75+RXa6IdEfw2YSK2uz9sEg=,tag:T4VNT79hU16KjvNvSG0NDg==,type:str]",
+		"unencrypted_comment_regex": ".*",
+		"version": "3.11.0"
+	}
+}
diff --git a/packages/gen/env/data/dev/docs.sops.json b/packages/gen/env/data/dev/docs.sops.json
index cea0124d..678af00b 100644
--- a/packages/gen/env/data/dev/docs.sops.json
+++ b/packages/gen/env/data/dev/docs.sops.json
@@ -4,78 +4,78 @@
 	"CORS_ORIGIN": "",
 	"POLAR_ACCESS_TOKEN": "",
 	"POLAR_SUCCESS_URL": "",
-	"PORT": "ENC[AES256_GCM,data:FqTd0Q==,iv:jMNJcHlZJGL6kbpGpGRHmQndR0d143U8tQcn5OCfH1s=,tag:Z238tlAG3X51fLOmJwfhjw==,type:str]",
-	"POSTGRES_URL": "ENC[AES256_GCM,data:S8yNhcN7SM90bHJ/dO8LJvlD6fqIPf5lFGKqjhI6JQtZvEdFAv3v//TGV3cht63F8EBuwNBoLxIvSs1XQ7+OSeYUm5B6Z/Uxp0As4Tos12aGwu2ADb6TT52iHZNnV6YsePrVP4WXFBtRM1AgJS7gWDtrSNSzQjJmZDzrw5DyynbZgb3qS3GhRk2DsRXn9BeM8udg/JOZ4IEQCebBPoAZrNNMYEMHqQexvw==,iv:rLinhGabqw/T7xI8W1pmiwLKYE4sJZrfjFD3j6JucqY=,tag:7l4Yjj5ODEdTzR0PkKSWzw==,type:str]",
+	"PORT": "ENC[AES256_GCM,data:q5zcdw==,iv:AzjGJi+xhdS68qB3N8STRSrurqqYjYW1dJZlCuWCFXo=,tag:/g9WDrgKmkoz9T/Ga2Qf/Q==,type:str]",
+	"POSTGRES_URL": "ENC[AES256_GCM,data:I9XB0OWWacbDGheZ+1gxpOqBnaN7Is/+reKkCW0y5rmrRwl4qLKv1Q5NumeQNs8qKBMxjfL//qpBBQCRAPiHSINQJIkwHJtIw4s73Jb1an/2YCkfV9bdhh3bvIkM2++l3HlO5eTdZQn657lPaURqXpZKU4GxB9WVnTgwjibED9gyGpuVtEQXGc2vkBPDow9RzlDPhGhwy5iSRnJUrliD6EQhyRlY4IVp8w==,iv:RdbZcjVyj3WqSaOd/n/tUBjenFF/wK0kMCPnHuQa+9o=,tag:8f/SkjTuP8/yX2Nz/80Oeg==,type:str]",
 	"sops": {
 		"age": [
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjMrEzKQSq/0eePzgUGXM349sBm6GVCXoz+tJZJaBVT",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHZMYWFYZyBXWDB0\nZlA2WVNhT1dDUVZOaWVLc2NWd2YydXU0WW10ZmJ6ais4SnBqNnhJCk5aTGwzNW9K\neDZvZkdIc3pjSXN6R0RJVmxZVStlQnFNZ3IvQWlEVElQb3MKLS0tIHM5WDJpWkZD\nNS9mdUxydUlsdTJCS1prUzJmTHZieEpiOUZMbno1eDlYeXMKDedOow956x4W+RBh\nkRnZYt5em8g+sLspjXPHjOPUYt7JKs3fURHeZs2ERWGq4v69T3dSGItNSgSHw1W6\n2SBPuA==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHZMYWFYZyBSLzZT\nUEQwemFleDN5Z3lIcWxMOWpyVHJOeExPSDAxVUd2RjNQbU41RlRjClkwVTA0SlVX\naDRIV1h3ekN2V01WaFNMVmU4Mkl6a1F1aExQT0ZTd3RQRE0KLS0tIEpnRWJqRU5X\ncVgvSTBtcFdXQTBxTFBsTGd1YmplRzhmS1REMm9QYzV5emcKAr8c49GGwkAf4Mqh\ncdvOxuueP+Zt+kDBvAlbHtOEljkmtWLL8EZIqhH193DiKunZnOKhb0xZH32KkBjy\nlWjeKQ==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIoX0wKjybps6ZHuvA+uwE1ThfWl87MApDLxCjCDUCC9",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEtlVWxBdyBqODAy\ndHZnaFVWZXM4blhERHNTUnVKbjU3eVJITWt0WkF5T1QrQTE2eHpZClFhRlFZSm5F\nNVZsTHJXbVBLUnBWcmJqdlV5akxFUzkyS3ZFT3JXODhzVGcKLS0tIEJ1bUVRWjIr\nUXN2TkpIUnp3VkpGd1RQbE44Qnp1MmdBSk56b1c1T1FSVWMKPe84Rpju4Kwd9QgI\n65DGrdYBMjSyo7IEErjB/CHYkqOVQ/MDr54UeiYe4r/GkxcG+ephh9W9Aap9kPzI\nAUYsLA==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEtlVWxBdyA3L2c3\ndDAxNDFkelFJeFdaWXJsbFVzS0ZUM0paWnFTMktpdDFXSFlaMGowCjk1NzlycWNq\nbE5ZOUxDLyt6MCtsWXExclNHN2kyZTM1a2J5R0tGTXZsR2MKLS0tIHVIZUlQRENk\nVzRRUG5zZEYxa29vTTJuNVZucXRtMHcvSXRYRkN3eUxkaEkK80S9B37M95hmw5Nc\nhXeyvIuKavsDASv1SQM2yQQBrQJBwmSezIduhEg1CNBWziTYIsurn3Wiv4CI6p2s\ng8Hc+g==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKZPhznHjTDifGroHiGRD3hwWz69B8NsSSPNbwWjfzgW",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFNdXZydyB2SHNt\nT3puZ053WUc3RWZIaEE4aTJLczlvQ1o4TTZGMEtuWGFEVDZhSTM4CnUvNTVLS01Q\nYVZZZytua3YvVzhxUFhqaHM2eFhTd0dNanhjMjc0Z2FuUFkKLS0tIFI4WndTNHU3\nclFsY2lDenVVZE5iSzExbzJuZVNnNzBZWllPcm5EYmJJMEUKlX8E636sJmqRnfW3\nV6NvVDWVTi6c0ekT7BAbgMbZU8GqUUIiF3u3EGzTpHrtKiWYlg+j//RIVO2Djx56\nGCAmEw==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFNdXZydyAzaG15\nUjdKbkEyN2tqMDBMVzJRQlN6SVlLcW84NWJoOG9qY2VrcGlTVm1ZClQwcnYyQTR3\nVzdPUGlaaXVDNWxicWViM3F5NlJ5WHFvaDRJenlvNFYxTGMKLS0tIE1zVDVVU05B\nZU13Qm4rTVNENGpoZndFREpKRG9MQUlIMWZTTEtNdmNFNHMKp42KdCFt0St4t1lh\nbgYarg6uUFoaDGaax/LJ+pkvbpYSUyf2YkOAZtXCv6GXFyjrx2kz+r4nS5gTrWPK\n/sa0bw==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJF9kzudl00FVTQA7nnSaicAJW2MoBKm47G7wefb6uSm",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGw3N2NtUSByZ1BS\ndjd2Unk1dnFPcGFoaStvd25VWktPKzFHcDlKS0RCMWlyU1Q4VldzCllPZHVQaGZY\nMEtidGJ5Z3REam1yVytObFZzRE0vQkU3bmhPZmlCWVhGbk0KLS0tIEc1NDNqY1JR\neExRVHNBVXRXbVRVZjA5d3ZCUGozcGRJRTk5TkM2YklWSlEKDRwMdHCWP52xHDM/\n2RIJJ9Q1sXNweb0M4/w8HDObniFwEyDXYdDLNrduOrkXKBBA9U3TXZqwWMhMFcyX\n/alHAg==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGw3N2NtUSA2K01O\nTWVvQy9rSCtSeFpKTGVoRFpkZGFRK2RGRVVCWU01SHZlMzNxMkZjClFzK29iSzhQ\nVGE0Q1lzYWN4MzI5dzVxMk1BWW8vS1JEeUo3dFpHNkVHNWcKLS0tIFVqMXJ3MjRU\nZWxaS0kxcHNlVGFteHh1bnNVVTJjTzBqRFFCb2g0NFE0dDgKDlQBBKY2dn5NP/3K\nFfQ9+TxGzHL/a9E0ZN5j04/KR7i6xET9q7uQKuQdIma8d6kX5QDpsT0+KKRpAXMr\nvsG3bA==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDmZV9Oi9hrckXTpqBnDKRrY9mgwj+SJeVBGWmne2+q5",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpUeE1RUSBXblVY\nbEZjRjRUb3FsSVhJSlZoTVRLQkNHbmlzTGc4UmVjamJNUmVyZ1FvCksydStrM0to\nd25JVUhRaDc2ZHllNjE5RXJQb0pnUzAzYmdmNGZPWlJNUGcKLS0tIE1kL3k3R2Nz\nKzB2OFIwTkhLNHZjYTE3RFdHN2x0ZFhVOGJMb0ZvdXlPY1EKPStMcKpuX3ZrW5qk\nXwmseC3N9XknTMn/HMRkpEOOOUixaSYF4Ozw2sCZI12xBT/TO1g1mb5CSLWGGsc5\ncHqJcQ==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpUeE1RUSB0RXd3\nRWlBU1FpNDM0OTNBbWIyT2d2SlVSSFJlWUljM2ZMN0lGOGx3dmpvCjR4K3V4Z083\nZEpPM21jOGN6YzBBVEE5UmI2MFNhTytSZ29kSm9sOWttS0kKLS0tIHl5amxMU1FP\naEhSTVZobDVCNjVmdnZqdzNaYmlMS0RpUktDS2NaWnhlYVUKDLiyOk37ShZEzq8Z\nrQQBdZzmvkUXJjh1z2vysyVeS7uxIoxR3wJyCWGOexjGsygRUELTuWeP8hnUkBTM\nULip9g==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA+M/DHDlKgayM6wsiX6r704pE+2qENOsKcytC7sBhKA",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDF2bHNJdyBldUp6\naGY2cU5MY251cndDc0VjU1lOTVB0QlQyclBxeDdIbzE5elJ5M0U0CnVBbGF3Ky9v\nWDR5OGVuaVYwaWJYQUk3bGlEUjNRMkV5RUQvbmtiTmRRYUEKLS0tIDkyZlBkYU54\nTk1NaFZPVCt2aVhKWUJQbkc2K0Rqdi9IOE9XOURjRWlMYlEKjXVcoXfWh8i+Wne9\nUsPivFqHzlAfmIpV/i/CQVnXPD9Z537cDqROZBq1+4gvRdGRIeGf18CgLzA3afcO\n/92CjA==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDF2bHNJdyBTakRr\ncXM4TU5mbVBOS2gwUnpDVERwT0U0WGN5TDJPd1FPZGpWd01oc0JZCnJyVEJkZys3\nZ0c3eGtBU081Yis4TTNmSGQ2VCtwZEtQWHhib2tQaDBYUUkKLS0tIDBBWE1HQ2FZ\nakFNWUs1NnNZRHlDT1NsWjhZQ1RTdXNtbVo0cGVweFFGbnMK6buqLVw2YI+Xumjh\nHwzaJ0RFhRTJQxNVw7kaTcR+Oihe+lm0LDszJCpFdVCXP6hj2FU22/Gpz1cs8Im2\nQ6pG0g==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINh0gA7reCRW+zQ5pPpIjoJGpaFQSbC/4K8B6vMXJVr+",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSBjM2t6\nN011THpSSklqTVRqbUVkRVVvSWdLck16YVFHT2ZWZ1ZZU1ZNc1I4Ck9EVHhMekFx\nLys0VUZycitnRVFSRk8rT1VmdVd6STZqcjJwcHBXNGJFa2MKLS0tIFErdUxta1ky\nZWRyeXRydXFqV0ZyQUpxejFnMmV6RzEwczdIcFNxTmd5eUUK+VI8Zn6uGWMvjCaF\nhdlCpClec8giaUgi+YVGX+WZviaxFHpPZOkH26ydhfDqHFOXrrZum9/vsziJ5lUY\nVNrxLQ==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSAxemhi\nM0N3VkdwSE96ZStUTm0zeWE1VU1vQy9iUWpTVFo0anhjVElKL0FZClZCbmJTOEl5\nTXZUa0dkekdzdjFGVG5sSWxQT1g0Z1lraGdtZDQ2UU9OY0UKLS0tIGQ2aENnbDVt\nTWh4WmI1QXhLMFduY3gya0Fwbis0Ly9jU2c3NVp3SDNMQUEKA+sEJYQrKmZPKQmW\nhYzB/VIcL0EkBU6DaykzD3K56gy2SlWS54Vq4qO7KVV8gofjNd7zD0fpqXzsGSR0\nRf5OnA==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEmYihgWHfnLw0f8uTfLokCwToLavzV/+k/GggBA4Sz/",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtNZGJ1ZyBwb01W\nN2ZzbmlyaXI4VDh1ODFQOUVOMUszUVRMM29YUHlGejBzTURSYmxrCit2YVVaM0FV\nWmdQTUdtaUNDTEVtbUY5TU9vS3dsUFIxN1FFencyRXdGQ0EKLS0tIDZYM2FoZHpk\nZEZkS1hOS2RkQ3BveGZ4N21ibmdoTlhzQW94Q0JWMVlPSFUKvejBdVzkEdVg4sPw\nSA9bEJ0IvansG3YR8hJQjM0+9Iw92EZeym6uBS0fW9j+EJ9QHw42gkeLyl86FSqO\nNqadeQ==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtNZGJ1ZyBYaVY2\ncFhUZldZejgyZ1dwOVAxaFdKcmxlSW81blBSR25QZHppNmcySGdFCm5MSkJVOGJX\nODBKM3h1QlhqU0VDUGtIcm9lSVFGeFE2NTltRDNZSmhobEkKLS0tIGMybFd1R0xn\nRkovREIrMy9xd2hnbmZGZHJMQW4zQ01SOHVBanorZVdnaWcKE0evvK2rWbBgKQK4\nxbojLEOszsWphR1is71QyKEmXX2hBQgK/yQ4SqZG/I1p+EAfp4WFzmQdzVTPKTn2\nnd+QZQ==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvT1RvcTidgpVYE0OPknc3f5HcAVpyk+rXXrW4AcbzG",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFFONEwvUSBnOXZl\nWXNmUXVINkc0WlczcGl6V3FZclB3Y3JWQlVIVVc3MTZWbldsM21ZClJXSlYvSE5U\nZ1VESEUrVUtiVEJRZno2VkROL3ZWZ0VhRnNMZEcxWkVyQVEKLS0tIE14SGIwamhK\nN1cvTkhDOVV2RXhKRXdPLzFIMDZzdEl3OWtmZTlZS05FTUEKKcWw58+a0/wF5V0M\nyC2GdaufsGtNTRq+ZVPC8zEazXrsrlCi9/vQyL0xcFYbTvds4o8HV7dmAfCpqiYF\nNZqvCw==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFFONEwvUSB0amoz\nSCtDUUF1RHVpdjcyK3VRMWcxVmFhZk5KTzBrVVFhSEJhUHVaUVg0CnVkUWZQUGg2\nNUhhUTJiS3Fjd2szYysrQm8rU2Q2cENYOTBnSm9jKzRhSkkKLS0tIFZXVFNPT3RR\ndGl6bnV5WGR6M2ZIVkpOOXBGc3R0Nlh3dVhoZ0JjRllEUGMKglYZRsRdpwtDRP0H\nh1FhTtCkHOOPyVYhVRpVjduIzfGN//KfL+oNg9btiBUq/AAvAfsrW2ENukG2gbg8\nCokUrQ==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEijeq50HS1g27BTRfJ8XWIPrAX9UVkap5fgIOCOtA5+",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDhjWXRrdyB3SWpB\nSzAzRWFoQ0tOMkJmQ1BRdkdaM1BrVFA5RXlJQzlZcTJxMkdySkRvCjNEVWFpOGJ3\nbTJNdDFIa241V2tEYUtuV1pLSkpDcXg0ZlI0bjRBSmtsRzgKLS0tIDFzMXA1SW91\nRlZwU3RWUGZtcno1TDFDd0lFdXJjZGFxSXltdXVyNUdNa2sKO5Zatmi7BCAA/JtP\nnckRYUanQvRb72AZiDNLA8fySi4LUyvfyKPgQMAXkiO5ITqsS+cEXXXMUiWeWMy+\n/0qQZw==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDhjWXRrdyAwTmlh\nMlpNeGF0YndFTHJ5T0trOWNXKzlUVWlqQnVSWHBzWFFDZUNsN1ZRCklMWWNrcHVl\nWnRpU25PVHlvUStJcjMrYXhhaFQxZUFQTmVSZ2R6MTFxbXcKLS0tIE8yRzRnUEta\nMzFNM0paa0JRS0ovVGNCQm50Vm5udGx4QmhtbTM1ang4MWcKs1U5qN9yscpjggH6\nxAh1ycZZ3PBLxfX9NWy6fLG4K2owc4Eov5HKl9K7jgKZUHUhArgoMj8qGt8uAR6v\nb1SVfw==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
-				"recipient": "age1eqcj2g0fdekj2wpqp4y0fg9c5myydjdt9zlr5scr0grk6fxszymqkpw5jf",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYVTQyREx2dHJHclg4My9E\nWThzV3BWcVNCbDQwZkw0RnAzQzhxWWQ4bER3CktDMjF1d3VhdnFFTDYwUGhtY2U0\ndEN2R2hwQlVUUUpMQjV0U21lKzlnSG8KLS0tIDlmZSt1SnJjbWhoL0FZcklqR0JY\nM00wVi9tOFp6eG5jWlF2bkVCL0xiV1UKGbhJjQcpuP+S6wZlW1uf4+eZRt2u91k4\nkC06MY5o+VDGlhYPHUP7J2gvJ/5+m2s+TgdPqfiZ4lmJg9j8fRHsXA==\n-----END AGE ENCRYPTED FILE-----\n"
+				"recipient": "age1d9h9mm3u5qalmpl2pf62pyzqj8t654n435emn93rutv0cg9sr32sg64fdj",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6OFFrSFNpdkRhZHNaK1lo\nTFZVWDd6elJ4NTJDaWMrOTE3R2x2dUV6Q2dnCm5RaHY5U1RmUnhDeWI4WlA1djF4\na1NGWW1VajRoYTVrVGlaUlNvcGNKeTAKLS0tIGpZRy9CY3daNmNCMnFjYXpsWjVn\nczRYclprelR5SGcvTUVMbkppUGwxdHcK/1JYtAA7MKXjNLrzftqA3gEK6sxl2N/F\nt4UqT2DXh1IzGlnyNrDA8xilBaKdqcUN2QkdxkLE6Fzv9j8TLmOe+w==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDuzbgoXZccZ2w/9HGgUyT9nJH7lG2/jfQCZJudY4yAN",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG05VmtkdyBYdjVl\nZkhWWG9UQ2Jhb0FSOXVMaTJoa2lUWG5lZjdGOXBUMXhITTJ5NEdNCjBrY2VmYllX\nRVlkcGg0cWxNU3dBcnp3b2hNS2g1ZmpUTld5QUE0WmdMdkUKLS0tIHB2YzRsSU5P\nWCsvVE5xMEhIVkZUQmFrUGJOa1VRSTRWSHZwMzlRRFdLaUUKzxkxs+ASXJy9F71l\npq+klFSF4L9TaUAMlUGsGme3blGiBojD/j1om+urj18xhx+IEBCd9ckR6fCfbL3Z\n97gZZw==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG05VmtkdyBRbkwr\najJ2Z2tEQkFtUmtQVklUeHltQ0x1dEQwczdIWkVFTDRkc0JkYlI0ClB4aitZNWtX\nOEFQaGp1amhMWHlFc2M4S1JranEwOFZ5NlZqblNSQ21wUUkKLS0tIGFoUWdRbGFm\nak9ocjJRQmVXSkwrTEY2cWlYRWRQQVlGaGVyeFk0U1dqQ3MKcxvvJOzISy9j/VMt\nrBltPj/ltbib/W7TnQZ8EqzCrDqSsYxOwVfQbhCv/v+A+IxpbbLr291M5xhejB7j\nY8SNaQ==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age16wuzuxnkcgfuxzvzgk5e5a5f6hhs386adjewyv54m9esr4yj6uuslpn6tp",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmWURhVnpJNTBJK3FzNTB2\nTlk1TU1ISUJEWDNCY3JWcDQzSGhzMHk2c1I0Cm9pWWE3ZHR0U2ZCVDNHbjdsNTNV\nT2c3UHQwN1E0YUN1VklEaDhSZWFzMEEKLS0tIEtGeEYrSmJZd2pDY0grOExIZTBv\nUnpDclNSSm1TZUhMRUpPNXU2ZjFyVDQK8WZ3SD16RI06p6CIBJi8BlXOP3jPCU8+\ne3pFDJvTcDus7paDJDf1fJxv15Pe0mt2gy6Gs2bFsx2fxnBsVR4rhw==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBZGFxUkxSdmRDUXkyc2NQ\naVAxQVhZUkhneEhjc1VjcUZQUjZyclp0WERvCm1HbnprKy9DUmthb0szdWZGeGxq\nU3FXRUl1MTc4cmZ6VkdmQWFJeHoxMXMKLS0tIHZvaGN0M3h5c0VSTEdYNTcrVEp6\nSXd5djZrTXN5SFFXVTZZbnBPVEhXSHcK0WBkOwTImjI+u7mCI1MHIPHy2BOGXypo\nzKyaygktKQYKCqPJbLRfIO10IV3vHX7WZyKc8X6hT49idTKKrJC0Iw==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age16rkvks3tljju3y6xu0l7luhjzx634et97g3xe58xf2dgfn2865rqkq6t8f",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrR0U3WVMybWw5c1RlVTBk\nZEZkMVU1cFZHbmxWT3NZTlFCcmRmeVZiK1RNCjJtRWlVOVlYQnJ1enVVTWl5bkZJ\nODJpYXRVbGVNYURSdVkzelgzV3QvREUKLS0tIFJtSitKSklOR2pPMzE4cDdVS1BT\nT1EwWEJ5K0o1a2p4K0NZYVg5RTE5UXMKefxNUSBSHZql0yZoonFjYXgMeFGO3CBL\nDb3XOqULR1TV+5j4d5tcJ3E8q/3BNMUsZFbaHDMqkc6+CsV9ewm4Gg==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtdHpOb2tNcWQwSXpOdmNs\nbHJxN1ppZzFabTVZMHozVDRYOTNZU3VUN2w4CjB3dlB1SHYxWjJPeWVHbGd5U29s\nS05xakRmUmhBSE9UN0xMK0VRZWZONmsKLS0tIGtReXQrRStoSjV5WUJXaCsrRWo5\nQURSR1lzbEdpbGF3bXBvMXp0cWNSUmcKWUKuBBc0lcpJu9/XznQMSc505n9lHhv7\nSZpLqjQY3cryjNE+2lEPn1xDW7xIqOxE2y+rfCH77pnd0LEL8FbOkA==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFStro05R+CPmjWMHWtzXUKfGll+OosoZtXAyPtngN7T",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDRTOW45QSBwSHVn\nQ0F2TjRQVUg3anRyS29tci9GWE9LRExTbFpMQ3BybFQ0SXUxTWs0ClpCU1IwZ0JM\nZXhhREZiRkc1d2kwWDhMUmwxcHo2TTloY2k2QVVWNDh5TzAKLS0tIGV0TnR0YmEx\ncEtpNm4xVGpPM3U3WFVXUVFtcnNVeVZkQlRvN2k3SDlkV00KMaVlOcijjrxa1rS8\ng36vGaaq0xauZR9m1re3cK+JLgIUt6zMw9wilRb5PnOaYvG74CdFnW1UCgEaz7LQ\n/hAMJQ==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDRTOW45QSBwNmow\nMlZvVXVzd29wY25HbVdvK0ZsOWhZeFEzc2xRR1VqbnlQYWM2bjJrCjJxbTR2aS9x\ndklTSXdhQUxoY0tWQlJYdDErZVRQdjhBeXp6QU5aNG9YTlUKLS0tIFRVc29IT3ZW\nVHBVZ1A2T1hZTDR4Y2dJNkprQlk3YlZjelF6Uk0rUm01S28KFCwNeTuI0Wi2zKEG\nkq508d6ZPOL1KSzvnItY8LTQgSUIs9NFqfdyzaaqp1NF9qnrBivao1k9A8zRm+8m\nwY9kJw==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO5qner13Q0fm5NhdXMx2nkt5kxjC0/SVY2FXh01OiHN",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDVucGlodyBQRUsv\neFEyYnR6dDIxRFhoTnhsVmNSMTUwMEp6MFZKZUxhNXNJQUxWbjNnCnNyYVdEdHl4\nbXVIVkRTUTFXelNVRjBxcmp4RWpmMUZKazhHb1I5VnpMUGMKLS0tIFZNZ2MzNnpt\nd0ZXSnd0MklkWVVrdlNPMFlrNFhXcVFLVk9xaVluZFc4dzQKdCrJzmu0f8v+aXNw\nnnc06zPgPLxf+MhEC/ZDKvY/Ep9w3oHDyn6B2P8HsOszffZ+BPxlOzbJu40VYISR\nX0fK8w==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDVucGlodyBBVWg4\nT3I3TEdwOEcwZEFaNjBsa3VqRVE2b2hkWUNRRGdxZDluc21yK21zClFjem5nV1NB\nNUcvSTNTdjdweVFmS2lGTll5amhLQ1BOS3BoWjhOdXZjT2MKLS0tIFlpSzIvTVVv\nWkZmZTFNaXZPNFFTSWF6UkZJSElPTXJPWTBNdk1HeDViWDgKmCsjdFDBCGx8DV7p\naWJk32NgcjwFTDVRjYzT2m1g/umvmG4GcQkVUbwuL4VOJgv5QRLvxB4RbSyw5Vx8\noOW5+w==\n-----END AGE ENCRYPTED FILE-----\n"
 			}
 		],
-		"lastmodified": "2026-04-24T02:42:10Z",
-		"mac": "ENC[AES256_GCM,data:bYfwMAQCQx07Wu5PCKTWEREioDvnPFPmE8TD6IOpBC2/q4a+zSZJS7kZ/SaPqtsUZJiUKYWcExZqakP13MB7yD61ZwH8HzmjoZiyFIqm8kyH99n3aODmKXNJCGXuvxEA01FWUiJSDjwP3t1CzlG/0lsmcSU2oMOtUyBHyfv7KXc=,iv:jXvUrB9U4DJt9yCtwt1jH5HfZY4CYMPwZR2MKWwLH98=,tag:p6z+dQcPSxicZbbTwHkw6g==,type:str]",
+		"lastmodified": "2026-04-24T14:30:26Z",
+		"mac": "ENC[AES256_GCM,data:voMMqG+ZkmdBSSW8k+AMKgIXB531MBxlBFTDU82NyrC5EhR1mk5ld9JC2uTfzbznXdas0DPe64OvGXLdtHZI47bTJ1OUlWE9MwxHrFowHQD+3Msc15ibayh9NpBzhJFjvzb9f3NoH5XgVlYHuEOad0bsvY/DKOkpLFqvDhsOuh8=,iv:NhBdIql4WQVGr9G6cQ9cMD9CoMQy35HClS/s28Bjheg=,tag:wT1fIUjZ2uSgRxpwCXAyBQ==,type:str]",
 		"unencrypted_comment_regex": ".*",
-		"version": "3.12.1"
+		"version": "3.11.0"
 	}
 }
diff --git a/packages/gen/env/data/dev/stackpanel-go.sops.json b/packages/gen/env/data/dev/stackpanel-go.sops.json
index bfe6fb56..021a9009 100644
--- a/packages/gen/env/data/dev/stackpanel-go.sops.json
+++ b/packages/gen/env/data/dev/stackpanel-go.sops.json
@@ -1,75 +1,75 @@
 {
-	"STACKPANEL_TEST_PAIRING_TOKEN": "ENC[AES256_GCM,data:OvcNK0wuSzA=,iv:r/lrDvgLmNCmqVl+o0Q2koLsmYEop7RtcK1x4edi3dE=,tag:QXYFKuJKIGkfxS71gIu/VQ==,type:str]",
+	"STACKPANEL_TEST_PAIRING_TOKEN": "ENC[AES256_GCM,data:aB1Vw0C6lfs=,iv:Nhytiy2Q6xuyDKwJ3ewx02jsFsX+CIN90SRXZtX936A=,tag:22QE3jsParyh33yCRv9qsQ==,type:str]",
 	"sops": {
 		"age": [
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjMrEzKQSq/0eePzgUGXM349sBm6GVCXoz+tJZJaBVT",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHZMYWFYZyBYWHhS\nbUp4TkFKVmJTenRDMWNZOUowRjdUd2FNU09lck90c0JLQmFLc2w4ClJpZ3p3b210\nMU9weVkrQWZPS3ZuckJ0STduaXd2MEJsTzBrSlFrSzVESm8KLS0tIE9sWTBLcmhO\nK2FPeUIrdjlrSXFEck1EOE5TbVBacVVidjlJRWhxbDZFQW8KQ9OtD5UJ9orvReTx\nzH/7lgN/o9Dw95wtkZ8rPMCjtsvDz8iRWxDyqkSNhByOiVdZqaYxUGLZTDOzWqyy\njgPDrw==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHZMYWFYZyBtV2dB\nM1dFb0k4ektVdmViTVl0MkdscUMzaWtZaXk0eFZHWDB0bDFsM1FNCmVFRTd2eSs2\naVB3QWdCbkllT3JjQ2tmblhSKyt0RnRXS0NYeW8zdVlTRGcKLS0tIElCZ3NHMnMr\ncHBacDNsOFJNMHBsQml2ZDBWQ3BTbU1OQk5ORmVzZTd4OGcKceSOzUipl/XHCLqE\n3JNs63dyDkZGt2yqZvJPXok4be2P4f+OrryGShlhrCMat9eZhMjx38HCI9e/viQE\nN3iahg==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIoX0wKjybps6ZHuvA+uwE1ThfWl87MApDLxCjCDUCC9",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEtlVWxBdyA0ODZj\nZ01jWitsaUJOZlNxSG02VUJEN2xKeGlCSEI2eVZKcU83TWxTRVFzCkFRMFdDSVJL\nVGNrVEtkSFhtZ1A0WTFSVkNRRW8xTXFCZlJ6NUIzRVpJKzQKLS0tIE53NER6TEV1\nNzVwYmtDeHExOG4xcDNEeE5NbGY4SlExU1JzY1UwKzdBekkKAcSPiW2PDvuFUMbV\ndtfklbpQIvKLKdlL3QXIfas38/C+YQOASQf1Lc/uaXpNVIbxNYM/DR+MK2Rrw9yt\n+cFIcg==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEtlVWxBdyBOVTNP\nR24zNFNlMG1tT1hYZEdnZUUybzAxYUJldEs0V0lCaGlyZGMrYlhBCllSRldXNFFr\nTkhnMzhmZDVSUk1lbm1ScVVMYitxQ1A2d3BwejVBcmFsWUEKLS0tIG9saVM1OXl2\nVzF5UzI4NlVSbnpGWVI2ajJNM2F1anQ2ZGZGOGVOb3lUTlUKyMt1uJEZXdKBgAuB\n+MGszs/aCsFgQELMiOEaWgU8HhdY4prd/HUCzbRcuMdANiU3ugmk6ph2+UdGSU+C\nq84cMw==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKZPhznHjTDifGroHiGRD3hwWz69B8NsSSPNbwWjfzgW",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFNdXZydyArdmdP\nN2F2K1hoRm1ydkRXZnp3SVArYkNJN0xJZDRQOWlETVN0clhZNGw4Cmk4UTFacUxv\nakRmOG5MaTNqMkdISGx0dUxoK1k0cFgxeEFsbGM4RjZsNFUKLS0tIGxlOUs4SnBY\nTzh3MFVpbVNFblk3OGR5MXgrakNCeGxWem9xWTRvbGs0Vk0KCop8w+Pt/Zg+kF0e\nRLR5yQfR3ZTUMJxeZZkoGfYU2GZvrwBXAlEzdRcRup/wiJ+vQ+hRMlCRoWFd+uTR\n1Q2F3g==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFNdXZydyArS3g2\nc05zSVVEcEtHL2gvUGZpTUU5cmk4cFBZU3hKMWZaK3QxQjdPTVhRCk9kYTIwajNT\nemcvWEZWQ1cvSWJTWjM0WWx2dElDUlJxbVZKOVYrdGtiQ2cKLS0tIHJzSzYzMTM0\nWGlsR0M0QTJrNms4RGNReWlrSVl4QUF4cjJNZ09MNVNuUTQKHpHvE62u44qFUxGZ\nhVmXNxSaK5h5L4ZZNjuEri0kWoGC296gi1Irmd0/WJ4XNJZXFAwC/9De+FlMZvro\nKkkpjg==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJF9kzudl00FVTQA7nnSaicAJW2MoBKm47G7wefb6uSm",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGw3N2NtUSBaRW44\nL0xQTGVqbzI3ZzVKYUJMT1VKT1IycTFDdVMzRzZSWXIwUU9ZeHdzCjNOT2VsSExI\na0ZxOWFlSTRIRkI1d1loVFBaaERJSU9yMEhUeGNNRVR1NmcKLS0tIFY5QmJyUGt2\nUEVxRlpyV0d2ZFRCcmZqTm5ocjU2MlpXb05CV0IyejZFV1UKT3tpBt4PExiRdDBk\nKtvD4u6gbQtxPuuz2Pjm7cuX+GKF+3e8KwgaY+MiuoSmbNZz62/amHIB4zu+7v0D\n0eEd4g==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGw3N2NtUSAreEdP\nVS9tNzVDMTRkeVhHZkFiYjBlZ2lUNCtiMEhONk9RNk1kU204UzNrClk0cUxCcURQ\nRlI5bjBLZ1FCanNMamdGOG9uMC8wTC8zN1p0VTdsdE1DNEUKLS0tIDlCNXlNeVZq\nOW1LVVgzYU1jVC9Nb2tJMVZtRDF2WDJ2Yjd2MlpKdUkvYmMKmxl+9eCO7VB+EiAF\npohLHTHg64xTF+F4FH5wuEz9uxVHTlNYf1fqKYmYGei1HqStciNWGuoEYOrbJJjm\nbYAkuw==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDmZV9Oi9hrckXTpqBnDKRrY9mgwj+SJeVBGWmne2+q5",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpUeE1RUSBteGtI\nUG9HNzNDUjV6bjcwdHFEK3p3OXpMLzhVYXBZOU85Qkt6NSt1TTNNClJJTVlwUFh3\nNXkvSTBMMHJqZ3gwM3dIVk0xU29lOFI3ZDlrSDJHazZ0WVEKLS0tIGlILytsS3Y0\nVFdURXRYNjNRaWlaVHR3bmRSRWpPVkhLMHhGWWZ3K25NRVkKzPppkWVQYOKBJETP\nal7tyqByyqbBeAanQUqosPaNpsAwCYUQruOzb5T/rgw84R/BY2ZypPPD5ML9VoUq\nfAIVQQ==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpUeE1RUSA1WHNX\nY0F4MHlvTFlZZmdjZHNDditsMzhKVzJtTFNmdVQvTkNFS3BValNJCkk4dmF3bGd4\nNGFqU01LZ1hIc2xSSE1FWkNNZ3RDR1Q4UHNORFMxUGRmanMKLS0tIGc0eXBFL0VT\nelVHNDhuSzdDVVd5T2FBak5wSDdVOU4va3kvUm5yc0YrRDQK3rm/ohrwkGG2JTWu\nQEjLwkMKdrEJYPU4FECKN4wAOozH7QQjcABbD359E7dryNrG+SH9vPbZqTDMt1vw\n05KfYg==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA+M/DHDlKgayM6wsiX6r704pE+2qENOsKcytC7sBhKA",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDF2bHNJdyBNVllt\nMjB5MFJEKzdackJCdnB2MGkyNE9BY2FLZjFRSVFNLy9lYVRIbDNNCkdjUmpUR3FE\nbjIvaEJReTlQblVSQ3NpMnJ1czJ3K1dPaFpEU3N2SkY4N3cKLS0tIFZ0NnpTTXUw\nQU1wMitpbEVaNUp5Nmp1UFB2YnV2ekVQUmFYdXkvQnJlT2cK3CNlvILauo/f1z6P\n6sajvF3qhL1JAJOe4B9IdIPZHpW+JWx32q2Ocs+ZD/JJdbpLoHjMoP8JXvQudwcK\nuGRRUw==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDF2bHNJdyBOblRx\naU1ZRTBnWk5vV25yWjZWZFUvdWlhSTlWbmw3NWE3R214d3RHQ1F3CkZmd3o3MkZC\nVjg4UkEwaVZpWkgwZEg1Q1JHRnZDb2VnU3Y4YnpxMDdOUlkKLS0tIGJ1UnRiZVVC\nVUpTNm0wa28yeFgyOUQ3WSthSGpRTXkzZHNuRWY3UG5mSGcK1CJ4Lh1AMccM4363\n/g2Kfsh4KKC2R4kfx8nl4KbAVGXEBwBiYWbZjGIwDE7ROCA+OSZfc49OA9k4AXvl\nag+sWQ==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINh0gA7reCRW+zQ5pPpIjoJGpaFQSbC/4K8B6vMXJVr+",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSBUWVpP\nN2pqRlNvL3JsRmQvMm5BckZUZFArcUpSeStzb2JxYjhQK3VpUldNClNubnZEdmdR\nWlNCVEMvSWF6TDdDV3lUeTBDcXphVHViekNOYVRSbHljc0kKLS0tIDBOV1cwY3Av\nN3cxRGtjTFhuUE1WTkl6c3ZoblMvcW11aDFPMkk2b0FwaXcKH2L6u+2DBbFd76nQ\nJ5JMcxWZv0bjqm/hj1Rc5XcPWMvyBvdSwvNppA4Wt4ntVB6M68WxlSeIVzd/qyYc\n0dI4ng==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSBQTVUx\nNHordWljQjAxWW9qb1ZXQ09SV3ByaFZOUVBhT2JsdUFlU2FRc0ZJCkkwK1dSWVMv\nSkxKWWVyMXRVMDQ2VEtSdUdoMStTVElqQk82QjQyajRCdDAKLS0tIFFRYW5aOFk4\ndHAvRHBDZndUMklpLzQ4U1NJRTdiUHJEUEsyc3pLSVZjb1kKFJxupJ4gGCcmh61l\nGeFgbiK14af2gIjv/S7Ut0aDis3HlleiDEI+5AXTg6mFEDm9AjnAbNrHUsCrw2bo\nMGLh7A==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEmYihgWHfnLw0f8uTfLokCwToLavzV/+k/GggBA4Sz/",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtNZGJ1ZyBjMUgy\nTzkxNUhNS3hoQzNZSUJGN0VoM1FHazBLNTJUQkZ6OWlwa0lwRmtrCjFQOXFwNFZE\nQzFiWTVTa2lrOFMrcExwTnlGdkQ3dngyWSt4MnUycWl0em8KLS0tIDhzcCtXc2tO\nSlJWTG9laHJCSkVtOGlqbEp5RllsdlRKQ2hCekFwYUdqaGsKfrLZqHjt+QgqmZjT\nOAUWU4rWBJW5cdfzAvJjhWXDFuugl4UOg188H5vjU+hfksJHRFWlaifGtM/YAa75\ncqTf7g==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtNZGJ1ZyAxdnBr\nUkIyWnJoLzJTL0RiaTFPbnNKalc3eFpTK3lLMmhxc3dOeE1YNXlnCjFyV2Fudndl\nbm0xWHNGRjZjejVJbHBlN3RONWJ3amlJdVAwcmRkcytPQlUKLS0tIGp5QW9SYWZO\nZjJDOCtNaDZCTkswYW0zbmlURXdkbG5Rak9SZ05CZmthQXcKvCd1qcqpsfyBe2tx\ngxa1+UvWYI9EGchXklNHtZB7xNHWwAg75H+HFzRi5G6fco0aN3vBvb0pbv6VqVNw\nZ6yoxQ==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvT1RvcTidgpVYE0OPknc3f5HcAVpyk+rXXrW4AcbzG",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFFONEwvUSA1ZmYz\nYndzbmdZYURXbk84L2E1WU1CNGdCQ3gyRDNRb3dtcXVFSXlxVVZ3Cm5ubFFNMmVX\ncVMrLzRaaXhtK2pETGdGNDI3UXJhbmVYSjIrWElZL1pxK1kKLS0tIEg5SEJRd0pS\nY2dQY2xlM2RwbVRBSERBV3lXS0ZZSTlCWUFHb1hPZGtVUFUKW05lNjxx9/DbBja8\ntmjE1RkqAXxcCpQeJGBr0JLbU/VWrx8OvFjUEU/DzhCHOQFwuczZvHNLA03huUpC\nRp1urg==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFFONEwvUSBCN1RP\nc2FhcWZKc2FHcGg3c1BnVjZZNlpCUVFiZ0xXOFdtUTRCcnNFMERjCkYwcVNMN2Yz\ncGZ5TVZvSE5aT01VVklGWDZ6aFN6L0EwOWZ0YmxpUHVOMFEKLS0tIHFyWU9ZSkdv\nbnZjZG9PWWF5dEVLclRjTjd5N3hiR3Fma1lqSXZsd1gwMmMKYRNvB5n9qNUBjddV\nJ7M3d/4cX1hp+bzQ+xbq/4ruARNhB8pgNJLUGCFF7g0Plad136vBa2xHHSaEeIqM\n7hqwZA==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEijeq50HS1g27BTRfJ8XWIPrAX9UVkap5fgIOCOtA5+",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDhjWXRrdyBTdGVW\nS1FWdldmQzB5eVRScW5UdDlzaHBaaHM0Z1ZhcGVYRFE3cktFUFFvCnl5NENna3hF\nS05kdU50VkRDakgya3N2Mlg1MkJNNUdzTklZc2Q5OHdNOHcKLS0tIHBEU2VjMXVl\nNlJwVjVUQ0VDZzhWNkxHT21VRk1WemVsekZMeU8rN1hSMm8KZcqnDgH5U2VTtUUq\niErsn1QZsd/SFZFMuE9F+sXdekGxSgzCSltbjyj/29+AHZdjap1KjDqzVW1JbtwW\nCyFWOg==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDhjWXRrdyBFVlN5\nTkI3NG03djhWZkx0bmlNN2NGUlhaZW1VMFVUMndMR0FiT0xBa0FnCllidVBJU0U1\nZUFreTZLVXh6MW5ndnk0OEx2Z3JTSURGNHdRSEx3OThITjAKLS0tIGxHSEwyNGdM\ncHRrQ0N5S2dPSStCRmtySkdwNCs5SmlkblNvQTFKeXJWdE0KVBqZ/iZJKKXN3TYA\nmQ6m315UiEDQ7ySVx07G1vPcLbw03WQMQvyjPJWRxknSF6A9TboMe36QeuBtje1R\no/COdg==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
-				"recipient": "age1eqcj2g0fdekj2wpqp4y0fg9c5myydjdt9zlr5scr0grk6fxszymqkpw5jf",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxMnZyWlJoQnFrNW13SDkz\nRFZ2cE5nYVhrbHVrdTQ3Z3BZOHRxazI5QjFBCkNCSTlUcE43UVRIc2FzUjJSYTVV\nMUZBZGRCcHlRYis0aDVDQmNHOGxkbE0KLS0tIDM1YUl4RVNKNlF4aXNucVJjOVk2\nT2dMaGJYS1IwUCtTSXRpWElBaFRSQlkKETJbSLVGYAWBhFNQ1M/vjTsCCfstwIR8\nTqaiE3b3o5MX7Z2yocK8n4NJVM1FCTT29ZlGL3i1waVR3PA6fZWtRw==\n-----END AGE ENCRYPTED FILE-----\n"
+				"recipient": "age1d9h9mm3u5qalmpl2pf62pyzqj8t654n435emn93rutv0cg9sr32sg64fdj",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyUi9HdVc4dFhmV0ZISVNh\nTEtJQTdMR25CYTd1Mmk4dUtJOFhWU3gybjBzCnJyLzlnVHB2QUhmcC9RblUzOGNk\ncDdNc3RLb1RmUHFoVlRyYkE5OTE5MzAKLS0tIC9yRzVna2dGalE5VmJqZHFjZHNx\nOTViT2JNNnJZdWJ4MWU4QTdWMzdTNDAKwcCEDnZA7BhNvPO+tEej1LcSDVEZYesh\nRyYR6p/09fdVNNndazEvI7MkE8g0kLXvCBz7C0tHU2LPJ+2Ax/Fy1g==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDuzbgoXZccZ2w/9HGgUyT9nJH7lG2/jfQCZJudY4yAN",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG05VmtkdyA2Q1F2\naFlOaVZwOHBMMURyVzdscGdueXgweFFDS1ZlWUpUMlB4eG5GeldJClZScVZJTS9Z\nWjVXdVFwZWJrWEpKeVljTmJrUmdrcmZ4aGJTcEtzaVlua0EKLS0tIDdLZENkRUEv\nRDBFZlRxUERQREYzLzFEcWVjZ2JYeXhsNkRyWW14ZXVKTHcKGPs6bKQSyLNAEFiH\n6X4TFhLXlwe1NkA/XOXFYCoab8lV1tsVOi1MTPdu9Z2+5rftmNpiWpG6aPAVdbXp\n37y63w==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG05VmtkdyBpS2pP\nZ2lKbDl0Zkg5MlYrTWVRQlF4UVNiR0paQng2MjhkbnY1T2ZtbEVFCnlmejZZamM3\nQU9lbTlOMTU2Rkl4bWgrK0xPN1RONk54TDFuYktKVVRBR2cKLS0tIEdrdGRJUXFM\nZzBBVnpUdVQ0Vkt4dVl3dTdNMHJkSVVkN2dkM1VqcHBWclUK65Xg/roX7lB/imMQ\nQYndU4zf9sI7k2pTfEv1Mrx3OnrVvK7KT88h+hp+rEuAlFc8uH53Ky3fUEQ0DYzB\n2EybuA==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age16wuzuxnkcgfuxzvzgk5e5a5f6hhs386adjewyv54m9esr4yj6uuslpn6tp",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxZ2pYMktJSU5mMmFtSHcv\nUmlRdUZWVFdHeDNSNWovVi9oL0FTcEVyU1E4CjdHbHF3MUF1SnJxY1JBdS9XbjNP\ncEpON0doazcybnhxMERsRnZXcWtQcWsKLS0tIGxXTzAvQjV2am15Q0hMbm5vbVlD\nR0p4OEZIbXJLdUVsRHhZLzhwTnNZZGMKHpLx5qzqkXw9Go9R+BPQfrCGPCc91bqz\nN6YJK1el+m08sXl+0vjBeZ69WKi7gQYPI879tqwLtO2BpaX6p21GcA==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1SnFnZ1E4VlRWYm0rcmZ3\naVp4Tk91TUVQalk5L3V4aDlDbGNXcitQbGhvCkR3ZjZldlJDNTh5RjFjL3g5WUIy\ndWZtNHB5SWlMQzVsWGh5aEluNkM1cVEKLS0tIC96Yi84dlJCVVMzalM3ZDlNaW14\nNmJlVVA2dGVzaUpYS2QyZ0V1RTgxSVUKEC/ZJm0XD/eEEuvRgvJfIjbWnW7Osx/W\nXzPSj1w8ycV5RvHd/EHPnhsE4lVpyRxcQaIoaQEp7t6gBMW9WJzopQ==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age16rkvks3tljju3y6xu0l7luhjzx634et97g3xe58xf2dgfn2865rqkq6t8f",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvMU9JOVpWTmh5bFF6WXdX\nZ2EvK0dGa0hHYWVKb0FTZW9pRDhVYzlqWXhjCmNYRmZHQTVEb1FuMTJrS0FzM2NI\nZ1BxR1hhQndiZGpieG42Mkw2NndGT2sKLS0tIHAzY0Ezc2NGTkJleW1CbDkrZkRw\nbnpjM2laSXJsK1lRYTFnYkxRMXk4RncK13Eqbo/OIFD0wFrATpFj1CPVeWl6pp73\nVIl1Ly89M7e5iGTU/Cg2ePYPAhUjsxM1cfDJv0T6IcGzMySGWQa/0g==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0ZmoyVVRsRlpSMll3SGdv\na2srQVlYdnkvalFCY1luWVFrMVE0L0c2UXpzCmZQVzNOZzczSmh4OUYreTVGN2g2\ndEFpem1RTkMrcWZXeXVEeHk5WTBTT00KLS0tIGF0QTQ5R1lzdjFnbis2TXhlNzdx\nVEp6amVuNXlqTnFtcTgxTndMZmVNSE0KO1eoy09G1RG3BjX3eBd62mfYeqEepx0l\n+zObcGWN2LXbJfGvrFsax/ZsNnRrNi98GZtmVEEVdPEsUnXKjHIaXQ==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFStro05R+CPmjWMHWtzXUKfGll+OosoZtXAyPtngN7T",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDRTOW45QSBFM1hh\nd2FsOEt0TzFkSGNMVDZtM1VKYStsallsVTJLUGlWMm1tM2dteno0CmFoRWdTNjNp\nZzc3ZU1rY1RwYnQ3ZW9Ca0x5WFY5QVJBakQ1eUswSWNMdTQKLS0tIDVrWk4vM21Z\nNitLTlVMdGswRXNsSldrMlJtTDM0Y1RXWUNxQnNjYXUza3cK85UFTdqV+FfnTzYC\nUKILACnX080JVAtcH8Ecab22n+OL2Fin+J+DSj73zj8APki0TUEPXPebabXCFYnG\nUi1vhA==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDRTOW45QSAxZGZr\nODhOa1BRNHJGVGtTbUNkWVppeHhtVXhIanZkV3ZQcmVuemVERTBZCitSRDdrZlBR\nSDdTRFllQlo2MGhiZ3FjcDJ5dk5CSzU0ZzNsamtmK1IzQ3cKLS0tIGxld3NUd0xP\ndjB1RWx0VzZZWm5XNVBIME80U0s2d3pDdW5oTEVnM3dMRVkKwSG3tOQBn4Lg/Mzr\nTCusfEGBik7mddmdiSFdzVg/N1GrkaqmcOXC1TlnbfDWrT4tkDRH6IJ8wZtcdsVy\nIs2Smw==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO5qner13Q0fm5NhdXMx2nkt5kxjC0/SVY2FXh01OiHN",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDVucGlodyB4ajBl\nTmp4UFBhZ3lxR2dtV2dCYjJlSUVrQXpqZFJUMStNQnhQTXg3WW4wClhrYXZxNnpW\nMVg2RG1BMlVkYjhKQ1p2OGlwTE9PMmlobkRjSFZQRCs3T0EKLS0tIDVIZEpzc09S\nY29FK0VEVUpYWkFXelJvbDNtSjIvVXVGL04rWlN1aXo5b3MKrZ8g3t3BGgxmukrN\nxIytofVBlZUGmV5fsXdTTVHq0zyfxnV+8Uvrwkld0EqD/rfEzYkYGxB0mVmKaFrK\njtVqhg==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDVucGlodyBGdGZG\nRjZoUzZNT3hLS0x2WE1XWkRTNHpuVllwd1FseWhFR2hZNUVkSVFnCmpGdndzUk4w\nRUlONXlhQzhpYUcza2N5ZUZqLzgyS2hSV0JaQTB2REIyWW8KLS0tIDhGTXBzWm5s\nWTNFNE02VUZKd0RRWkxKM1EzUVY0Z3E0eW1zeVpzR0wrTWMKRr85BJC/87QBQqKk\nFgIQzEoIMBZF7xCk7eaRr3LwqrRtAc7zxQbwnBdtVFRMhdydsc2G8+8/1nwGKMi3\nCM8Y6Q==\n-----END AGE ENCRYPTED FILE-----\n"
 			}
 		],
-		"lastmodified": "2026-04-24T02:42:10Z",
-		"mac": "ENC[AES256_GCM,data:tJBBu61gGoRmId/VCSthlAnZRAsfFjR4Y32NMwx3PWZzIvNW6ySizsOCtmks6N5xQwt9OXFz9s+Ptebmt9jYy6CT+3vl1fbZBVEYm/zy0m1nLSn9vFQcUzZ7G8+BDclheeJRDz1LP1W9umxx8CVqQTLC8o/VE8tUEPYkE5ovGbU=,iv:6sM8A6gUoNv6wU0uv65Ic837dY97lWxWJ8pKssnvngY=,tag:SWDQd2YO1XBxSrkopYYViw==,type:str]",
+		"lastmodified": "2026-04-24T14:30:26Z",
+		"mac": "ENC[AES256_GCM,data:dlWe/HpQt8mNp14cXYzYOuIWpNWGKqAwNEQhASK8Yi06fL4McW1fYKCjgDWzycEHTzFuTdiINIPIgu0LhQxCdQpKhu8oamwLkpfLAqntjFu4q9rLLs5Hq/Vkf7H/guQBYW0YzCqqMu91eoExf3vTxzvAIYpWTT34Zyn3RKiPZe0=,iv:o6m6xKBPiIf0o6VKK8ydhjxX8hM5xFm8QMaSDDS/hko=,tag:6vhlzjPtTO5JWIEF+vq+PQ==,type:str]",
 		"unencrypted_comment_regex": ".*",
-		"version": "3.12.1"
+		"version": "3.11.0"
 	}
 }
diff --git a/packages/gen/env/data/dev/web.sops.json b/packages/gen/env/data/dev/web.sops.json
index 34364927..e314a2d5 100644
--- a/packages/gen/env/data/dev/web.sops.json
+++ b/packages/gen/env/data/dev/web.sops.json
@@ -2,85 +2,85 @@
 	"BETTER_AUTH_SECRET": "",
 	"BETTER_AUTH_URL": "",
 	"CORS_ORIGIN": "",
-	"HOSTNAME": "ENC[AES256_GCM,data:MNIAT9XrqQEhPA59vAI=,iv:pe459SI6vSACkIsE0PjKb+1qyGK0HF+5CjhQefdtC+4=,tag:3agjKdpwtBwDIirecZxWmw==,type:str]",
+	"HOSTNAME": "ENC[AES256_GCM,data:+F31NxSxTlKiXfElJQs=,iv:iVKM59udGtQUU7Qoc58ju9qOohNpIQqS00ntQAMBaXs=,tag:+KJee3C6HAcGYO+lPFfznQ==,type:str]",
 	"POLAR_ACCESS_TOKEN": "",
 	"POLAR_SUCCESS_URL": "",
-	"PORT": "ENC[AES256_GCM,data:DXi1qQ==,iv:L99jawBoy0cU065LdHfImC6/nzPixJ/iGi755Xrav7s=,tag:3UFr+DChNLwObAbtuKDwgw==,type:str]",
-	"POSTGRES_URL": "ENC[AES256_GCM,data:gOTJ135xz+NmET9jJm9v9Or0lfcHrTjhuJx3q7gKledOsNbUg2Q/3mvQhpTGwHeaen8Myl3Rq+B4hFNi2UIza26e5fSIvUZ0K4f42Sm/2G/t/hfo0RwkTh+qHX5ljHWBkQDDUekljYISsvikb9u1Ye5qlongWf1KFjhEBLqIEuxphGUE8Jcf5PJB0cuzMKYsIrblvrmrUQUUVzMMwsDhwygqOxtkkSBGgg==,iv:4I2OvUUPpUkMKnUF9OxMnVzg1NWYxoC8I1eHPPEtm90=,tag:7m/Uo/lurVaKcnXlqQWNrg==,type:str]",
+	"PORT": "ENC[AES256_GCM,data:O551SQ==,iv:+kOg0nFA/yz02ZdrH4WB/vccVraJ/C0DNpYrxskjyYs=,tag:fwINJ4mXHaFNiXKhq/Y+JA==,type:str]",
+	"POSTGRES_URL": "ENC[AES256_GCM,data:sBnQFNNY1j1bmNKj7FUiFKiVXWEEh/RosFTXEIM7GRy2Quwlkc7L2B+1EStYtWmvk7pLYjBZCS9FAxaUE6vrzTphkFatc4E2ABhvvFYVebwkWJafMuPSMO3A1ttBswNS5CZy7i6WiM03ktVKgX0DzifKoDjKcKaeVeMQCwHbkVSBSbjnCR6/FdgvLAF8x1VPyYdzaR4LeKSqiNMzkxlNC232sCZgtZfRww==,iv:fahQomfv7HfteVHLq6Ipmct6RPwPhLnByZiRsz5pvMY=,tag:qjLprReIBGgjlVqpFz5m9g==,type:str]",
 	"sops": {
 		"age": [
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjMrEzKQSq/0eePzgUGXM349sBm6GVCXoz+tJZJaBVT",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHZMYWFYZyAxNXpU\ndEJGRCtUbFJyUmt2OHNibXlMOCtYbkZCRndRWkgwZXZPYno3Q2dnCnZyTE10dFlW\nY2JzbVgwUFhuVlhQVFl6U0xSWmN3cCtLTTlzTzZPakxmazQKLS0tIDc3UHJ2ZmRq\nUS9MdWRZdHpTK2lObnN0Y0xBbGk0cVQxVFN3YkFjSk5UbUEKu1yaopvJ+OvRFymO\nUKPsCmCpXtxNHOeSZ4mRW0n1sf7OaEFQwHIollLBj+vPb++DzZlBy0vXYed1qgeM\nW3FiJA==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHZMYWFYZyBZbzZh\nTUh0dnFUK2xBdmNlQnZpb0U3SmJueXg1WUFQSnlQVjJMZEF3Mm44CmZpU2YxYWVz\nRDVhMzNPNmpBMDRLRWVXaG4raE5MZ1BObC9xb0xJZW1WbUkKLS0tIGllYXZFUW5V\ndm5ENGYwRm1SK0VmbHY0aUVaREdRV1Y2UW9OQk1YeThUM2cKKN171mPEw0d3qfbu\ntDvDGo7zjjvza8yX9ebQi7R/8caoOSZLbqpjpRphdScKld6wCCeHTuWiWbY8lVl8\nLgLL0A==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIoX0wKjybps6ZHuvA+uwE1ThfWl87MApDLxCjCDUCC9",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEtlVWxBdyBCMU15\naFFOVkZIVGFQZk5tR3YzWUZTMlBONEZpVjRkNC9YSE9IaStVUkc0ClNFMFJxR2Ew\nNE8xU1NEN1Q2NDVpUW1Wa1hod1NpYm81eGJUdmpvSTNlQlUKLS0tIGlQSnR1a1NQ\nbXQ2V25TVzJReDg1YlliaThLRmh1dlFFRUxtU1hKd3d2TGcKFwA1mPz+OwQUpRpZ\nTVG8AmDsTvt0Q97VbFU8TJ8Ga6y0ajiOEBYZJp1NI/98r5shYfhDsgSX6QI0ZMLB\nbuNzbw==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEtlVWxBdyBLODNE\nRjdJNjdqdFpsV2tXSXFlM29vOHVRbGNrUFYvOFZLdkRTaGlCV0JrCjh6RGdrcEJI\ndmNvb08wS3pRRTA3MytoSEFYZkwvVGdhVGU2MHI3S3hVY2sKLS0tIERUbjJqRUhS\nVys3N29UVjFSYjBJVFV5N1QyVGtjZHJsQXF5UldVUW13dncKq1iCrZk7NdKWve6R\n6FrVNdpDKmrFOWB8LpXRzB687TQkCN3Fud3Ffiu5nzhEWk5AS7pxjQHIbROwa5ty\nweK/Ew==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKZPhznHjTDifGroHiGRD3hwWz69B8NsSSPNbwWjfzgW",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFNdXZydyBWbUNE\nMmViK2tGQXZlQ1NFZkFPZGVDelFKUy9wTXFnU2JsK0FOcWxrcWlBCkFTdUNicnQ2\nM1ZkbzhWYkYrOWM1bUhzazZ1V01nQjZFWHArRkxGdkdnNmcKLS0tIHd2Ym9ydmZz\nS2R5NE81QU1id290d3dHTFU2WkdOVjAwU0gvSm54cVFuOFUKKs/rY2nFzK2AIKHr\nUCOzyBpllvnI+ExvCsaVMjuyhrE2FK4HytE8PkDmZ8cBSFHSpE/BxgvDIJo+WgEA\nwtdHww==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFNdXZydyBLc2Q2\nZ1VCSUg0VnhsS3FIODdYSTg0QkpGSmRoN2JKY0t6OTMwVFlkNHlZCnB2N0tqMUIz\ncmpjV00vakovNnRZdTRBdEw4NHppdXBjZzd2bVVZbGtmblEKLS0tIFg5ZitWZy8x\naEc5WFlmekNVUjJxQ0ZwYmRTOXY2bnM5RXU1S3RpRldUelEKy0A2xnGZY1I220fU\nIgcVOvZ2O9Yn251LF+UMZToxKjWRkGe6MBs48ObdTm61/LoDCO8zrwI3LTws0Izi\nTxJ4LA==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJF9kzudl00FVTQA7nnSaicAJW2MoBKm47G7wefb6uSm",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGw3N2NtUSBPL0Vn\nNGl3R1MzVjlzdGF1M1B1K3NMUzBwcW5FZkNVRmhScTVNWGxQalVnCjdzY0RFK0pS\nWGhzcWxQUkJUdWgyaTAvdGYzblFVYUFNL2REZEFJWTZMWk0KLS0tIDdHQmE2NTJu\nZVZ0V0xjZWtwOC9WSWdjcEJpUnphejR1dUdReGlZaWFTUDAK3R2EXAJ6xhit2ydq\nBymphwfByi519NXLzmoX8BF3gvqR0WTf0WN556pEbbjibSB8MbG58lGGC4Eww4fi\njEKzQw==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGw3N2NtUSBVWU1L\nSGxDR2FGdjBVZzR2clZJUUlSdUlmcTZqMElRVTVKWEExR2dOVHhBCmkxKzNaejlz\naksyVEFvdWUrcXZTMUJRalpJZkNBQTdyS0RoUTF5WmhXVE0KLS0tIDNEREJYWTM0\neHdOTGZTclo2UEEzUmRDalg2ZHk5Z0hLU3c5RWplbk4wY1UKcoHy4+gr7b8j52AQ\nNDiHoYgltwAYgl2jEjCtXhlpjhaCRtiLlVHT8dTO24dxAf0t4fvnyt8qFMCJn9DU\nhgwcTg==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINh0gA7reCRW+zQ5pPpIjoJGpaFQSbC/4K8B6vMXJVr+ cooper@darkmatter.io",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSBodUJH\nNm4vRGFlU0lrd3FmVVJ3bi9LbDB0VGtZTlBCQVFGckxrREpQTkhjCmZvRDdTQTQx\na3FxREtaM214NWtFdUxvTDkxeG1mdXVmeG80UTlmNS93ZFEKLS0tIG9qcjIxS1Yw\nYlVtNW5DbDdDMGFucGZDdmV4YkNQOFpJYUhTMENxTFRBR0EK9okEnkswenI/NLry\njZso0OwkrVQAPIP92+uBmalpUUJktoY4KrOd4IZ8XMNg5Dj9F2byJjzy4KhJ7/nb\n9ILLig==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSBlMFM4\nVnN5WnI0QXVkVzJPUlR2NTJLT2JtT3V0MXhpZ3dGaG8vY2dFdUFRClFBM0FmUDNu\nT0d5SFRkNkp6bDBlTzVDd20vS2R2NEF1SVJVWExlNzdSVHMKLS0tIHpzaFpta2pi\nMXlhYWtOZUxhMmMyTlZJRTZ1VnEvRkc2dnp5MHZXeDJ5SzgK3bH7XRfU4VMP1Qbb\n8DUBq4ag6tnLygb8fncOoc1kvbjouzaP+0RKRXRv9icgEJr3NFuVTtZtWTznhRXs\nrTbemg==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDmZV9Oi9hrckXTpqBnDKRrY9mgwj+SJeVBGWmne2+q5",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpUeE1RUSBMay81\nd21GM0hpSjFNbVAyMVZLcDVxaVZFV3hKeW44WDZMeEg0aDZBTFVNCnJNbm1SeXZV\nYzliOUFoTFRzOSswOXhuMkN2aXdwY1Y4UHg2Tk9BdUp6QkkKLS0tIGhKaVFidXFO\nM2N6b05KYVVhV1JXZlliOTFWL1VBc1hUUElMbDNETEVHQWMKfobeoya0bfn1qz/p\nMFor6q5KjIT0/2gqOxYUJ6WkE8v6ifTrDKiP6IWGzGRqhK2yLiXzco4Ci4mJGSLF\nJ7QGlQ==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpUeE1RUSBzMlNO\nL01HNTNrbVB5M1REblVDQ3pWMWRabjA1bE5lUjZnRkRqS1Qwc1hFCjhEYUZQb2hl\nZE9kbFhBZW03Y3hrQVJVM09pUWhlQnZ5OCt2MXE3dmFQWmsKLS0tIGw0SlFSWWpv\nTExKSVczbDg5WVRoaG5jWm9uOHp0eDhXYVdzVUs3MC9wZk0KV+Pl+lSldS3WhrSx\n0ki4F3kLBxZJfcOjf3gfYuwDfw//fu/4PpcHBQZl8OulIaHwFuPIm+HOnwI8LKwX\ntP2ULw==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA+M/DHDlKgayM6wsiX6r704pE+2qENOsKcytC7sBhKA",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDF2bHNJdyA2THlV\nMDdjSVlBOWY2Nkc0MFMyMndGdWpVSU5XcmNWcDZvNkxKT0lpM0hjClo1dG1tSk0w\nSDNtUEtEOVhjMFNSZGQ5ZU9LYUU2RXdYWjhQMGhxNEU4SEEKLS0tIFQ4MUhBL21Q\nS244V0dZNGdtTG1CZDYzcGtIRVJ4UHQyTERHcyt3WXNlZVkKIhJoVBxSdh5yQxOh\nPWgoHMGBBfTBSmCczKNk0DK7T6ZbZMPJ1Rkmsx2QOlUYJ+IRhxBdQbhovl1vK4Ud\ndc/Cjw==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDF2bHNJdyBNOGUr\nU0FMZzFsaDBGUDkza1VtdFpEcnlCeWY1QnVmS0MrMlR4MHFwUWdjCnNzK2cwZi9s\nS1N3c3FVdXVCVUVQR2JuZUI0MWNDWDFjMllLdG5GbEs2bFkKLS0tIGNtRFdxaXhT\nSlljM29hNFBSL2crdXFBM1R6dXJnVC9QdEx2UE42UW1LMGMKN+wlcsoFhZ1iz4L6\n6xji04ZtDLcbbyTtqGXITRL3/auySYXqf2QOTzX0XSqKLHRu3IXtHYuqjZLYKXD2\nCM4b3Q==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINh0gA7reCRW+zQ5pPpIjoJGpaFQSbC/4K8B6vMXJVr+",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSBxd0hn\nUTdodjZtTEo5OHp1aVA0Wm5tTGRzTW1sMXB1N1ExWnBwamxKbHlRCis0VXNZdi9F\naXFWdkhkZEp5b1BPbHFEVCtETUZrWFYrSFJKTGlvd1FUK2MKLS0tIDVRMFlROEFY\nSS9URDFLMGUxOE9LQmVmVnBTclV1bDVmVHBzM2pIeHBleHMKFTmg57IjrC8t7PRZ\nwPohL7dzsHthFmBJPtvL4kbompsMkpsUSPbuIxALiAE8OinbIkDXC9Qv0hJRY+M8\nWcV2FQ==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSAzL2tx\nN1pmNmQ0OVlTYXJKSisxK1FEYk5SVGpPQXY4aURUdy9Td3JpaVNnCis0T3VhVmRH\nQndKQ3UrZnBTQlI0WDlkZ1lKNlZlMitXS0ZxUWxEcVFRbjAKLS0tIGtXYkIwOW04\nZlRvNlBOcVVVWXVkTzU2aUdGWGNJdUlsekxuaWVoNGpqbXMK7g5JOT1ODozqqma2\n0wBcNc1j1Hf/FbTQ3Odk8BIpOqcnenpXDcU/aTXjIJG1mkIU9Kks+HMexatM/7a2\nO+Jo5A==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEmYihgWHfnLw0f8uTfLokCwToLavzV/+k/GggBA4Sz/",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtNZGJ1ZyB3UnpR\nSHUzcmtQSk9zb0dXLzVDQ1hWcjlQOFFnTE83V3huUDlpZEhKdUVJCm5hcHBtN0Nj\nSFM3SzRMa2VaRllCaW1JaFYwNW9XWlMvVGJvei9qSkl6a28KLS0tIGc3V3FiZ3pi\nekkxeVZVcTc2ekpDdURNSUI5VVc1SmxON2NYejNEZEdRNUEK6a56+dOZ7thZsLKj\nmCd1NjA7SZ/MjMH2kOty5Oc+M//H/yDy2H30O63HaoxjSq6Y+Cy4ysgyENvSKPVM\nMmyHwg==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtNZGJ1ZyBaZG5r\nRWk1eWxjQmRuSjJzY3k2YThZbnlhT05LYzhPbDl1T01mdW1JR0hnClhqTDQ0VlJx\neE41Y00yK091OUNEektkZERWSHAvWDNDQmwyZ2g5YXI0ZDQKLS0tIDdxQW9yaEdw\nTzhwOGhMY2pwL2JnRmxaM2lWeHZIbklsbUx1TXVKM1U5RTgKLqh/nohnOsaS9IVS\n4NiSL+VzsD9QJbY+PfN4divRPHLAjm5DdcVj7UsjWhNOAoSg9mfqoPXEBHs0Oj47\n57ALig==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvT1RvcTidgpVYE0OPknc3f5HcAVpyk+rXXrW4AcbzG",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFFONEwvUSBtUXR6\ndnV1K1dHbnRWMldtcnExWmxhb2FYazg5ODNRQ0Vzb0JHaU9xZHdVClNNL2l6dkhp\nTmJ3TEg1YkdsYnNUT0NWVTB2R2N5b2U5ZVFjbXgvSVlqK1EKLS0tIDVPOVl3WUM4\ncVNLQXdDRWE3WkEwa1R2OGJWWmlDbXgzNG1WRlFJNG8rTzQKxL9MKbyz+FTiMLXn\nJE+aN4xcVQmm/b8UYrO67YGINz+6tzdvvj0SwbvbqNzlv5H+wC9Ypu7KZRHci4XE\nif7RDg==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFFONEwvUSBhZEE0\nWTFEMmpxWWNSTE42SmMvemR3WkxTNUFESmJoa1AwMm1LdTB2YjF3CmNuRVNaMUhF\nNytwbnRscUIwejdKc0hnSENud3hvNlhsZFc0WWNGenFFZ2MKLS0tIFlXbVRtSkky\nRWl1TzZCWHEwdWdzNVY2d1A3eEs2eExHZ0c4TkVDenlrTjQK+ieRYyd27051VjEE\nsPnpguvMofQKOfyaOSH3zUyufnSWwR5rH5CMnH4IDkktKHIsrXDlAz3iw4F+7JdH\nsDJhyw==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEijeq50HS1g27BTRfJ8XWIPrAX9UVkap5fgIOCOtA5+",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDhjWXRrdyA3dDcy\ndGtndnZaVWpYVFVUd0hmaDdKUm5sMXUvcDNyVHRvUHBZa1NqQ2hRCnE5M0puVGJZ\ncTRFKzFiWGFOVDNXbFlSQ003MTM0Tms5bmNNSWV2R015ek0KLS0tIGc2SHpHS2R4\nS1V5VzdvSjVqN1RRRlUvRkhtK2ZUbmNjampuQ2xPWis5U28K85isXmP3/NGgKmT/\nM1MMLIXQv7KvBl+835wSWpVlzz0UCzxcFthQhIavWlA3/l3vAGC9XQoiMN7YbSnl\nFgFjzg==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDhjWXRrdyBlbUxr\ncGEwclFibUQ4YlVoWUliMVJCbXhEd2tjWG5LUWFTQzF2MnNzb21RCnN2YVZGS2h3\nTWtsd1VFYXp2TVFCNDRTOVdDOEMvOWVmZTlyeHhkS2xRUVUKLS0tIHNmZVpKa0Fs\nN1MreDJQU3ZwUlIwdmt0T1NFYmMxU2gwa2VIaGJxa3N1cWsKcmIPM8uPzh6m6t65\nJGZbQvgo4HABkZNg2Yo384QU68WkqrDrkxXLtBlHaZJE+pBCduAaHwU38CAnk4r3\nqKd2Pg==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
-				"recipient": "age1eqcj2g0fdekj2wpqp4y0fg9c5myydjdt9zlr5scr0grk6fxszymqkpw5jf",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzcnMwZmdKRzI0UllRQ2Na\nZkoyeUF4UVg1Sk1RS0JLM3F4ZHAreTJOd0R3CmRpNHJ1TkNiV1lIMWtqZU9EVXJw\nWmNiQ1Z0VHVJc2JpdlZTWVlubDYxSzQKLS0tIFQ4NEx0Z3daUEFpeGxBVlN0dnNM\nRWFMcERpSmRTVUFib0dkMzVncTFSMmsKlpZMNc0fOCYXLFjZwHS7PvYnejBOz7NA\nxq3vPVfXdkPOdIImx1Bw6BRPqGt2VISv8Ek66NxNlKLEJeQ+igitdA==\n-----END AGE ENCRYPTED FILE-----\n"
+				"recipient": "age1d9h9mm3u5qalmpl2pf62pyzqj8t654n435emn93rutv0cg9sr32sg64fdj",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLT1RVNDh4TDhIL3Y5T0lW\nV1grSGd2Skw3akI4c3A3WmdXNEMrTCtST213CmEyUXUyVHlvcG5MUXM2NXR0bnM0\nb0dTMC9xTXVNWjNBV1JBQ0hvdE9SNGcKLS0tIDVjSVlpeVpTQXJhMU8zQjdEV2Zj\nZE9jOHpVdkFGWVdFNkdQRnF1VWcxVk0KeUW4HScSZ0x4zhfhllufJecPQyhsYvDL\n3GVQvwcYPL3z94y3gyekU34TWuZsSft9G6fRQyrl3AyMY6t6RRWKMw==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDuzbgoXZccZ2w/9HGgUyT9nJH7lG2/jfQCZJudY4yAN",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG05VmtkdyB0NllB\nWEJUTUY4MGxzZThjM1BkWFJrU0k4U3JON1h2eDNnWkVxUXhCMFE4CjdUOElKNmhP\nUUpiVDJldHIxQStoUVg4MVI1U2xwaTd6M0UzcnZvTmJ6SlkKLS0tIGhyOUVRaTJJ\nbjUxTC8yMjlxcmVZNDZzN0ZhRi9pZVc0NHBzMnI1VklmS1kKfEndHOqCXGcJbsTS\n4+aOsC2KtuBg+U/i/DitZxCm9Z8TsVhneM0qjscuA7LVZ3ugEY8jrmCxxODxqFph\nvKn8Ug==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG05VmtkdyB6RVJt\nS3c0Sk5ZdkQxY0p0RGtjeXhTVU5hNE1JaWk5WElUV0MwZ1RVR2dvClVCVmZibUsx\nTHk1UXNwL0Q3dGRlR2pzNGl0V0NNMUY4Z0JGNndhNmNtQzQKLS0tICs3S0tXTVRT\nQnpGNFQ2aFlmYk5oQW4xZ1Y1TDBwOW1EUTFZT0UvZk01MEUKQYsqyAsG3Rj2mDV7\nqAN3IFzSqlDNd4T+O8tmbl0QbAJfdKzYnTqPZIdMpJQsdr7cuZu6ilIKj9prrkrb\nl4m4Dg==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age16wuzuxnkcgfuxzvzgk5e5a5f6hhs386adjewyv54m9esr4yj6uuslpn6tp",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvMTRBb3VBVGR2OUt4cklp\nb0dGcEhhWTFpVUhRejE3VHZSb0NIZGpxaFRZCjN4aVNuS1ZPYlYxOVZvU3B1N1Qz\nVWM3ZzlnVDhPYXhoOHY3MVlHY2l1VFUKLS0tIFp1bmUrRW83YjhwOFNIY09hOGlB\nMDJCRFg5SEwwL0FlRHNyTFI4bDJJbzQKYJ+h+ms24T6NeDHtFk7n+gmEXwbg5Jol\nWt464jLTftTyC+mXANKbXvbjORNMNsyhrscveQ0LXkD8RPD+U3Owxg==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzWE0vYTV3NnZnUmF6MUlm\nTFVNamdrZXp4akdDVmFKbTJkd213N0tEQjJjCkxsdC9GRUhrK3lVZUtqT05vQ05S\nc2RtWHFocis5YnFSQkV5Vmphakg3dTAKLS0tIG1PVDVRSVZsRVVFTG84NUpFV1B4\nRTMxS21VMDdJejl4NFU4MFRLdlppV2MKrOzygRutboZhz8zlKi1JAUJt5zEujXIg\nTYfUwLeYi2bJ8bq+Bn3OEaWXi/rPpKnFTzNuxOr+JiIQJULzG2+ETg==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age16rkvks3tljju3y6xu0l7luhjzx634et97g3xe58xf2dgfn2865rqkq6t8f",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNdEdRVGlFd2N1QmxGWlZa\nQmFQYXlKQ2xBVzNJOSt4OVJ4UzFkZ0V3UXk0CkhzOHluc0t6U2RRRXpvUFB3ZzFM\nbUlJQjFvWTZiMDltWCtNSko1Nnp5a00KLS0tIENZNkh6TmdURk1RZklKbktuTEJj\nUG4xWXN4UGEzRGY1YVhyR25VR1pJeUEKFZOc89BLxvXDhpKDBUGWtd+q5zTA9956\nK1s0WAGBMYVfGVA7wU2Qp58qPi1F5QhCdj3w1fGSK8PZxUUOagJ6TA==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYT0UzNUpWYlNpa1FJZ1Jz\naUJidlp1MXB6dWwrZ1JsdllCaW9PZ0dDWDBRCjRob2Z5ZGZZeTVoM2g2VStlcTNu\nR2tzd2gwVUUrNS9pZ0Z1ZDVvUFcyc3cKLS0tIHp2UmdnbXNucjlBYlQ1TmZWZEp6\nT0dLUEpiZ0pyeHJmc0hDZjI0bVpCY0EKj9oBlblEDqGam7re4JwUidanJSras4Ys\ntWqN9AkgaL0dNUj2Y3fXDgXtM4HsNe5L/aHtdS6wetnom1B9v8QFEA==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFStro05R+CPmjWMHWtzXUKfGll+OosoZtXAyPtngN7T",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDRTOW45QSA1U09W\nMnNmV0RnTHBKakdqelRINHpZaUxaVWc3cTdSVWxaVE9GWU1ETnc0CkNmTCtPT2I3\nUTh3UWdhTXI3OW1haXZoLzFPc0JqMkxmV2NWRlhEc0lZR2MKLS0tIERpTVR1alp1\ncWlSbHZTd295eTUzUkhOSEQ5c1B0N3dETG8yODkvSW5QMmsK0gG5xeA2igNU7DS6\n552XxwR+9E+LG5uw/KFcl/7tkvNTvzeLz2wGnR+mChHUxoJFrFrtrXoj2byF+7t2\n5SlQGw==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDRTOW45QSB5OVNv\nZGY1aDl0bFdUaGMxenBjUEFxekhOYyswU05kRVVxUTBoYXU3UlJVCm9FM1ZwT25E\nK1hTNW42YlNNWEFCYVZrbEcwZWdWRDZYVURYRDM0VU5LeGsKLS0tIHlKZGtodlhj\nRmZqSEVmZlU2Wmt2VjFWZE9MbXJQeld6ci9sQU1POGtqVTgK+XclAFbNTtJ3gEqm\nhlKGlnzTY1CxuR1CJDzHvtmPVDGgwjRqq1VXBEKF3qecw0ctg9gOHyRbCOorZLUF\nhpfxWQ==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO5qner13Q0fm5NhdXMx2nkt5kxjC0/SVY2FXh01OiHN",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDVucGlodyB6amNO\nV1JveDRmUzlxZThJKzlFZi9jb0tLRytQZmUrcXZ4ZVByKzJ3ajN3CkFicjdma0Fz\nQmNobmtDV2ZTTWNPUjg0SkdxbGRXR1lmb042SG1yYjJ6eU0KLS0tIHBSTHVtcGhN\nVmlnZ08vUlJiSXBxRVhTM2dVWjYxSnRGWGNSTGYzT0FqbjgKk3c2EdmggkI4UB5L\nd8K5ZUcIByTvBIdsQRIhNkaFJfD4qEa/K+5wxe/JMBbPAopCpoE4kco/VvqogkjD\nJp6h5w==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDVucGlodyBLMDU3\nZG80cHhoNzNtdWlwVVN2TUVqTE5nOXlwSGl4TUZEcFZCV1BFZFR3CkxyMkd3WmpM\nc1cybGt2ejJBZkZNSWZ3U09QV2wrdGFpOTNDWCtYRHlPd0UKLS0tIDhHK3BLcUp6\nL1J3VnJJVXZ3OGM2SHh4UERmelpsMGNta3lJa2lzSWpaVkEKGTzgCCzFK7paiPUc\nYWcomW6pNQ1gskj5uYhBCLJNKu6Mkr0sRgOvP+ZGsZ6apEKmS6nAyq1W0E2now2T\ndGQnww==\n-----END AGE ENCRYPTED FILE-----\n"
 			}
 		],
-		"lastmodified": "2026-04-24T02:42:10Z",
-		"mac": "ENC[AES256_GCM,data:IzjL3K1sAyp76yECJ4yvYLEMl6RpPdT4lteZq22pUB9UMEFgF+ELU/LOFWmxPI6n+XvOHagfKhT+B98Qcth/OuaYbM7r+UJ51IIlnU5DG8RxEjqN0/7zjOjPZ8AGinRkkPVA2tIfAQDsD+/MhjgkLfxHMyH29Wr0x+Nk7zrdDxY=,iv:DCMd65s4yimQVvmUvfFNDAGrGjznAk1xvLU4BQdhhBY=,tag:ENS+WiymIDFPOHm0bMIy3Q==,type:str]",
+		"lastmodified": "2026-04-24T14:30:26Z",
+		"mac": "ENC[AES256_GCM,data:ucEc9eWM+6U7sX93p18AJz3BR7aIbzgyC3AeNfxX5P4VqzK/aqSeiQu2A2gHBlnXWjeHvicgG4sB/z9C/dzRYm/30tLTdX4ZzQl65tly5dXQYLmkg9yG1f9ewMAkDsZOFOhgwzgBgD6PLc9jqgUAjhZSHCvYNYzUFCLUMk7aD0k=,iv:k2zNW1cJ9H/Vc/XlFzBOdoUBbosviOF8ZX5KDAQZwSE=,tag:yjrUou7qBcQJdHdmhsmpXw==,type:str]",
 		"unencrypted_comment_regex": ".*",
-		"version": "3.12.1"
+		"version": "3.11.0"
 	}
 }
diff --git a/packages/gen/env/data/prod/api.sops.json b/packages/gen/env/data/prod/api.sops.json
new file mode 100644
index 00000000..e8d39937
--- /dev/null
+++ b/packages/gen/env/data/prod/api.sops.json
@@ -0,0 +1,73 @@
+{
+	"BETTER_AUTH_SECRET": "",
+	"BETTER_AUTH_URL": "",
+	"CORS_ORIGIN": "",
+	"POLAR_ACCESS_TOKEN": "",
+	"POLAR_SUCCESS_URL": "",
+	"PORT": "ENC[AES256_GCM,data:Qs3eSg==,iv:AdSzB1XKAUb0IYMNhm7gbYy0LTrD5hMK9RPedm4ALyQ=,tag:eZ4O4xa0JBGFHKrt7uidLA==,type:str]",
+	"POSTGRES_URL": "ENC[AES256_GCM,data:jNtCDWYCBgXvx7lVaWpXAGSCJYdvVZY8nPUMLjTwFORIb5o54TQrs+oIAuh38J3S8PmmlGJXiZPxQpKjd8HzcjKmMsorFSYcVDo5pxCjcapvQXYbIo2W1ZCVJONvSEVOzcj26e7F4VCgzCUGNFFdLkQnY9p8sghnV9z1cFP5B4Idi7snw1iUValNb40WjNljJsvlKh/slHaS/VMdbaix1fFDgT6t+vAm7A==,iv:nvc5BOkP50M4TMYR5vC6U+lNWZsvfV9E3WcUgYcvRRA=,tag:i42eIXOc16/0a+QIVRn6gQ==,type:str]",
+	"sops": {
+		"age": [
+			{
+				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjMrEzKQSq/0eePzgUGXM349sBm6GVCXoz+tJZJaBVT",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHZMYWFYZyBKOHMx\nalFvWlMxSjhwMkphTVRxWE1adFZkVTZsM0tmdlkwVkNjeVdsb1VJClVxM0hmNzBz\nc3JvTnljZ2M3S1lyS2RHblN4c0tSZS9sVGN5UUtEOXJkSjQKLS0tIFlKN1pMSmlq\nSVZKQ2FJNzFGK3J2VDg2Z0Z2ZFcrQ3hJMjl3dU5RYjBENTQK4AWWw5WhIA4G0YnH\nZCLAORDNn3GcBRET2NVa/7eCoFmUZB9n4Re+VxlcEm/uzWnpzYgxhkI9tnw6g2cR\nrg0GDg==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIoX0wKjybps6ZHuvA+uwE1ThfWl87MApDLxCjCDUCC9",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEtlVWxBdyB3Yndw\nL3ZvejlmVzFYRUtxWHlwR3Vab3JQT1JzVWgvaDd3eVNZN0pjWURvCmRWY3FoYUlQ\nd0tNQ2F2N0tJUHI2ZkZIc2o2ZXFqV3NHM2t1R3o1S25JcHcKLS0tIENHdzNlWmUx\nSWtVTGEzclZjL24yTVc3bmZYalVEVHlnZFJXSkV6RTZ1c2sKAidp9uwzCHf5Gujs\nuNd73jg3HiiauRiBbvuG71CZPlocXYyERGvsoxn52egou535JGFXJq9bAI+biNXD\nzK8p7g==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKZPhznHjTDifGroHiGRD3hwWz69B8NsSSPNbwWjfzgW",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFNdXZydyBIOW42\nL3NZL2hRVTVFSTdwWVZ1a3FReWx5WEd1cGpsQUllYmYvVW41L1VvCitNaGgwOW1Y\nSmxBdlFEOEwwWG5DODJEQzdwMFdMS3loamI5VTllVlZRL00KLS0tIGxlMk9UWDFX\nRVlYWkxZRWNSQ1NuQU9nMWZjZ09WQ1VYWCsxYjR2Q2FUbHMKci1HlyURKA8pm9fh\nDQQm4yHFlTu6KeDOG6z7rySKE2N3JXtvTviBx7wYg0KmObDwdcRmxWcToCff3T8n\nr71E7g==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJF9kzudl00FVTQA7nnSaicAJW2MoBKm47G7wefb6uSm",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGw3N2NtUSBWcWRx\nbHo2UXJrakhtYWt6dlF1cW9JbE9yeG1BdmFTV29jZHU5VmtKVTNjCmorV0N6bm1t\nS3ZHR1dYdDc0Z3czenRvK3NRYUZ2NG1qUEJkczJST0RscUUKLS0tIHFtU2NQdkwv\nYTBJMXdtL2JDdzlPSDdqemkwbCsrU0xYWG0wT09QSXlCWFUKKyVUmCvE+2msmngI\n5sGJYnic7ZKv4P9dkVhzMoTbQeLURvwOSBV5+3T6tdXrBHlL/3eH6u2+hAmNrHfd\nVbxJog==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDmZV9Oi9hrckXTpqBnDKRrY9mgwj+SJeVBGWmne2+q5",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpUeE1RUSA1dHFY\nTDBub3JkUDlzcGtVeXlBR3M1Sm1PVG9VSHBDR0lQMUFWSHltampFCjRaMHJoS3B2\nL1dPVUFtR0E1Vk40U2ZQY21kSEVDWVdaMmtWb2pzSU9ld3cKLS0tIHlZcTJKbTM3\nK0l6S3BXZWlwaERvdVFraG9VZE00RzhXdnU2STdOek8vQU0KxJ3AOEw9cRg8VUUd\nV4jRAPyl1dLu1b7+5JYhhie4wJ87LoCszJ83MwsQPiyh74RvniiDJfeAl/C559Jm\nQO83iQ==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA+M/DHDlKgayM6wsiX6r704pE+2qENOsKcytC7sBhKA",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDF2bHNJdyBldnZt\nMFRncnRybHdIMk9IaFhjWFZOaUpVUmlKZ256MXl5R2N2aThhMFVZCk5sSXJoT3Uw\nRVZLL3B6OUZSMzkxbDhzdkxXaUpOQ2lSL3dYMndEWE8xdzgKLS0tIFQ0WEZHVC8w\nNGJXS09MMXpQRSt5dW5iSkR2Q1BPcGtyNHhVeDd3eS94R1UKi/9loF7uoUTkDjB3\nGoxMdra6apyPbd/VAfVkisG9ykvXWKl06UJseAjvDtNY52U0PWcb1+f8IseY6eyJ\nQqncUg==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINh0gA7reCRW+zQ5pPpIjoJGpaFQSbC/4K8B6vMXJVr+",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSByMXMw\nRmQ4UjR2WlBiOWtPUXFqcHh1Q2toOE9sRTdIakRzbVlla2xoZWkwCnZFbnBzdnN2\nRU5STko5eDFRb0EyT3o5dFZJQ1FaWUNJUkhabWtmaVh2RzgKLS0tIGJ1TjNIYW8w\nMW1FQWNKeE9UQjZPaUFBeEd3TVJ3U0I4dDczdkplSVY5QmcKGgzpjxYuUavffGpC\niM4RwV4WY169Gc29x1Ju8Mv5zwbkkr9ljh6wTE+V2p3wJ0zgFv+k8mdvzwu8aWn0\n6YZBDg==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEmYihgWHfnLw0f8uTfLokCwToLavzV/+k/GggBA4Sz/",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtNZGJ1ZyB6QnVm\nSS9MYjM1S01qRkRacnRkVnBaWE50TnRkTHlkZzNCaDVDdGlyRGpjCnE5OU4yY0VP\nWDhMN3o3ZW5SNzgzUjB1TzUwN2pVOG45dFlpMDNhM0JwZFUKLS0tIDlNczZZTE9i\nZlhkajlSdHVyYlRGU3prUHNNblV2ZElPa1N0THVXSFNEUWcKQopz2wahAqC6aZvo\nLO+K+vntmJh6mE8lEV3j8baIRigln8KyeDT/3P9KDAtUmKj6saB09dUg4Cwb/oDK\nkaiC0g==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvT1RvcTidgpVYE0OPknc3f5HcAVpyk+rXXrW4AcbzG",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFFONEwvUSAxUWhy\nOHAvaTczbG1rNndUQVlZUUJTU1pNcDNZanBkMDhnZTMxdTdwYWhVCnVCVW90VC93\nbEZzYzRKalAyVEZ0eWh4SEpRUTNRQXdEU0tVT2NCYTFzNTQKLS0tIDlXNmhzeStl\nTzRQMDB5NE12QmFDWFdpVDU2OC9TQ1l1VEZ6TGswUmVJUUkK2XKjMZsa5F6RKf7n\nGfBaYEMcRIbj5qsxUF8CMhOtvRmlPEA2NF7QOaAHduSF8b5x39XBTDnfsPypZjcN\nHWLBkw==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEijeq50HS1g27BTRfJ8XWIPrAX9UVkap5fgIOCOtA5+",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDhjWXRrdyBrTDZH\nRXZvcjRYMnc3ZTMrbVZrRko5MDg1MDRCVWVBOHFScjNMekZkLzJrClJtV3FmMW0w\nRVEyMUdZSE0xZm1RN0JTZHp2YTdjMnV6K0E3RUJmVFJSWkkKLS0tIFNoYzZSRU9F\naGkrWDIvb2ZVSWRLNEI5VTAwUzlKa2dQbGMvK0RsbXlzWEkKU5DPhR10UClRpM5m\ndNBoHUYwVibWJtXLZR1qzcst18h6uTOi67DQkN5Ub4V1QtK1yit2C+7W4SUGTzzS\nCDZ05Q==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1d9h9mm3u5qalmpl2pf62pyzqj8t654n435emn93rutv0cg9sr32sg64fdj",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBId1ZBVis4VFV2T0FkNTBS\nd1pWNHNsVkM2NVNWU3RhWDlGUzJzazE2SFZ3Cm5sS1UwdWlUcCtnSnhpa1craHNv\nSGVBNXVXYkNjeWhEaFV2d1ZyWnNEdGMKLS0tIEVwRThUbVlZbmIzc1N3SXRRbWg3\nYzd4SkxnM2FleUVqT29EWTVVenlWencK2CMQ7lkkQslqBeYjyxO0mspXO7dXamq0\n66Aeq+M3XOYHgMmjkrqEGbrdcFYBJ1GZv6GOQ68/j94EjRx1nDM0OA==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDuzbgoXZccZ2w/9HGgUyT9nJH7lG2/jfQCZJudY4yAN",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG05VmtkdyBhaEVt\nRWdBcnMzdXZsSG5INlIzeDY4TmVrRkxDbnFoTXRLN05IWmg5dVNjCnVBdmozK2VT\ndE00WXlwdGhmYitsa3R2VzdXNHZZYjBlNis2YkZBV016UEUKLS0tIDVJRTAzRXo2\ncXlUbmR1OTJvVVhENTdWWE82VndSNkZOUUREZkZsbUwrY3cK2L9WeFmTzlF2Xxc2\n5R6wWWfiR0ZMX99NM5qzL+ukJiPJe1q4mB0i1iTKLc0iSnN0ChbQMoT6NKyk7zsY\n3URhKQ==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFStro05R+CPmjWMHWtzXUKfGll+OosoZtXAyPtngN7T",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDRTOW45QSBaSU1M\nTE8rV1dIUFRTZWg4a1AxWDByeG9iN1RZMXhCbTB0SG8yOWZ3ZXljCnZKaTVPdzV3\nN0JRUmpBR3hRV1BRcnpOODh6NVVLYURwTWJVUGlxMGp5LzgKLS0tIHZoVkVtd2l3\nbHppM2MrRmpYd0c0SVhrZDhtV0drUjljMmpwYzg0aTNZUFEK9LRs8UscB4NVCtYm\nFzd8JEewtY0+vFgx8uZ++xzK6E7a43L0rNkwtaM9rnP4McFPJzjy6tStJxG7jK1j\n/E76GA==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO5qner13Q0fm5NhdXMx2nkt5kxjC0/SVY2FXh01OiHN",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDVucGlodyBvaFBN\nem1YcGFlNFVSbUFMYTlPUFFsWXFCbXQ4Vi9QUmp0VlI3WXdyS2dJCjE5QmlOa0pi\nVVhXbDgzOXRRNHplejhsWE9ZWE1aV1Z5U042SElDbGFrczgKLS0tIFQ0aTVFR3Nt\nNnVRZTBEZ0ZJUXc0ckVpNEI1T25Xcjd6ZHQ4b0dFSG5kN3MKp6JHwe6++3no4WjK\nvgVLp3yU0b11VLna/6KkxZlRsPV6RFl9MAq6m8rUECzqpJCB0klBFAEDXN2Y5aQ7\nBGmV6w==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2026-04-24T14:30:26Z",
+		"mac": "ENC[AES256_GCM,data:EqHxZ/xrnnjjrMSJSrkfHq44MdRmz5tE4y2tRKvnKNHxs45yue6f2CXlldC/lqpXLuGHp4wHzkoKBPfWNwx+2lh0+YsCnxQrG9LYviv9CR/re14SYcwzoZFJfdFUR0Lzh+597wKzii1jHNfND3k4RyQhZ45VYNQuN42alpVVK4g=,iv:a943B4PcWFJJFvUh53HnQPF2uRLz97GeqiY3+NfqnAA=,tag:sdU/oNIWvftXeNiJe+b0cQ==,type:str]",
+		"unencrypted_comment_regex": ".*",
+		"version": "3.11.0"
+	}
+}
diff --git a/packages/gen/env/data/prod/docs.sops.json b/packages/gen/env/data/prod/docs.sops.json
index dc889321..2cff6f36 100644
--- a/packages/gen/env/data/prod/docs.sops.json
+++ b/packages/gen/env/data/prod/docs.sops.json
@@ -4,70 +4,70 @@
 	"CORS_ORIGIN": "",
 	"POLAR_ACCESS_TOKEN": "",
 	"POLAR_SUCCESS_URL": "",
-	"PORT": "ENC[AES256_GCM,data:f8460w==,iv:2QK67F2buVNFyDsB9H9HKTYi3JK2p+lnpXRHobZrcOM=,tag:q34hP+91g5eXNMFKmoKcAg==,type:str]",
-	"POSTGRES_URL": "ENC[AES256_GCM,data:tfEjMnkuoLpzHBQXXKwWbCXD8Lqlji3CjIU48kEme3/dK0/YKgdvN8On7otsClD0JdlYs6Hw1AySYGnIch2rJHpO57+9J37OEcr+3N5vno1Ts47Xf4YwauDJqL8Y0G6b/qUahxi60wb0u/JQozfIH/Ui/FDGeFnPIBJ8euO6iVU6Fi1CH6Iwl4HE6e59F/kU5AMRKX+6O6bveLcedlnE/xzXCiDO6psj5A==,iv:94VTvczNon5x3Qne/3dXvKRo74YjpkjBMoZ9TSMHld8=,tag:8XfASMDkhErfqpwFnu5VjA==,type:str]",
+	"PORT": "ENC[AES256_GCM,data:jsVWpA==,iv:8DcqJ36rSpGROBpnePRIGggjwaUOnRGxuBlAe6v0u6c=,tag:AcqK0JkkhrD0dGAx/vGpDg==,type:str]",
+	"POSTGRES_URL": "ENC[AES256_GCM,data:qP4dCqL/fswYNgIxGEpbu30CX9noHy1o/BrNOlGLMsCuuB0TJrr8JIGaAC+WXiat55MdgjPlDYivEjmRpiT2+QvleMTnc09MRd07hLkSzKu1YErYmjfu+E+WbQyCl9jqQX4vl15dsAOZQ3STO2TtO0Gw3d3KuTI6iEyLKXoyu09+6NQOCk+xFiXmIEO56LiwsinoyDj6EneUMhixcUaDCFXjgX8Tgcj6Bw==,iv:oWQSGqoRvuIg0Bb+a6/pEeBDfGL7/oiDulG1EKSZS4I=,tag:+g2JI/9hkfumbf9s/QqV4w==,type:str]",
 	"sops": {
 		"age": [
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjMrEzKQSq/0eePzgUGXM349sBm6GVCXoz+tJZJaBVT",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHZMYWFYZyBXTG5w\nR3BsY0pIdktzd1B6UVR1NlpBTGJ3cHZaaGUzOTBiM3ZqUlhhMlQ0Cno4N1k5WWxC\nN1dUazZXN09YNUo4TFlwT09tNVNyaW1tekVhTnBVZFpzbXcKLS0tIGlZZlBQc2J5\nUHdoKzg0cWpwTk9lZXpFR1IvL3haYzJsaVBNOFJkdHFLckkK0eXe6AFg4R5onvlw\nH6uiSO+djH52hbmU+eHCW9gfjFqdjQbhVKiZnrPDIXafv0g4QhtFKRvt0xJhNfAA\nghsSQw==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHZMYWFYZyB0aGVn\na3ZZTkNuWDBqT0xFNjNJejhTSVZUaUpqMnVsM3Y1aDVoM2VnbWtRCjVVd1JjVmRW\nY29wbDJoYnViOVlJbWlsRmRsdUtuOElGR0lxVCtCaVZ4YVEKLS0tIG9iTllCbmN5\nMUxLdWI2b3FucFRqWGpuNVBxSXdpc0JtR2RUTG84aWN3OXcK7Ob7g9Eqp4nU8Pf8\nPIxlIURR3lvLgrpve5/X+Ca42V6EWFlST6Bx3R4zr2IpEHMVhjE7KeICH+MFrBvh\nAoapTw==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIoX0wKjybps6ZHuvA+uwE1ThfWl87MApDLxCjCDUCC9",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEtlVWxBdyByVThK\ndUhOck9sazA1NDB2dlhLb2UvQ1ZBUlVpbVltMWEyR1YzWC90WlRVCmgvbkdRUVZN\nYUlWN1hKSGRBTUtkNi9kU1ZuTTVIWTljYXVvOVNEYTN1ZzgKLS0tIDFsVTl1MHZ0\nMkk2Y3hnTU03YzF2SEhac3IzbGxFL0t5UzBRUDN0Z01kencKx2PJSIuAagBajqxd\nuq9W8zDZiYIr8N1Mk3ulMOXEwIOALOz6FtrpHe2W1zKKBf+6ciLl+IVRrdYICRIm\nuOzsyQ==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEtlVWxBdyBqWlJn\nZmhOQ3NvaW5mc2ZTdGxWL3RxZEU5RHYrV1Y3dGE1cnNHZ0Q0Qnd3ClRvdjAzODJI\nUlNybHBrT2R1NitQT2xraXladExReEJObTRIbVVJSlYrTlEKLS0tIHBuTmJpN21p\ndFNWc3FQTTcvUUFiQ2EwbER3QXBIVG5oWDhXdnRZU3ZFZzgKd5VXR9xuMowhcnz3\n3Dvyoe7dSicb9+PtXOLW5mndEVCzNY0ru4UHM8k05n7wLkZ/FT3SYpJHOQ2cUr0o\n0yk92w==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKZPhznHjTDifGroHiGRD3hwWz69B8NsSSPNbwWjfzgW",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFNdXZydyB0Y2lW\ncGtuRVdBOFk1UGd5clpDQ1U5aVEwVmNVckx3NUsvMGxpdHptb1JVCitkVDZJSlMv\nL09FeWRjZzNZNk9pNFZSQVYvZmp0NnV5VXlNbTdEZGFwVnMKLS0tIGtMaVFReUp3\nNVpQaHh1cFZlV21IZGFBSkdVV2Zub2VMdnR5R0VKZm1lYW8KGCcVDNs56UGZnrl9\nuxe4fxL05J/6H3sAw9EFCNvMbkGsLZ8yvDJW5Sc4VvsCtyG8mXNJu71VI4VnXoLT\nTHwaFQ==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFNdXZydyArMGRR\nbXQ5WU5nb093bWhZS3NRQU1MV0hFaWN4WWZuZmhZQlFrSFBKdlYwCkZZcnhXaUI1\nSUpENitOb01yeW5XMjdPSEVESGhPK3RZRkZKRC9rY2diN0UKLS0tIHZsTEpRYTJM\naVdzL2VMWS9VQURYMnJjbEhGdDFTdFE3NmJmMXJiUTQ0cjAKafvdqa4sIdtp+n7e\nsi+3VtW4mwmOKPz+CBsqjZy+dZI/fqzG8f64hU2FjAo/oSHToo7pQRWP/CPmvJH9\nwcTGhA==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJF9kzudl00FVTQA7nnSaicAJW2MoBKm47G7wefb6uSm",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGw3N2NtUSA5MVI2\nSEdUNzEvRzhXTG40N1dBTjRhVHVmZDg1eVRMZFhzNE1vMkZxaXdzCjZ4Q2V0aDIv\nNVBSNjJMRWlqS0xwSHZjanVmeDh6Mk1xMmJEMEI1MW1WeDgKLS0tIGExRnN6M3VC\nVGFsTHh2bHZhM0l4T0hoQnNxV0Yxdko0QnhmM1NZMGROMXMKYpzAszhjGv1yFs6N\n5+eCP9eFf+R+FkxD712V5oPuuWCv5bKMexlKhL3j9+CftSfBrwAp9LtHvzoEUYkd\n9oXAHw==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGw3N2NtUSB0WHNB\nby9BRWxhM2JEUXpLRjNPOTNJTE9yOXFLby9BOWNMRFFPOTJvY2lZCngyVjl3S0Rn\nTUs5aXJtN0J0b3hQVEZxRzJlL3RwSEtKZFIxdXpuUXRiYW8KLS0tIGxPanY1NG12\nODUxbFdFVVYxcndUUWN1NFlEdmRVdUdvUytLVXNpSVN6eUEKoDta/Ne0GCfhqChI\n5V204g0xZV2nkDUFs27UX/8zHQC0XYl8672ucghfVPWvOEuStmHdHySVo4nsv7Yh\nHDUDCQ==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDmZV9Oi9hrckXTpqBnDKRrY9mgwj+SJeVBGWmne2+q5",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpUeE1RUSBtb0dX\ndlNRT0libUdGaGZmL2JWYjZodUJ5cEJIV25aSldrZ1RYVnhGMlJBCkZBWUdpcjA4\nNm5UZzlWQlBkVW5sa3BOUmthTkh0NG9BZ2VHQlhYSDI0RDQKLS0tIC9Xb1pjZjQz\nTlpTdEVCb3crY01qQnorT3VYQ0lvUFZzbnNXM1d1S3dsK2sK09uhvfa4MPV8mIvE\nSrgFZJ62GUYQxuJ97dvInPc5oNEcWD8rT/y9R6FbrvLEVdqT0Emab3a3xP6ryWEs\nd+3sbg==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpUeE1RUSBybWQy\nQjE2L3BkcVI4Y0JiMW1IY0dXdWlDWVZES0pvR05ENC9nRHYyRnowClg1bkVQWE50\nRXR6bm5OT2lScHhFd0tzMnpGZUJaV0hDaDdYNXpVeWdwemsKLS0tIEUyZ3FYRmdS\naHpVQU9RcEZ1cUoyb0JBZ3VoSUg0bGVPaGtnTUQvWVdNTm8K4KM9qiTJXeIjguhP\nRv7bsyQbUFkLkKdf8+eW5qXg1drZhyivINQvfiQ4X5W3KuP3aVI1XK1uqgpjiwyR\nD0BCrg==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA+M/DHDlKgayM6wsiX6r704pE+2qENOsKcytC7sBhKA",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDF2bHNJdyBxeTBZ\nSzZ6YWFPQ0VpM2FSRGZ0K09mVlpNNzZPblJBNS9zRWJxcjI3WkFZCk9DeTJ1bkc5\nYnNjazJiRnczZzNrVG5WR1dxdnQrZzlKc0g2d1AyN0tpK2sKLS0tIEJmS2RBLzRH\nck5HL0hGZnF0VDd4LzQ3OHRWZzVKNVdlUy9hSnh4WVhTazQK1BRZJV7mgV1Nc9Ew\n486GmJl1btM/qklDHLHi+xaknFHYCTkUSxUMn9bJ5ePQk/NSm1oJAx3mJJPGvEYZ\nrUwTWQ==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDF2bHNJdyBLc0ZB\nUk1hYzBqR202NWpXY1YvdEl0U2dGQ0psSThEaGRLYWpkdFZpaGxrCjl4MlNHU2V3\nTVpWcmcxSjJHYnhwclBOQTZwa0NncVFSb3BMV0VFdjFudW8KLS0tIHJ4aUlRbk1F\nMWZHRGhoRjRWQmNvS1d4Ri9wVFIyN3RQb21JWGsrd04wNTgK4qyS0t8oRiaqRCU7\nN6SSIDU2vXJZUvPDtadGnUCHGimLhJL51u3bW4tdmDHaELlUXqFdzgydWknMtEwo\nDxEvjA==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINh0gA7reCRW+zQ5pPpIjoJGpaFQSbC/4K8B6vMXJVr+",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSB0M3dT\nMDMyMEZlWUgxZzNOM0tRRTlheXNCek9ZdWVJSkU4ekdiS1hEcW5vCkpDU1IwbU5F\neGdtQ0ZLODlJRXIxcmZDeEJYUm1nN1RBbWZ2UkhRUGVrYXMKLS0tIGg1SHM2SGJU\nNDNvcFN3ekJDTzNEQ2JscmpTOWptSTFKaC9rN1FydFpSUWcKghaYQ8/izbhiUeKT\nw3WnU2zYZDdjPm7VqHWcF8P0+3Te/WQF3poFWU+9o+iHDrCmrPqgfz5HQnMEQ29R\nknxi/A==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSBtTHli\nU2tPKzFUUjZhQUN2ZXFaSXI1UU92QS9qYWR3eXUzN3RoK3ExU2gwCkV1OFYrdkpq\ncHE1UzN1eGhpOVVCcDhFQnNXeDBrZmsxMnkwc3BNQ1lKYjgKLS0tIDRQVDlPb0Nv\naUcrUWRCK0FjVzVWdHNTSUQwRjhoZElJL01lWlBNU2FNUlkKkRniUZkUHIKAhD+V\nqzyWaZm123rQFayyiJTy0tNCSFMb0d6SdivdT/cF1XMuB66SRDNA/QvfB+OJZU6+\nLglQQQ==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEmYihgWHfnLw0f8uTfLokCwToLavzV/+k/GggBA4Sz/",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtNZGJ1ZyBOcGhm\nS3lBL2pmWWVsSmVKMk41Y0NDUEJBR3FFLzNTNzBLdlc2blhudEdNCklsREgrVm9L\nMlZBdHdVWEpubUJZRWdhcnpubjYrTTBWbnlOZE1IbmJJSmsKLS0tIEJOT2dxNjFZ\nTFpOelBaSlB0TGd1ZHJQdGE2SHUyV2N0R0t4Ly81Qk4xRW8KEUYhKN5/YFhNyXXB\noQpL8vBPEY2BlUSP96JDWz7ZrNoWSpCEX0UEd8epiZf5GvWxsU/EQ4dFJctL0b2h\n/YUtPg==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtNZGJ1ZyBwckZt\nNm5wTlM3cVAzQTBSKy9QcjYvNWtMQmlPcjFPZXpETVdVWFhHN1d3CmJUNzNzWDJP\nbnpQQ0dSbEtPdnl1cUtxUjlGV09SRUFtUXdTdko2U0FLdm8KLS0tIDhnTFBkRlR3\nYVNTKzNNMGt5NDJqR1p4NjdmZDB0SUJkanJVeDd1SnJGWTAKVv9d/AIkWKhw9q0P\nnu2PapJVNduZPOEtL6e+zhwwyBpdGuZp1gA3bWfL8NVCJUAH3cR+D0vbu7rPnwTL\n7bvjiQ==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvT1RvcTidgpVYE0OPknc3f5HcAVpyk+rXXrW4AcbzG",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFFONEwvUSBlOEtH\nUkl1RVdnWktGTzVUYlo5d1RWRGFHMFk0SzFUcy9ZS3E3bVN4ZURZCjVQZnM3c2t4\nMFZiQ3RlV3BYS1kvYXJwK1pNL3FqUENpOGQ2Tk1ZQ1FHdzgKLS0tIHBqd0NURi9G\nUXlmSko3MThoZkpKbVF3ZlhNbkFrMFA3RDRhZXNGekM0VTAKKWGHcRTVYBsEyy9b\neqiJOvw6WXcybhT4hAN1Xv6+BnOropATFKlEZKIj1Gp6nyk2p/0sMN0IAT/4QsJj\nopkb/w==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFFONEwvUSB3Ukxo\neHpLYW9wRzIxMThBRkYwM05ZY2FwMGhyWktWREdkRGE5Wi9TMkhJCnFrUFRpclcx\nQnQ2em5sWC9XTkNseEJjM0VaVlgxT0ZRMHRUc2tRdjdsR2MKLS0tIHNKTGlNQ0JH\neFo2UzU5cFRhNC9rdnF0MWhUVlRmaWp1RzJFOVlKdTdNSk0KzTBV7rOu2WNI0lyQ\nKaWkmVZRTUWllJsGwG3amPrvU87xf+X9vNPfQuOEYLk/BphKW/XeTVySXYF6BX/3\npoS/tA==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEijeq50HS1g27BTRfJ8XWIPrAX9UVkap5fgIOCOtA5+",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDhjWXRrdyBTck84\ncVpCYkc1N2U4VFo4TjJnYnlDbGpCQ1lHRnQ0NEl1V1pGZWszYXhjClA4bUM3aU5T\nWEo5U09WbWh1dEhBOFZ6VHNkK3dNN0syUGZNZ2M4SmVybGMKLS0tIGhKTC9ndXV1\nVkhyTzYxa1lXSzhSVS9sb1Naanoyc3l4VEMvaUJOV1A3MnMKlBUuVpqSUQdK++zX\nEwbEYuyFKbJyHspjcrSZuzKtwgeyviG2ojqLSTW5S1uOIggdhVaHqyV3tykcMgAs\n0g2zqg==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDhjWXRrdyBJL2R1\nZUp0YjBpTXd6ampBeXZWbFdXcHc2ZG4vRjFJcWhNZ3JZTDhJSUdZClA2dU9WcWRp\nczMrQW1GSFI5QWhYOXVyMTFEUGpmaUpodjUwSXVZSjBuNEUKLS0tIHc2N0dqejFy\nMytrMGV0NEFacENxOEF2OHpUU0s1d296Wm1XWkI0Y0JJbXcKnI5dK4aD5V7Ig1wS\nH2CoZ5OSFwMfzgjRPl9rTCRUAIc/W1xEgePvnnfa3pd3+2c+vFs/0S08sE6wa+sY\nTUPOKg==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
-				"recipient": "age1eqcj2g0fdekj2wpqp4y0fg9c5myydjdt9zlr5scr0grk6fxszymqkpw5jf",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBITzhmMGRITnFCaUV3di9x\nNEw5dVBXbndXK2tWS2lHM1lyWForTzJmb20wCm9DWldrbEd3TjNGZkhiNHlKYzI4\nWXhlbVlHdWsxSGpoZ1lKSGMvZlJNS1EKLS0tIGVsN1JWQmpyY29VTlA2SVNWOVhK\nc0I5Q0wvbWZjZGRTc0k0cW5KRzJtU1kKhpN14OYkP6ogn4oC1ANQR6Y1zsZi0rDz\nd/hXLhTtZBPOjQOslYmer+DjsY4pTcGLfnBql43f5a7D+Vv6okuZfA==\n-----END AGE ENCRYPTED FILE-----\n"
+				"recipient": "age1d9h9mm3u5qalmpl2pf62pyzqj8t654n435emn93rutv0cg9sr32sg64fdj",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6SXcxM0dHU0oveXhmOUhK\na0dJdk1NUU1qaExFRlV4UWJqZVVmR25WYmtrCnJ4YUdLeCtJd1NVS3pveXZ6SThL\neC9UVThacFJnZEZRcDVoTktVZzZyT0EKLS0tIEo2VkU3alBXQ3VZQk1lRE5SMEVM\nSUdDMklJalJia0ZhZDkwVmxlblk5YXMKagbVTSVWPPmWIF477wy2/y7BBp8uX9oA\nXLy2XAvmBFqGRNtxdknbNR3F8LUXwYvt1SNd9byl+kgu8PG1ADsNMQ==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDuzbgoXZccZ2w/9HGgUyT9nJH7lG2/jfQCZJudY4yAN",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG05VmtkdyBLM0Ey\nQm94NU9UTENZbE8yYk95NEkzUlJCbjF5Vmpnb0RqTW01UmJzekdZCmQraGxtMzVk\nTjRoSGd6ZmRFeVpId1FQSDdSdFhHN0N0ZUFCSCt2Yi9NQ0EKLS0tIFdJdm1qNEVw\neXVTY3hDMFBGZi92eHFBY0FSTHIxbDc5emF4QWY4K3ZEbGsKse8O+6s/nydvw6Ir\ndW2Z6JC4gPSzzokXO0ak1A/eVW2NVVXaZ1p5E7Il7v8LQXukqHpUeLdkzohuRIsH\nx6MitQ==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG05VmtkdyBoaEMy\nM0VFTFphb1kxaTdaOThZTk8yeVErQkM1UXJFMnd2eEc3MHM0ZmlzClZFUkp6Q01t\nQjQyTG53SEpUZE56RjM1akM3SWwyUzhCSDYxU1QwQUwxak0KLS0tIGsrNXNzcjg4\nOEkrbElsQkV0eE5peXZNYmdqVDcrSXV0dHpyN3ZYek90elUK01c8bE3ESfeLZzzX\nSWOHpwftZXkIk7UQnMGJPf1uh8wYRV/BdlLZsyTvEpGGvzK61373Gp/wbd4xjhG/\n3/29eA==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFStro05R+CPmjWMHWtzXUKfGll+OosoZtXAyPtngN7T",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDRTOW45QSBTNEQ2\nMUtpczZNbXFlenprTC9RSjN6NmZkRmJNVGpaYjROWjVzenl2azI4CnBWMzZFREts\nUW96Y0tiN3VFQTVQKzBhZDZpT2x4Yisrd1d4MTdYRllFT1EKLS0tIEZvUlBTaW1B\nZVpTdVljbVRRVWFuaUs4N3lucmxwRkx5OFdIN29URnozUG8KjiD8mBnbRRu2NikI\nzNybkFQtAQbT7cKEA3msPCXkFWxjG5A0b9B4Sp3MJ4Xq/mJpts5WowARAfuz1ucO\nj6UaRg==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDRTOW45QSBqVFdh\neVRNcjhJVHVHSEpabGtoSDArK1RFeWRkYW5tTXorOWM1WEY5SUZRCkxHWE9FS3ln\nRG9GUjNidENhVjd4OTZUQXRZb2dIL1JqTlFmOXdWZWlxeUEKLS0tIEtoNW11bzBL\nR25ORk1KUklUZGg5clhDSnBONmZ4UkZSS2dIVmNDRDBNUVUKHh8GqwAOrpeclc7W\nVFKbfispWN6W3G5Hw7nOl5OL5Q52Paw5ylC7qnmeGg/jt7u2EtV5S0cI0Tl6mcRH\nLMfTMA==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO5qner13Q0fm5NhdXMx2nkt5kxjC0/SVY2FXh01OiHN",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDVucGlodyBubjg2\nRWJyYmMzQnpIQTlONmhHU0xJb0wzd1hpWkdlTkRqZjkyaXgyWlEwCjVSRllDTHFS\nWTl4T3kzRysrQWZhOEtJSTMwT3FXTkxTa3dJZ245bndZZUkKLS0tIExxV2FIOFJr\nRlR6dEtoUFN1d1NKZ0ZNYzY2TGZOTCtEQ2hEMUNuWm1iVjQK+WVOhyQC9l6O5rHi\nCQsI9/p8m9vJ0zNRZlfFyNF4TBffqJHqRsnMpWrnYlqyL2+W1XzH6+KTntykCx4H\nH42OkQ==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDVucGlodyBmMGxi\nZXlzbVhsQ1FReDJETll1eEhRRGRncFdQK2dRdDc5NXUvVWY0TFRnCmdnbHFNWG5p\nR3FwYkN6T2pJZHZSWmNKd3NaMEUzZllBandXTS9PSkwyMUEKLS0tIEdnSUo3N0JE\nUzE4RmlmYTVlRnA3ZDdhc2h6TG5kYjNjQ0dLU1p6QVNmQmMKx4gAAcIysAE4Lq/6\nVVjM6PxfgnL0/yzEgp2uj8b1pZBvqe+uyMi315QKRIUOLVpQLczz+GqMmWWXiNEI\n41bWEg==\n-----END AGE ENCRYPTED FILE-----\n"
 			}
 		],
-		"lastmodified": "2026-04-24T02:42:10Z",
-		"mac": "ENC[AES256_GCM,data:7AmEbh3FSycQtb9MXQQyoF3hLuYBIYVKDhjv2jV8xd5DoLIJRVq6GfC9omrwjhY2GxcykySYzLZOcM5A/R44wDanQ8Pw73nhYMzYaX7YbIQ+pUMFw7MMtr85Ud6Wp+x/txOYTPMx5Ed3ttSsZS6Qg0bHQEfS2H3WQoBp+qknwyI=,iv:aRoSRzviCLCnPVdvCiAI991A8JMT01cUKaecSDDGzIU=,tag:lGafB/Mlr6rI5rx9Dq+fTw==,type:str]",
+		"lastmodified": "2026-04-24T14:30:26Z",
+		"mac": "ENC[AES256_GCM,data:FU45eLE2F0gjeGWjCbGn15dnrxb5JF1NQEOkOswcj9gOAhwPA/nsYwbF3LJ3wHLCEyJb6Df7zk1z0ipiwe72MjGS6TQatR6+jDoFwHDZ0IH2rOheMh9I83Bw6M7KSm7nBPzmGc5Qn05NGKwN0iYUBcCpQzsV9LHCAl9ZMjAbos0=,iv:eZYZuZZi3mq4MPA2e5Cc2WYmfs4iZlhVSJF+sF9HTm0=,tag:N1uTw1iSxp9IlTEiQdc9Ag==,type:str]",
 		"unencrypted_comment_regex": ".*",
-		"version": "3.12.1"
+		"version": "3.11.0"
 	}
 }
diff --git a/packages/gen/env/data/prod/stackpanel-go.sops.json b/packages/gen/env/data/prod/stackpanel-go.sops.json
index b7fbc7ee..7d17ce69 100644
--- a/packages/gen/env/data/prod/stackpanel-go.sops.json
+++ b/packages/gen/env/data/prod/stackpanel-go.sops.json
@@ -1,67 +1,67 @@
 {
-	"STACKPANEL_TEST_PAIRING_TOKEN": "ENC[AES256_GCM,data:1KAk17eOd3c=,iv:tP8XxladEexB9e3h6bHlYjAovKMjm3B7G/DRg+VpqgE=,tag:7B/ux8dCG6GIQ6ptEMPjRw==,type:str]",
+	"STACKPANEL_TEST_PAIRING_TOKEN": "ENC[AES256_GCM,data:gktx9n9vFc8=,iv:tF6nUwepSDM+kJ9eF1wzMA35dshD+pIGQ6pm7GBO4ZY=,tag:Vksz9DENJggH54BBdTc9PA==,type:str]",
 	"sops": {
 		"age": [
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjMrEzKQSq/0eePzgUGXM349sBm6GVCXoz+tJZJaBVT",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHZMYWFYZyBiTTJ6\nZ0hYZkdEMEMvNlByMUQwY01tcDFKdDVRc3c2QUtmZTIrRVl6QjFNCmlSaUlzc0p3\nMzUxdXYzZVZxZjMyTlJ1cWpTeVV2NmNzZGduYmNQQXp6U0kKLS0tIGZZbnZGRUdq\nRTRySEljQU5hSndCTFRoWWEvRDI5dlVxZzFQbjByOEdORVUKOYAv5tcPGH9GXwWF\n9lVW+oJojILKiIF+iW+a1A0yroEMzG8rZo2epoSN0lvgWC6tTP5QJ/67EC3YBOlI\nsVB7Pg==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHZMYWFYZyAzU2JC\nMWVScDN5N2ZPT3Q1b3NHTkwxS3JtQ29wWmNPc1Q2L05YNko0cUdJCmlna2NzdVNk\nK3NQeEtuRzdXdGYwZWdPMk8vOEh1Tm8vL0owTWhoZW5ObE0KLS0tIHdhekg1dUVX\nRVRVYnZadThjaVFZaXhYN2lmazQwMUMreEZZeWR4d1J3dmcKQqIpLGm0GkBOsKqj\nj3wm7HyGeChNOGvGr7NLqrclePrKggMiZV9XErOg6J6AJoXXF4OHTtNvqZ2o6QwE\nouorZA==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIoX0wKjybps6ZHuvA+uwE1ThfWl87MApDLxCjCDUCC9",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEtlVWxBdyA4bVl5\ncC9VcVFrLzhEMlFNWUY4TnlDcEdmcGxuRDA5dFdQUk54V0RKRWlvCmtRbGhCSmxN\nbHBDNlZnZGk4cHduOGhkblFHSEgvbklKNGQ4MHdjNUtqNkUKLS0tIExCZHlXUno3\nZFZQNEt2YWlzVzg2VlJFUnlqLy9mc0FucGtxRmVrcFQ2blkKZufr3Fuu2tJ89cNB\n3sZzQMn2QxiLQPaRkCo1FaJ1oXMfymNg36GuaOhfQINyn3f8pgXS5rA0YLVO15x9\nAodTgA==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEtlVWxBdyBvVDV0\nNlh6czZYMWhSM25iMnNCYmhwUEtxSmQ2emI0c1hKa3JuZ2JTODJVCjBIK0V3aWtS\nQnpKL0ROWXVJc01aWk1RS3ZteWoxUXdQbS80N1dOOFIrYmcKLS0tIHZDTFdHSGdj\nRnIyL1N4bTN4UXVXenZaYVZKUTArWFM1b1Y4RmZrcmVWSXMKz+4nMHe3+IXQDFJT\nJxdm3nZtFXv62GSkwuRGDZwgMqErGu7UOhkdWU2DSzMdON+kl9MPrsaETGU73/s5\n1b1+pg==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKZPhznHjTDifGroHiGRD3hwWz69B8NsSSPNbwWjfzgW",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFNdXZydyBJNzBJ\nRWFreWZCNi9PMndKR0xXbVY1dTRCUE56elRoSVI1QXhsL0pVUXlJCk9STDJKUkZy\nS2x2OUcrUGhlNlRCS2FqLzd1aGhkVUxZWEJoSm9xaUxtR2MKLS0tIDlRbmprWmFk\nMFJvaHJVamRlQXowRFZDUXBwTGdpWVQzOXhhZUVzS2JXN2sK51gds2PMMs8W5Q+d\nEAkCwKqaO+50SSmu3R4cEiFTme0KttTI3arFltUcSjAdn0mg8+B7C2xyp0FKzmOP\nP5ALBw==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFNdXZydyAveTFv\nS1d3WnFHZ3JWS0YrQ0NIMlhMSnZTaXVhalJjVmU0N1pRaEx4NmxjCnVGS01ybXdD\nN2tQSkhKMStMYkozY2hYeGkrc3kyMjIrZ0RVdEM0STZ3eUEKLS0tIGVrQXozdWxV\nSElEenZGQVpNMXhqVFpyK3BQTFhDY29uVVJyUjUwb2RSVVUKwMEMyvGQ8g+vGClc\nd2L6eFTWZHjM0bHHPxFguUfYiRVtakOj3cegBLmsVXltwRHVQgXcm2xArpokbJN1\nPA2ORg==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJF9kzudl00FVTQA7nnSaicAJW2MoBKm47G7wefb6uSm",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGw3N2NtUSBBS0ZJ\nRlRDWCszbDFMS20zK1pjSTZPTWVTZVFNM0R2THl4NWFHNmZQdXprClJJVGY0akE3\nN1ozOU1za3M5WmtkUlhsM2YrMktYQXYvcWltSWNQbjFXT0UKLS0tIDVsb2grUFNv\nWG5GR0ZVdHlNK0VENFpjT2dwcG94OGZLVUJYTlFxLy90eTAKYgfhjdqNBUs3n7Iu\nXKOBe6+Oi4xApmaLRr3vYHgOUXonCRR61XR6ZWMgMQGvwjf3/wL0lw+ULUyQAqZb\nvWIGHQ==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGw3N2NtUSBrRWZ3\na3NlU3pzTHZkelhJd0JDYWFjSk9lUHc0djl1ODJFT1BMSzFRZTFjCmo4OWV1MXF4\nMG1mUDAxRHBaRnBPNlVKejQ3WTBKUHZNdytZaU56V2Y0QVEKLS0tIElXTmhQZDlu\nSHpvRmxJN1hra0N5RkVHZTZBYmlFV2VBejV0RkR3VjM5d2sKKCjzjKArEfSuYoth\nqkd2uRCfaC9mhO7PcXcWF0hLj6PyNfojzwfbv77SLCEVHWnJpCsw0/dmv/qJtMOc\niF914A==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDmZV9Oi9hrckXTpqBnDKRrY9mgwj+SJeVBGWmne2+q5",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpUeE1RUSBxZmpV\nSTVycTZQeEFXOVVKRUs0T2k5bnZWYXFubXBPL1R1S21vVlpQclcwCm8rZ3kwT3ZZ\nZ2hMTWJTOTVXdk4xMTQzeDhRSnVNT08vYXVYanFKZUpxVHMKLS0tIFpDYUtjWWZM\nSFhkcTgxTm1uMU9CV2dDc2hGL3BheUFNNWdrOGpuRGtVQlEKJoxHoFG3MTKxVDb3\nIodWUvqbn9O5OHNQWvY9hfczem6KxNMaUV5DM5mcNmmR0JOLB7MrxIbYeLTCYmcI\nNUxN6g==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpUeE1RUSBLZkZJ\nRHlEZWF5Tk8vTDNNUHAyWlYxbTFHUHpENEluaU9mS0dkME1hWWxnCjZyMytsYSty\nSTQ3RFNEVVhkN2lUYzVkUEZqeis2Y0FvZ2MyOVhVOXRyVU0KLS0tIDNxdjNYRmw2\naDdmY1dydTA1Nit1ejkvMWVrZE1aMFRFYml5TnpqWS9SRTAK/RJ8bXDy/Z8yYUUz\nA93HUZLe7NBKthIm7wp3kg2pWkd3bIPRFCPklDHtWXG2py4PZKa+xpAxk3ECPJ/a\n7/Hx/g==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA+M/DHDlKgayM6wsiX6r704pE+2qENOsKcytC7sBhKA",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDF2bHNJdyB2VUk2\naklLOWFQREdaYlJzcTM4ZElXQzJGdjYrOVpueFo5cEJhd2U1em1NCjFDQzZla0Nn\nN2JsTmlsWFR0MTZXQ3Jwakdqb3dSVlBlZGloMm9ZQlBmaUUKLS0tIFE2Zm5GdWZs\naFg3UWYzWkh6SVRwNkJWSGlpSFdRTE9YQm90bndiQVVFc1UKi6W1qKhgSHs32s6u\n8sVqYbTfNZafKfS0DNfSTffZGXk0e+dcgnthi3kohTDrDkOTEIEJFrPfuukGo+GS\npexXiA==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDF2bHNJdyBNMU00\nSEF5Um1ZaG1Nei9kdmpoQnRTbmRmWDlyeW4xZkVqbVlsTjkwZWhVCm5EL1dzK3VU\nNHdPSzJUSDBYdFVCNTFuZGdUSlZ4eEVlay9ScUl0d1NObTgKLS0tIG9GcGlTd2VC\nb0UxT1lON1VQcVZxbnVDSS9ncmhjMkVBeG9oSHJTaXNhRVUKNtVwwR8y4GvuMrLK\nknMmlqdxYn3BJfw38F+SPKsnbJzzcOrwZEfD4qvkpBZptTd6JvbEAM3KF7T5fwdz\nkYLQLg==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINh0gA7reCRW+zQ5pPpIjoJGpaFQSbC/4K8B6vMXJVr+",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSBBdS82\naFNHUzZBWVdXU0svTGtyZXE1UE16UFJIWW1ESzhjeUJTck42TERzCit5c3A5T3Zr\nZWlwTW5aV3VaaEYzWmFYRExZK05NZnBaUE1vWGI5ZGlaaGMKLS0tIGFJWUVwZktz\nU0puQ0JoOXVhSHErWWRqcEpLQkZ1REdsUU5LcXNZc0dTL2sKorD9++bNoZj2ao6H\nw0+MoJMETAj1sAd8kVQlGzkXZRr/7uyDI5k0mfTWfylCDQToeUjHck6fjTO/v6sN\nOQW2hA==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSBzbVFi\nazVqenBRNTN1RlF6czNBWWVBcS9ZWFpCbVRxMVFXZG1ZVFp3QmdJCjl5L1ZnMmJn\nYnZ0ZUJKNGhTcEduRjJhVmdhVThQcERxVTN3UVRxMFFqWmsKLS0tIFh2eVdNVWFK\ncFRhcDZXOHRNeDNvUkdBQnZ4UldIM1VneUZES04rQ0phLzQKPWH0cZ3BHhAkODxZ\nvs0Ita7fafVu6KFlAiViDTiVvSTNQxU1p/RgywNuKdkWHEjEw5RlU7acV0aCpzEt\nHbAHqg==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEmYihgWHfnLw0f8uTfLokCwToLavzV/+k/GggBA4Sz/",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtNZGJ1ZyBqZnQ5\nK0hDWk9BN042aHFXUkVFcWl2YjVwTjd3V0VaWTQwZ29EaXVXUERnCm9zMlhpZjVw\nK3ErSWNIdlZpSWtENXBLMmd5K2dZYVpvY2ZNeG9MV0FKczQKLS0tIEdtWVVPRG92\nS3g4U0hKUmtYems3VjlZWUJiY1hzMTk1ZkpuL0Jhb0t1blEKWMJ9JY12U6Zt8IQc\nfH2BU1T+jAyL+EcE2SM5mnaqMMlexRIKEXfND4XpqiRBDqJBBm1er9dVmFVsz80g\nyHqAVA==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtNZGJ1ZyBoaUJH\nWEhld05uZ01MVVpGdHZqR2hIcjkwZ3pIZE9Tb3ZtR2g3YkhOUDNNCk5CRGpLOXNS\nN3dobXFnRDhtL0UxVEkyckxnNk94TlFWeW0zb3ZPOUxFdlkKLS0tIGE2L0hjM0VU\nMXB3dktwSXBtUXIvRGFPcXdhSk5oUEFKejF4eUFabE9vRmsKco1lwSik1fXkjZVl\nwyLiQBssJrf6zJynwXJcjoBaxYda11cDbw8x9qB2Fd6eA5C724zT3HzQFBoVQEGi\nvPijaA==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvT1RvcTidgpVYE0OPknc3f5HcAVpyk+rXXrW4AcbzG",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFFONEwvUSA0Skxo\nUmhOUzJuS3pRYllXMmVxUEU2RW1kM1E5VFpMNmNSVzY0ZmU5Y244CjZOVTNSa0wz\nSWxhNWNacUllRGhxT2Z3ZlovSkdkOVVzRDl6MTNJd0hVbUEKLS0tIE9wRjVRdTNm\nY0NCb1BnSnl4WVVjQzVlYlZ3N1ZOUEtXNkNJL09iM3ZTSEkKx8sjzfhziG8tId+h\nCflxmZqBOX7LGSAEcr1qPLu3e5cY+CmE3H4S8HpvlwhvWlNJXcDOgs3BYWkCbzpj\nisW7hA==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFFONEwvUSA1S2lK\nU2lwazBsWWtEK2taL3FlK0xnSDBjYlFRSmxRdEIyRzJKR3htNlVRCkVTc1JQb0hM\nMlVLQlVNR0VMejRDTHhhd2dBczZJZXdJVkdYcDQzTmRhY1kKLS0tIHVkd1IxR1Iv\nRUx2bTVlYzdJZUdMZWs5Q1hmQTRTc01ZUjQ5V21XLzJPemsK6qVOVk+SDVoYeQD0\ncpf7kDmG5CMacZzQ5owdxOzo7jAr8h9H4hh0J5jYdU9rmWNsBtSUl1sCLnhic/Bd\n3IOsBg==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEijeq50HS1g27BTRfJ8XWIPrAX9UVkap5fgIOCOtA5+",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDhjWXRrdyBXbTNl\nSW1VektBcDllUDEvT1pvTXFhSGRzQjA1L1FVVmlvaW9nWFNoZm5rCnpIMDUraWdR\nazhncGJIRElJZDN0K1FOZnNjQlM0b0VZa0c4bXBKOTZQMHcKLS0tIDJ2SlpOeHVT\nZVVOTzhOQTdwYmI5bDZNYnZkRmFJajUwRUNkTmxZYTlERUEKYbSTNg8XvZVlY0GM\nu0hMXrnA5WnTfVMxR0YE0nBpHu7Dy40MVbN+rZdYRnQeAsE+VEiXtbyDWKhpGUMa\nG50y0A==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDhjWXRrdyBtbFpJ\nNFhlaWNLZWgvSDhxcDdnVDhzTFVYRzQ2OGNveklGME9hM2xMcUJvCksxMGM3VWpU\ndGFDNm5sK3l0ZllaVTNoYlc5cmUwUXZSWWdWOWQxZmJ2S3MKLS0tIFJ0VFpSbUxo\nVGg3T21WakVieUFRN0h6cE96UkwwTDVLNXNsVmxMeFA1RTQK0s/0MCcupPpIr5hd\nKYw02mgXpR/Ml6a2qtCxOf6iqP6IB6a9e6eY79e9R+Qh2I0/8CHLCyb5VK1Jp/1g\nWR4sgw==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
-				"recipient": "age1eqcj2g0fdekj2wpqp4y0fg9c5myydjdt9zlr5scr0grk6fxszymqkpw5jf",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwYkgrdzlYcEtJNkQ0SkU2\nMldqTnFXZnozbTF6dXZEdHFqOXRibzZRREFFClVaVlp5V0d1VTFSRDhZSnlMWksv\nV3FqVGQvOWY3WHdqTEJ3U2xYWmpocXcKLS0tIDNkYVFPM3JlYmJqaDR4Q1VrRFZ2\nQ1hYb083Mjd2SUlEaXI1ZWhneHFWWEkKpnOl48evKfgnFfHTcptU2vOo9miQqkk9\nslzbylcDc+CRC5OOpqcqVuuX7WO97zUaGM2gMAFH2N/XboKkWtE/8g==\n-----END AGE ENCRYPTED FILE-----\n"
+				"recipient": "age1d9h9mm3u5qalmpl2pf62pyzqj8t654n435emn93rutv0cg9sr32sg64fdj",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5Qzl6cmtqZE1yNEpubSta\nR1BjQjFaWkRrek5TQU5DOVdHdVpEcFZOZFh3CjJBSVJJMlAvc3NUVHZtRUhmaWpH\ncW0xWTNyKzFLZUxjSjBpK3o5Z3krZDAKLS0tIG5vZ1VYbzZTeGRIMzZuZUhHQ24w\nMEFaMkUzS3Q1OGpQMGc3SDFMdjc2N3MKIw81SLciDODAJndleCOkOHCQcZ02AQr/\n5vCEpwfUPk0lLpQvQksx/Oy8fqChKyGkJ446j3d+dg7ld35j6UM5yg==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDuzbgoXZccZ2w/9HGgUyT9nJH7lG2/jfQCZJudY4yAN",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG05VmtkdyBFbjk2\ndEVNY1I1a0RiZEREREtFZkxySmw2Q2pFY2dsRnpBOExqSittcVJZClpseExGRm90\nOUZuYUtsOExpcXZ1TENPaGdTTlJDWG50ay8yRkpadFlhRlUKLS0tIHAzNkZuaUd1\nQ0lvbkRFSzlodERDUXpZeXRkVDlGK04weWpTK0NXQ0NMaTQKdQqhdUYvULAYBvsq\nLGLhSVhSzX+G3YPpGUVGC0PcW5sMG6D2fGhEmcD28L767PBCtoGFjjztqWnDkUDF\no9/5aA==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG05VmtkdyBRNlVs\nbm1QdUQrRDNOQ0RaRGJNVkRrak9qOGRyTk14UTJaeEdnYkQwekNZCnF3NUhxNllp\nYThLd0dWK21GRlYvMGlLZnpwaEFNSTVqeFBIT0NrRGsyZlUKLS0tIGczVTlVcHFO\nbTZYUWlkOWplaHV5dHBYcWZlemhpWWdwSkI5Qnl1YXJpL1kKQpXrjcSKi2UGDt+e\n0AAX25X/JmhxZlyQYIpYOEy1OcWDWvdtaB9DF0Rof7nAQLqV+DpVfSJhy9lsruIX\n1mNP6A==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFStro05R+CPmjWMHWtzXUKfGll+OosoZtXAyPtngN7T",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDRTOW45QSBndDN4\nM01RejBSeGkzejRtYU5iWi9LcFJaVkczSEhrd2RKUzZuNkpWY0JNCm5LSE1BOG50\nWThTOGlidElWWGFxLzRFbWMxQ2g1bVFYZ0tvKzBnK1JwdmsKLS0tIEtDbzNMZEZO\naS9aRmVkVVREZ2hraDBYT2xuYXY0Rzhxd2F2aTNvWEVoOXMKkxBuPGg5t7+oM+4c\neq8k0dHpfQKkquotzAJSDyaQlSY6wqCtZeX50Xc0slsORfExjAUKKfRXKI61BqWF\ngQQTLg==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDRTOW45QSBncjhh\nUklQT3ozek9iM3pyNWMzcTJ0eXJNYlhCMTJjc2pZcnF2QW1vblg4Cjh4VENzNHhK\nMFF0Q215MlBpUDlVZ1h0NTVvUjZQUGhEZkVtU3V3VWRvb2MKLS0tIHRPSEhsSjR2\nZ2RqRFdVcnRJSmRJOVpXY281U1FFcEo1VjdNREtYWEloZlUKGHRNMdrHRFudBP+R\nUphxjfW2KoDTJEhcSUyEuBJa4IyY5pYSPEawkvZFmf2+gHxTDU31beBP/zj6f5MM\nPZff/A==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO5qner13Q0fm5NhdXMx2nkt5kxjC0/SVY2FXh01OiHN",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDVucGlodyAzdFRD\ndHA0WjJjL2tXTHNxQXZwenloRTIzKzZ6dDlXWHMvTFNpZkdrSUZ3CkdmWGMrNGxl\nMlU0MWt2RmZ5alkxbUY1MWRNQnRBMG92emJmRGNCdVU5OEEKLS0tIHUwc1VXQjBu\nR1RjcWgyY0FpckhnTHdWOFM4ME5scjV3MlJKdDQvYTlBMVUKlfIHlbr+CPYBU45k\n+42ft54vwU495JT9Po5rWr7wB8C42pfLr6f+nlgSPH9xDAd41c9LG94l7G61Qa5K\nhfwQTw==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDVucGlodyByYmEw\nNUJtUmRPM2VOeThsMHlhWmk4WDlTQ1k3aXBRTk9ZYno5WnVzZm0wCk92SlFJcS9R\nc2cvelFxa21nTXlEeFFVUUpoM29IM21OK2QxcndERmUwdjgKLS0tIHV5dHVVd3F6\ncU9vbkZTTFUzTkFHL21BR0cwQmlqOFlsUU5Eakt0dnNCYm8KJEk5rsEvYsc53xHE\noEu+VrCFGaXmX+gEpL+j980RRMiB3WqM0UJtLWyI5tnNR68k0CSXpF/uccr0C2Je\nHCkTDg==\n-----END AGE ENCRYPTED FILE-----\n"
 			}
 		],
-		"lastmodified": "2026-04-24T02:42:10Z",
-		"mac": "ENC[AES256_GCM,data:O3BejMzmVTVJKz3wsFrE5rcYzvoqGF4kiyl9WpElADAYUYOYe0fEMDvH58DibAIs3gcbXXlIcmkQPb9FudYPgirP1jxmCEShCpRDN6EwkPo9nLwJZeuGoRYM4Xnu2JA5/NtS3U2ivqltuOIeVlyKA5jZXBBK+z4+VPRjsauua9M=,iv:lUciopf5oUTHeKyY4bi4XTdAWO61LfSZbkVxfHfsGmw=,tag:KxPXVi0ziEskZ8UH3KxHpg==,type:str]",
+		"lastmodified": "2026-04-24T14:30:26Z",
+		"mac": "ENC[AES256_GCM,data:Xmt/lxjHie4EUNZvrYg/N2GsOG0pXSpZ6/o99aW+5IXu7Dg/XYWj11Ybpwnra7yMEgyaGqJVDyqibPJwJtpyrwHQ5BsR35sZ3l1T4jChmzMVGAOzgOs2CFjpS3w4rRGBVHns3M5Mf/uKnsTD/xC8TAtSkz1DzVWWqTnJkNziEZY=,iv:TGI+8eUn9NnP7vFHRbt04bSKkKC9kcy7Yy6bKwMlSeE=,tag:8yGRSEE0nzL7STqpZRTv8Q==,type:str]",
 		"unencrypted_comment_regex": ".*",
-		"version": "3.12.1"
+		"version": "3.11.0"
 	}
 }
diff --git a/packages/gen/env/data/prod/web.sops.json b/packages/gen/env/data/prod/web.sops.json
index c6eae291..d26ae5a4 100644
--- a/packages/gen/env/data/prod/web.sops.json
+++ b/packages/gen/env/data/prod/web.sops.json
@@ -2,77 +2,77 @@
 	"BETTER_AUTH_SECRET": "",
 	"BETTER_AUTH_URL": "",
 	"CORS_ORIGIN": "",
-	"HOSTNAME": "ENC[AES256_GCM,data:TZniHwf2Xi2Fcfmls+s=,iv:ymWYNRApnXwNcvENuirE0riyxCC6ZFNJpUGctqzbVrk=,tag:h+lS8KBvFx3+IRY9CPaumA==,type:str]",
+	"HOSTNAME": "ENC[AES256_GCM,data:6sWT6lixenhgb+maNEM=,iv:uNTlMFMzdGuPzDiSIsYBC2A9twzD9+Gl4CPV3pAUtV8=,tag:8nZgLfV3r4+SfDS6F0Df+A==,type:str]",
 	"POLAR_ACCESS_TOKEN": "",
 	"POLAR_SUCCESS_URL": "",
-	"PORT": "ENC[AES256_GCM,data:MRT6Kw==,iv:BbxIeiKR5GDXdDUIhLri+g8kN2DNlt2RdksTjAOwNm4=,tag:bJP9/IwZm570+GadjzKCxQ==,type:str]",
-	"POSTGRES_URL": "ENC[AES256_GCM,data:/4W7qoABCLDKlYS+iLf8evqxBS5fVLB3TIQKjMhZteQvun5NZP0eFGlm0sMZm6xSaXABy96eHOxPqZrhbHcZKAg1jq//yyffjlmBTl6wNIoUN2alSFgUcfkz78mDI5oMWAMn2F0jLCgyTovuTk35RWZ72CkrOHgIr+2D7y6MaFjli20HGE/sckr9qu6D1j47vsA8yXgSkqSuVJ9US4is26QjdujsqBmyLg==,iv:cRRzUEHuiw+gaWypwDOyiRJ93MIfoNHUKGV2ZH85fqY=,tag:lcvoewHOGQN8SYK+z2enCA==,type:str]",
+	"PORT": "ENC[AES256_GCM,data:PH5hbQ==,iv:Ofjc90sZqORDyPXyiY/p6C1Udx2gel3r/GkFUf8dDYk=,tag:Pk/wVgxACHRW7Wvl0rt13A==,type:str]",
+	"POSTGRES_URL": "ENC[AES256_GCM,data:D5NoSyjA1Xm6G/yWQV9nbSN17WZklO25VcZTbrRqfmZM3sZ87MuRycH2jXaMC6169KRkCVUb5zLDGaK+gmQHcCRXh23od9Y+bFft5R1wTcBVDdVbAGkT9fJjqSl+BCHan/6mTZBjoWa9PN8Bo3ac3+iYTsapXy5jreC0JRRlhRVQe4FED4I7PjkbuEbOcBvYpc047RSZbnbg2akTAbt5MhiqRpf+V20gZA==,iv:IEnUBLBrIHizt+HjgT469W7vU8cPdJ2Ze8xA29APxFs=,tag:Y7I2X41TuHkJjBRtDDyCgw==,type:str]",
 	"sops": {
 		"age": [
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjMrEzKQSq/0eePzgUGXM349sBm6GVCXoz+tJZJaBVT",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHZMYWFYZyBNTEFS\nRHFFNklDd3JhdGxzOWZDb0czY0NXbDl0a3V1aHFKY1g3eUt3bm1jCjFCZ2V4aWpy\nYS85cnBxUCtDRzNPVEtTSGVWTnphMjZDZytFdkJGRFhyc0EKLS0tIFRkL2JwSnV2\nZ01uQmpyL0N4L05iZU9sU05HWjNlZVR2aFBtRWhlMFR0cG8KT9s+pjtWEaRFKl5w\nP5SIxmgD3XNgIOGBItbsQRsewU8R9UyLzVSN9lr0poyVWCZVv5txlML9MCZZOvcx\nj0UIOA==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHZMYWFYZyA3bHJm\nYXZXNVBta3pHaktwbk5MTXZNN0k3bVVZazF1NVJzZi9tRkVSY1ZZCmF3L0NkRHIy\ndGFwUGt2dHFRVkE2QVdWNTlYVXA5VlVNQ1RsNEVDOTRvd1EKLS0tIDZ0TlFOTUhZ\neUdBaVpXenFqdERhSXI3Uyt6Umw2QXBTSFRGWEF0SUNGNFkKQUDK9kxzJRu5m2Fw\n0K38iUDf/z6+A5MCXfhiUdoJSz7aoWKOafBqZc15cnjfHnm/Tt8qZN6JWnZBMX3Q\nB8/rjg==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIoX0wKjybps6ZHuvA+uwE1ThfWl87MApDLxCjCDUCC9",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEtlVWxBdyAyNGll\nYXZxUWs1TVE1SmNSc253Sk5Fay9nSERiWFFTVm9rWUE4dFlYZUVZCjc1S2hLUjMy\neVZmMHhNVGM2Rmd0ME9YTm9JaVl3K2xlRGgyWitmMzFaMkUKLS0tIHBpaDg0RHZw\nWFFaQW1QeU1jdUxTK2pFcXZhMTQ3WnZUSjVhb1VBajRucmcKwvJvcOVboPPhad+S\njv0Qfj9vK7RSS6dziRPemiQQyxYxf0wYW41z/bCecRltC86y97lq4SNnl93Wj0Ld\nwnInXg==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEtlVWxBdyBpUTVH\nWTVWNGNjZ2ZQdWNjYnNXaXJmZUxpZ0NRNzlWelhlSlBFeS82TlYwCnhDREkvcVE2\nRUNtMU1yczZJcExUYnhLSVhXUjA3RVhYd252NmVGdVVSaXMKLS0tIGZjV1JNZC9D\nbk51SW5EQTNQQlg4TVovRjU2aUFJQU1EZTZ2TXUxclBwa2sKwYQAyTL2uHVFMW4a\nSmK8JcVo8gzdwFYn2pUb5JvoqBOYq49MRAZ8K67Eu/09mwbTwT4HuwJ03Lx0NoJe\n4pilCg==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKZPhznHjTDifGroHiGRD3hwWz69B8NsSSPNbwWjfzgW",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFNdXZydyA2MGd1\naVNRVzlYWmJPRkdNd2p6SXhvam9ZTzY2VWlrNWNPclVpVUpha1YwCjlMWEt5RkVy\neDdCVGZzbkxSdGpEVU55YS91c0dtU3JYOHpLM05RNUFXRGcKLS0tIHgvbmh3OVZC\ndmJuV3Y4eGxkbzVoNk00blJiS2svUnZLYXp5YTFNSUZFWkkKY47eTMGj+P7e2oxb\nFr922thc33846pMTEYgJB+/lTFHw2lQHhVqQl7GaH27iwggXoHhckdK9lj5Xotpo\nrpMWYw==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFNdXZydyAwS0xq\nYnYvUzU1Y1JyTFdZRGVoUk5hUEpDU2EvUjJyT0M5aXU3dlQxMzFrCjlPYlZCaG5L\nZEQxRy81aFlJVGpJUnkwUzhqNkZUdUZUaWVwZlBMN3JqU00KLS0tIGJOYzdFMU15\nNGpBcW96OVU0VDRlNmdpWlZYQ2RCd0d4cWVOQVJKbm8yRDQKFX41Oj+KBjv2rsIW\nTE6NOvnfpKWC10B4lCaARlSUxUVwDvDhKbUBHtgPW4J+vz07Ipcq0f/JlTBm39nV\nEWKq5g==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJF9kzudl00FVTQA7nnSaicAJW2MoBKm47G7wefb6uSm",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGw3N2NtUSAvRjZ4\nV29Rcm8zV1Rza0dYU2tFMWN5cktFdE05ZVdLd09USm5KbFF6NjNBCkxLTFBIbU9T\nNENPc3NrK2diS3FvZVJUNE5uV3ZkSDV3d1pEZlZyT1JGMncKLS0tIENwUmlrV2Jm\ndUZBQjk4dmN3YUdXMVkvWGlwVS9qVW1HZS9HSXpYdTFRdkkKK3mr3dkVgNlqrJEh\nyn5tv0n4J54kTp27b3qG8KceaxvPH/M/5r5gy/5EegFagBbtO3uudaxNfRcLUevP\nz0puVw==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGw3N2NtUSB0ckpQ\nZFRXQjZvaWNNTGpaMWE3OGRkclppdGh6RWtMYVZEYUdHNkpQLzF3ClNFRHA3czZF\nMWwxZUlnbHVrMmptb3U5YWlBZi9QVTBSblQ2a1V3NWplZ00KLS0tIGJ6cFB5TTJV\nT0hXcElDUW9ub0JMZE1rK2ZvQ25MM1MveUtZNzBieTRUb1EKZulYxalJUu24ShPL\nZMoanFFPXvGfOWOymQ8PY77IOlKB/xE9slcG5CnAdQtRhqpzDSRrgrFPyIFmnTXX\n4oAMYA==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINh0gA7reCRW+zQ5pPpIjoJGpaFQSbC/4K8B6vMXJVr+ cooper@darkmatter.io",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSBZNHN1\nSDdLUHJVNVBjZU5hTWxMdU50ZEs4dlRqK05zYzNIMnIzUG0wVW1NCnk0MTFQMmJw\nOW9KRUo0MDNSNWpQTGR4LzJ2UjRuSm9kcHRPSXFqUWNDQTgKLS0tIFpQamJjTWgx\naVlwYnpuSEhVdElkWVZSWEJRQndIT0t3MkxEREZPa3RpNDQKxkequFUn4fcax3YN\nLrBfXy5q4o5571PkTA9GqhJq4fsLmZoc11/WL83jOmDFeiR9TsqoIu17MSUi8tgL\ncgMApw==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSBRUUEv\nZ1RKc09FU05JNGRZL1YwZ1hiKzc3VGYxUEx0Tm5QVjBTcloxOUVVCmp4N1Rwa1Ex\nNTkrVXhsOUFWU3d3WUgrK0tjekMwaVN4UDVROCt6ZHc3b1UKLS0tIG4xWkZrSCt2\nZU9MUFA5VGNVck44d0JVb1JPSlNzc1FFbG5WMWJuZWNFamsKU/38FP6Z8UN8rnwG\n63QlwWUdnCHKf3R+ql8eFdvLPPN2RHax63s0qD+E7k3pgP7QHdRafeN/Z1uHF1gK\ngjfoeA==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDmZV9Oi9hrckXTpqBnDKRrY9mgwj+SJeVBGWmne2+q5",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpUeE1RUSBxQTE5\nVTI1QkFkcEdPNldBOVRkWU5TRjJxQkhKb2tkc25PenNFQ0c1Y0NFCjRlQlFhd1pJ\nb3htZGtvNm9wZlExN052Vkx6SER5RzFvamEvTWRsR1p3T0UKLS0tIFRXK2dZSzJJ\nNjlEeEtoOTE0U3dzYTZxb2ZsZEs2dFlYRko4ckh5cnBCTmcKD25pRD1R26UAwUsU\nCOFgZKlrRcHvQciZB25AoOxFUy8qORD8vTbN6WVAV7o+BWwiksxFOA5awpztQ3BW\nPGYz0Q==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpUeE1RUSA2TkU4\nRHdXdVF2T2hBRGdOcXRXeW8xamhQbzJrZE9SbFpkSThRaUxCSEhBCmwrVmRtNjRh\nNVNqTitUbU13bGNtNk9rbmRVYU51MGpqR21kK1pJdEE1VVUKLS0tIGRXemgyaEFC\ndFp2NE9renFBRkZMdDVERnRsaFZyRmY2UTNaL3pGK21nWW8KMvZlpk0t4GaYvtIN\nzId6XUR2ytwDiGCmuYc2/cBwj5ncjY7fejZ4bvm2hL0qZIyxHcfOvIWw+WRO53Gz\nOUt3Mg==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA+M/DHDlKgayM6wsiX6r704pE+2qENOsKcytC7sBhKA",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDF2bHNJdyB2bWt6\ndXdDSjgreTU0T0FqVWpaRm5tbGdmTklHZWd1U25DV293MDhKTzFZCit6cjAxbmlT\nTkNMRzFFMWMvLzBrTWpQUXIyaEcrVDFXaEdmc2ZPbUZNWFUKLS0tIGY0UGFidGJU\nSDIvSzFCT296ekMvL0gxa2hNZkJzZ2VaenJaWlhydjVQSWMKtzW4Dc+kKYSkxa3d\nL6PL44YuSwI0jmyEtp+A9E+gmXCeXKfi+7+Urxv6ELAA9ht+KpXwALoQHPBWiJnF\ng1GKng==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDF2bHNJdyBXeFR5\nMGN0Nlk1L1FKc0FqSGhIVmNoazRuSUJTenpMR3ZIWWdhUThtZlJJCkVVM0lpQVNK\nYmNPQU00Vnk5OGo3Q3g2bGthS2lPMkl0alVzMVVacHpSOTAKLS0tIEpZZUFQV2Qr\nRU1pUnlmZXhCUUZObEZ2UXcwTkI1UHRBc1VoUFJXc01ESFUK+igJD0y5/oUCTTAK\nd3GyfDLyqs9KnLTB1ZEI8Xx3efgj/itUUP2K+tANofSwPVTml8ea1XkM/N3wPoBz\nhUko8Q==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINh0gA7reCRW+zQ5pPpIjoJGpaFQSbC/4K8B6vMXJVr+",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSBwc1F4\nczlCY2EwcDh4N0syb0dVNjRoSXdXQ0lPR0FlT21jMENWVldUZjE0ClVlRGhnS1Ez\nbVFTbnFoWi9GeE5kY2VMdWFSaGk4RTBQT0JBT2EyWWNRNG8KLS0tIFJWU2NZR0Ja\nayt3MEFnL0tVNFNrTmlpVVE3SVVXVFRtc1owTVE1N3o2cVkK5xsCZbVnI8TrAuyc\n2Kugutuuxpv8O2vABcM0eCe9+ciRiVs1DXnMAlenbNDGDgkVKecZZg4O9acTpEe4\nevZTrg==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSA2TDU4\nOVJNNkJSOFNKSW8wNnBXa0hiUGREais5OUprTlJxeXp0clBrbkNjClZHSTd0NkZV\nd1BDZk45UHJENzFENzN6bEhXR3A2eGF5MlJqM1VicE8zM0UKLS0tIDNtdFB0STVi\nckhKVm5lRXRpSTloRDViVW92NmlSUks5UGJoVTg0Z3pkNkEKxQOvurwHVjtu8ghE\n3wUTwYd5Df83JDLxlCIaf0d9yCb04D89SJZXkT2Od9sazw2cjRnsqP6yeSf80fLn\n3G723A==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEmYihgWHfnLw0f8uTfLokCwToLavzV/+k/GggBA4Sz/",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtNZGJ1ZyBkczkw\ndHlrOGtaYXdTWEhubWpSVlFmOGYxQlFDZS9BQ2hvRWp4RnkrR2o4Ck56ekhXY1Yz\nNi9JazFQRUNZZXo0Y291di8wREZqQ3dtdWxqS1pXWDYrNkkKLS0tIGxFQkxVUzlW\nOG04Y3c1NVFyVnphRzFwTkRWU3c4Smg5MEFETjZSQktWTWMKZwZaatqIHGkM1T2A\nH6N/s4tpaTqSXmS0sXYj21VUd37NgN5p4IPvYGhMsVXxmfprJcGAmngd7tcEW0oQ\neEovDw==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtNZGJ1ZyBKZVBK\nVVlHazZzRDg2dlFqM25mc0wybW1hVEpUNUdpTE1WTmx2Zmh0eGo0CjBRRSs4eFY4\nT05DQitaekcrSnpLcEVpSUlSbURJQzBqcktLWE5zeGxramMKLS0tIEF5Y3FSQTJq\nbEdhbGxBOTFPK1p2eElCcld2SXpPYmMySzErS2tKVWNzWkUKsQNuGjqORxBwCZCb\nKd5kVCe86tpPszTOFjSFpVZe8jqBRSNp5aurAzkxcP61Z67Dz78Efb55eVssHZjT\nPcqusQ==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvT1RvcTidgpVYE0OPknc3f5HcAVpyk+rXXrW4AcbzG",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFFONEwvUSBvanov\nMlhnNDRiL0dGK3E5QnJ4UVYxekpxY0JFWnFRNEl1dXBES29aV0FRCjBiSmtQUlhy\nTVVuS0VqMm9UWGVrT0hCd2Zsbm05UHQ1eVJuTXhKeDhHMEEKLS0tIDJGaFpYakJJ\nRXJaclArMktFZkVhTzRUdGtndHN0NktwS04ySVlISSsyWmMK0EEhOzuMJlssBLfV\nONwQucOxUfLEdHXN2+FeXFQ+zqBQhbevsfvCihyxqjNyZB7Dbuo+OopkPBRoffRm\nBTZKqw==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFFONEwvUSBTOGdW\nZ0p2ajAxVGVTUHhRYnh3a0J1aWtpUzYyUXdGb1NhMXFGK3hYQmowCmJRcElvQmpX\nZTJCOEFQUUdMbEJDSGlCSit3YTNrKzNNSDBSZXJ4c1J5ZTgKLS0tICs5VEJ3ZFJm\nMURtcFl3NGNlYXAwWkRGeFdLNUpJWjYzQjc3a01SSzVDWE0KG9qiW+dtmEUs6JJV\nh+/tP+UV1r4G90Eh0hIrdybTi2BqzVbtWsfbUggxj84BAXOuoymhg2/rkJNr18No\nQIjeMQ==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEijeq50HS1g27BTRfJ8XWIPrAX9UVkap5fgIOCOtA5+",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDhjWXRrdyBnVW9K\nZFZIemROeDdYM3YxN1JXbGZCeWFXMEJWUktzaTRMZnRlTEJBcUZJCkJlQndaVWpk\nRUJoWE85ZW5zZTNodEFaZ1FScmpMZWx4SWJJQW9XRVY0T28KLS0tIGU3RkN2MUpW\ncnhGYSs3WFFzYVIzaXNFQTlKZ3BiWjlUbmxBSzg0Qi84ZEUKEKNrE1oU2vKjwp60\n4agwFAv5XvAg2aTodZPVnnlYeypggD0mXD8zeOt3qEJshJk9uCNT0YNK6zTOSk2O\nlGR0Lw==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDhjWXRrdyBYMGRw\nTmxBNlhPdjNacFZ4V2ZOaHN6QkNlTVE2dm0zamhnaTZIMUZhdmpvClY1K2dtd3NS\naENBQncrYWxVUWRuM3lsc293cmR4c1VPaFVmcWJ2d0JrTVUKLS0tIDl5RjZ3dHJX\nbkxwQjgyTFhxS2J0cEZ6TXBNcHdjZFhRSXF3a0xyYS9qVW8Kk7xlsF9QlwdGCueT\nf8PLbzGD6zmGTxOhpJvY73/cnhuvyorhpc0f2vshDVVSG6KOHJPUFtOWxGTBGf7O\nRe8oBg==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
-				"recipient": "age1eqcj2g0fdekj2wpqp4y0fg9c5myydjdt9zlr5scr0grk6fxszymqkpw5jf",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmbzRoUG5kYTdOSGpQelFn\ndGhYd0NheTBxTUUvVTB0aTBORFVDcElFOGpZClZqNnlKOFhYUjc4bjJsMTB0bjk3\nZFJ0N3JxcW5oNEJyL3haZTUxeVh5dGMKLS0tIG5reFA1QjVrZ0Q5bnJ0QW1uWFpR\nNUh4b0hBeFBWNmVCUWozcTd1K3B2RU0KsawIJIGad2gtTZo3SQ29b2raXtISvbj6\n3LUAYIJgv6s736XgChaVMZkE8WtdGMgUVl9IkZrdsxcUvFq4hNGH+w==\n-----END AGE ENCRYPTED FILE-----\n"
+				"recipient": "age1d9h9mm3u5qalmpl2pf62pyzqj8t654n435emn93rutv0cg9sr32sg64fdj",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2L3g0SDRJd2dDWnZ6STYr\nVU05UWJWUUtsM1NhVW11SlR5MWNyRW41Rlc4CjhGdXR1TmFsazVpSWJzR1hHY3Y4\nTHdrUEJwQWc1UkYvdHljQ1l4UUJwcFEKLS0tIDk3ZFFKN3l1N3doZHBaSHN6NndS\nSGZsR1pVMEZIU1RjUURDN0lDZ1h5ZEEK/MrikILkL0Q2+a6Z38/USEBRf3oeDc89\nQl1ROrkYiBFGIRNKoqw9/8HryYaMXvMxWfjhSiJ8Pu7cHrR2mrbDUQ==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDuzbgoXZccZ2w/9HGgUyT9nJH7lG2/jfQCZJudY4yAN",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG05VmtkdyBnQmpl\nT2J1MnFkZExXYit0TmE3MkRDenBtU0I5cjdkZTdhV284a0ZBWWlBCmt0aGxYVUxh\nSUtXeU5WOGhUVUp2NzJ6VlhvLzFMSWg1eEhCRjhzMEhFNjgKLS0tIFZPYWJTd29H\nUG9KU1IrYitGck40NG9KcFFnN2U4aFFCenBWbUZiNXV5SzgKcDzkmL2V9eRlrSxs\niaYbNhfpX68JyH0p1cc6oDQASUB2Ra301l4EdCg17/DuNJQZ2hwpMbSGCRGm8R6X\nxPhY+w==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG05VmtkdyArV0d2\nTVIxaGtlRk5Rb3BQV2J4Y2o5anNYdkdSTFdQWjBQQ3AyUndONUVNCmdnYVJvdW5E\nSEl2Q242R3BSK2lMWXY2WVhzTWhoaS8zN2VnWFJGMTBLMHcKLS0tIGJuWG5YVmx1\nbnZmd0RqMWtlZ2E4UDhTQWxBeVJsQ1U0VTlteUVNOUpiZDAKchiZtP9pSsIgt6I3\nKoBsBw9Ol3iKM/xJWnYo91ErUUOBnq/aHhERozRAsRZBEwRXzTifzjAggswLtN0h\nSkRu+Q==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFStro05R+CPmjWMHWtzXUKfGll+OosoZtXAyPtngN7T",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDRTOW45QSA0cHRS\nWmc2TWJCeHM0TVdBdm50Mmp2b2tTdXZGRUVVV1g2L1BmWW5KWXljCjlUYXZiTUZS\nUk5lTFlYSkVpYnhuMzluNTVlU3RzZms1aTFmWGZha0NOancKLS0tIFl1cWliVCtF\nbThCelNsYjFMa1BTNm5KaFVVV0UzZFpLT0E0bWVIcVhMbXcK3LmFVwPn30kEICYE\nZj+4eHNwsg+gQMIgrp6pP0TyC73g/3ZbAj1vjdPHwjy2c8d14ULBn3/R3wQstXcm\npPSv8g==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDRTOW45QSAxYXpG\nZU5LVTVKcitsUFF5THpPMUc4K3lpcEsrbEZFMUZLNnNjdTU5K1RVClZqUkN2Njc3\nbHRXZVM4cGlFUWxaQ3g5WCtDMmRlSjY3SUduYzhTOWhyQXcKLS0tIGNZZ2R5clhm\nQzNucWhvY2kvMlN1MXlYSjl0QmV3V01FdzRFN3oxVGJZZVUKTgiwnYEaXXliKPw+\nfeZAWkgqCvLG6+yujEmp4jcC+VHsi+/H7krpZvpS6stMwTQN6k1P6kkT64euVYhX\nr4x1ng==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO5qner13Q0fm5NhdXMx2nkt5kxjC0/SVY2FXh01OiHN",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDVucGlodyBNSmoy\nMGdzZDBCOUdhUXNnWlZvNXFYSkRPSTN1VDFFRzJhS0lxbVFpQmtJCk1qNlIrSEw1\ndGt6Ui8zTmo0enN4bUJnRTJoNms2elRUc3RNSGk0c2EzQjQKLS0tIDBNWUlvTXND\nTW93d3IvUURlK2lxK29yUjFZTnFsNGJiYnIzVmhQV29kQzQKDkxvLxsot8JEyp+V\n4k9+LSw5H7PtXQT0BxJyqnn5UU3gtyOtveF0xOuNAFUt8qdcO+amD3g0f/IqtX4E\nDUfkPQ==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDVucGlodyBYVTR1\ncTZtaTZmVUZhV2JwWTduWW1LbEtzUkRpUmx0NGdiZTdVM3FKZzFvCk5NQ0tueVN5\nUkJGVkFadFZsdG5CdnNwR2s3ZVVvSGRxYlFqa2VKbTA0eEkKLS0tIEFVNkd4Wmpo\nNHZtb2MzVFkvTk1ScE5OMUVsOHpHRlVMZEcxaTc5VkYyNU0KhOoFAQe1JPDHeuv1\nKrJwEbTgNJDsABCwcOhoOaFGuVGs8ZJ1Pvhr74ACj9GMIcsbq/FJb60yJDIoA6xy\nSFeP3w==\n-----END AGE ENCRYPTED FILE-----\n"
 			}
 		],
-		"lastmodified": "2026-04-24T02:42:10Z",
-		"mac": "ENC[AES256_GCM,data:0+lMO570HKr17USTc+/RMza4IvxmafdPznGARA2JN2KVOx7VeISgeD7KOhERQvXVDT518vhYj7+mcYCZhxFViTM8n4xQPlvqVz8Oz2CekYdx5bHEsXzyAVbquDy49I+CpWmsNcKNb2ozCP6Ci/6KEXnTJU1b3cjTR2VMcOHr7aI=,iv:ZCkCttNwoiWrkig4icKBGZvoE/ZYxyeZy+QNCHEFsag=,tag:RcWHmAnkmIhr8jWXolWE/Q==,type:str]",
+		"lastmodified": "2026-04-24T14:30:26Z",
+		"mac": "ENC[AES256_GCM,data:AviTbzC+XWmrt/RB5vIwo3SMkWMWvtdNyBVDZYduiBdxOvgjduy7CSuPUCawIHC+7u/llS1HTg9G2yQyl3d16fhgRZGruU6jmRzHpcfYMiUEpRBKn6ST5+vjHRwZZFtJ8uBZdezWXqg9TcZDlYFhY20roWbDr0gn3FDHppePDiQ=,iv:7uAZJBTG5Jjnqqq9lFR3UC+J7oLDZMXEkfxRagjb4io=,tag:Tk2M/GqOHm1KuIaWVXpZ9g==,type:str]",
 		"unencrypted_comment_regex": ".*",
-		"version": "3.12.1"
+		"version": "3.11.0"
 	}
 }
diff --git a/packages/gen/env/data/staging/api.sops.json b/packages/gen/env/data/staging/api.sops.json
new file mode 100644
index 00000000..6f2e10df
--- /dev/null
+++ b/packages/gen/env/data/staging/api.sops.json
@@ -0,0 +1,77 @@
+{
+	"BETTER_AUTH_SECRET": "",
+	"BETTER_AUTH_URL": "",
+	"CORS_ORIGIN": "",
+	"POLAR_ACCESS_TOKEN": "",
+	"POLAR_SUCCESS_URL": "",
+	"PORT": "ENC[AES256_GCM,data:S80bOQ==,iv:66MDjrIBAe/JnHsQ7brFe5DrQAZ80RFeGr+PNa7Rs+Y=,tag:1Kcd4qp2aSieVH83UCjxsg==,type:str]",
+	"POSTGRES_URL": "ENC[AES256_GCM,data:bWy+bJfQW4DahtHcOvKhN6QE60eCihvWmBqgVQtCYZDG9JO2aotCTLBUYsWCRquA0cWszyNVcsn0PM+YftSa0zNCWFMHHgCPb2891ylvkxYyANTEBtN+7oebRJS686EerAlbrKx7iYpmY+Ar9X1IWFvymUphl3OcLr0wwBQeo/ZRjl8bwdNQqdlyUyr9Zlkgsd+a9oKH8gewKGNTCy3wJRGkd7xpejgJ2A==,iv:hJBmb2GoKLmag0BMOmxjAHXjySsKMad7GVF7Kt9jGCI=,tag:7JbeKtvmy9eaxnoatycvlg==,type:str]",
+	"sops": {
+		"age": [
+			{
+				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjMrEzKQSq/0eePzgUGXM349sBm6GVCXoz+tJZJaBVT",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHZMYWFYZyBBM3Qz\nU3dZeS9oNmpUVEU1VFVWMGhTMHdQZWh4UDlsdmpBbXdPZHcydEZvClRNRGw1eGRD\nc2ExSmFnUW5kRGNwMGFBeURpSDJ2RFdxME1rTzN1U1c4Wk0KLS0tIFYzRjZzQ3pI\nY0NDVFIvckRzazBpMlQxaXRqYmZUa2UzdGg4UEZwdjBCRm8K+9i1GKgC3bHy1Eay\nBnPTrgheE355koh1LXIhPGrndx2DrIk5nKdyxrdY24ToWoSJdwdjrKN+Mkcspa9M\nDhSX7w==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIoX0wKjybps6ZHuvA+uwE1ThfWl87MApDLxCjCDUCC9",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEtlVWxBdyBYcDBu\nazNic3kvT05DbEVQdjlkaCs3TkduT0JPT1pxN05VM21wSlZxVlQwCkUzaXRscGs2\nTHNtWmo3TDdIZ3l2czJCSThpUGNwSU5jTmFJM2FTRms1dUUKLS0tIHp3K0RFSVdX\ndldvNmpDV2tROW5tUjZDT25ualJCcisrOWYyZkF1bzFYTEUK1VCa7+OwvqWnceos\n2znlrxsI7HKK5/aMgh4+lcDrsy3uAaro80/jxLMdQV78Uk0I46Q4Yvb+63Dwj0s5\nfAsanw==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKZPhznHjTDifGroHiGRD3hwWz69B8NsSSPNbwWjfzgW",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFNdXZydyAxNjlO\nNEIvUCtiaDdFb3FjWEtLVHAyK3p6TWY4c1VyUlJ5aW1PTlRaMmowCkxwNTRRczNv\ncVl0c3p3dUNhUDJKRGJ0L1A5cXlLR1ZjU0U5NEp4Um80b0kKLS0tIERyeVpwT1lF\nWldaeDdTblRud2EzbnExSmduYXRmWjJpdGxOQ0lyTUVkNnMKhBy6yMQIIhPnY0s+\nDSdYiVW7fipnuCt3fknVTy6bwLqbS+6L4s8phsFfKSQ8kb5qCFqwyDnDtLew+NaU\n7544Bw==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJF9kzudl00FVTQA7nnSaicAJW2MoBKm47G7wefb6uSm",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGw3N2NtUSBVWFRx\nbTRxQnl1STdNMENnalpNMTNYZ2FVeVhTQko4bjRtbGRGYXNZOUM0CjkyVEpPa0Z3\nYkd6T2tzb281ZTlvQWJEZEs5OW1XVS9hcUpsYUZWMVdhYVEKLS0tIGFZSERWbEtI\nTUIxU0xBcUg3RGxtaWdaeDRSdUpGN1lNTTJyTSsxQlFKSkkKaj4hHc2lyjt1DPK2\nBVuSL/yqADlb9j1lv1RJnv7bBaDqda7VzrAwbrGsw1IawjLQvatGQJ7+w2TNJn39\n2VhS/Q==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDmZV9Oi9hrckXTpqBnDKRrY9mgwj+SJeVBGWmne2+q5",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpUeE1RUSA3TXU2\nYm0vdVhjbjI1YTdUK044SzdRekVXNWgwNHlKVW5IUlVTZVhMWWd3Ckg5c2ZXTUhY\nQTY3SEFIcGFYRVYvenNyVklnUVY1Q3NyY1dTeU1LaTZVMU0KLS0tIFpmRVZqMXRm\najViVmROUzJFYXA1UUhCclZzOENDZVFGSmVEZGFpSnFTWE0KT06JuttyKkS/wpDQ\n5Gwe3B3eWOdn9rLRQ21T+zNXZaXNJBoF9TOpCcrGAoo8M1a0jxoSiviigvdN8Cn4\ni44AsA==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA+M/DHDlKgayM6wsiX6r704pE+2qENOsKcytC7sBhKA",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDF2bHNJdyB5T3hT\nMnNFeWZYS1FWK2JraUNDYlJTV0lZSDhPVEQzbC9HZ0ZaMDVhMFEwCkc3Z3FrdGpE\nVVE4ZkRVd1ZLZG51N3ZFSjJNbHdlbisvNkg4cEZxZk9jdXcKLS0tIFdRMyt3VGEr\nNXBIazlDQXhVcHArNE5OWXZyTVBEMmlRd2pORWZXb0VacmsKq2a0PHjFL8B3VRJo\nP3A7KStXebnj1YPSOb5vtahruFrh6tj3TOJtn93FMWJV2OHXEsPTJD2purSdJjZA\nVgFYYw==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINh0gA7reCRW+zQ5pPpIjoJGpaFQSbC/4K8B6vMXJVr+",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSA5akhq\nSDg0aDA3a2NSQnZleFpxRXZBcXZDTllEbk5GaEJMY040OWp0R1U0CkJ2S3M3TlhT\nYnJwemlSbGpkSk9haGlDSG54R1BQbFhnVEFWSk1ZNEQvdG8KLS0tIEMxdE9tb3FX\nTnFsanlTUDRUdWdkNDBVRmpqVUZmYVJEMG9Fd0RueXF2VEkK8cDRAFfR9/nnt5ZZ\nEbFcl8qYb7lQT3oB7tBTJyNQ9kO77TvN7ANE9KvySSTnfbr2wHlqedhmP7lytv8w\nktLhIQ==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEmYihgWHfnLw0f8uTfLokCwToLavzV/+k/GggBA4Sz/",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtNZGJ1ZyBoNitP\nbDNvSVpCbVpzWVhTM3A2TnVmRTdxRmh6aTU2RXVDaXM4U20vYjE4CklJcHlnaUIv\nZ0JnUU5UazR2dDY1YzJaczkwdk52NEtxVmNZa052VFl6TDgKLS0tIHNTbGpNay9C\nSHluSlRicVpvd0FnWkZ6NDcyQno5VG1UNHpObGF6dWFGdFEKMPvtgynkj2Gp7XdZ\n5lZmEei/BAjJUGTjKeLFv98LVi0ucZhSo5CEDLukkDxP/DAZ0akJkVJm6yuVxxkl\nU6jrVA==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvT1RvcTidgpVYE0OPknc3f5HcAVpyk+rXXrW4AcbzG",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFFONEwvUSBnUmla\nUUdGLzUyWTE0U0sxZkg1Um1QM0dGR29uN3RLZlFZYVJCdXhDNURZCjBGVkhsa3RG\nMStVNG5lUUZwb3lKYm9DT3VGYTBjR0N4R05sSEl0L0dnZDAKLS0tIHlFL0czL1Q2\nQjNCc3UyTWI5NmhvSHNHODJyWU1tN0JmbzlrMlpQRi9BVUUKfh41bKQH20wajDh5\nemzX8c6kNORrVuGd/atXwAlxlTIt3DIGulj0ZlLKkD90ScGIjUP/4BRDGJbUASU7\nBPQC5g==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEijeq50HS1g27BTRfJ8XWIPrAX9UVkap5fgIOCOtA5+",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDhjWXRrdyBOdkwx\nMk9CNWZTRkZnNVNuZkdNZjg0N1B5eHpVSVluaGxYVHRZQ2NXQUFVCkJncUxjQVVJ\ncVVDb1NaUFlEbjNoU1FCdWduVThaWDRVTGVGOTJxTFViTEUKLS0tIHQvOEpFK3lH\nRUpsMDlMWUJ2N0pyVlNRUVA1RXQwZWYvdW1MVEIyZmNCaEUKJxv64LFO0RztYIYX\noi+AJbogTUrzczAgSew2S90P3dWwuafDGhe0vCDfqg6qsovmJTizO+Wg0FCT7/fq\nKYe8KA==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1d9h9mm3u5qalmpl2pf62pyzqj8t654n435emn93rutv0cg9sr32sg64fdj",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBZ3cxellxa0N5YjVVYmtF\nckRuNHYwblBkb2lCVENlVlc4M2JNWk5HTVQwCkxycjJRa0hwTXY2a0xtUEdPU0VT\nWkxZQWpad0Q2N1dPbzhBWWxoNSs3UUUKLS0tIDB6WDNIaE1KVk8yRmR0eVgyZHVE\nVzZsVjJTOVE2Uk5VN2VrN0I3cEprMWMKMhVI+nWikhahglLdtnms7lRBOb56+tfs\n1yWlGcVBTt3yxvfYH2P/qt07JDhZBg7BuTWMatNAr7CiTsHRNvbhuw==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDuzbgoXZccZ2w/9HGgUyT9nJH7lG2/jfQCZJudY4yAN",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG05VmtkdyB5WDQy\nUEF3dHhkMVZWMUZnTkg3ZVY0Q1B2SCtoOWo5SGNFMmZwQ0p1Y2hJCkxzWVFENlNB\ncFN6SmovaDB5dnpOSFlKUy9tTm83OFI0VWs0cTFlaTF0TW8KLS0tIGtGdDB0N0p5\nRHMwU0ROOHZUU2pNckJ2YXpWb3JpMUY2Q1AxNmNCbW43elkKep7xAE/V51VaHnbz\nEKZH1VL7HxnG2CPDa91+EmX2elfGIYMYxIu5zKg0nMd+leBLwWhSZ3d9pnXMX6pv\nfk+g9w==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age16wuzuxnkcgfuxzvzgk5e5a5f6hhs386adjewyv54m9esr4yj6uuslpn6tp",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNMjNWWTludllIYU5uTFUy\nZXdHKysvdjkvSzdKbHJFT0JFTG0rSW9iTkUwCis0TlQwSDN2K3NjZ01TeFhIbWVS\naERHamkzZFdNWFJMaG9GZC9DVVVrRDgKLS0tIDU5NUU1WDIvbU1ycTFRTnUyckZD\nRndqdVV4ZmpYeEYyRWxZSlNSQ1JtODAKp8HeEdq/tx3gOBJpShkHkaWzSwzu1Dcx\nzm0HA1EN+egZ3+tV57EXhSE68xtC2y+d8rc77Wf6r89w24AqRrD6vQ==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFStro05R+CPmjWMHWtzXUKfGll+OosoZtXAyPtngN7T",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDRTOW45QSBFMGRT\nd3RpVWJxaXUxeDVhOGNuYXpYRFAzWXlOTTJYUkNRQjkrUW1iNGtJCm0xc0N1RjRs\nV3NvUXk4TEIxa3BIYmNJWGJJRmdBQ1hrS0FxRjdjUzlMYjgKLS0tIFdOSmxkVEJ1\nMm5oVFkwWG9GOWFwSVpTL3Y1NDBFaThQQ1lZTCs4TUVnUkEKNzh43b3a8FRL95k9\n0go5Dwx1zAXV1Usrk1olpb4fDRyyEc0OSdd0yEvQcuLjzUMPYMcn5Ae47iWqlbCP\n/O442w==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO5qner13Q0fm5NhdXMx2nkt5kxjC0/SVY2FXh01OiHN",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDVucGlodyBkTUpw\nU29HdUtLS3JLQUQzMFRwWUpKQW4xaFlpUUd6WnRYTHREVzRyRjFRCmx1WGZMY3JI\nSDM1TTVLTEFpSmtNR05yYWdtdlk5elFpeEQ3VDl5T1Q5T1kKLS0tIFRiT1RFcE10\nZHRua2MzdHFiTkF6d0JRSHoxRExvWldoYjk3OFlCd05VMVkKvO19ixqlJI+L3PjM\nNHMo1ZXl4DZ9hDNkh8NeNio9t9fCfNThA92CG+cX8dhORItycWsFFe0N+f3sa0G0\n4lQEEg==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2026-04-24T14:30:26Z",
+		"mac": "ENC[AES256_GCM,data:1vQUARqLXwACjgXL33huJdWZyubLiPnVLdjMcK/P30cdfIw3Ykm6uXZB5tdULHjQUy0sXHXTCd3rMw+/6fxRpMsbwv22k1CvuOxIpCu8jibzJL96MaBy2iCoKzYjjlzpQcCJ3weJ28Dj+6LKnPWUA7NV1IBTcbg4Cta5J8ZP6fQ=,iv:M5nkzms+CrUQBptkzLdW/vHqKKx4gsMUhk+lqLfk9jw=,tag:8eK68loJPKjlNRipXop1+Q==,type:str]",
+		"unencrypted_comment_regex": ".*",
+		"version": "3.11.0"
+	}
+}
diff --git a/packages/gen/env/data/staging/docs.sops.json b/packages/gen/env/data/staging/docs.sops.json
index 1b7890ef..8d6c92ae 100644
--- a/packages/gen/env/data/staging/docs.sops.json
+++ b/packages/gen/env/data/staging/docs.sops.json
@@ -4,74 +4,74 @@
 	"CORS_ORIGIN": "",
 	"POLAR_ACCESS_TOKEN": "",
 	"POLAR_SUCCESS_URL": "",
-	"PORT": "ENC[AES256_GCM,data:KXHTyw==,iv:GevV3zvoswJMWZCJFk/0XInj9qerYPjivI+w6GGxjSE=,tag:5vRSYtEFeuRD4pdkpoBLBw==,type:str]",
-	"POSTGRES_URL": "ENC[AES256_GCM,data:lLQyTfwm+pJ2xbi0Tsfki2uwP/VBkBzIHeCsiy1sr6pIcHna5Qea2JyCrlHmM8ICuzMrGS/j43DcbkNPemo41OrjLmbNUETe0+bvk6M5R6SyMNAvgvspJnw21ppcZc69xZHNk1Y6GhkgBB7mAXkypNJpdHMLu7bR4rNPofp7rT3f0JohE3INWB9OLJIZcCB+kGRqPTm3Mi1oqKLHXGnVyRaOIWqFxIO/+A==,iv:OT4yZr8nlNilIgwK+ROvxhuij7WP4lof8jDlYqsUrsg=,tag:CA1nczKcwgkiiKnatBM0HQ==,type:str]",
+	"PORT": "ENC[AES256_GCM,data:RQwvpA==,iv:CbQMZ9kz+9tRmN1yLFeDI+TVOtTqVkAXjDGLBoExG08=,tag:clJEIYoc/6BeRBFfVHenaQ==,type:str]",
+	"POSTGRES_URL": "ENC[AES256_GCM,data:HpjOZu0oIbCLjXEzmCwFXxY7Y/3W0MnSC2gVfR/ZoUehpXYUxjUxgxjrTZoavLmCSk/vPESpaKbicaxtnNbOfY9i5Qo6kQSRBOHvEx07PVth8GzxVh0jAqlRTfsDgQEbv9KUgruXKs4IS0BYNUJBGMTH+6kJ7/ClEIdKKdRa2URr0c2ZtIWntQPH1iYuNaUPUPKnWpy44mqdEmc89e1cg33ov2kLz3Hhxg==,iv:qOE3Ov7Z1bormAlIFXc7U8EgMIrXVpjQmieTx22LA5A=,tag:1d8BrIWZ2S81+AAocBnu+A==,type:str]",
 	"sops": {
 		"age": [
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjMrEzKQSq/0eePzgUGXM349sBm6GVCXoz+tJZJaBVT",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHZMYWFYZyA5a3FG\nR3hrenFjYVBGOS92Z2d3amoyUWRIU3FQTHVRVkVvZFM0L2ZIM2xZCnRFNnJFeS9m\nUHBRQXVGeUdaREYyREpPSE9uRDBjUDZEeGRYUk55TldnOFUKLS0tIFlzbHUyeHZI\neWV1SGV6WmxLRHJMV29DSHR2N2dKbWM5alpRTHF4YmdPbk0Ka2aNLy9kywDVyS9w\nK7ZvTPLbf9NN9Nil0ROy/xzFxd+JNJ5DVppe2yiDe1Uni++fHQld7D5InSR5O7nB\nR6Pazg==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHZMYWFYZyBtejk1\nSlhSU1E0TkFBQVZsQkRDM1pDbjh6M3ZxMU5kVmM1NnNRaWs2a3lJCnN1Z2hqMUN5\nMitTZkhyeDJqK0tWbFcxUmdEVG1pdWNGWXpHQzVSYWNmZTQKLS0tIEJ0cjVzNWtw\nVy9LVURXN0RvRnRPVWRYRjBTYm9KbS9MYzVSdEw4djA2VmMK+EiLfmnRyfTr00LY\nQCy1x7zGxDtZAkhOw6A9incd4e+pukbYa4nIT2I7PHn+FLgtrK+exUT9eDl2AqzK\nVz6USw==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIoX0wKjybps6ZHuvA+uwE1ThfWl87MApDLxCjCDUCC9",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEtlVWxBdyBCcUV0\nQnVKMjkrSGtnQnp6THpBMU9XTmVYeW9PRVduMFVDZFcrMUNyVGdZCmJrRnM3Zm1U\nN1dlTEprSTNWT0RWeUcyVG1XWVRadHVqcWo5NnVLekNraW8KLS0tIEUvZXovcFk4\nKzVkbnJuMTA4anVlNUpzdHdDUmN6MmN2MVFidVJtSmRSa3MKzUBHwq/UiJDxRPEP\nvzMjkp1bvkyuWSCnVXetqh7t9F6LX4LCcsulSYM85Z1qUnMy9OxacsXTjY0nw+cu\nLbbgsg==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEtlVWxBdyB1bWpt\nMzZIcVNVSkFGN0pCdHdvazVLejZOcEV4eFVJdXBtT2gxbUZwYzEwClVZVTZMa0Zu\nWUNCZi8xc3M3RkQyTXYxUmgxODlpV2pUdXVZaVBKOFNJQzgKLS0tIHh5V3RPOStI\nUC9ZOGV6UWRxTG51aWZOajdWTFJrekg5bVgwajM1SUh4MjQKMuUolt9LVccLzcoy\noM/tQ1p3dHTUBAuayuDYAB0Pq+9GbtakJXj0LGdoE51quHmjxbSM2LV4LUHWSD+W\npM+axw==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKZPhznHjTDifGroHiGRD3hwWz69B8NsSSPNbwWjfzgW",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFNdXZydyArbFZG\nMEVuc1lpUWl1bDRQT1ZZamwzRTcvZ2RZeG5aVHdXeEZXRExZdTNNCm5kL29EbUhk\nbTEwbW9CTUEvU0dlMDBuT1ZOck90MGZnWDBzYUhvYk5mOEkKLS0tIEFBMWF4TDZM\nZWN3TXhTTW5OWU9Eclcxd2FHTGQxR0pmK05WL2xrTWk0ZGMKLDxZDQfYWAN5xsEE\nODJRYZldtLIPZiCDaXUzjJKWmMvJe3kahR9ta6xeardmQNP3Bmr8drdIk8A3KxrI\nLZCP0g==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFNdXZydyBBK1Z4\ndkgyQmg5b2p6bjFXUzluYmNwYStrUmtGTVhJTGh1bWZyK0RzbWtZCnJ1UDNtQ21C\nTklZSWc1K3pub3R5bmxFOUlmN0xseGJoY1ZmSkZVZVNNZHcKLS0tIGtZdlJ2OHBZ\ncnNRSm42NWsvamhualQ4ZFhld3FQQzBYZHBLUjh4WWI1c1EKmMZ56VoTMdZyzH7E\nvgsqWu+vq1WprhBBxbICZ3n16Nact1VEbh9I/DvdPxERKApMcIj1vLg5oSSYcVtG\n6R/uXg==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJF9kzudl00FVTQA7nnSaicAJW2MoBKm47G7wefb6uSm",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGw3N2NtUSAwaDFM\nQlM2U1UxVzJHY2xIbmFndjZlUWNRRzFYdlhzZjJuQm9LWHZpNkhFCjFNVkd2U0Vj\ncUZpc2x0WTcrdXc3eTV3S1IySjRleEg4R0QzTlJkNnpYOHMKLS0tIFo4b2hKdWgy\nZDREWHhwc3lLTHhPdnB6K0ZESGV1bzM2RE5Zbno1UnFGUzQKrpjUqvd/MrLukBFP\nQgG/VoUJIwXqVO5I4KuoSLIC5PKOxQyevUR4wE0rk6Oiv8JlgfQ2gcvw0GMaPscc\nvu1TiA==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGw3N2NtUSBtMXZt\nZlE1dHBVMDJiZ1FsTjNZOVFwVm53dEl5U001dmd2Y21PcHdQVEhnClE5WUNUajZ0\nOS9RaitqTytaNGpQa1ZoeFNGeVphVnpVaWFaZ1ByRjNHMkUKLS0tIDFGdmxveVhy\nMmZsQ29qWElpUW9GTFFjRVRQRXRqOXRNWFAxSGwrSVc0ckUKz01OJdJBZlRAqI4c\nB3AjTZvcVhRGQ7DZODymZHBeEaQxdcjE61pSehyYSDZ71fvuaTdkSrsKe2MfP0Bh\n8MjCvQ==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDmZV9Oi9hrckXTpqBnDKRrY9mgwj+SJeVBGWmne2+q5",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpUeE1RUSAvRGZN\ndDVIYmNpQzZZMzlUZFVNSitCRmZiQ252TjhURm1lNVVXRysyLzBvCnV6NEYxT2RS\neHZ0b1RsbDUxQWFnRlp3cVRmMFNZaU15UjJNeE9xU1YwcGMKLS0tIGhXU1JYeXYr\ndm5OSkpraUc5bzViNXBXYTZWU2h3M3B3K0kxQktKUkI5Mk0KhtkpwOmOYI+KwGYK\nD+zIzBmMs3GxYUkGFqAI62ceL0MZONdgLUbS4aIpGfA/dQOjEU33Vk0C/hCkEXCj\nOkEkUA==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpUeE1RUSBhTUd4\nSUd5Q0p5eFV2TVlrTFQ2QVRPV085SmhxWmNIc081S0Q3VEZ2UFVNCkxibEhHeURx\nbDRBNWlpZnpLUDArWGgzOUljQlJCTkh6Y3ZkQ2tYMXdxd3MKLS0tIHBZdHlKank0\nL0h5S2EzNXlwVjE3WnBVQmNXNit3a0ZnRjhWZ09XTHczc2MKfhFWeMNOgfFoOtK0\na+49KpCfMBwFW5txt+yhWe7uTVCe6piLQAV1LXZeExmjoZrFARdm/kV9Ggtgs3cN\n9C+V4Q==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA+M/DHDlKgayM6wsiX6r704pE+2qENOsKcytC7sBhKA",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDF2bHNJdyArVkhp\nTWZFUDhhZzlTdnVEeXk5NnJFQkE2c1VETTlySnpTYVlyU3JZZWs4CmhSZWVUajdn\nYVQzL25mY2JTZWpkam9mZzdJM095Q01QaDh5VGFJa3d0SW8KLS0tIFJVWGszb3pF\nTXZ3YjFJVStqV1d2Y0RvY3RUeTRBSkk3aytRdHVMREl4L0EKYh55lx3RXwQGHm60\nTePfAnwIC0UzseytUkRVGdbpS8B84QDvTJ6eIph7Ww7zH6DanNqrEYkzIPljriTV\n7ZV7yg==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDF2bHNJdyBmTFp3\nck9EeE9mM0EzTkdLaXRRTHNYb216U3p0N2FZV2cyUTBiMU5McUNZCnJZR04xM2dU\nN3o5KzV3bDVhNVdxOHYybnNuQnJqdHBSMEdGa2RBZlQ2VlUKLS0tIFpBSUd2dC9m\nT0ZEZXVFOFJFcWprTXNPeUZIVkxHUVB0UG9nZ2NnZVlCQ2sKW40n59GoFk5P7ezk\ntbmC1e1AXC+WShBgcbA6ZNPKjQaP2k3lOmAcotjWqeqt7OspVtto2vcsllo+cQMq\n6d6RaQ==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINh0gA7reCRW+zQ5pPpIjoJGpaFQSbC/4K8B6vMXJVr+",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSAvL0Ji\neitOMlRGU2toNjJUa3BFVGIwSkFvcjNVcGhtWllmT28zYzFzUzBNCjA5WUIxeVh3\ndjVEeEcrenNtR3U0OFdQcmFNdjNOZU11OFFqOFQ5Y0RKTm8KLS0tIHN2THE1UXVh\nK3hsRHJFZ0FwdTJzcytnL29OVVNuTFlveFhINnUybDJyNm8KWiiwAm1Fz3qweDQ9\nyg+eu1aw/aXjOn3Th8szZbWydHYGry8VEDJeWvY3mlH9ZPQYV6v+FKuFcKAjS4xE\nKFnJOw==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSBQeXBC\nRGhpSTdheEpiR1NveU9iUDlxSjdnWUN4MUdNQ3VGVlB1bDQxRG1FCkt5YjVVRFpD\nL2FJMDBtaTJpcThzVUJJTHUyVkI5VSsyNWMwVnhHVWNaZG8KLS0tIGNaaDlpR2p0\nbHRSUnptSU5lZjkwRVAzdG9FU0NKRzN0T2V1VGxvWHpHN28KDA/UdjaDy6t0bKBx\nPWZIi0o6DdEu2lFagshjeA1zUNWtDzKYftKJmGKnuieB2rHlikjl6UFXISDe5KxZ\nlXSkRQ==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEmYihgWHfnLw0f8uTfLokCwToLavzV/+k/GggBA4Sz/",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtNZGJ1ZyAxNVhT\nOFUySFVVMVQxOTVwZjhhMUY3SmZSYmZRS0dML1JzQ2FiZUV3bnlrCnh2ekh2MkJu\nTjNTL0psMVEyS0c0L3h0R2xhdGI4NmhqaU5idU5Tbi9rRGMKLS0tIFhqMWFrYi9G\nU0dxc1FtdVNPVmdCb2tpWGFmSU5iSUdVOGh4RVRjaDkzdTQKRPq3pJZjeu4+gquQ\nZzXE915PyXru/GB1lE0Bs40soXmJSJOnPd1/vD948R0AkDZMyRO+ma9p2/aPWvR9\n3eTzcA==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtNZGJ1ZyBUZm5k\nbkVFMURvTHJZUk5LcDd0ZlNJTUhYWDJlTGI5UzRxSnJzNUJHaGlvCi9mOFBKZS9x\nS2ErdURHakJMZThndFB0OVF6Y1BlMkEvQ0dKbGdOUDNzWkUKLS0tIFZDZ2lTcHdn\ndUFWRDNTVFpmTnNNTEoxRHZ1Tk8ycyt2K1ZzYURTbC9JTDgKhGQL/r/O5nOx7b8/\nRZvnYwS/Uwuyfn9GwRxgnPJn3rdnilIYN0h4Hvizx15nK+HtJ/5lCn4VRRFws/A5\nBiVz2g==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvT1RvcTidgpVYE0OPknc3f5HcAVpyk+rXXrW4AcbzG",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFFONEwvUSBvQTJ1\nbXBaVmQ0eEw2cmY2TWxpOGZzcjBOOVVWNnpLeGJ0T042dHlITEJrCmNXNnU2Zy8r\nN0FPQ05sVW1jN0praFlReHhNSXkyczRBU3pndFZvUDBLTUUKLS0tIFdwQUNnRm01\nbkZMNFVnWWUzL1FCV2FNazF3V2h5MGkrODJtdVBRU3JnMmMK0WETd7KCV6DJiFnQ\nX59tR+SLm/e4Khg9mOKiLAYtyGCBPY6ULpXoX6aHt294uDy6MZNXRBvQPDCB+DOf\nAQtSgg==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFFONEwvUSBUVjhQ\nSE41Ujd0enhoZGI0aVhjYldoeHRRSXZpakZHOE94VktEenc2Q1hZCmNIK3hkblg4\nQzFhMlp5YkYwV1B0a0dyRncrMTkrZjJHdGZVT1Frak9VdzgKLS0tIHM2bHN6aVdJ\nODh3M01haTcwcFVwR2hQbWpJOHE1NmlISlNDeVJoeWh6ZjAKGw6N1koC7tMeo2mr\nkDTPiu/ZLvHA2smMwDfnAkmdJSZiAYEHeYJiw0cyw2cBRNPiqk2SFgw8wcjX3f73\nVRmBgw==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEijeq50HS1g27BTRfJ8XWIPrAX9UVkap5fgIOCOtA5+",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDhjWXRrdyBnVmpZ\nU0xQaWNlbEU3WHJFN28wM0lrYmdHOVhXQkJHbGw5RlU4Z1Y2S1dFCkJiL0ZtN2lq\nWE9OVDJNNTdiUTB0TTBTNDdQdFdkOEV1aHh1cFB6ZmMrd3cKLS0tIE9TN09kMis2\nQis2VExJK2NlemJFamtkczBiNUQ2amFwRlFTcUpzY1ZXMUEK/xmqe4IBEF3cCEf3\nqm2pqmMB+LyXx4CN+7t2SHD0FHfBy5X58Fz8qA8vAZn6uC8J+H5TzCOxZjbKkRov\nezUedQ==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDhjWXRrdyBxeE1y\nV05nZHQ1eGUveTdFSUdkcE52bzJqNVJ2Y1ZCT2NkZG5NTXZiZFFrCjZOUkIvRTJJ\nWUh3ZTBXZDZyZEZld0s1MldyYVNiSmk5UmN2YXZtNGN6a0kKLS0tIFlMWXUyV3V1\nbW1ZOFR4M29Qa0xuekFManFGNFRiSDBSNWpsWVZPWXY4V1kKde7o6+twE7DsLIna\nIFLWzUKZkTflxYfCCerdF/4cAhFHdi11vh/U/b/OgZWUIol526gC6/hJYWq+H1mw\n5DbikA==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
-				"recipient": "age1eqcj2g0fdekj2wpqp4y0fg9c5myydjdt9zlr5scr0grk6fxszymqkpw5jf",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDVTd3aHdRZnRiaVQvMFJs\nU2dRZFAvV2RVTWY5Z3VoLzFDbGd3WEZYNXlBCnRWMElsVk9ad1Z2U3EvNGxqblJz\nLzNuVkxEQVcwellWZDBpbURYaVN6V00KLS0tIEx4UjBteDhUTTFwamV3RjZoZENR\nREdXQjJRaXlOejJqWnQweDc2ZTlOM2cK8407P5vWjFsza9cbA99PPM8X2bsp0oWZ\nDBHDDSvu6KFYl84I7J5l5B33h4AeWAgT43N7GW9Amr/ZYf/T6d0NBw==\n-----END AGE ENCRYPTED FILE-----\n"
+				"recipient": "age1d9h9mm3u5qalmpl2pf62pyzqj8t654n435emn93rutv0cg9sr32sg64fdj",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlaXE4NGZyMlJLMlZKQ2Zs\ncE5rVmhxTmhmN0FxL3FaMUF3ZUEyZ1pJNlJRCkxBc1VTd1hoS1pFMGR1K2RCcFJw\nOUpNeUF0Wm5lbkhSRmxvZUMwaDYvRUEKLS0tIDNTMVpKbTg4VGJsTnE3YVpaSUZQ\nRlN1QWZCMHVGSk1BUDJyWHlOWFhaQ0EKHaofWdSyFwNK6nbndTQLxxZ+hr9ypM1K\nZDqRUg/2E43Jm/0PlIq2b1FMjbiShu6A2QYJwVThiMSdvNRIItcikQ==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDuzbgoXZccZ2w/9HGgUyT9nJH7lG2/jfQCZJudY4yAN",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG05VmtkdyA0YjZz\nZ3VMYnpNbkQvRTNYbU1ybE9GUWc0OHFDRkZDSzFkY0k2RllIdTJRClNYY0ErUWdw\nUzFVaUpBVTRyY2srSHNTcmRPRXhZdDlBeWQ1QTdRbnA4aFEKLS0tIFhRbUY1WDJB\nKzI1UmdlOHZCY2djLzJ1cm1pMHhMbVloZmphMVM0eUc2MXMKAejd2m1HHB78FZfl\nOG7H2dth5azeVlA3qTueLADmeb5+Qt8/Dx5hDZb6eKZqkXXLOqsPRw6gvzEm1OsW\ngT1kGQ==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG05VmtkdyBmbFdQ\nSEduZlZZdkhlZTlJZmlCTW9TSUs0YW9NY0NYVVZkd3JxYmJYY0I4CitRVEkvNXN2\nVWYzYTBPQ1BvaUpMaFd4UEhqSUtwNDJkcHlzNUZtd2ZHWWMKLS0tIExDTXNYSmp4\nQXlEamc0T1FxVEkzc3NxS3R4U0lTWHNhOEVRbFRYcS9oQlkKRUAgYxhY/yF7JFSl\nYsEJnQfNOyGgtsH0HdutX5wzheEkH/wvBz8wwypXOZ0c089YDoDbWuObNft9ZrEL\nZwBrTw==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age16wuzuxnkcgfuxzvzgk5e5a5f6hhs386adjewyv54m9esr4yj6uuslpn6tp",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVRE8yRFV2ejFDbldSWWJ3\nZGZSaGYrTEFKNDI0ZzZTWkRZbDM1eElVZmtJClR1UVVlK1AyWjZFUmtrWktEY0dD\nMHE1VlNrUlYvVnlzZkJ3NUxrT1ordzgKLS0tIGNxT3BwVlVKTFJIWUg3SmpaSWlx\nWWZjZkEzeGErcGdaZGJBSTlxZXB1RlkKDz0Bha5UhzptAI2fR9DpCqaz6DBEOue7\nlWJGpN6FeYoxhdZneyfhT+bvgEhCyz44QhxDirdbfsCOHceeDUxTUQ==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOMmdCdVpWbEdmWEo2QTRs\nRDNPdCtQeVVWMW54VnR5aFNiam40SkEvZHlRClhVbmZGbHZDczNJdzFBbEtDMlE1\nWS9MSVhFR1gwSnNJbkVDZHJpaXJJcU0KLS0tIEF3R2c3c3NwU0R4Z0pSdVFkM0pC\na2h5ek9GK04rdHAxU2I5V0JFWEFaVFUKApved1FPRT+kC3y/bYUVk1DVPWSV2NLA\nEFVW77udNa1p2Ot1WRSvb/yxhOWSo7hxlWp/XaYzzJs5wUi2Jo3Jpw==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFStro05R+CPmjWMHWtzXUKfGll+OosoZtXAyPtngN7T",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDRTOW45QSBuWUto\nY2hJbFV1aUlPY1Y1aW1HTnVjaVM1NXUyZ3J3UFBzcGJiSHpmN2tVClNPT0RGMVhs\nRE5IblV5S3ZlV1crTGVla1pwbHhMSHNDeVpMb0JLMDBHQTQKLS0tIHhodXFNNzhH\nYVdPbks1cExqNWphTngyM0J6ODU4UVNyYWtNNVJVcWVQd0EKXU8qLTbnln7lbw/S\n8IdjxDnJ58Z1CC9dFF5+c4Ewsq9LTNS9F8kXgHdAuEacx/FHYC6c2oKbqd1/kC/Z\nOFSEEQ==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDRTOW45QSBHOW5U\ncmNKVWY2Wm5JTUlnUWtpWVMweFJrLzFRLzdYdHNZL3RqMkUzUjFrCjNxSWpLSlhn\nSjNQdDJFSzlhUGFmUjZxVEdyaFRXWC92eklxUUpVaVBMWEkKLS0tIHFrS0EwdHRW\nK2FkZzdpdnFMSHhVZEUxa0MvQm8yQ00yY0E2MmtDNnBIM1kKgAhmqMJA9SXHAqOi\n5VVqIaVEW2K4wX5DbOX+4NMjmoWceJauRUdvCLrc1V9llB+cFzFx1eEsj98tK4HG\nV2lmzw==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO5qner13Q0fm5NhdXMx2nkt5kxjC0/SVY2FXh01OiHN",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDVucGlodyBkTjNG\nVGlwZmJEaGhpM3VUcllxSWI1QU14MHJHQjVkbEc2VjEzU3pvOFg4CnUzNXNTUHJ5\nR0hBWDRXSi9XUEJ0U1BrU1Uwam5oUVBaN3NTWE9FdzU4dEUKLS0tIDh0aHZRMWwz\nTWZxU01yUjBsTThXT0NtS0d0M1ZzZ1pJYnFjVmM0cHN2SncKRUj1wbq1QzcoTgst\nnYA6N80mIpFVrairPaSkQvsj25K6vOyvMx06DdCjyrUCj6JQvsnJNi5PNznl+VTF\nXIjaQw==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDVucGlodyBxTDJw\nWU1idkk5Z1VxdU5wVDlRcGxmZDNwYnc4Q3hGVmVTckpyYUtOZm1JCkRJb1JTVWRM\nT3dGdVlidEZOQnFyTmk3UnhBZUkvaUY0aHRWdjViZmVTKzgKLS0tIC9qQ1ZMSjQz\nWDFlcEZ2OHk1Sy9yaEpDUVNvL2F3UDdNSFNFRlZiL0FwdE0KyeKLmlTCx2R63hLV\no8jAztfYMIDm1nokeT90ueR5RgkpD39goVWFdln3yVIoD0RZDZfMwm3KBCp6w82q\niWoTmw==\n-----END AGE ENCRYPTED FILE-----\n"
 			}
 		],
-		"lastmodified": "2026-04-24T02:42:10Z",
-		"mac": "ENC[AES256_GCM,data:36RrYDbRnC0/Nzs9WP99SCn1TxadL6PIrKk4YfLWSwBXSLrvw4CiHI77fzAxgWe8hrhhyBNvFn5Ypk3Ksxg9ObHEOufUar1dYOI5aYUlvuAhDCbMSa5lCHceNCoRFj5f4QTN4YC5jx779Sl/pEDn13qTkelX2tsRPKaHONOQdmk=,iv:IjCkSoPxTDsuqB5fKcUuNPnL2cxDNHxr0fOiG+D6nYI=,tag:ZyE241/6ieMUTFVvzi30qw==,type:str]",
+		"lastmodified": "2026-04-24T14:30:26Z",
+		"mac": "ENC[AES256_GCM,data:Vm92GVDVpXWJGWf0uGOfWl3W9QBafWNxPyDdlRHOvqn3dr1VgawHe3wv6AhMqaj2jSe9J+KvRhJwDzlAS5GmRO2OD24hB0JwViDWa8xAg+LePryfEYPWgyA9BcfVaZ+XTQnt++hIQGrF53QuWaLeuRGepV4l0SS8eoUr+Ut99/w=,iv:btbUdFSoihIH9k9H6os2NmxDQ0arX0T10I2lniW6LpM=,tag:9Pu/f6bC/ZBNs7qwfPDEPg==,type:str]",
 		"unencrypted_comment_regex": ".*",
-		"version": "3.12.1"
+		"version": "3.11.0"
 	}
 }
diff --git a/packages/gen/env/data/staging/stackpanel-go.sops.json b/packages/gen/env/data/staging/stackpanel-go.sops.json
index 88642f23..dc90643e 100644
--- a/packages/gen/env/data/staging/stackpanel-go.sops.json
+++ b/packages/gen/env/data/staging/stackpanel-go.sops.json
@@ -1,71 +1,71 @@
 {
-	"STACKPANEL_TEST_PAIRING_TOKEN": "ENC[AES256_GCM,data:QqKYuoYf0to=,iv:7GRvZ4LCUJIP0J2SYBP0Q+zLo0fBbJMywa3OUDNlVM0=,tag:wWJisxWUsvPAm5FQonEq2g==,type:str]",
+	"STACKPANEL_TEST_PAIRING_TOKEN": "ENC[AES256_GCM,data:WjeCaJMteJI=,iv:9ZK6fcnVE8gf0xtIdcBwvIYlz3iHbQniHYLoiKXcx44=,tag:kLOm+ioojpWtpuxXX8MpGQ==,type:str]",
 	"sops": {
 		"age": [
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjMrEzKQSq/0eePzgUGXM349sBm6GVCXoz+tJZJaBVT",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHZMYWFYZyBLaHpB\nTDk2WDB3V0JyTitaWWxUd0gzRzdkeWdUTS9yUU1nbWgrbXRwWmdBCnNEc25mRStz\ncUMrY3U1cERtQUtJb3NpSDd6SEVvN1RqQysvWHNSaFllTmsKLS0tIHBwczRIczZa\nb3pZNGpCMnRCMlgyZUdkaHU0Rjh3RGtFbzZ4Ujlpa2hiT28KmN07hrozRVleHC7n\nOCCSC7FOt9twYISeGoPzbaRYulDilgNNLtdxan8NNLXd67saZ9iHelmKkSJ/X60x\nxg8TxQ==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHZMYWFYZyBJc1Fq\ndENkRExEZ2pQTGtrRlJrRkFpV2pwV3Z1Ry92UVlXeFIvNG5ONGs0Ci9OQk9TZ2p0\nTjQ1Zk5ONlhiNlZxZHJFdlIwaEp1b2l0N29zVXkzOUJ0cDgKLS0tIG1UOWpKT25J\ncER4dk5GUnVwWE1DdzRpMnBPNFJLTjQ1azZaSDRxdG1JOXMKzgDY407Pa11r0R7D\n5yjl9+PSdSH01Ti4YrsGmVHhJe/ue9Qhz625F+ARQLn+E8tL1OxMC+TkDMnnDsXZ\nTNds0w==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIoX0wKjybps6ZHuvA+uwE1ThfWl87MApDLxCjCDUCC9",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEtlVWxBdyBTeC9j\nVUw0QTJrcGc5QVlwSWhnYjlXTTBUS1FXclJLOTcwUWVqcXoyeXpVClU1SlgvalQw\ncUxhL1NpZExWMjl5QjFHcW5CVW52WHZzRjYxU2NtTDJRaUEKLS0tIC8yNUo5eUFJ\nSVdLZURWSjIxelpEWk03d1FzQ2ltM3duWWxma2QyUHc5V2sKa0irOQgfBHNKJmdK\nGQ+Qc1uAOK3hH0W+u4j9IRHt2PkXyieAtG6pSK3nLbYaE6ZfpQD43jysBzKJg6cu\np4o9Og==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEtlVWxBdyBuZlhO\ncXZLSGZGZUtLM0pNWkZ0TVBadGxpcHNLNysxRU1xZDhHWWRjdERRClRpcXptWm45\nVktDeGtMR0FUUTl3V1JGMWhLbXNOdEtLRWtBcHh2WE53WFkKLS0tIGhCRHZmOEFF\nbEY0eGJZYWtwSGlLa0Y4T1V4cUZQckV6bE5aWUs1R0xCelUKNGZqb4lCT43vp+e5\nYO932QYc9w+1JJDj36PLnNAPJAoNf2c+UVtlWDDmuGXXPZhdHb0y3EdJzlrDH76P\nPBm0fg==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKZPhznHjTDifGroHiGRD3hwWz69B8NsSSPNbwWjfzgW",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFNdXZydyAvV3BB\nZkR5UHlOWXFMTDVQT3l1dXhZOGZHOXZnVlo1ZDE1bDZBamVzWEZvClp5Qzl6dndB\nbjZlT3d5RktXU2d1V3pZTzd1S1VOM1liUHhhL2NsaDJyTnMKLS0tIHVQTk0zSXNY\nQm9FL3Ztai9JemdSVFlYU1JIZmhtd3l3aVJhYng0dVoyZXcKuiNCZz4ThWO6zHp/\nhvKir4La5ENYUteG2UzzX46Id8VhiUQK7t2Z2cN147ogCnW4Hb6njgIUIFDILaOI\nb/wZcw==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFNdXZydyA4WHJV\nQ0NDd2VVSlNsSHpGZERUWlhPOTIyZktUYTBLSWg2QVhPY2kyVmlvCkJFQnAxS3l6\nRUY3bXhxYWZvRmNlK2hpUUdvSG5zYlcvUkRGRFpEU1ZIeDAKLS0tIGJ5SDNHSWlm\nWTJDUmxFRTdFTFBPbkNxeUtFRmVhRGlYVytHVFRiWDNESjQKLi7BVFkxCMzVno7c\nq6rGedqpQAFO4uRhybt9pcHtQqh2eqg1lLaCwnWg5y5mtpGb+lN1PWlH8gve8xHh\n16Fktg==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJF9kzudl00FVTQA7nnSaicAJW2MoBKm47G7wefb6uSm",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGw3N2NtUSBuT1B1\neTBJemJabVFIWTY2TllENmtuZjFmd1RZYUcxU3V1UzVBbFBhWENRCnRBakdtSG1S\nYjlHTFBmTk5GZVNkZFZuTUhvQ1BuMkd0NDhSTWVCdklTMDgKLS0tIERwTnVrenRu\nc09wRGRQT08yMjJIa0VVSVVLT1pNRE5yOFd1Ni8yc1Y5L28Kg6iHFJnhCv2g7Sz1\nqOXzq2asJg+WI7mhCJN9Qmbzmzx/T13P+jYSOuL8dAtM5KJrkER5V/PExHU59bNX\nQKL9ZA==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGw3N2NtUSBoRHVS\nZXU4Z0wrOTB3eGFtSkI5UHg2djA0UURpTE9DRWd0NlErY0JhRjBFCk4wd0F0SnF3\nMGlhM1drcExQNEF3VHFBVDhqT1JOQ2lPY3EvYVJRa2YyOVEKLS0tIGpWMTcvSmUw\nVXhIOWhDa0tFYmttMDFOTG4xKzNyZnpCZmxRVGgxY0UyTVkKyo/xA6MyjH7HHlN8\nAmtOz+HLPjf6uS0KzGAB5qIle0yqF4o/RRN2lwRgE1m29PBpYO05Ffl5iflZl493\nocGZjw==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDmZV9Oi9hrckXTpqBnDKRrY9mgwj+SJeVBGWmne2+q5",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpUeE1RUSBpRTBv\ncjUzU1VXelk3T3ZySzhBSjVLbmdzU3V4MzQyWGlJYno1anZjcFNnClhRMUZZZFRn\nT1RocDI5REhNZGdwVFF2Rnpjek5NL1N0bjdSOW9sYkgrTnMKLS0tIDl1amhkcnUz\nOUtsTHd3VGsvcXJoeGg5ZlF5TEpUd0tZdW5UMXJTTFJLdkUK5oaByEOSAYSbVp1X\nVZksOLPvC5LFmQILI65BRzv0uJsGIR6Ycx26YYoxm83Ha4aeP0P2bPuY01MT0ifY\nge4DmA==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpUeE1RUSBHZ0kw\nQkd4aVRRaXQ1ZDNKT2dBL3krSVhiOVNJR1o5OE5SUzFqUDFsNEdvCk04b0ZpL05I\nQVJUUUR0RjNGdDhkTlMyVEJVcFlpODRFT0VrTmVRTVh2RWMKLS0tIFZvNVVscmFJ\nRmNyTnl1cTZIMlR5NXQxUGJsVitoNGZNVUV4bHBCNUpjQTQK7lnIt313jf3ZJame\neUoze0INtfPVUaY1mRumdslR7Z2vbh1ePn2PK6DpNfZc/Tr3SRZSMotvLfOeyJoF\nvjbj/Q==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA+M/DHDlKgayM6wsiX6r704pE+2qENOsKcytC7sBhKA",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDF2bHNJdyBGNTFj\ncmdvdjdDdng1YnBxaE9qN2hWbE95dHdVKzdBeHN2dGRBcmtwV3kwCkJGZ2Vsdk9t\nUHNka2dUZHRzSmdkT213RUwzY2FPUTVRSkNlY05JeGxqUzQKLS0tIFZqM3dMUEhx\nME9HUnJoNmZBUkVxdXo0Tm5Tazd4WGZSZVdEWWJBZUxlb00K6i/ql0mxWGWPK5Hd\n+Vb2OfO1NV8XAAAwZlPcT9MBKqO8YWUEiST1rHj7bSoRJxoDxSODmbof8BzomX2e\n/51tEQ==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDF2bHNJdyBnNng4\ndkhPSXNHdVphSDBudEdzYnBZRndMN1UzZ3hQRmhPYnNwNm9YVmg4ClVvZWV2b09r\nZDVoRjRCQlBWc2xkcEpwOUxzQzhzTC93NmhJTHI1bUo1UUUKLS0tIEEyMzFuMVhF\nOGlINC9Pc2VMZC9PZ01INWJHM2RnOVlPSHNNYWxwYVl5VlEKvrhy8PpTGyS5z502\nulTFape2O8GCkcK6j/F9b/mf3M9wpJ/zH3TnyuzkG+aZAKg77qrfguH3BRrR8iGy\n+13K6Q==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINh0gA7reCRW+zQ5pPpIjoJGpaFQSbC/4K8B6vMXJVr+",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSA0aVNE\nbU9jdlBGS3BUWHd6clovMDFMbDVTK2lGb3cyemdHL2h0Wkh5SFdBCjFkK3NjY0VX\nRlJRWHRTZWFoS05TRUVPeTN3V2FVUGkzTmFEaVArbHYyTDQKLS0tIEIyOVpjREwz\nTWxYUERJa1UvUnFpN1NwNDdmTVBrcTZqUWFKRlBlbGZBRzgK5B4zTcg9VMazl+B4\np20i2vTC4YHBHE4BXLbgtBMeqIghzdbzlohW6FGByRmKXcQOtZY5fGOF9czLIlAJ\n7kfUVA==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSAvZUk3\nOEltY0RzNUpYNUZERE84aU9vc3g0RkU5WEYyS0RNRFh6UCs2d2hrCnVselM3Q0pB\nYTFKUTBTT2RvT1lkT2tCZ0x5RmZpTnV1MVduaEZ4eE01TFkKLS0tIHFUaVdZUWFr\nVnNmN3dDSThITWNUY0MzL1V2MFJJMVMzQkZEOUJxRWNKT2MK2zdg6J/oCWxaFYKQ\nZDKbglm49CciqnlCvuviJyf7v7+23ktjbFwp2T3+61kiR2tiH705wQ4crxlmVgzF\nCNA1hQ==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEmYihgWHfnLw0f8uTfLokCwToLavzV/+k/GggBA4Sz/",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtNZGJ1ZyBOQURi\nVkRDd2FXMWJWL3NuWnBka0w0WERkRC9RYUxuekR4aU8yQVNpTlFvClFVR1JYbVl4\nYWcxd2h2bS9Cd2F4QkJRTWxOd3RrOElJZ0VNS1I2Q1FkWFUKLS0tIHAyMWMxNlNM\nNEJtb2ZjYm5ueTJ2eFdyMDM3ZUU0V0xEK1Q1MUFGYnF2TlkKPoNtQgPL+LAZ8rtb\njzD3SXyGN4VNDnyco6s+L+jZ5TOjLs4s5PPPDFo2RrqlJe7/hhX9Hjo57ePawMIe\nl0q/zw==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtNZGJ1ZyBQTi9X\ncHBaemV1TkdsMEp2S2dYTDVwUTFhYWhkOUVmMFh6dzBzKzdCYW1RCjI0eXhzcUhD\nclVBNXdrVlMzcHpJL2htZ2o1aFlpWnFwTVJoZ1FFZFhGaDQKLS0tIHQwMXZ1L0tZ\nbWdqYktMYnlqa25qekJLVEpNRnBRVDlzenFaUmlxVXlLNlEK83eV2MK9lCQsDn6U\nROOZMnxJdqt7PjZAMbHIe2OyxBaVVf+dQO8ubt4YroVbSQNjc6KWXkfo/HnCHWPL\nR477mA==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvT1RvcTidgpVYE0OPknc3f5HcAVpyk+rXXrW4AcbzG",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFFONEwvUSBLS1E0\nYy9sbnp2SkhXQ3YwSCtRQXhKSGJYc2k3RUpoNlBRYkU0MThmTmdNCnVYVm5PQlZE\ndGJMd2U1WjFaM2hkTC9ncFBHZ3dZdDR1K2tmNnF2Ykt2WVEKLS0tIGNIQXU1bjBj\nbFpUenBSODNWcXlxRGU0Z3hib3hKN2c5b3lDL0hERll4dmcKaE/4qYIfy3e32t8g\npkSlZm/55W/NCRf8t3Fkd/LwoGXVjYu5D2Lrqlo6FdcT9kQuqNPXaabFUzp2xEL5\nce0NYw==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFFONEwvUSBKdmda\nMzZjUkJTazhDNzh2WkJ1MnZTL0FHWDd2YXMrZncyZEEyRUNGbzBFClhRK0FJNGJz\nS0JvaGtrcTVsZk9xWE1jL0VQUlY0ZGo3Znk5WDFOU2M4TkkKLS0tIHJ4eFlJUURI\nN0FaRTM4WndMdENJaGRQdkgydHBXSlVVWGlZL05zcnppUE0Ken+JUqjoI8+IKVDh\nUGbVbK3QRBxNlv4vPN6fKTvyFaJzdAvQOjkpPwCtwm95prZF418iy0WbokDzwGNG\n9vtShw==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEijeq50HS1g27BTRfJ8XWIPrAX9UVkap5fgIOCOtA5+",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDhjWXRrdyBLK09n\nUmVocTFGa28yRVlzTzZ6VXlTU1pvUWJHL0U5MU8yNjNDMDA2b3pnCkF1OUg2Tk4w\nTy9GZnpBbVpSTzB6c0VxOHMxSkkyV25GMkZpREFGSHRKWDAKLS0tIG8weUFkakgy\nczM3Z2Q1aUZJWWduNU1wQWxaUTh3VkdPYy9OdHpoR2RrVk0KuuQaZ5BWVYD6FTGS\nWjnVzkTDCQOPp70iuycPvg7KVfPt3PKFQxTV+BXwvrpXtIBtbpPyRchaBJp8rbyZ\ncCcYKg==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDhjWXRrdyBmTjBD\nVFAzUXYvczVaSzN0WlpwdW55Wmp5TElhTG03NnVFcmhYSFNqc1VrCmdoR1dhMEI2\nT29WUzRtU1hJaUhRNWZ3RkJnTmpLejI5MFRxajBXT1hXN0kKLS0tIG9SZnlNZ0VD\nbXBXSTdXbkpIV1kyRzRTM2U4WnRCczIveTJhYmpWcmZuVk0KZeI1GxfHn/B7mm5I\ncUJHFtbsmotslQSZWWJyFfRf3wKa39t9eXLSjV8f6WT91rLQIaXd9GU5pBP3mi/M\nfF5/Fg==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
-				"recipient": "age1eqcj2g0fdekj2wpqp4y0fg9c5myydjdt9zlr5scr0grk6fxszymqkpw5jf",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxMlZuZHBCRUVuME9jU3hm\nY1RGNVRRRWEwd2crVkkrS2xaZ2tJZmVKYzNFCnArNmwxWmkrdExTRU1TclYrVStW\nZlBvVkFZNGhQWEhXNmxWTUNXL0d3dTQKLS0tIDMvTDRrUUV4TTBudjhGMXVmM1Ay\nbHFxOUlrK1B1cy80ditjcnN1VmxyWFUKxgWjNqtxu12OwebP/LaZhMu0GKYgqDhm\nLpE4VdXUjjbsbYZwwtdWaPSHp11+vi9EL17UXSTcPR3Z+j/1yR6yLw==\n-----END AGE ENCRYPTED FILE-----\n"
+				"recipient": "age1d9h9mm3u5qalmpl2pf62pyzqj8t654n435emn93rutv0cg9sr32sg64fdj",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQcjlNaTRqUERJckZsOVNh\ndnBuVi9uVkgvWHlmZHdpandrK1BsQnltNmhVCkcrL09ia3RLQVVUZVhpWlEzWTRr\neUhCeVp5dGdjUzZjWS9MTEk2dkVuWW8KLS0tIGdoNUExRHNVM1k3cWYvN2xpV1BC\nT3NTNVQ5SFhkMG5xU2l2eWlTT3VyRVUKNBMuTVhMMCdJhctmJi2SJSw/TmMc4pzV\nwJHzfKFkbG6mPJz67DkSD7ySkJoHb54WmUUL7KU1iOm7r+sOzatnAA==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDuzbgoXZccZ2w/9HGgUyT9nJH7lG2/jfQCZJudY4yAN",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG05VmtkdyB5NU9h\nV2QvQTN3RFk5WnBCcURwVWVmM0JHTEdIcU5SN1lFRHpPU0Fob2g0CmNqN3RjNlkz\nZkFaamRjMFhDOFhaeHRFYldEVm4za20yQ3FaVUVLM1RnRncKLS0tIEtTYkxiNjl1\nSy9xUmJwT0pNM0VocjY2bFREeVNuaDROS3FhNDJEalJtdmMK0emEsrmV4aynNs8w\nDIWVDUkB+qFod+DPaPDEW1ZjzfKCEjMaXgBT/0Leql9ZnnSlYKUnZ2sTzDF0ZzmE\nne0H+A==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG05VmtkdyBzcFpP\nMkd1L2lyekhwSzF0TUlER1VnR2dXMmJZemJvbDhTTHNuWWRWa2lRCk5KcXR5QVNW\nVmxpeDZQdGhndUszSEpXaENHWS9UODZ2aWREVEZpZk9jUjQKLS0tIHEyTEZzeml0\ndnpuY1V1a1MyTnM3NERXalRiL2xySGNqaUZMVUVyR3liM28KvDRt6TEF//IXdQIz\nRdsUWSTl2+PopSVwshhzI2meBkvsjmfkmXlxFgXkwc/V2NHY8A8CVde+VZFyQyd/\nh47mhQ==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age16wuzuxnkcgfuxzvzgk5e5a5f6hhs386adjewyv54m9esr4yj6uuslpn6tp",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5RXBMVFVLWndnWG9ud0hO\nTG56dmJWUHRHaDdHRlZ3SzhuR00wVHF5aGlVCjlmZnRNL21sUjFBT0VSZXJBTDhM\nTXdFZlRsUmhkVmFQc05qVFEzNDZRTmMKLS0tIEh2eUxuQjhGMUV5cW1la00wSDk5\nWGhMZW41WG5xRUwzdzBOQVpqb1B5cEEKbcjKV0+msVwUmyLrK8PiEzUvIb9SHbqu\ndWwBwjeSab1Q+pW3hVPOiiPKdkf/np5xrSPsLXLVKuE65JIXmDGCuQ==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLTnVWK0lJVVRkaGJWNlNK\nV2dOMmNFZ3lZVm9RUXQ5QTE1bU9UVTlyNDBjClBLR0UwNDcyQXBpTFFZZ0VpUk45\nMjNmeEVZZXd2OTh6TVo4c2NpdFJXSGcKLS0tIGxYaWRmWjI2NUlCdVlrUWJvQ3RH\ncFhPS1h5TFhmNkFuTFNEV0t4bmJmckkKFsiNC9x4vz1EwZgl94jBEhY7HIgt2ME8\nMgtQQvSI1PC9q3jwB2Wmlnw+KZr1mVfVEsEfTcD65KG9jrvbkuplTA==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFStro05R+CPmjWMHWtzXUKfGll+OosoZtXAyPtngN7T",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDRTOW45QSBvUko0\nVHRBVkdyZHRaVmtNNXBkRzFKbVdkU0dvUGNjRXFhL0ROdzVGSFJFCnpuWFdFbHNr\nZjc2Y1VuRGhwOWoxa01sWVRXd3RRdC9mOXRMVTlkOVpBNFkKLS0tIEhtVUNNeDAy\nSEcvWHBoSlA1L1p1Qm0yOFBqSlZxL1NEdytXaXN0aDBRSW8KMwTZpwMGXKN0Vxj3\n541WerZ698C7R+wwPgizf3ge9BxvH2kyrTdLEKjGM/6Z4iobSJ0P8B2LbWpmkh1r\nkphQiQ==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDRTOW45QSBRMTho\nUXNQVEh4SlJzczVvYVAyU0NIRm93YWVIN245SjU5QU5GZmRvQm1NCjNvS2YwT2NZ\naTV6MXRwUU4yNWpETEM2UHBMM252WUZyZXgrdXRZcDlvaWMKLS0tIDlTOFFkLysz\nR0E1Z0duRlFyQWMrV1lmZUpsbFYzSnRvREJkVSt6TVhnOGsKvMGU2oFL997wbtKU\nB7+8kJ/hSX+nksmFKl4eiQK21FspofLVV285oR7/Ul92vagWjMSWwiKDLU5RmGqb\nYBNOcA==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO5qner13Q0fm5NhdXMx2nkt5kxjC0/SVY2FXh01OiHN",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDVucGlodyBHQ1F5\nUCtwcGUvbFJTcEJJS1B1azVaSVpMY3pyaURlaHVGRE1Ga25ERG5zCnVEdE9wNTRs\nWi9iMVFmenpjWFcwMGtLZndCWFZ2bUR4MVR2RFViOGdDelEKLS0tIDdkM3I3b1Ba\nQUM2RFBKaktNVTRZSlZwOEdVZ3ZZTWdDTzhIQjhGS2RIY00KwrrYi2zg5RPnVqQi\np/zePFrUQWVzbRnVVttOStlHK1GQDKr6d8Tv3qbC+uwBHx1bZ/4sQXe/dfy6nnmj\niqbZxQ==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDVucGlodyA4MVdj\ncTNMZUJVY1dEemdkZ0xlTWJGbmdxUVRQR295cm9OaFduY1RjRmxJCk9WaDdqbU10\nbnhuTGtXTjlibDJxTDg2S2cxckV1Z1Z0Z25mdzliNkxOZm8KLS0tIE9DUlFtalY1\nQzFhRXpYRlZoTjhpZnR4bmljdDlCcjZtVlBDUUR4eFNuTkUKOa1g0/libgESlwhZ\nqZ5Tc+y9Bl1iaTXFq84YRzKwV2aRlynN+YdLevA/hqecvJq5YpMkUTil2eBqtHtg\nH2EqUw==\n-----END AGE ENCRYPTED FILE-----\n"
 			}
 		],
-		"lastmodified": "2026-04-24T02:42:10Z",
-		"mac": "ENC[AES256_GCM,data:DS77suw9uLo46ELAvCTz1KfYJPkiLg9LhxX8wjIyP7OxKubbvRdY9E82G4zPmLv5s54H7O94AG7VkgA+UNRKOeklKZfiat63l500kcnzdsJEGCwqTWzIG5bXGLZ9XeV/+nADOy7ZDEp9KMnUhZ/N2986mdaqrn86VqhKefVze3g=,iv:Gv0pHU8MAcoCgRp7dbI1nDsmDHYXaMbz/yPbqPzThKI=,tag:wKGiLn7s2cWhzoxGau+Fpw==,type:str]",
+		"lastmodified": "2026-04-24T14:30:26Z",
+		"mac": "ENC[AES256_GCM,data:6HvEm3Jt2d1DsvDdxsyOKLCA6wfP8dgOUlh+TE7zk1XnYF9WNPXaCbIZ5bXwOzS3C73u8sVCQi4yq5xZe6s0YCTjSxVZYCuAKdDRnXPJzjiKL7vMQCThom1uCOc6sLIjKYzAJJ+epAnjZM/HN2t+KjMqhEdlg0U+ogO5zryEElk=,iv:HDnAyiuHaaEh8Moesv7tUz6u3XsKzv5HebM9Mj78/cQ=,tag:LoP3atT8u8LYw5keYhTNeQ==,type:str]",
 		"unencrypted_comment_regex": ".*",
-		"version": "3.12.1"
+		"version": "3.11.0"
 	}
 }
diff --git a/packages/gen/env/data/staging/web.sops.json b/packages/gen/env/data/staging/web.sops.json
index f360dbc5..da08d235 100644
--- a/packages/gen/env/data/staging/web.sops.json
+++ b/packages/gen/env/data/staging/web.sops.json
@@ -2,81 +2,81 @@
 	"BETTER_AUTH_SECRET": "",
 	"BETTER_AUTH_URL": "",
 	"CORS_ORIGIN": "",
-	"HOSTNAME": "ENC[AES256_GCM,data:rZEDdGN+P9NjKMz3E50=,iv:sHbg6RxKOPMQVpRdylUOqqRygBrSi1WEcY5t6WXWh30=,tag:GoEZiW8ROcLknkYGTER5Ig==,type:str]",
+	"HOSTNAME": "ENC[AES256_GCM,data:ioJLs6z6veNLM3zPNlA=,iv:WMBF0ksR/w+N3U70wxk0VuuAyYTHMsZA2snl0eaoWbo=,tag:lpL+AGuMSbDI1OrN0JRhxg==,type:str]",
 	"POLAR_ACCESS_TOKEN": "",
 	"POLAR_SUCCESS_URL": "",
-	"PORT": "ENC[AES256_GCM,data:3RLMng==,iv:lKFFRF2mnvYBuIjLbVS4CSkcnxek8rxCcWrDeZcAHZc=,tag:/tiMlDORQNncpU09hDSdbA==,type:str]",
-	"POSTGRES_URL": "ENC[AES256_GCM,data:5g28j13PU5z2WPiRxdJtqqXZotA0UpULT+weKZyLdhVUC/wtULoxgPJmG0lrejtrxqgtJ8VcO8sRT5K+hpXVaC4e8lQuJ318OltEOTSMo7jjJtjlbIS3gM3GELGDfUH6UCEpKek4ShfOnZprvH/aQCSxuQvZk3UO1KrZmgEXBII6Ln0dUijWydjKYcEY4a5uYwUbPdK8e6Q6yxUeQ9KSjlEibfkCxQj5Bg==,iv:IIY7v2dURKuzA7Iw1vH/sEiSwjdvt7/ksihRpsUcpYQ=,tag:oui1H+4DZ88QS39ndSQR1g==,type:str]",
+	"PORT": "ENC[AES256_GCM,data:V2PPvA==,iv:nVF2O6pJ+n4uiTSgoFSnT2fFCSnpLwcad+8n2Y7QgiI=,tag:VerugMsQ2HpK3amvsottXQ==,type:str]",
+	"POSTGRES_URL": "ENC[AES256_GCM,data:5ydZ1mZHvhNb7KSANpSKOMefMVIQ2m9qtHKcIS7mJqborN8jhPZwrhJb7h01b/IP1vEybCk+eC8YSVNjERnfLkYytVGAMbVAUl8lLtPg8ge/oirDTZ0xbEajF4IthwqswMHuf/AJUWljXsrEb+Gil0Rp9XXDcMMWtMw8x+baTyGLxk5oQEvg3lHhFafMI0KU599i+0QH54/+OtW79N2S9X6jIH+Q+IJUSQ==,iv:GiDJEnonnl/sMlxukK42jXO9iT9eHx6EAoXXoyRlrsQ=,tag:2bUtpw583C/0D62mF4M6fA==,type:str]",
 	"sops": {
 		"age": [
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjMrEzKQSq/0eePzgUGXM349sBm6GVCXoz+tJZJaBVT",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHZMYWFYZyB4Mk9L\nSjhxcWhiVzdlNGxJSlRGcEMxQXUxcXBrS3FxMUNTQllqOUZHbEVJCkVhYmVhMFp5\nMlcvUGNaYS8vR0MrajBHbFZFUUV2SVdnQzYvVjVSTjhGMlEKLS0tIDhJVEVpU2wv\nL2pUSHptaUw0OHdaL0M4TGxuNm9EK1ZYQVJ1T0NvS25qTGMK+7IXPTDD1IOXHwTo\nOb1Z8flNj5Kq8vHtfCgJ41bZUDoPAW9MMRhF5RvRAaJyhOLmlp+Yd5ql9NfXcmC0\nqPZP9w==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHZMYWFYZyBFbWxm\nSXllQ3VpbkJ4aTNrUDVhc0trU3U1SnRkSmNldExnb1pNZ2RQU0EwCkFWckdsNC8z\nenFpMDRRU3hNVWpDeWQ2dEJILzJLNUhISVZyd0xEeStwUWMKLS0tIGpQVXNrOTlk\nQ1BlYnhSc2ZZWGpiTnFJcXcvVitUc3BBdGMrTFBZYTdMc3MK87Giaw50HLsXuJPq\nR1NMQWT+bAXE9uIpjMrxuWJSIYeUng+38maADl5Vnh2nbixGRTIFDPiXq6E6PRNl\neNlfSg==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIoX0wKjybps6ZHuvA+uwE1ThfWl87MApDLxCjCDUCC9",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEtlVWxBdyBuK3ZW\nU2c5RjRGbGRnMjBsQWR5ay8rZHFJOHJvVm13ZGd3c1l4RkhheTNjCitPOUNJK0NB\nOXZmWlhhUko5bUlsaE5TMmFzMTUybDB6WjVXRlBBTGhhSWsKLS0tIFowTkpBcXcr\nVXpxaFpGendlNTV0OGdMMm4wV1Jkamtyb1o2Z29oK2FTNXMKqErDmWp1/45Jynuz\nDnoZVBCQHfiED8pi7SStEaaadpD/6oH+Zl+0CsiFXoD5xGQmEFN4wr0aZOqVtQvB\n7iUWqQ==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEtlVWxBdyBVZFp6\nQkdLQzlXQWNFbUJsMElvTGlXSk0zTFRBenNRZWdvUkMyOGxNVmk0CmZ3djZSWXli\nUFdjWmtJZlhERmQ1RjRNaTR6Q01tbmJBbDU4T0ZMeDVlUk0KLS0tIDB2ZC9BbGdy\nOUZxaFc0aVR2L0gwSE54YUNYZEl5NkNTM2JiTHV1ODgxY2cKwi179VL/vXh3/WJk\non0KtROQcHgD3t/rWH+pQt7/tWu2jOPaz4oKdzHgABM5/VOxjftOfM324Y2aBY41\nvjyGaQ==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKZPhznHjTDifGroHiGRD3hwWz69B8NsSSPNbwWjfzgW",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFNdXZydyA2VCsr\nY252TjVlRjh2STc5V2I2S2gwYm5qTmI1anp6bnlFNGV6U1JFTW1NCm02MkdaMC9C\nNG1Ecnc4TzBWMkx3eE1xK2ZXdXRpS3hvc2VSNkhMREdTcmMKLS0tIHNwTkdpclBB\nVit5djJCVGN1T1M5dHd4dVVvbG9FYVd6MGltMi9JeW9oUmsKE7ynZDClR3y7WbjJ\nR8HIY5Ik7jtyh85Y/cEmnRltDPk+sJkAS6YbaAQUAHcrvvUy9BFq1lzzWYXrDPc4\nN9tOew==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFNdXZydyBXVEl0\ndzlCb0hDb2Y2U3dzOGlyeGp4OVZtdFdQYU02d0pQcVVvWFJWRTNjCnI4VVgrMDNY\nMWdBaDBQVWpqaW5KZ0lSS1k5T3JGY3E3bFh6RXVkT1JHTmcKLS0tIFUyNFJjZnVo\naU1ZRHUxRUErMGFwMzMycXVtREcxdzdaMWpKaU5VRC8xU2sK4T5OVflIZdr/VgKP\nm7RYY33UtOu47J+ZyLpz4QF34MIrHPF6FC4uSxuJBGO2bqTOprEiLvMYPaRb8cLd\nHi+Z4Q==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJF9kzudl00FVTQA7nnSaicAJW2MoBKm47G7wefb6uSm",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGw3N2NtUSBsN3Rp\nQ3oyNUN3UWRDWUVHSHFVS1l6SVcwU2dxT1NZK29xWXhacHp5OTBFCjJFSzErT2RQ\nQWtsN2o5TkkvcjRmMDIvTGM2cU1CVnFMTlFEQXZGNmhDKzgKLS0tIExGZ3hNd3lS\nQ0FwRHVCZklRTTkzNFFzdjk0bHpoR2wxZmFMVkF4T21JVjgKLPgYHhlnHdI8974R\nYJ/jQFkliZOt3aFNH1uSvr1c85w86HhSn2TK4yzR6wJNA4OHK6yRFZSNpZ3aaeX2\ngf4gCQ==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGw3N2NtUSBVRFNr\nVmVqUkFleXhQN05VVDJmN3Z0SnpBa0c3TjVJNER3Y284YTNYU0FBCjIrSUNydUFB\nbzBVbFhHUnl5STNYd1BFQkh4eG1WektPNnRmN01Uazh6N0EKLS0tIEU3SG1BSllw\nS1oyNEFRcVNFNUZqeE9zdXN2YllydFM2ZTJSa0hleEZmc0EK8mlH/3aOU3BnZJ/A\nyIXthO31HTn4J08gTkRaEwjMyk4fP03mzQ0zh3nHtbJu7c78j0MyXGidBWVGpNkj\n6p7qfg==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINh0gA7reCRW+zQ5pPpIjoJGpaFQSbC/4K8B6vMXJVr+ cooper@darkmatter.io",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSBQRXlm\nODhqdldpMnEvUXNNUlh5SG5XNWpYQjBabjRUWUw4VWNtK1g3ZlM4Cit6UytJVW5y\nQWdnaHRUZmlOMERrelZva3BUSmx1VEl3YzJ0MVVQcGwxOXMKLS0tIDk3L1dCOWJ0\nS2lUbzZ2cTRmOTlWNmQ5VnQ5SktkV2thWVN0N1BoL3pxQlEKAU0SrLAJLCWQvRPn\nqxLk9J1ccWziB4t/Uu9eJScqQkg5rpgr1hEU52PTg38EScTZIEui1TIibZyqAZC8\n3AUKJw==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSBlTzBP\nLzBIdVRGcDZ5LytQMjl3dVkwV280WVNrY1NWVG1KemJLWG5oRFU0CmhUVE0xeTRs\nTlFIK2NJdG1UMGlJaU1wMEk3ZVVvY3ZoQXBsRjh0YXZrVVkKLS0tIHNJbWkzbSti\nY0xxbDZ0eStqbFIrOUpyNHlNY2I4a2VDS0toK3gzRkswTGsKmvoI2v06pCRsP2s7\nE0ipXxh9r3L5owzaM3iYki78tEO2egg8uJLevarhjPXhozIkyOvBjLMWhiJ5O4dd\nmaMuZQ==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDmZV9Oi9hrckXTpqBnDKRrY9mgwj+SJeVBGWmne2+q5",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpUeE1RUSBXZ1J3\nVWtKYWZZd1ViTzFPNjg3dW5jUkQ5QXlhRnprVVBXeU1NZnFZRGpvCjBkRHRmVVJH\nVzZHQXpySjdZcjZWMXE2dzNGa3kzOEpwZk96N0JQMFdzMWcKLS0tIFBHN2JFU1RM\nK1VDTUpCZkdaUWZPNTJQR3ZBZjJxS01RRitSdEZXdEJNT0EKQ1S4KtkHIUAoZcWN\nfV09HE7aN6vQmJGug/O00JwlUWjDn9gwd9mqJvBkodQbhAbFN3UEc9ipLp854uxH\n7CloyQ==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpUeE1RUSA4TjBE\naXhPcGdueC8yOERjUW80cGtJN0Q4Z3NscUhFd3FqTlNteVFrUzNZCkw5NjNWRkZk\nSlFjWHFCdHViMWdWVlZacCtGam9tSEwyNjZkcmNhelBiZDAKLS0tIFhGbFRFRnR6\nTXAwUGoxVXFtM2FDR3RTUTRJRkJCcStxa0hOdG1uSkYyODAK25eoDun6wdF1zYVW\nM0VQe96GvYId3xykHKbn0G12s5hdCTBlK47Zs4XdGiJLSqDToa9nrXsA4iC/UWsp\nWQSG+w==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA+M/DHDlKgayM6wsiX6r704pE+2qENOsKcytC7sBhKA",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDF2bHNJdyBkTTQ0\nSEFSUy83WUlLTVV4cDl2NkU2TjJNa2J4RFp0eHQyMzdRb21ER3lBClhFc3dMcXVU\nRnlsK2p4UkJvNkNsclhJVjA2VkN1NFFhS25ReGxqeG53blkKLS0tIDVVTHNxNC92\nc21NRUdQS2duU3MxRW9PSS9mam1YblNVaXI3b1NleE50RWsK8aYeuR+/0kN64V3c\nYuACB9rVpnyJuo70pEny8EjgTGTZQx96KnsRqyQr4C7PO/vTipJNzVt5kh0jqnCL\nAHOYOQ==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDF2bHNJdyBBUUE4\nVS9Ib3czTWZnS2YxYWV4UUJYaDVuZElWclh0N0g5MXd0dUxkMHhZCjVaVzRrU3Nh\nYlNlVktzUWFrdVRvcUdkL1BuOFhCeUEvOTMvQ0o2bFRaQjAKLS0tIFk4WXViaFNu\nZVJ3dDkwVkc4cFlaU1Y2YmxOM1hTb2ljRlBKMk1lZjRUbmsKS705AAHZzatFSnQb\n4okS8lXHug6s6zuemPkCw/WLkpkeIDi4i0MAC3IwZlCXA0TNsqVE8eFobhE+kMw5\nb+e9FA==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINh0gA7reCRW+zQ5pPpIjoJGpaFQSbC/4K8B6vMXJVr+",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSB0RmVq\nczArYWtpKzhZdG1STThTLzF6RGtRVkJaRHhtM01kbjFXVDFhejBrCkM0bEFHTk5V\nS2pHd2d4S3AySUlud1IwWkRrRXE5R0xKMVBNSFdiV0RQbzgKLS0tIEZmYWtjYi9O\nNTZ0ZFdkQmZEeVo5OG1ocWxyVHkwUWFDSnRxRHFtL3ovbzgKGYtJiPfFa6bBMlev\ng7lSXhBcbKIgRm7tkVLl2/2IEwum7hNKBvGLBZ3wDp7nP0YZb15WwotRrLArsZoo\nvowv3Q==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSArbHNR\nNFBTWnp0NitOd1JsUldoOVZaR3poOEw5cWx6V3FFcTBSRm9zUWpZClQ5RDJyclpS\nemlSZFZGaDhwYVBIaDFBanliclZYODlBdW5FSHRYUDN5UXcKLS0tIG84MmgvRHBw\nV3A5ZXFOZW9BQmsydnpCaUJUakFuaEVmdFFrckZKbUJYa00KgHU7Xny7O3FxwobH\nWLZftfjn49o1Mbqj6kTUi7zU4d2bYk/TSDLsW88X7r6EIJHkV56UODhbzLdD/VtV\neuv0Ng==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEmYihgWHfnLw0f8uTfLokCwToLavzV/+k/GggBA4Sz/",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtNZGJ1ZyBnRUxR\nalBBdXF0dGwxdmgvWmxKUnZTUnlLV3BQZDhGTE9hcDZqMStFMVdVClFGS0JUZWpy\nNVdEVVRKZ1dTV05sdDZWeFVZR0crQXZOUmlsTzlmcGhPa1kKLS0tIHZFZFZKRlNt\nVHlmcHZBOEYzWkxrVXcrR3VpQ3FhbUI0WUlKdW5IcElZZk0Kz16DvaaB4TC8kwLh\nFE2PqmcnMOUJ1oJB1Em0n8K1poiulPUzv0rIBD5yyr+kIzQ5oWIjua7sPF1YfrSk\nHimCeQ==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtNZGJ1ZyBsK1lM\ndFRtQ01CWk9QS2FZbnplQVZtSlU0TTE5MFEvT3FpeW1hWVViL3dVCmwwY3pzU3ls\nclN3Q20vVEtvSSt0aUlFVWdIOEMvZGMxUnc3a0l6VFpDYjQKLS0tIGF0QVB5VS9a\nTGFHZE12R3crRFl1dWZMYm8veHFsTmFXdWY4dlp4aXVOTEkKoQySNuLt9oG+dTm6\nd27pxHABwWx4vvhwKcjla5+1659GJcfzZvqRhDsHoZ49fRu3UFTDVKCfhe93Idvx\nUsDT9Q==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvT1RvcTidgpVYE0OPknc3f5HcAVpyk+rXXrW4AcbzG",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFFONEwvUSBldm9x\nNjBac05Oc3dlTllEVWpyNjdCamQ1ZU5hZkpKQWxDN1g4Mi9od0FJCmhINTJuYlFa\nUW9UdnJlRHhqa1h4dU1jYzdGdGlXWTN5Y20wbXZ1RFZkMlEKLS0tICtDQnp2M2Fa\nVkJEMVZNU253NmhMQnd5NitCRzBNT3l6QjBldFdjcEVnNHMKg4nYYCzv18q3vIIE\nb6p0zyWVGCty8tJi11h3Qfqxji1iMJbuNuNxMRQNfKLBYY3ksKD7LZmm+Oihx/hK\nEJSpJg==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFFONEwvUSBxV29r\naUVlV1gyV2RVWEU1VVVESmZWeDdHQXd5aXBPcERIUU9BTGhiUlNrClRQZG1NYVRE\nbkp6eCtoU3RSU3lvVUd0bGhsYWtyYXgyeDZOSzFTZ1dOVzQKLS0tIFZ5SmI0S0V5\nTmJvYTlMVHgvL1JmM2tReEUzK2dPQU9DODVHeHVEQ1NXUlkKy3C8eub2YxoyJkv9\n+ffUyjCWKDXz6LNrgqLeTDY0Z8J5bFHvbkPnt8zxSfmZamhr99NfHkwai0W53LEj\nsKK4jA==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEijeq50HS1g27BTRfJ8XWIPrAX9UVkap5fgIOCOtA5+",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDhjWXRrdyBZWkp1\nbXpTT3BzdHJuckNTbFRyK1FPMSsvRVhFY0lzc0tvdWZPLzJ5TDI4ClVIdG5HdHU5\nNCs1enU4VjJVODVJTUtHZlNqdW9rZGZxc0tjdnBKWWp4WjAKLS0tIEdwcC9vekhN\nTWh5bElyak5QWnVuc2lXelQ2SmFkSlJSNzVhQ1JZcEpvQ3MKFMGZaqhu5WD1J+4N\nUZeRGv3DJKNlPnH0+X8CPQeqCWD5V711zBek6zbX0N1bOC8cWjiG0MZRNWu9Lo4L\n36uGQg==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDhjWXRrdyBiQTRp\nK2lxNGYrU1pQRzJOMEhCc3FtWEdqVnk3dFBYUHlOdDVERDN6OEE0CndHNkFoYmt0\nL3Z1YlJiRlJRTkJhbGgxamNkOGtUeGJxNW9JaVdZMjRkRkUKLS0tIHlLc2ZkWWhY\nWVJvU2I4cHUwQnlLSmhOeVlzcS8rRWFRaXA1dUJXVkZublkK7QDtJCXc4Geyh8w5\ntMitSUnjKGyMexZZ9I9xF62Q73vUDeiheFTo0ARni2VfWfbYuoudrUDZzLusQIjo\njTiuig==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
-				"recipient": "age1eqcj2g0fdekj2wpqp4y0fg9c5myydjdt9zlr5scr0grk6fxszymqkpw5jf",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKSmR0OVBDQVI3SEpXSDBh\nV3ZXVE44cDdrclNGdUtPTkVTMGZaNU9JN0RFCmo4aU40YnBrU2J3cTVPbXA2c1NN\nMExNemIyRURTejRndDI4UGtvQ3V4M2sKLS0tIGZYMzJsTVdHckt5bWJMZXdKcTN4\nMzRxZ2liMlNYbkhSZUhPK0I3dUpqcjAKNdCLO58gyqzG7j+JwvcFDxPPm6/n67rC\nZlMqCdMi5eXsN0TP0fSpMQ3HiYFbOFU8tqX0gOElF6MKau38tjopIw==\n-----END AGE ENCRYPTED FILE-----\n"
+				"recipient": "age1d9h9mm3u5qalmpl2pf62pyzqj8t654n435emn93rutv0cg9sr32sg64fdj",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtNEQ0VWsybEtINTRWWFIw\ncDBNMldqOHdIM3FiVlo5YXJuZmZWTmFxbG1ZCnVWU2ZRSzRJRGdHZ2ordVdKN0xl\na0RpekZLbzExYmVtclJEYTlETWo2SEUKLS0tIExSN3NjVEl2TnlQZ3FSRmtZaFpx\nU2JnRzc4UFIvRDArbFVxeTIrVXJPYmMKbOO1fiCeV3BDCMR7z5Z017H4YIKovbP9\nUWu/f2LDNc1vq15vdE038yZwK1dnIl+9uMw+6k8ssFQCB5JCEFP9Fg==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDuzbgoXZccZ2w/9HGgUyT9nJH7lG2/jfQCZJudY4yAN",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG05VmtkdyBsNjdI\nV0RQbHpadWkzRFRnVkpwV3c3S0hBU1p5dmtRTDRpNUhoZXRGZ1hFCjQ3QVYvM2Vy\nb2hHVlp6OUt1bGpWSktMYUtqZnVpemdTSjdNdlRBSE1rNE0KLS0tIHRkV3FsZVE0\nRW5rb0VrV3Y2SE1MSnBucVhuRDlSNXlrYXpJMndGZG1sdmcKl27oRJNFqaDRp++d\nE8zm6/ebq6qI82Nqq5QnA95l/9I6x9EDu3rdwoDkNFsQMLQO/4nnp1vUT1YuGzP7\nXkwzrQ==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG05VmtkdyBQa1dx\nZnVYUFBpdFFGRFVEalNLL1JxMDQvWDVMV2dBdDF3VWtnZUVTM2dFCjRSV3g1alc4\nTHlpMks5YlFHeTFyU3M2ZDY5V0NNSi9tZDljVnAxU0JCTmsKLS0tIHZWQVhmZzI0\nUFNJYStQTERqc3p1Ty9WSjd6SjI1eGExOUg5WWJvV3V1L1kKEHqG0ykiCzh7tOBD\nO52Grk+a1sAS9H7aVrLbjpNl3CkQN2CTbgL2yi9wk+SvprNO3aRCauOF+5H6+NO4\nBXiV1g==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age16wuzuxnkcgfuxzvzgk5e5a5f6hhs386adjewyv54m9esr4yj6uuslpn6tp",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSdUpKZnVqZ1B2dnhPK3Nk\nRlJjNnJJRUhRU1AxMGhZQnpreU9hclg4c2dJCmVkVUVXQm1nNFZHYTRMWUVacUtm\nNkRObUs3TU9hd2FGZ1l2ZS95N09kaTAKLS0tIEdzNDE2VDVmTW5NRXhwWFJNa3JJ\nbkdlU1JnYTJLVkZ5Z0hUbTdHSUNhSTAKrOEiJZVfp24FNCNbCRN77yj7awxf6PFL\nX7/PVU45X4d/62kOP1mC86cSwk0w/faPgk40TL6WmyE5Hl9bDVn6dw==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUUDc3S3d6dkRJenMvT0dJ\nSlNZV2ozVk9OV2tFenQrVEU0NEE3SWRTV3pNCm54T0NBWU9ZbjZBRjYwSFRpdFZo\nMTlUUFdHR1ZzbmNqS1o5d3kwdCtTU1kKLS0tIDZRbGFnQjIzc0VIQzFiTXFDSmkw\nVGNaZmJHbkxkSStuSGh5MXNNNTB6YkUKMEdrmzaWcSM4BKapJBevZ5rDDXaRAlfT\n0AUP/+5VdK+3gkGV/MWOWrGa0j1qSozY7FLzf8lg1GfnmgAOtKBpkA==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFStro05R+CPmjWMHWtzXUKfGll+OosoZtXAyPtngN7T",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDRTOW45QSAzV05U\nNWRtUFVzOTNON0FKL3k5K2N1dVMrTlNsWnNZeWxGNERyNW5NaURJCi9JQ2hjalFU\nUERrMkhuMEY3ay9qSkxwT25NMWZSZzhpTis1ZldESXA5NlUKLS0tIEdVMjBqZE13\nWU1hNm5SUnNrL2ZkSmNQVk9wMElrdm0zTE1JMFZ5ZWMwdUEKE+Gv12VtsA237/Mz\nMjWLsui8+8f4LTZu7oIpXSF3X+vHgAUe0KeqalreVrzSwNl1khGUMFrb4L0UP5es\nlupCWg==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDRTOW45QSAyVkJv\nWWtQWWhoMUU4WE5RbmZxWStHUDB6MCtjZUpJNlVJcHpSMCtQZVZNCmk5MnN1c0hU\nOFFabVBEVGNLKzFQSFVPQmZvOEl3b2VlTk5kdlJwRVU4dGsKLS0tIFR6dDVONnhz\naC9kNmVDeUI1Q3FaKy9NalBlWFpUeUpoNUhvSERYRURWVncKElO/wLRgFSbhKjP1\nH1sJ0CscDusG+6yif48Zb6kN8P5kFkzpYXu1S9TVlhurewmYHpbJPdtzU0k98NuH\nWjv0TQ==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO5qner13Q0fm5NhdXMx2nkt5kxjC0/SVY2FXh01OiHN",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDVucGlodyBtVS8x\nK0VtVnVZREV6NUJWc2NZaEdueFByWWt6UFdqMXJOTyt1Sno0aTF3CmhCR0ZPZDNP\ndHJ0QzF4b1A3eDdObDJWbTJFSW5lVHh5Sm94S2RaOGpzcUUKLS0tIEFBaFBOWlRG\ncGRQR0ZSTy81dmpHOElUUDNrcjAySGExekdaVEdUQlpCelkKAIKx4kHUUb0qAudo\n/1pUZhgGkd2Ayblb0s48DB8iES2ckeEWuTDwgsPCIXnYDbMYuNaxHxNFpbuHNAEC\neIliIQ==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDVucGlodyAxdEpB\nck5ZcTJtb0NKYjBIUExnZmVsYnBJWUkxUDRtMGNGR0ZHZG5RQ1RFCkJqTVFSUlJX\nTExDdmQvdUxUZjFPN3BLMGU1b2NCQUtucFdERDV1RjNMdTQKLS0tIFl3Und0aCs1\nMmdBa1AydmlEaTZOak9STkRvb3dwV2EyVE5hUzhqRnVJZjQKCAfncxyIujLn4GGV\n08IUKOLfaMGh3tGTCc1/n/Mk1FTci3QDTSjRN0DIuZv6vGZ1oVOIvC+UKRFbzt2M\n9S9x3Q==\n-----END AGE ENCRYPTED FILE-----\n"
 			}
 		],
-		"lastmodified": "2026-04-24T02:42:10Z",
-		"mac": "ENC[AES256_GCM,data:UMvY3HPC1coKJqhRWu4fWMN3toYJ38i6jYaFmfYFkXZtjvws0b6A5/5gER2OIWqEpcumgAe7H0iEb3Jt+raNJPjvRRPL0ZQCh1gYekbZRcJ7fBCnBthCGAQpPcV00bjW7Sp4FoqrShXrQRa3bFo+Uq1rjLYulD8oogPtW7hbCgY=,iv:pzbjiNJOffAqdeIGz2jogi2GaKr7hO6VXGsmXkoDe/E=,tag:3V+KR0U2aRASDOfHyxwNcA==,type:str]",
+		"lastmodified": "2026-04-24T14:30:26Z",
+		"mac": "ENC[AES256_GCM,data:99AFP2r81SkILOnsMnKhqLs5qCSzq82qeXzUR7pEfvurDmfNfPCT8sUxGWmunkC4OsmvCovRWQ4QZ/OIeS6CDvIaxLcBdCP6/W8sjT9p8sL1yMWWt6BVpp+5W5uWTwuSAhM7QwcCYypf1MIGHBrgvftr6+WJX6Xd4fkWATx9xcA=,iv:3uc7iIrG29Xx8q7GpdjFwRM5X/dT6Qit2ZY6892bndY=,tag:mg+1IfFB25Z1C7UiMvUVvw==,type:str]",
 		"unencrypted_comment_regex": ".*",
-		"version": "3.12.1"
+		"version": "3.11.0"
 	}
 }
diff --git a/packages/gen/env/package.json b/packages/gen/env/package.json
index 44e7fbae..626e7f26 100644
--- a/packages/gen/env/package.json
+++ b/packages/gen/env/package.json
@@ -15,12 +15,18 @@
     ".": {
       "default": "./src/index.ts"
     },
+    "./api": {
+      "default": "./src/exports/api.ts"
+    },
     "./docs": {
       "default": "./src/exports/docs.ts"
     },
     "./effect": {
       "default": "./src/effect/index.ts"
     },
+    "./effect/api": {
+      "default": "./src/effect/api.ts"
+    },
     "./effect/docs": {
       "default": "./src/effect/docs.ts"
     },
diff --git a/packages/gen/env/src/effect/api.ts b/packages/gen/env/src/effect/api.ts
new file mode 100644
index 00000000..9d0f1023
--- /dev/null
+++ b/packages/gen/env/src/effect/api.ts
@@ -0,0 +1,50 @@
+// Auto-generated by Stackpanel — do not edit manually.
+// Effect-native env accessor for the `api` app — derived from
+// `apps.api.env`.
+//
+//   import { ApiEnvTag, dev as ApiEnvDev } from "@gen/env/effect/api";
+//
+//   const program = Effect.gen(function* () {
+//     const env = yield* ApiEnvTag;
+//     return env.PORT;
+//   }).pipe(Effect.provide(ApiEnvDev));
+
+import * as Effect from "effect/Effect";
+import * as Layer from "effect/Layer";
+import * as Schema from "effect/Schema";
+import * as Context from "effect/Context";
+import { loadEnvEffect } from "../runtime/node-loader";
+
+const APP = "api";
+
+export class ApiEnvSchema extends Schema.Class<ApiEnvSchema>("ApiEnvSchema")({
+  BETTER_AUTH_SECRET: Schema.optional(Schema.String),
+  BETTER_AUTH_URL: Schema.optional(Schema.String),
+  CORS_ORIGIN: Schema.optional(Schema.String),
+  POLAR_ACCESS_TOKEN: Schema.optional(Schema.String),
+  POLAR_SUCCESS_URL: Schema.optional(Schema.String),
+  PORT: Schema.String,
+  POSTGRES_URL: Schema.RedactedFromValue(Schema.String),
+}) {}
+
+export type ApiEnv = ApiEnvSchema;
+
+export class ApiEnvTag extends Context.Service<ApiEnvTag, ApiEnv>()("@gen/env/api") {}
+
+const decode = Schema.decodeUnknownEffect(ApiEnvSchema);
+
+export const layer = (env: string) =>
+  Layer.effect(
+    ApiEnvTag,
+    Effect.gen(function* () {
+      const payload = yield* loadEnvEffect(APP, env, {
+        validate: true,
+        inject: false,
+      });
+      return yield* decode(payload);
+    }),
+  );
+
+export const dev = layer("dev");
+export const prod = layer("prod");
+export const staging = layer("staging");
diff --git a/packages/gen/env/src/effect/index.ts b/packages/gen/env/src/effect/index.ts
index 0e1524fc..be29af0c 100644
--- a/packages/gen/env/src/effect/index.ts
+++ b/packages/gen/env/src/effect/index.ts
@@ -13,12 +13,18 @@
 //
 // Use with `Effect.provide(program, effectLoaders.<app>.<env>)`.
 
+import { dev as api_dev, prod as api_prod, staging as api_staging } from "./api";
 import { dev as docs_dev, prod as docs_prod, staging as docs_staging } from "./docs";
 import { dev as stackpanelGo_dev, prod as stackpanelGo_prod, staging as stackpanelGo_staging } from "./stackpanel-go";
 import { dev as web_dev, prod as web_prod, staging as web_staging } from "./web";
 import { layer as deployScope } from "./scope/deploy";
 
 export const effectLoaders = {
+  api: {
+    dev: api_dev,
+    prod: api_prod,
+    staging: api_staging,
+  },
   docs: {
     dev: docs_dev,
     prod: docs_prod,
diff --git a/packages/gen/env/src/effect/scope/deploy.ts b/packages/gen/env/src/effect/scope/deploy.ts
index 3abe09f2..8b3cdf97 100644
--- a/packages/gen/env/src/effect/scope/deploy.ts
+++ b/packages/gen/env/src/effect/scope/deploy.ts
@@ -21,13 +21,20 @@ export class DeployScopeSchema extends Schema.Class<DeployScopeSchema>("DeploySc
   ALCHEMY_STATE_TOKEN: Schema.RedactedFromValue(Schema.String),
   AWS_SANDBOX_ACCESS_KEY_ID: Schema.RedactedFromValue(Schema.String),
   AWS_SANDBOX_SECRET_ACCESS_KEY: Schema.RedactedFromValue(Schema.String),
+  BETTER_AUTH_SECRET: Schema.RedactedFromValue(Schema.String),
   CLOUDFLARE_ACCOUNT_ID: Schema.RedactedFromValue(Schema.String),
   CLOUDFLARE_API_TOKEN: Schema.RedactedFromValue(Schema.String),
   CLOUDFLARE_SERVICE_ACCOUNT_CLIENT_ID: Schema.RedactedFromValue(Schema.String),
   CLOUDFLARE_SERVICE_ACCOUNT_CLIENT_SECRET: Schema.RedactedFromValue(Schema.String),
   HETZNER_API_KEY: Schema.RedactedFromValue(Schema.String),
   NEON_API_KEY: Schema.RedactedFromValue(Schema.String),
+  POLAR_ACCESS_TOKEN: Schema.RedactedFromValue(Schema.String),
+  POLAR_FREE_PRODUCT_ID_PRODUCTION: Schema.RedactedFromValue(Schema.String),
+  POLAR_PRO_PRODUCT_ID_PRODUCTION: Schema.RedactedFromValue(Schema.String),
+  POLAR_WEBHOOK_SECRET: Schema.RedactedFromValue(Schema.String),
   POSTGRES_URL: Schema.RedactedFromValue(Schema.String),
+  STACKPANEL_API_URL: Schema.String,
+  STACKPANEL_STATE_BACKEND: Schema.String,
 }) {}
 
 export type DeployScope = DeployScopeSchema;
diff --git a/packages/gen/env/src/embedded-data.ts b/packages/gen/env/src/embedded-data.ts
index 5b3e9303..d497fb03 100644
--- a/packages/gen/env/src/embedded-data.ts
+++ b/packages/gen/env/src/embedded-data.ts
@@ -4,7 +4,7 @@
 // declared via `stackpanel.apps.<app>.env`. The studio UI and any
 // tooling that needs to introspect env shape consumes it directly.
 
-export const AVAILABLE_APP_ENVS = {"docs":["dev","prod","staging"],"stackpanel-go":["dev","prod","staging"],"web":["dev","prod","staging"]} as Record<string, string[]>;
+export const AVAILABLE_APP_ENVS = {"api":["dev","prod","staging"],"docs":["dev","prod","staging"],"stackpanel-go":["dev","prod","staging"],"web":["dev","prod","staging"]} as Record<string, string[]>;
 
 export interface EnvVarMeta {
   key: string;
@@ -18,7 +18,7 @@ export interface EnvVarMeta {
   sops: string | null;
 }
 
-export const ENVIRONMENT_VARIABLES = {"docs":{"BETTER_AUTH_SECRET":{"defaultValue":null,"description":"Better Auth signing secret. Generate with `openssl rand -hex 32`.","key":"BETTER_AUTH_SECRET","required":false,"secret":false,"sops":null},"BETTER_AUTH_URL":{"defaultValue":null,"description":"Public URL the auth server is reachable at (used for OAuth redirects).","key":"BETTER_AUTH_URL","required":false,"secret":false,"sops":null},"CORS_ORIGIN":{"defaultValue":null,"description":"Comma-separated allowed origins for the API.","key":"CORS_ORIGIN","required":false,"secret":false,"sops":null},"POLAR_ACCESS_TOKEN":{"defaultValue":null,"description":"Polar.sh API access token used for billing.","key":"POLAR_ACCESS_TOKEN","required":false,"secret":false,"sops":null},"POLAR_SUCCESS_URL":{"defaultValue":null,"description":"Redirect URL Polar sends customers to after a successful checkout.","key":"POLAR_SUCCESS_URL","required":false,"secret":false,"sops":null},"PORT":{"defaultValue":null,"description":null,"key":"PORT","required":false,"secret":false,"sops":null},"POSTGRES_URL":{"defaultValue":null,"description":"Postgres connection string. For deploy this is auto-bound from the NeonProject and does not need to be pre-set.","key":"POSTGRES_URL","required":false,"secret":true,"sops":"/dev/postgres-url"}},"stackpanel-go":{"STACKPANEL_TEST_PAIRING_TOKEN":{"defaultValue":null,"description":null,"key":"STACKPANEL_TEST_PAIRING_TOKEN","required":false,"secret":false,"sops":null}},"web":{"BETTER_AUTH_SECRET":{"defaultValue":null,"description":"Better Auth signing secret. Generate with `openssl rand -hex 32`.","key":"BETTER_AUTH_SECRET","required":false,"secret":false,"sops":null},"BETTER_AUTH_URL":{"defaultValue":null,"description":"Public URL the auth server is reachable at (used for OAuth redirects).","key":"BETTER_AUTH_URL","required":false,"secret":false,"sops":null},"CORS_ORIGIN":{"defaultValue":null,"description":"Comma-separated allowed origins for the API.","key":"CORS_ORIGIN","required":false,"secret":false,"sops":null},"HOSTNAME":{"defaultValue":null,"description":null,"key":"HOSTNAME","required":false,"secret":false,"sops":null},"POLAR_ACCESS_TOKEN":{"defaultValue":null,"description":"Polar.sh API access token used for billing.","key":"POLAR_ACCESS_TOKEN","required":false,"secret":false,"sops":null},"POLAR_SUCCESS_URL":{"defaultValue":null,"description":"Redirect URL Polar sends customers to after a successful checkout.","key":"POLAR_SUCCESS_URL","required":false,"secret":false,"sops":null},"PORT":{"defaultValue":null,"description":null,"key":"PORT","required":false,"secret":false,"sops":null},"POSTGRES_URL":{"defaultValue":null,"description":"Postgres connection string. For deploy this is auto-bound from the NeonProject and does not need to be pre-set.","key":"POSTGRES_URL","required":false,"secret":true,"sops":"/dev/postgres-url"}}} as Record<string, Record<string, EnvVarMeta>>;
+export const ENVIRONMENT_VARIABLES = {"api":{"BETTER_AUTH_SECRET":{"defaultValue":null,"description":"Better Auth signing secret. Generate with `openssl rand -hex 32`.","key":"BETTER_AUTH_SECRET","required":false,"secret":false,"sops":null},"BETTER_AUTH_URL":{"defaultValue":null,"description":"Public URL the auth server is reachable at (used for OAuth redirects).","key":"BETTER_AUTH_URL","required":false,"secret":false,"sops":null},"CORS_ORIGIN":{"defaultValue":null,"description":"Comma-separated allowed origins for the API.","key":"CORS_ORIGIN","required":false,"secret":false,"sops":null},"POLAR_ACCESS_TOKEN":{"defaultValue":null,"description":"Polar.sh API access token used for billing.","key":"POLAR_ACCESS_TOKEN","required":false,"secret":false,"sops":null},"POLAR_SUCCESS_URL":{"defaultValue":null,"description":"Redirect URL Polar sends customers to after a successful checkout.","key":"POLAR_SUCCESS_URL","required":false,"secret":false,"sops":null},"PORT":{"defaultValue":null,"description":null,"key":"PORT","required":false,"secret":false,"sops":null},"POSTGRES_URL":{"defaultValue":null,"description":"Postgres connection string. For deploy this is auto-bound from the NeonProject and does not need to be pre-set.","key":"POSTGRES_URL","required":false,"secret":true,"sops":"/dev/postgres-url"}},"docs":{"BETTER_AUTH_SECRET":{"defaultValue":null,"description":"Better Auth signing secret. Generate with `openssl rand -hex 32`.","key":"BETTER_AUTH_SECRET","required":false,"secret":false,"sops":null},"BETTER_AUTH_URL":{"defaultValue":null,"description":"Public URL the auth server is reachable at (used for OAuth redirects).","key":"BETTER_AUTH_URL","required":false,"secret":false,"sops":null},"CORS_ORIGIN":{"defaultValue":null,"description":"Comma-separated allowed origins for the API.","key":"CORS_ORIGIN","required":false,"secret":false,"sops":null},"POLAR_ACCESS_TOKEN":{"defaultValue":null,"description":"Polar.sh API access token used for billing.","key":"POLAR_ACCESS_TOKEN","required":false,"secret":false,"sops":null},"POLAR_SUCCESS_URL":{"defaultValue":null,"description":"Redirect URL Polar sends customers to after a successful checkout.","key":"POLAR_SUCCESS_URL","required":false,"secret":false,"sops":null},"PORT":{"defaultValue":null,"description":null,"key":"PORT","required":false,"secret":false,"sops":null},"POSTGRES_URL":{"defaultValue":null,"description":"Postgres connection string. For deploy this is auto-bound from the NeonProject and does not need to be pre-set.","key":"POSTGRES_URL","required":false,"secret":true,"sops":"/dev/postgres-url"}},"stackpanel-go":{"STACKPANEL_TEST_PAIRING_TOKEN":{"defaultValue":null,"description":null,"key":"STACKPANEL_TEST_PAIRING_TOKEN","required":false,"secret":false,"sops":null}},"web":{"BETTER_AUTH_SECRET":{"defaultValue":null,"description":"Better Auth signing secret. Generate with `openssl rand -hex 32`.","key":"BETTER_AUTH_SECRET","required":false,"secret":false,"sops":null},"BETTER_AUTH_URL":{"defaultValue":null,"description":"Public URL the auth server is reachable at (used for OAuth redirects).","key":"BETTER_AUTH_URL","required":false,"secret":false,"sops":null},"CORS_ORIGIN":{"defaultValue":null,"description":"Comma-separated allowed origins for the API.","key":"CORS_ORIGIN","required":false,"secret":false,"sops":null},"HOSTNAME":{"defaultValue":null,"description":null,"key":"HOSTNAME","required":false,"secret":false,"sops":null},"POLAR_ACCESS_TOKEN":{"defaultValue":null,"description":"Polar.sh API access token used for billing.","key":"POLAR_ACCESS_TOKEN","required":false,"secret":false,"sops":null},"POLAR_SUCCESS_URL":{"defaultValue":null,"description":"Redirect URL Polar sends customers to after a successful checkout.","key":"POLAR_SUCCESS_URL","required":false,"secret":false,"sops":null},"PORT":{"defaultValue":null,"description":null,"key":"PORT","required":false,"secret":false,"sops":null},"POSTGRES_URL":{"defaultValue":null,"description":"Postgres connection string. For deploy this is auto-bound from the NeonProject and does not need to be pre-set.","key":"POSTGRES_URL","required":false,"secret":true,"sops":"/dev/postgres-url"}}} as Record<string, Record<string, EnvVarMeta>>;
 
 /**
  * Cross-cutting root env scopes (anything keyed by a bare name in
@@ -27,4 +27,4 @@ export const ENVIRONMENT_VARIABLES = {"docs":{"BETTER_AUTH_SECRET":{"defaultValu
  * (`CLOUDFLARE_API_TOKEN`, `NEON_API_KEY`, ...). Used by
  * `loadEnvScope(scope)` and `checkRequiredEnvScope` for validation.
  */
-export const ROOT_ENV_VARIABLES = {"deploy":{"ALCHEMY_STATE_TOKEN":{"defaultValue":null,"description":"Token used by Alchemy's CloudflareStateStore to encrypt/decrypt deploy state. Generated automatically by `sp alchemy:setup`.","key":"ALCHEMY_STATE_TOKEN","required":true,"secret":true,"sops":"/common/alchemy-state-token"},"AWS_SANDBOX_ACCESS_KEY_ID":{"defaultValue":null,"description":null,"key":"AWS_SANDBOX_ACCESS_KEY_ID","required":true,"secret":true,"sops":"/shared/aws-sandbox-access-key-id"},"AWS_SANDBOX_SECRET_ACCESS_KEY":{"defaultValue":null,"description":null,"key":"AWS_SANDBOX_SECRET_ACCESS_KEY","required":true,"secret":true,"sops":"/shared/aws-sandbox-secret-access-key"},"CLOUDFLARE_ACCOUNT_ID":{"defaultValue":null,"description":"Cloudflare account ID that owns the Workers/Pages/DNS resources we deploy. Find it at https://dash.cloudflare.com (right sidebar of any zone).","key":"CLOUDFLARE_ACCOUNT_ID","required":true,"secret":true,"sops":"/shared/cloudflare-account-id"},"CLOUDFLARE_API_TOKEN":{"defaultValue":null,"description":"Cloudflare API token with Workers Scripts:Edit + Workers Routes:Edit. Create one at https://dash.cloudflare.com/profile/api-tokens.","key":"CLOUDFLARE_API_TOKEN","required":true,"secret":true,"sops":"/shared/cloudflare-api-token"},"CLOUDFLARE_SERVICE_ACCOUNT_CLIENT_ID":{"defaultValue":null,"description":null,"key":"CLOUDFLARE_SERVICE_ACCOUNT_CLIENT_ID","required":true,"secret":true,"sops":"/shared/cloudflare-service-account-client-id"},"CLOUDFLARE_SERVICE_ACCOUNT_CLIENT_SECRET":{"defaultValue":null,"description":null,"key":"CLOUDFLARE_SERVICE_ACCOUNT_CLIENT_SECRET","required":true,"secret":true,"sops":"/shared/cloudflare-service-account-client-secret"},"HETZNER_API_KEY":{"defaultValue":null,"description":null,"key":"HETZNER_API_KEY","required":true,"secret":true,"sops":"/shared/hetzner-api-key"},"NEON_API_KEY":{"defaultValue":null,"description":"Neon API key used by alchemy to provision Postgres projects. Create one at https://console.neon.tech/app/settings/api-keys.","key":"NEON_API_KEY","required":true,"secret":true,"sops":"/shared/neon-api-key"},"POSTGRES_URL":{"defaultValue":null,"description":null,"key":"POSTGRES_URL","required":true,"secret":true,"sops":"/dev/postgres-url"}}} as Record<string, Record<string, EnvVarMeta>>;
+export const ROOT_ENV_VARIABLES = {"deploy":{"ALCHEMY_STATE_TOKEN":{"defaultValue":null,"description":"Token used by Alchemy's CloudflareStateStore to encrypt/decrypt deploy state. Generated automatically by `sp alchemy:setup`.","key":"ALCHEMY_STATE_TOKEN","required":true,"secret":true,"sops":"/common/alchemy-state-token"},"AWS_SANDBOX_ACCESS_KEY_ID":{"defaultValue":null,"description":null,"key":"AWS_SANDBOX_ACCESS_KEY_ID","required":true,"secret":true,"sops":"/shared/aws-sandbox-access-key-id"},"AWS_SANDBOX_SECRET_ACCESS_KEY":{"defaultValue":null,"description":null,"key":"AWS_SANDBOX_SECRET_ACCESS_KEY","required":true,"secret":true,"sops":"/shared/aws-sandbox-secret-access-key"},"BETTER_AUTH_SECRET":{"defaultValue":null,"description":null,"key":"BETTER_AUTH_SECRET","required":true,"secret":true,"sops":"/shared/better-auth-secret"},"CLOUDFLARE_ACCOUNT_ID":{"defaultValue":null,"description":"Cloudflare account ID that owns the Workers/Pages/DNS resources we deploy. Find it at https://dash.cloudflare.com (right sidebar of any zone).","key":"CLOUDFLARE_ACCOUNT_ID","required":true,"secret":true,"sops":"/shared/cloudflare-account-id"},"CLOUDFLARE_API_TOKEN":{"defaultValue":null,"description":"Cloudflare API token with Workers Scripts:Edit + Workers Routes:Edit. Create one at https://dash.cloudflare.com/profile/api-tokens.","key":"CLOUDFLARE_API_TOKEN","required":true,"secret":true,"sops":"/shared/cloudflare-api-token"},"CLOUDFLARE_SERVICE_ACCOUNT_CLIENT_ID":{"defaultValue":null,"description":null,"key":"CLOUDFLARE_SERVICE_ACCOUNT_CLIENT_ID","required":true,"secret":true,"sops":"/shared/cloudflare-service-account-client-id"},"CLOUDFLARE_SERVICE_ACCOUNT_CLIENT_SECRET":{"defaultValue":null,"description":null,"key":"CLOUDFLARE_SERVICE_ACCOUNT_CLIENT_SECRET","required":true,"secret":true,"sops":"/shared/cloudflare-service-account-client-secret"},"HETZNER_API_KEY":{"defaultValue":null,"description":null,"key":"HETZNER_API_KEY","required":true,"secret":true,"sops":"/shared/hetzner-api-key"},"NEON_API_KEY":{"defaultValue":null,"description":"Neon API key used by alchemy to provision Postgres projects. Create one at https://console.neon.tech/app/settings/api-keys.","key":"NEON_API_KEY","required":true,"secret":true,"sops":"/shared/neon-api-key"},"POLAR_ACCESS_TOKEN":{"defaultValue":null,"description":null,"key":"POLAR_ACCESS_TOKEN","required":true,"secret":true,"sops":"/shared/polar-access-token"},"POLAR_FREE_PRODUCT_ID_PRODUCTION":{"defaultValue":null,"description":null,"key":"POLAR_FREE_PRODUCT_ID_PRODUCTION","required":true,"secret":true,"sops":"/shared/polar-free-product-id-production"},"POLAR_PRO_PRODUCT_ID_PRODUCTION":{"defaultValue":null,"description":null,"key":"POLAR_PRO_PRODUCT_ID_PRODUCTION","required":true,"secret":true,"sops":"/shared/polar-pro-product-id-production"},"POLAR_WEBHOOK_SECRET":{"defaultValue":null,"description":null,"key":"POLAR_WEBHOOK_SECRET","required":true,"secret":true,"sops":"/shared/polar-webhook-secret"},"POSTGRES_URL":{"defaultValue":null,"description":null,"key":"POSTGRES_URL","required":true,"secret":true,"sops":"/dev/postgres-url"},"STACKPANEL_API_URL":{"defaultValue":null,"description":"Base URL for the stackpanel cloud API.","key":"STACKPANEL_API_URL","required":false,"secret":false,"sops":null},"STACKPANEL_STATE_BACKEND":{"defaultValue":null,"description":"Alchemy state backend — 'hosted' or 'local'.","key":"STACKPANEL_STATE_BACKEND","required":false,"secret":false,"sops":null}}} as Record<string, Record<string, EnvVarMeta>>;
diff --git a/packages/gen/env/src/exports/api.ts b/packages/gen/env/src/exports/api.ts
new file mode 100644
index 00000000..4c76014e
--- /dev/null
+++ b/packages/gen/env/src/exports/api.ts
@@ -0,0 +1,75 @@
+// Auto-generated by Stackpanel — do not edit manually.
+// Typed env accessor for this app — derived from `apps.<app>.env`.
+
+const processEnv = typeof process === "undefined"
+  ? {}
+  : (process.env as Record<string, string | undefined>);
+
+export interface Env {
+  BETTER_AUTH_SECRET?: string;
+  BETTER_AUTH_URL?: string;
+  CORS_ORIGIN?: string;
+  POLAR_ACCESS_TOKEN?: string;
+  POLAR_SUCCESS_URL?: string;
+  PORT: string;
+  POSTGRES_URL: string;
+}
+
+const REQUIRED_KEYS: readonly (keyof Env)[] = [];
+
+const DEFAULTS: Partial<Record<keyof Env, string>> = {};
+
+let cached: Env | null = null;
+
+export const env: Env = (() => {
+  if (!cached) cached = processEnv as unknown as Env;
+  return cached;
+})();
+
+export const getEnv = (
+  input: Record<string, string | undefined> = processEnv,
+): Env => {
+  return input as unknown as Env;
+};
+
+export class EnvValidationError extends Error {
+  readonly missing: readonly string[];
+  constructor(missing: readonly string[]) {
+    super(
+      `Missing required env vars: ${missing.join(", ")}`,
+    );
+    this.name = "EnvValidationError";
+    this.missing = missing;
+  }
+}
+
+/**
+ * Validate `input` against the declared shape of this app's env.
+ *
+ * - Applies any `defaultValue`s declared via `apps.<app>.env.<KEY>.defaultValue`
+ *   to keys missing from `input`.
+ * - Throws {@link EnvValidationError} if any key marked `required = true` is
+ *   still missing after defaults are applied.
+ * - Returns the resolved env, typed as `Env`.
+ *
+ * Note: `value` and `sops`-backed keys are populated by the runtime loader,
+ * not by `validate()` — pass an already-loaded env (e.g. the result of
+ * `await <app>.<env>()`) if you want to assert the loader produced everything.
+ */
+export const validate = (
+  input: Record<string, string | undefined> = processEnv,
+): Env => {
+  const resolved: Record<string, string | undefined> = { ...input };
+  for (const [key, fallback] of Object.entries(DEFAULTS)) {
+    if (resolved[key] === undefined && fallback !== undefined) {
+      resolved[key] = fallback;
+    }
+  }
+  const missing = REQUIRED_KEYS.filter(
+    (key) => resolved[key as string] === undefined || resolved[key as string] === "",
+  );
+  if (missing.length > 0) {
+    throw new EnvValidationError(missing as string[]);
+  }
+  return resolved as unknown as Env;
+};
diff --git a/packages/gen/env/src/index.ts b/packages/gen/env/src/index.ts
index 39691d84..fe3aa462 100644
--- a/packages/gen/env/src/index.ts
+++ b/packages/gen/env/src/index.ts
@@ -26,6 +26,12 @@
 
 import { loadEnv, loadEnvScope, type LoadEnvOptions } from "./runtime/node-loader";
 
+export const api = {
+  dev: (options?: LoadEnvOptions) => loadEnv("api", "dev", options),
+  prod: (options?: LoadEnvOptions) => loadEnv("api", "prod", options),
+  staging: (options?: LoadEnvOptions) => loadEnv("api", "staging", options),
+} as const;
+
 export const docs = {
   dev: (options?: LoadEnvOptions) => loadEnv("docs", "dev", options),
   prod: (options?: LoadEnvOptions) => loadEnv("docs", "prod", options),
@@ -47,6 +53,7 @@ export const web = {
 export const deploy = (options?: LoadEnvOptions) => loadEnvScope("deploy", options);
 
 export const loaders = {
+  api,
   docs,
   stackpanelGo,
   web,
diff --git a/packages/gen/env/src/runtime/app-env-types.ts b/packages/gen/env/src/runtime/app-env-types.ts
index 50dd2b6a..8df27ac4 100644
--- a/packages/gen/env/src/runtime/app-env-types.ts
+++ b/packages/gen/env/src/runtime/app-env-types.ts
@@ -4,11 +4,13 @@
 // results without losing the loose `Record<string, string>` fallback
 // for unknown app names.
 
+import type { Env as ApiEnv } from "../exports/api";
 import type { Env as DocsEnv } from "../exports/docs";
 import type { Env as StackpanelGoEnv } from "../exports/stackpanel-go";
 import type { Env as WebEnv } from "../exports/web";
 
 export interface AppEnvMap {
+  "api": ApiEnv;
   "docs": DocsEnv;
   "stackpanel-go": StackpanelGoEnv;
   "web": WebEnv;
diff --git a/packages/gen/env/src/runtime/generated-payloads/_envs/deploy.ts b/packages/gen/env/src/runtime/generated-payloads/_envs/deploy.ts
index 25237b16..47134105 100644
--- a/packages/gen/env/src/runtime/generated-payloads/_envs/deploy.ts
+++ b/packages/gen/env/src/runtime/generated-payloads/_envs/deploy.ts
@@ -1,79 +1,90 @@
 // Auto-generated by Stackpanel — do not edit manually.
-// content-hash: b552be7f8185704be0579206954978fb89d9c7dda364fad44bde12c2d69ca0d4
+// content-hash: bbf4650aed923b323924e5434fc6cd101783c66e058f80cace30ccec16b1fae4
 const encryptedPayload = {
-  "ALCHEMY_STATE_TOKEN": "",
-  "AWS_SANDBOX_ACCESS_KEY_ID": "ENC[AES256_GCM,data:XICwKPfZ/w1zH1q8Pmq/XWXPRK4=,iv:m1gQLdlTL7u+cB4KK0rqo/ZzyIampJM3G/elyhEv/1U=,tag:9DrDtJaOzDE5+OC8N6GVTQ==,type:str]",
-  "AWS_SANDBOX_SECRET_ACCESS_KEY": "ENC[AES256_GCM,data:gzkitoWy4VUF5hJtHBo5YpLxydXW+ufuIOgK3WxmvU+yS5PSX4nx7w==,iv:Gb5R6y82e6mdnv6wFHNRGT1TmDIcUUkSvRzK6KV49Es=,tag:CrVTGNW6tkVU4VFLCo0z7w==,type:str]",
-  "CLOUDFLARE_ACCOUNT_ID": "ENC[AES256_GCM,data:pQstpIklFneXF1nbhFWube/hkAFYJwxQQl0Ya1/9CRQ=,iv:MqGYAy1s34Bwh3ayYtQhsOV5rOIC7QQRri5Qrilrg2w=,tag:wcPi4lXWcoK7muvetYWx1w==,type:str]",
-  "CLOUDFLARE_API_TOKEN": "ENC[AES256_GCM,data:XuhGe84tLZvSuzsIeBOgRWWuyumClDzvAVCp0mix6Dy7GIb4VHHJYZBuVXuFXKfchuXR++E=,iv:7YYkkKOSY1nLjyBsOrzpqs6/JhkyzvJuXqjqWFaLr8E=,tag:rbEFWO5YcGCIr2CysTm0yw==,type:str]",
-  "CLOUDFLARE_SERVICE_ACCOUNT_CLIENT_ID": "ENC[AES256_GCM,data:ta7Q/QxNoOBHq2Qk4nvvacpkN33dmw3h8EAbGEBAgwRsnfvreWA5,iv:sF5YqliVrD9/ObjxPd3eSQ1hL8Ayc63RMrPaAxbySts=,tag:ietyFrydgQt6fzTSs5Wpxw==,type:str]",
-  "CLOUDFLARE_SERVICE_ACCOUNT_CLIENT_SECRET": "ENC[AES256_GCM,data:PB29rwt90UALiz3hTwQIRrXnB/TzWy8KUmShgLO6w58pe9swXNtl9l7GPNvU3g8pYf3z3j63VfZBUWjB3kC63A==,iv:uJvceIG5DqhdHU9QAXYzuDZLBXbvNV4oXrcOu4aXfc8=,tag:mrzQD78vgq5YVzhvpNztyg==,type:str]",
-  "HETZNER_API_KEY": "ENC[AES256_GCM,data:IQSSX4mQEFt68qMFm4a9K+YBOlhjCCzpLBvMOfSyOSabG8gPBui1KKr+p1cYg9FSK6pSjAZ0+ussURVi+o6z4w==,iv:XmnuYXCvKO1niWk6+bcMF4r1yQ6FiVjtbQ3xZRfkx2Y=,tag:rkpZViGlVMq//0nBUZbC1Q==,type:str]",
-  "NEON_API_KEY": "ENC[AES256_GCM,data:jf1Gtnq5Btg857dikMmhYAeMrdrFPJ+s8dF/6aYu+IhfH3MwNy2VoPu9KV3bj9HC5ODjHLnCoMl7my+bEuO+f0aqMpdV,iv:PwIMPOzSJ7OzIpsS8lCjOJjJQB5/hm66bC7Ud3+ROtY=,tag:W8UpNst3H34QCTrVh4Pxug==,type:str]",
-  "POSTGRES_URL": "ENC[AES256_GCM,data:Jk0J0NNl164n7RqI2HYVZr26f8dWZms3FghgWbiMcB9QEdL1IHp3ObFp2fTu6Bra8VRCOCHOqbjMX9LeqqhT+fD4rak5CS8vvbnX2wJ0gnEO+ERVYFDunHpm/EtgmawySoT+YOS0ZV3DRXux8ot7UOsMn6Q3sktAZW8B8rtej54eBCqiFuReBJdWUS4GijXeHtvHBIbNc6MIiZhDwNVXyTdXSwF5tXq3Rw==,iv:DDWbjqoKyRrzIRNcIVcEmKD4lRudTcEql6iwpHMr1m4=,tag:a7batxIcCEqNv00MTyoaLA==,type:str]",
+  "ALCHEMY_STATE_TOKEN": "ENC[AES256_GCM,data:Aotsrq4z+o4aLGT02CI2XNXW7mf25vxA+IU=,iv:xd7bMzfYPYh0TG81/PMP7pXt+Ml98UM98h/ROFJsPsA=,tag:V3V1u+IMqiMSkpOK2PxouA==,type:str]",
+  "AWS_SANDBOX_ACCESS_KEY_ID": "ENC[AES256_GCM,data:+zRB/bRORGYoZfG6g/A89pPpV3k=,iv:acYs1lFIAHCIxLl8CDQqYlCZx6F2Ms0gjgq8dlxZcwY=,tag:iJPTAHsUWR964Bv89kK0MA==,type:str]",
+  "AWS_SANDBOX_SECRET_ACCESS_KEY": "ENC[AES256_GCM,data:7dr/l5Kfr/h0amsVk5TNJL7ckLXUfqYeuYbxMp3aDwyTf3robr+wFQ==,iv:+56W3LtkDFXR6WyxUvSVqJ153NARzaXRx9nTHtkaSXA=,tag:9qAMBz1QAwMGQhAfbMTnaQ==,type:str]",
+  "BETTER_AUTH_SECRET": "ENC[AES256_GCM,data:PYAFDfZ3nJychGu9LHRyfwpDPH+GOURbhX3PuhiYLyrq/nTM6mcDCnMwcRs=,iv:HFSXFKGwhA5AdCfcHSccqHgd2FHcPGo17Xpou1LCt48=,tag:oPqmIAcjHIG/sXCRbgIXjA==,type:str]",
+  "CLOUDFLARE_ACCOUNT_ID": "ENC[AES256_GCM,data:R8fULLSkPJiTYIaFAVDwXgg8Mn97UB3j0SUawxkHpvY=,iv:SuMOJOKikGlvyTF9tm9d8d9ZfoJoSYz2AMrlu6e+0Ps=,tag:gNfAM2Owyay9CC9d3ItgxA==,type:str]",
+  "CLOUDFLARE_API_TOKEN": "ENC[AES256_GCM,data:RiyRBv81VmVqWzWmkbzkurAxGQPCxZuQKjs9z3jSXzEXhpTRijQRbG5cPgORRX5cklsilf0=,iv:x7yUytk4f1UyxTnFRWMvQcC8SUd/Th5GEwf9g0Ng0oc=,tag:O8Z7IxCzTI/g4IrWHEzmLQ==,type:str]",
+  "CLOUDFLARE_SERVICE_ACCOUNT_CLIENT_ID": "ENC[AES256_GCM,data:4VcByevmUFX7k57LKI5ygwS2Es+VjP+NXVWMcb9mdWHEY9sX7syd,iv:NwJIL8VbnLYDXswglP5jPBz09QKV2C+aXmCOAf6Vurg=,tag:Von3VASfpCM9SVEa/ysncw==,type:str]",
+  "CLOUDFLARE_SERVICE_ACCOUNT_CLIENT_SECRET": "ENC[AES256_GCM,data:CHgM197AzKXy1DGq+HobH+/m8HOPs48tIliCVrmZcmDotubzHnVKm+1S/P5t/VQ3audwSvNxAAGqGzN8W+V1vQ==,iv:zrgVyzFZdvuFyD3Y/A/BD3gP7X0sNyrk90IWNTD7hHo=,tag:+QDWLLyUwo5wC1oxL2silw==,type:str]",
+  "HETZNER_API_KEY": "ENC[AES256_GCM,data:bVGqthWDohJ4fxE2/5laTf62LlyNnBFPI5ruPlxSq+m5T2fZY9ZiOw6mmGg69BBrCY1ynSq9eO64BtbGkuzS+Q==,iv:uCdK0ea9RVlLp7HHs1jV8I9UlTN0bo7nUGiqMZTmBWE=,tag:nBWyn2wUbospAij7JG4b4g==,type:str]",
+  "NEON_API_KEY": "ENC[AES256_GCM,data:luNyT/qMHFgXorF9HzECWfw83c7yUb+hrv+BMJxarr3Nns+AgLrgZ8HPb1Flt8HnQgPidMZEaNt/9+ftr0fYvUAiPwZS,iv:ZkHoxFCIFgmwbTu5c282CD1i5VQbzxU6OlxxjwRdoYI=,tag:pdaVvwq1bMA4T8ItS+RoKQ==,type:str]",
+  "POLAR_ACCESS_TOKEN": "ENC[AES256_GCM,data:YmV/weFmuR/wRbHkCovJCaLwX5O51q3p1TjM92fD1s92HeS1Wss=,iv:vU11QemYKMkZfhr0hPv9h/xq6pIkB33GX42VZ98oQmw=,tag:sisvXxMaglO1cfBCfKRk4g==,type:str]",
+  "POLAR_FREE_PRODUCT_ID_PRODUCTION": "ENC[AES256_GCM,data:wXzK7Mret7Q+ekUVzaunGYMnwqDxmeOq,iv:IMJe+jkUiGuNKrjol6g7O86RQzJwFtSs8vXOqcWAjjc=,tag:UUiT6J3dkNUqQKk0bcZp6g==,type:str]",
+  "POLAR_PRO_PRODUCT_ID_PRODUCTION": "ENC[AES256_GCM,data:JCIJxtcAZdlEL89x/raHo3G3xO7WZL8=,iv:iemiAPSibZNhR0c6w7FPRKtQf9AgcQzLA1wbNYx125U=,tag:m6q8xdMVv1UnHjLgyfekWQ==,type:str]",
+  "POLAR_WEBHOOK_SECRET": "ENC[AES256_GCM,data:X3ztWWXaRIH4cbWu8G3UB/Hq6wELyYYSR7uq7Dir3xIIYw==,iv:Ecqb4gsSPU+DrhsEr2rb/t9YMk0h7zZp+MaaeR9LSHA=,tag:PhxPbJ9peu9AOpmpVx4vFw==,type:str]",
+  "POSTGRES_URL": "ENC[AES256_GCM,data:ccHTSBCIgkxVUxppfuit52LuxBQIKcVOZPWhLxNOBzMTcJM2WahLEjzBN6dyutSdUvNi9g1TlajcX1jVKzlIF4A1U/GC7QIoCEv8di6xWFO13uOu/9jG7wZheqNxJZ1Lbs6/bVGUmenwH4WRDYl/WmlanGmalTk+ymlgHCbltnr86yIRdaHskFWfM1By8DODMVe7tlt6n6YkjKndG3u1MCrq1KZfBm5KIA==,iv:x9JXNs71Cf7wDjWog73SbHcVnEiWq1O9rbQLSqua2rE=,tag:1R/SimohTvN8u8goBgA08w==,type:str]",
+  "STACKPANEL_API_URL": "ENC[AES256_GCM,data:327iGdJu7I3VAYYfxZtmRtMSx7+hC+JXwQY=,iv:K1TFF18jliW0CW413ECN5+W6CLaTHlZ89SWJVDtXU2M=,tag:XoTdOqYmnljYg5OP4NbLcQ==,type:str]",
+  "STACKPANEL_STATE_BACKEND": "ENC[AES256_GCM,data:KtBKkNM=,iv:9GHDL7I1K5N95FSipe4IuTRiO17+o4BpoT0diYEHGaw=,tag:deTxpVPQ6W7RKj8xbh0VWw==,type:str]",
   "sops": {
     "age": [
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHZMYWFYZyBUOXRl\nZnc3RU5aaWNWaHUxT01oMDJieTlOUS9aZGVZeFpzcGZNcWo0cFQ0CkxwZmd4ZFRE\nUVdqaGlQd0g5WFNqS0hKT1Y2TW1OOFo4MVROMlRWbnp0aXMKLS0tIGZOYlJmbytz\nakVMS1oxZWN3TnNDelJpeE9xMkE4VjBKMTJjS05ydllVNnMKG5dOG3Ai5mJamILC\nezRzZR81PloNd8RZuXXKOkJjFvY6fmBPDT7yJgEmkrx4X52iMunP5ZvI39uWAGqd\nng3/7Q==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHZMYWFYZyBvM2dH\nQUJIQUZmeENVdDVNeWhwV2pZZkhia0dyZ0QzUEVPUFhrZ2Z4N1g4CkVZSlJ1K2RD\nV0w2S0JMVHdkM2tONjM2aDVkekdtSnNOa0t0bmFKRnhpM2cKLS0tIE85Vys0WEc5\nZnhDaXlLVklsM2R4elpDYzVYYjliMTIrd2xjekVXanZoSDAK322/4GVbOhE4KtRp\nQUF0Rxq+vFpaVT9X2KrWsuTdtAd7zDQrwMN/6mA5UCuDYelCxLReTjfDeSDgG3Lb\nyoSNkg==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjMrEzKQSq/0eePzgUGXM349sBm6GVCXoz+tJZJaBVT"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEtlVWxBdyBHNVdU\nWCtPbzBJK0FCcHZFVHJJeTA4c2EwbW12NVk5R2xud1RYS2JrR1RFCkdqTEE4Um9x\nRDA1RUZ5L3BLOHVla1Y3bThDdzArVWJmWnRhS1FMRjFwdUkKLS0tIE5RRUxSV0dy\neGVIeTM4RnNPQWc1dU9OSSs5eHVEMGY2NFIyU1QzRmZsZkEK30Ua/tBqp1qPPc+a\nyUcWN2FIXFgtOcRLWWnaRC3x/N8mZtY1m13M0d7wLJTQpRQ5yX8biNr1EcKnIIt0\nEzAbNw==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEtlVWxBdyBzWmxz\nbjVUQ1RvZ3dUV1BpTC9ubHh1ZFlpZjJBQ0VVK2VtN0JzNjAzZ0M0CnlNUStjNzJv\nSmIzaHdBL3pxQzR5M2FxalJDSjc2SmxuL3NnNHo2M2NOUmsKLS0tIG0zM1ljdWpl\ncExqeDkyODRQQXpoWHR2V3N5Q2x6djJiQ1lQbk9HcCtnM2MKU+P/lgGaHoIRAld/\nHkomfMa99CGgBw9BkMkmHPmNPb4b5Og8xDYqACO5OaDbvuglDoWcB5+ffE13MNpH\nQYxfcg==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIoX0wKjybps6ZHuvA+uwE1ThfWl87MApDLxCjCDUCC9"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFNdXZydyBCRE43\ncTkwSk9tSDFzdjNuSFhPRXhhSXBONVBiRDJEUGhuYTZ2QkVhbGxNCkFOVno0YUxO\na3FsNDRadHFIU3l1Qit2eDM0blFyampJa0lqdEhMUDE2VmMKLS0tIGpQVHZ6RjAx\nbm1WRmlNZURlcnU4ZjVtN00wUGErbVd5R0UwY3VWYnByM3MKdQVv/Qo+GoYJs82W\nqdsPGpy7aLXtMbk4YuWxrIz0N2thIg4I4/FbeTNkbN8mRUl7o4009XI+aSWrurOX\nM3P0wg==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFNdXZydyA0ZWJB\nejlUL1JzNVl0YWwyRmpURm5vbmhUaGtGbjA5QThTaktqdEFNQlRvClR5NEpLZllH\nejdMRXN0SkMyMFpIZHkrVVV1ZmdMMTBMTnFVUHR3OGFVTmsKLS0tIFl6RTFJWjVM\nNnZpbCtPTXA2NWw4SmNaUTk2SncwSnVPNytxRUU2RDgxWEkKJvGi45WF0ZvT8PGa\nbhmjqSJs6B6mT134x4h5SVHwKBmLZ6kr8Sn6OPK2PSDZeQWMKTIA7G8mt1zUdpcF\nWgvCoA==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKZPhznHjTDifGroHiGRD3hwWz69B8NsSSPNbwWjfzgW"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGw3N2NtUSBEV0dT\nNHRTZjhTV29oMnBRaXFsL0V6TU9RRG4zWk1ZVmVsM0dvY05SSldrClNsam1QbDk4\ndHR3TzdZUE5aWEtMZjMrVTZMRXA0UHVxalFtR0YvS3RWRlEKLS0tIFY0dDdxd3JH\ndlA1eU5aWG10K1pPRFVkanc3dWxnM28vamFQdXVnYnFTdzAKrTgjqXv/EMYsFtGp\nadmqrv1WfEvp2EHcR59W6kXVR7BtPc7CC9X5OnGpMr1uZxIG7Leld1gVArg75X5l\niz4FrA==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGw3N2NtUSB5eEVp\nM1RNbVN2Wm5OTmMwVXdYUlczMUI2MS9uTU9jckZZb3U3QjNhSjNjCldqN0M1Szlt\nZlAwQXU5b2VIUEdaRUhNS2RqREpUb0h2bmtLcy9zYTkzV0UKLS0tIGVLeit5Rm96\nS3kxazg5M1N2TmJZbU16MS9xZWpXR0VTQytaQUcwd0FIT2cKTOIeqXTFEoWHO06q\ngp9OjW6ZcQX6alN8vOH8tijxGUyRtfiwQmOjyIuwl0wdd86+wrQ1py5W2HqvrZyy\n8VI3MA==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJF9kzudl00FVTQA7nnSaicAJW2MoBKm47G7wefb6uSm"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpUeE1RUSBXeGFs\nb2szQ2NDNDFQMlA2TEJYbHpxYXJmblJzbW9XZFVpaTZucE11d0dFCjNBOThuREpL\nQnpWbzBaVExUTTRQYnVVWkg2b1NsUXNvVmNqOTlZeEgvREkKLS0tIFRhQzgvam4w\nZ2dOeGFJYUFMNEdiVWlFYlplbHRUQXppT21RczJsZHhvMDgKQjnPtBECdwpotPd7\nwuaWd8rf0MPkisWt9QQ6m9cYcY0zOp3OxkqWk4SRLqYdw73Lmdvwe50dR5ZZL0fn\nHtHjhw==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpUeE1RUSAvUWtt\nT2JBWWVJdHZibnlsckN4VlgyZTVmWVRiSGdNcElBUFF5NERnVW1JClJQdEJWN2pi\nUmxoeDY4YWhESlZlM2pjT0hRMTJzL2FnOUNyTW8zRFFZZWcKLS0tIEh5eDlZMDhQ\nZTh1Q3YrWnliL3A0ZHcrNjhHWCthSXNlNmZTY3BndlRES0kKcKcJrkuOGAFfqn2Y\n/RW0TytJZPQuL55UgX9naCUEk81f6hFVQEx0JqqrNtAP1AD80FRQZ9onmxMOHdYL\nnv6+4g==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDmZV9Oi9hrckXTpqBnDKRrY9mgwj+SJeVBGWmne2+q5"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDF2bHNJdyBIM1RS\nYlVBcmFPaWhsNjQ3dzR2WkJnK2hSUm1vcXRGYmRkWnlxM3p6UlR3CnJNb0xkNG1s\nenBDU2xBb29hYkFWQmI0SHZFREVDcENGT29RM0tvSnU0NkkKLS0tIDk0RjhocThR\nZFJmbEorUDZFNk90RFJVcGZhOUNVVzhNODlPT3FCY2VLZ28KcOdyUAtsy1DjwZBq\njpaB1mK145C2IINqVVZw/WuOas5mQKSnymmwp2av7dZAbfnBJUokiYR84a2kJmrm\nVBlulA==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDF2bHNJdyB4QkJs\nUncxV09YaEZqbWN1SG1hRzhPTEhTdzRXclZOTVFNcDQ5MHV6dDI0Cnptd0hXUjkx\nUGdLUklFcjhPSkVIUFVQR0pCdElMYUFVV1V2MnN2cUJoaUEKLS0tIEJhZmozK0lP\nd01IcXdBQ01xWExBVk1aR3h5bGsyU0M0a2xLdDdtdEp5R0kKzqW+uSBff154eqqo\ntEa8/43Fk7ajlzexMPLYTQ/e2fUHzHE4RhZmDGDOZaniHgTWXBTdgHFHxEwojzvk\n3bdbjA==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA+M/DHDlKgayM6wsiX6r704pE+2qENOsKcytC7sBhKA"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSBkaWhz\nZ1h4NWd0SXUyTzhuWStHekFFSG91VnNTQ0pRZHVhb2hieit1YmxJCjF1NUwxaUlU\nVTVHUU12c2JQWUtiOUJuYlpKRGkyOUE1ZmcwLzFER3pZQUEKLS0tIFB0UG1vNmg2\nYUxZRnpKU1BpaTJoOFA3ZS9tNHFGMXdlYzJpK2ViZHFUcTAKm6HyxY3URBubjhlO\nYEXTFTKahPsf/l/1eBGX4fQTBUn7Fol2xzrILQ7/kqFLaCIt2DClbc9m/dk4WUF6\n0tfLUg==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSB5ZFZ2\nd1BQdnZzU2c2Q1RsODRFcUZ3bytBSWlqK29Odkl4S2lXM3RLM2pJCmtyUnlVMjFs\neWtqeE5yU0d6OVZJSytpOGw4TXRYTTBKRmROSnJ6S245RWcKLS0tIGVzTUVlR0Ey\nNWxDYUx1SXF5amRyZytBZmFwWm5MbXRqT3V1RFlOcVpsUnMKxjVWWx7du6CGFvEg\nim5waR/9lDflNoKdR6WJEdVEkTOuO7YzfVk8+p7aj/depvLQrjvVboCH9k9PxqKZ\nG4GDTw==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINh0gA7reCRW+zQ5pPpIjoJGpaFQSbC/4K8B6vMXJVr+"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtNZGJ1ZyBYNXZu\nVmlWNVVPMERRdzNYMzNSSC9ZcXl2WGMxazJaR25mSFRZMFd0RHdNCm1pL01kRnNt\nOGtQcDIvOVNBbW1wbTVuRTRBYWlRblJOYm9mSlI1ZWxDeDAKLS0tIDkzN1dJdjRk\nUDE1UnB4OXJwSERzUGF3YS9yb1hXWk51cG9hYjl5UHlPaEkKirNUSJF+HlELjKQx\nusAuEjnl2cUOwET9wHzORqs1eN2y+g+la6E2BYPdXz4b1VDYLz+eM0VWYGRvrSno\naV+OAg==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtNZGJ1ZyBYSDJm\nZnpyeFRoMjJXRytBK3dBaUlBdlNJV0lzNEJUY2JMN0tjeGZZVVNrCkVEYWVGQ0FT\ndWNndlk1RHNmTFN1UndsU0FOc1E3SWxsTUZHTTdRSVZqM1EKLS0tIDdxbjNJdWZa\ncUExWjRsTmZodHNGK1JTanhVMFp2VjRYSkJycC96cHd5QWsK7yp9AX8QegDINv6Q\n6ea0bJv3pzdh3TzbZpDm5VRWo859tgFme5WaD1RQIbtBdlQ8we44ieKSKbv2p46T\n3UI9AQ==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEmYihgWHfnLw0f8uTfLokCwToLavzV/+k/GggBA4Sz/"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFFONEwvUSB2bHZE\namxhTFBtV3FtSVU0Sk1TZnEwM1BVN2ovTHdKekR2ZjVGcDkyelIwCmJmMU9BUjdO\nRWpDWFBSR2VPYVdKblVOYWJSZXpUQUlONEhKbTRmMFpPVm8KLS0tIFVady9Dci9M\nbjkrdlJMdVRaNmpoUlZWcDV4S0ZzSEtLdGliWExEL2lPSFkKMpC9wrVWRELS4N+G\n+krr6f/35VhOELzGSsgh1jjJ89pni7xaJW+3JPGrDp6pd10vWf2nZdT5q8tPu1K2\nyg4qzA==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFFONEwvUSBYS2dC\najNrTjVUVnJtMVJ6b0FMZkZSS1pwSUNJT3RSby9iZTRhMTJnQ0NjCkNCQ1UvbTM0\nZklwb0FvSXduRGEwK3BBeHNOS2FKVHNXN0dNYWc1TjRuMlkKLS0tIDI0YVF5ekI1\nN3RIOWVnTGFHRTMvZUtmOWUrTmttWUdNSTJwWUtLMmU4WjQKs6xqhfAPpJsDJ7MT\net1Rp+wkVK/MkYFrFOkNqtmAwotrt75ujs9GmeoG0vkg2hENP0+dJu4MqQcMxe7i\noKUVRg==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvT1RvcTidgpVYE0OPknc3f5HcAVpyk+rXXrW4AcbzG"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDhjWXRrdyA3ZTVJ\nQVUzakJ4NWxWVE1xMHVPSVZUQXRlWW5qdlpXR2ZodmR4VlM1bFhnCjVmckNDcjhQ\nUThDak9UY2RiZDBnMVZMN0V6SjRvTWVZS1FIVkk3Mmt2ZHMKLS0tIE5YdExnR01P\nZ1ZRL1l3OUIyN2hycWl3cmpPWnBoQ28zY3oybUkyTjVSaVUKo7OiTpi0gqAV90ZA\ngnNbbltv40ZFk4rR7LU9nHGG3DR1GWtkgsFRiZE+qnUVwTwLt0OO2ymhG15VlAzr\nj9Jo8Q==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDhjWXRrdyBoQytm\nSm10OW0xSVZQc1drZmt3M3RlSi9IMWFtVnBPQjZMZkE3ajFvTVhjCmRuQm9FRGtx\nUDhYbEpId1dldGV5bmxPaE0zTjI0T3VIOXh0elQxR2N6SjAKLS0tIGJhbkNoUVhi\nU3N6dFAvQVR0VnAzeGJZY0poVm1vUGNyQlFDbXNDL1puKzAK5xa2UrLhLJEh9umT\nnzh64W/mWPF90NxxMmrfQcxuYmV9pZNmZXWhYxtmSBAkdvjit2qRm+k6WsrX6gXg\n/yo+FA==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEijeq50HS1g27BTRfJ8XWIPrAX9UVkap5fgIOCOtA5+"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBELzBTTGV1b3ZiU0pnYi9u\nTXZjSk5KMnpTM1RUVm9lamEyTW13U0d1dlZvCitjQ0lZN2VVZ2h5OVdtTGZwTGFS\neW42YVdtUnBnMlRTMTJHZ3NCWUNxeGMKLS0tIHNyVHJsRmFZYWtKU2dtTlFJaHhJ\nRXVQd2FNUHQ2Wnk4RDFiMzNtbTJKMlkKDEKYVMF0dC8MVDQTPtplZWYHCiIYVjDy\nK2PHhJGbkbnRcj/k1uwvYnw02OkzX86Rm3PIKr8ZcJEZy/eJQZlFvA==\n-----END AGE ENCRYPTED FILE-----\n",
-        "recipient": "age1eqcj2g0fdekj2wpqp4y0fg9c5myydjdt9zlr5scr0grk6fxszymqkpw5jf"
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3eTZTMmRTZlJtbjRDNnNR\naHRZU0pCSGc1c2oyTElCSFVWVE5mQmtXN2hrCkdNWDVMQlBUTmJ3SktYVjNKUXRx\nYm5Na2FuODlmY05TbVVYQWJjRlZjQUEKLS0tIGNSZXBzZ3NIRmJ6ODcvY21uakZU\nNGNZWEI5UndKVFlCYWRCZVl4cDhlTjQK8piipRSmgIyx33W4UkwLPtqjVeBNyTd5\nGhdHGIuwKLZYB5wQo12bVLOSkZsl7n1QiY+IDIYYFWkKqWcpx1VmSw==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "age1d9h9mm3u5qalmpl2pf62pyzqj8t654n435emn93rutv0cg9sr32sg64fdj"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG05VmtkdyBFakVT\nRkJKZk42cVJHaWdKM1kwWjV1a0FYbUdJRUh1aGdLSUZoVFZRSFVjCmFGVVJGSkNU\ncEltVFRIcGRVMDNRRjBzUGNKa29PQnJXeUtPUzBYTXFtUDAKLS0tIGFyeEViQ1F0\nOFduTU9KbjUrQ1FJMEdLa2pRZlZkREFzb0pzcWVoTURXalUKAeU6rHN8V1KOcLed\nAX1aiIypxVLjiYm6WmWFZ5+Mfo78IUfzo8xiNYQjnZVGGdrBVebgKmpj67mwLIzd\nKKvc7w==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG05VmtkdyBTNnN6\nc1BrZWtWNXFGZUwxemo2c2Jpdi9UM3h4NjUwb3Fnb1V3aDFtRUQ0ClUxL1RvQ1hz\naXlyc0ZlNnBDYkhzQUJyNUFzMlozUzRNdmhlL3BUNkExQ1kKLS0tIEdYYVNRQ3NC\nUm1ST1RBNjY2WVoycTlscTQrQllkbzNhRTNMZkNnWUw5WEEKmr2VyUZb6jgipTEz\n9RQY3/WTIzI0tLMDdr3RqrURj1aMima44M/S51xEQ4hdj+6Jw2bSN56uKm22PqgP\nzwZlXQ==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDuzbgoXZccZ2w/9HGgUyT9nJH7lG2/jfQCZJudY4yAN"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDRTOW45QSBUaGFZ\nTURJZ3d1Vk0rZ0JLL3hqemcweGRRK1gyTHkrZ3ZIL01WZm1Iem5ZCjgydVFTMGNW\nUi82QzI5eW4yQ0xqYmcrZkZOMlBxMmpVT1hJcVlSN0k2KzQKLS0tIHAzRHhCa0xT\nSWpzU3BpTVk0b29JRUxuWDc0YWVRZUFieGk3Qlp0WFpINk0Ks2zblBBQRTHrb+I5\nwQLtkv+wq+dc4x9oSXArtPSnfVh7AZDHo9v10Dqp+iot4jfLrzEwIf+1Sw/g5VBR\nZlEbQQ==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCcnh0REl0clRyVXB5QlB4\nYjVlV0I1c2diNEU5OW5DQjdrcjBKbUxSeGswCmtZWXVyeE9OaXNrUTZDdGdRVzFC\nS3V1SFhPOThxSTlhRndrRGV6OUlNM00KLS0tIEw5RVd1T1lBL0FZSlBRZFpNZmxO\nb0YxNDVWc1hnd1hEU2lYcmFaTXA4NVkK0O68a8nxik3/4uSzNjbIn60XMSP49vu4\noGw68+WN0q9ka99go38WACYNoTRkUnysUzR7M/BbmOfNnmlR7MOVLQ==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "age16rkvks3tljju3y6xu0l7luhjzx634et97g3xe58xf2dgfn2865rqkq6t8f"
+      },
+      {
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDRTOW45QSBxZlRm\nbk83bEVEU21VOFVCQ3ZsYzRtRVhWdk5qUEROaXRBYWk2OHJPNVJFCk1Eb0QyaWo5\nRmxOR2hGVjVBakpnTVJxaTdwUFFoYVlDOGNIclM4MVoySDgKLS0tIFZUNWlwa1Bn\nNlNJZEpOS05xNWU1SG9EOGQyZVQ0R0tGcXFEMERPbm9qS00K7EkxUK8mveTycTsH\nue1AGw9rrbveWudNk7YyRqYfhn2hFXtZvaSuH3Uvb6sBMaEMsXT/IkEg5RhxAlUo\n6GX7Fg==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFStro05R+CPmjWMHWtzXUKfGll+OosoZtXAyPtngN7T"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDVucGlodyBKYWpU\nbGw4QWw5dUlVT2lEZ3ZqcFhUc0JSMDJ5dTNTY3h2RUhiMWs1bUJZCm80SFkyVFEr\nV3NOOFhpQnRCNnhBSlJHOTFJS2U5bHdpRzhCRXFQNloxNWcKLS0tIDl6WmQ3UzZJ\nUVRrTGI4dVYvdjhCSmxaRWFMWE84alRYVWpKbUlzbXNmMnMKoHqnp7993B4/dRd9\n8TSauKg/dy+B2jhIPoZyYkboLnNp9vb3qb9/TgNcOdG+JCG5oC4e62RJPMjQ+loy\nlzyOAg==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDVucGlodyBIS3Y3\nb01yWHVjWUFXNnJEa2NrVmZBcDVLNkVtdjl5ckc2dGllcDAxZFVFCk1GT2xndS9B\ndDlZU1pIcFJ4ejROeW1leERPaGZQMmVMaUQvdDlWQVAyK1EKLS0tIGpOdHg1aVd3\naENPbEhiK0wvdnBWSE1ESUVNSjB1dTVNTnhIWVZ3OVBvRzQKlEXpYjWJwph7KrSN\nGxdLMlzV5apHfwHWgFTQxmZpV/klMTIDodNn+QuFLdP5pq0jPpnWdRNFbLSSErHS\nvct0NA==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO5qner13Q0fm5NhdXMx2nkt5kxjC0/SVY2FXh01OiHN"
       }
     ],
-    "lastmodified": "2026-04-24T02:42:10Z",
-    "mac": "ENC[AES256_GCM,data:oOdM5xzjOwUxVcsEOSQEX2rKEzObDWZRpVQX3NpDUAuJqcFCJWJboOBEDpTWESxbwxGwnbo2Aj0p9nyG9CvxymWel9L4JznJLP2MvHZKRzk2uBpsdtkO9zXAoRt2ymLLv2g6OCJMquAgPhIFmbU0mhn7/C7oOpxBHWgcGesiRR0=,iv:WvMyDSddbwW0J7FW3sy/BBGuSCXzkb5LDsn70BwSkMg=,tag:EVuKjRKikxOUgTWkCDoFVg==,type:str]",
+    "lastmodified": "2026-04-24T17:26:17Z",
+    "mac": "ENC[AES256_GCM,data:k0kp1jPb12hjXHt0dX6lEsPeHrVsqgY1wBtEn/9YkUryeUxyUPVz2Par6GwVFBRJseckADp3dmx68iD3dRbJKmv6h35HmF6BNmTAQt6R1JCbRxLA2UaC3w8q3ZXbPvTSiIDCtSOUQNUHzWCp1cZz54jrU1VbT5NxahITNIEXl38=,iv:rMWVhUrT/Z9czG0FbJyOh+bj35Gj0pySxro3V5F4MPI=,tag:EnTAbXVu+NQK3Q0IwWRpfw==,type:str]",
     "unencrypted_comment_regex": ".*",
-    "version": "3.12.1"
+    "version": "3.11.0"
   }
 };
 
diff --git a/packages/gen/env/src/runtime/generated-payloads/api/dev.ts b/packages/gen/env/src/runtime/generated-payloads/api/dev.ts
new file mode 100644
index 00000000..5f2d6028
--- /dev/null
+++ b/packages/gen/env/src/runtime/generated-payloads/api/dev.ts
@@ -0,0 +1,85 @@
+// Auto-generated by Stackpanel — do not edit manually.
+// content-hash: e5be3caebbf87418bffe3625dd3548a0c87241904cdfdf497ef510ba730ce4fd
+const encryptedPayload = {
+  "BETTER_AUTH_SECRET": "",
+  "BETTER_AUTH_URL": "",
+  "CORS_ORIGIN": "",
+  "POLAR_ACCESS_TOKEN": "",
+  "POLAR_SUCCESS_URL": "",
+  "PORT": "ENC[AES256_GCM,data:Tikwrw==,iv:YlopsWejr/GIrjSq9S6n6sF6dt5OFj4HfN/uMJaSRP0=,tag:f1g5n+kJsBgsc9fRlEzxZA==,type:str]",
+  "POSTGRES_URL": "ENC[AES256_GCM,data:u7SsVRZoV1run1BUCC0/CQaZ1UjTYt6NAdVBm6Aj12ev6Ujk/l0oaN5YyUEROK9I/QP6ae6LUuCsWBKxVC4ehMG+xA92s73vPJfcTME/ntGVK2rR7+vFjbQQwV2+6YeDBEmxCsUDxYbZbI0eujzc2QgAeCcFUZv1Rs0wqdkjIxv6Q/I1Wkn04bB+kAvy0w/trx5A842U3Z+2lfp1qTwWybgmdMCUyEMRrg==,iv:m2vmiHbOwNgyrWyxdPJj+rxOu+oATg11iytULgrnFJg=,tag:V3V42uHiQo3l1PnmuvDEbQ==,type:str]",
+  "sops": {
+    "age": [
+      {
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHZMYWFYZyBBbmVk\nWk9PbXAraUhVVzVGcmdwd3I0aTNmS2F2V2V5TWc1UXVOSFl2REFnCm10UEhFRmJ0\nYytUeXJnWEkvZDRnNk84cTdGWml5RWlTeDdqczFZYitXYWsKLS0tIExuNEY2cWww\nK1FvYkxUOTAwVTBPQ09YbUtmWFY3QlVaM3dlaWtvZmhkeHMKHHei7Kvfd5NOA2xu\nhHnJTZ5jkFnHe000msiLmzFOCCpya7QrkpFUVwJ3n7Qaf25jlTcSDfer2/PYHVL9\nsSiBQw==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjMrEzKQSq/0eePzgUGXM349sBm6GVCXoz+tJZJaBVT"
+      },
+      {
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEtlVWxBdyBLR0RC\nNXJrUFo3ZFVSOTVOdm5tallzc2pnTmZLQUxCcldFL3ZVRnRLVGxVCmFiTUJRaG9Y\ncWt5bkpmRUwvR1NYZXkrTUFiRnFWeGsyS0J2dzlSZlprY2MKLS0tIFlUYUlTc0tJ\nNUc4RTMwSDYwTDNvUjh0UklORXA2MFZCckx6ZjNJb1dRTEkKMJ3wF5VawHpT9jfr\nmqGsDxKI+3h1jtRpZKf+PD8ARepEU3HLbIF/n9yecuiQR68ldRIaSUcQu2hozLgg\nBoePTQ==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIoX0wKjybps6ZHuvA+uwE1ThfWl87MApDLxCjCDUCC9"
+      },
+      {
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFNdXZydyB4SS9U\nN1JBbWlUUVlncHA4cHhGTHIrVDVPd1JFL2ZJYWJvNnpBWWJLYzI4ClRwSGdYcExP\nNldlNEtQd0FkK0JqWTlob3dhZEY5RkNZQzE4VCtsYWpaMm8KLS0tIEdWeVRwUUt4\nM2hmTEdyQStWbDlqTkJuUjdDQW5aMmR0d3VXaXRDSUd2aDQKkcjl5Oo2K+0y6Ife\n4QAAj6rgzUB67VXAUiO953xHEezHL52/CeguWRQjpm/uSa7BK3Gqn4sfHAIMDlzz\nEXFt2Q==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKZPhznHjTDifGroHiGRD3hwWz69B8NsSSPNbwWjfzgW"
+      },
+      {
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGw3N2NtUSBVWkdn\nbDlRN0tJWEQrYk0zclA4VXVSWTZnZ0x0M1BZSXF5TWcwaDk4c0RZCjdNZHFUWm12\neXFxV1ZueFB4dzlLZDJ0bEJ1OWptSm85SnJYeXZWcG9GZ3MKLS0tIDBwYkovY3ZP\nS2NYS0xjemNaQWxjOGFIb3pvVmhYZkVTdHpONnE4OXp3VUUKAPbFJ5mC85eooCzz\n3MuhO/XkfdIKj+6rX6G2J7kpk7RxCl9RGFoI1XasvaF7InoeQj4yVYhRzDSTD8QQ\n3szoRQ==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJF9kzudl00FVTQA7nnSaicAJW2MoBKm47G7wefb6uSm"
+      },
+      {
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpUeE1RUSBxaWMv\nT3JLMGFGeXUrenJQcjBuV2xhLzlra3E3NC8ydzIzdVRLeXd6UHpZClNyTm1oTXZw\ndnI3RmNvWmgwSHpBUmJPTE8wZ21Jekw3QzZ4Z04yTTVXcG8KLS0tIDBnbzJhVEtr\nYktiVXk5QUhTM09MVTIyWFZ2aHJZUHBJUWpNalFrcUhwQ1kKBW/rWVhKLaZne1Wq\nEJa4vlhBqdR+ZhYqf54Qo/f86+birA/SD2x+KR0XTrfIXOIPrT4Xpv0YoP/Ld8Q3\nMR046g==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDmZV9Oi9hrckXTpqBnDKRrY9mgwj+SJeVBGWmne2+q5"
+      },
+      {
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDF2bHNJdyB2SFZw\nQVRaUlVyZXI5YWxkMlBZc1VHblVSZ3lsZGJRVFZYcG1iUTFrUGpVCm5UL05ZNlhH\nNk1OMDltbWEwYVFweGw3YmI5UlFTR2tXYjZuNnFiT2RNZk0KLS0tIEp1MmhicVZR\nM296aHhHZkxPbkNKemtFZURLMUlzQXZCcmlPL1NQYkJjTEkKKCGhFk48QMziE64O\nmEvKXDf34aBdIaN+FXRjlPiQYozkATYUkGZn2dML5fmyeX0SAR09iFGRlziX+BFN\n00eU6A==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA+M/DHDlKgayM6wsiX6r704pE+2qENOsKcytC7sBhKA"
+      },
+      {
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSB1dFlY\nd3M2U3oyYTBuRkVzQTNOZWJpNWl6SXJnL1pkMkJORVVMVHBySUZNCmpBL1lCeTJx\nV3RDTHVub1hiVURvdkVmbURuQ1Z0OXlRTVYyVWlkQ3M5TTAKLS0tIDh0TFRVUFR4\nRWFIVXlNWFg0WTNOZHVtWEtZclZSc21kK0xFd2RJY2dBVFkKhUQ8Wp4MWaA6hE6W\ne+IyffHAGA7X6NLKTf+poGSZwV80mAvQX3XVUGOjtclAR+dtnYuMLE82nKaaH7ff\nW30tlw==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINh0gA7reCRW+zQ5pPpIjoJGpaFQSbC/4K8B6vMXJVr+"
+      },
+      {
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtNZGJ1ZyBxRnNn\nWFdxZVoxNjg4VGtyTU8yREd0R1MrcDUyZzVGTTZsUmU3citjVEZRCkJVM3hsVDZE\nQmdtMHZPa2JPL3JhREJFcENFSTFUZi8vNjhYbE94SWIvTUUKLS0tIE9nVWFhNEVC\nRFlycnJLNld5WGt2S3NSRWVWK3ptKzI1bTg4bHZXOWNwUE0KCOQGE6zxGQtZaa3y\nQTXbQ/3NeFkTm5z/V4d/6gxJxPugyprhxlcD8PfIymhyJpSyV0e8xZ6XK+EfhT22\nL3DY9g==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEmYihgWHfnLw0f8uTfLokCwToLavzV/+k/GggBA4Sz/"
+      },
+      {
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFFONEwvUSB4Z0dJ\nQXFydldEcUFZelZwSm5yblFPb1YydVpMU1dzQ2hHWmdGeGpENmdRCkxhWS9LZWMv\nM3gyaER6MDdWb1FTRjM4eUVRbjQ2M0kxeTRudVUvQjdrbVEKLS0tIE02cmxsYXBt\ndHFIYS8vMjVxeGxPUUxtdDZ4dnpYekpnUEdNRktEK1BEZVUKwQycFBywK9PkuK0c\nQ/RoTJIPOJvdMqFkuMBOUMAyOiqTjXC0b3E/kYrU/VhymbrLdH20NEFbHi1JNFRn\nR9TEHw==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvT1RvcTidgpVYE0OPknc3f5HcAVpyk+rXXrW4AcbzG"
+      },
+      {
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDhjWXRrdyBwZk93\nL3R4dTVqMGFvZUdEQ2RsM21BUDZad25QUnpaYlZ1VmtsZWlZcndZCnMranMvSllG\nNzBDRS9MYWNENGJKZTdJeEgvUDFGQmVtcFQ5OVlnYXRDeXMKLS0tIFFjZzlHUU54\nTEplbXB2YisrRnA4QzdPSXFmRndxU0EySDFmVGUvWE92TUEKuPoVqdD16XJc8GuV\nMX7D4DKPGVhTMqSpNo8PLwjW9W6S5D3uXGXdZNzBr+GS4ehX9kqXWAs3RCJk7Uuk\nfMD1KA==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEijeq50HS1g27BTRfJ8XWIPrAX9UVkap5fgIOCOtA5+"
+      },
+      {
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVRVlVUlJPRXU5d080WllO\nU2lHRm9BTXg0V1FmOEVLdmRtUGE5UzdEd1Q0CmNPS0xRd0RYbGN4bFJHSS9QTm82\neXF3b2d0WjdXeG91Y0pHb2V5OWFNU1kKLS0tIHg5b1dYeHdCc0VRczBaOXpENG83\neDdNcjJCNTFYL1RXZUk4dEY2elhYUmcKIbFcYo7pIZs1oPpKka9ktz/nBenbUsef\n7sGZEuS5CfrZaeoBdbuYLsthtHLCtHy5pd517uQUY90bS+u488iwaQ==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "age1d9h9mm3u5qalmpl2pf62pyzqj8t654n435emn93rutv0cg9sr32sg64fdj"
+      },
+      {
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG05VmtkdyBxYm4v\nUUsrTVNybW42aW9KU1U0L3g1SEYzay9OZEhRWXUyS2hGd3NLZ25nCnVtL0tKR0JN\nZzc1TGxSZ1duRWN1bTV2bW5rMmVJVS9rL2dScTJpT3FzWkEKLS0tIHI2NFczL0ZI\nbFpFSzdJODZtK01wWXhiSzZRckNGdEY5YmZ6Rkh3U2paK0kKW+e4+KOWpwaNSgo9\nJYT9ynjQVZuJsOCWDAfFbVeOYXSkiSmpB3vw5hDZyIhJCC8mdHMFnARPYyWdr3PY\n7snhUg==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDuzbgoXZccZ2w/9HGgUyT9nJH7lG2/jfQCZJudY4yAN"
+      },
+      {
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxTWFkQW9XbUFxZ1FzNEpk\nTFo4RkhGVmQ3L0R0bnI0RjZ0Q2k4bUFwcW5rCml2MkEzVnZXd1JDSDIyYTVsQS9M\nVkoyTGV4TE9qb3JudksrbldJNjdYa0EKLS0tIGFGMDJaRlN5T0dZbFlIUnJ0MDdx\na3lYc3hKQm1sZ3pZYkdxNzkrUEJxU3MKJRrK6wxd7YZgWeaW3CAaO/A/XiVWvPLN\njEvMRYVNZqcAXPLmHqXd2HWA0IKTRfX7xyhVge24nCA13LqmQcFcbw==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "age16wuzuxnkcgfuxzvzgk5e5a5f6hhs386adjewyv54m9esr4yj6uuslpn6tp"
+      },
+      {
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAveitWa1NSOE5BSmwzalFm\nV3kwS1YwcTFDdmhwZ1V0R0ZqbjM1N0pIUUNVCmdodVd2R3hEdXlUTXpOVGFmV3lk\nbmVGT29BNU55allrejE2ZTc2aXc3UDgKLS0tIFp4WGgwMENRQ1RDTkhJaThxbzVV\nWWxEZzZ5MEY1czlrc1dNaEttcitQbkUKTx6F+a/RLD4vhBVJkmDbjuJqadytBRsu\nx1u1YazcTaiD6Ce+Pso5eBRUU9bzpEaxpyiafziuGKamOBRhLoJ9mw==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "age16rkvks3tljju3y6xu0l7luhjzx634et97g3xe58xf2dgfn2865rqkq6t8f"
+      },
+      {
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDRTOW45QSBVYW9z\nQzVyV0lwRzRRbUYxWXRlelh3WUFrZXVsWVBYUVBlSGloRHArWWp3Ck1wTld5akN0\nbW1TbTZlMllCQ0t0VmpaK2NYVVJjTlF6cnNaODBVdjZWMTAKLS0tIFpoODM4clZD\nTDVXdlRRTVNjSUd5bUVYUmtKdEtINXQ3THd0N3ordWoyZG8Kcz3Webr9VxT51TOV\n/VL4SACyS7KepENr0IUgKLXT7Au5YwXDoT1o2op/38/87BrWrnczqipjGIkbuh0Y\nHKMFuw==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFStro05R+CPmjWMHWtzXUKfGll+OosoZtXAyPtngN7T"
+      },
+      {
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDVucGlodyBqZ3E5\nTGdOd0EzQXVJNWFjb2IrSE9UZmlIa2RGZE1Cekt6b1RLNlRHWTNzCnIyYk8vV3pY\nbldIOStGczZKcGttTEsrVGJObEpVLzZZYkE3ZFFlNGpuMDQKLS0tIEczME9BWm1k\nZlVsUG9mZlBsSDY1cHdUcCs3aldsVGg2TTdLNmRZejRheWcKFb1T4ZijnPplasG0\nrMP0GX/cyD/UliHIJ7WEMZum22WKfQfdaxJwTCbh0U6L79qzOBFLKlBx2yGxOyA3\n/m8GwA==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO5qner13Q0fm5NhdXMx2nkt5kxjC0/SVY2FXh01OiHN"
+      }
+    ],
+    "lastmodified": "2026-04-24T14:30:26Z",
+    "mac": "ENC[AES256_GCM,data:xqnGLG0yJzoPSsYJf2KEzOMEEF2z4ImFScBWqcSpZUfk6YP6B/touJvVH+8Obvg1AJO3oZK9u9qj4k6n00iCmb3F4/WUkwMlIpw4Q517hXtjN9/pVRhFGPBuGNT3+f+gBHkwN/L+vYhbwN33cUHSzllb0LQ2+pWCqUSYgRf0Vvo=,iv:9CItEd6sBeNFDhII4B5V75+RXa6IdEfw2YSK2uz9sEg=,tag:T4VNT79hU16KjvNvSG0NDg==,type:str]",
+    "unencrypted_comment_regex": ".*",
+    "version": "3.11.0"
+  }
+};
+
+export default JSON.stringify(encryptedPayload);
diff --git a/packages/gen/env/src/runtime/generated-payloads/api/prod.ts b/packages/gen/env/src/runtime/generated-payloads/api/prod.ts
new file mode 100644
index 00000000..f87861bc
--- /dev/null
+++ b/packages/gen/env/src/runtime/generated-payloads/api/prod.ts
@@ -0,0 +1,77 @@
+// Auto-generated by Stackpanel — do not edit manually.
+// content-hash: cc57ab8893b1a91ff848039991d54bda3b45eed6bfc91958b4c9b4a4898a581d
+const encryptedPayload = {
+  "BETTER_AUTH_SECRET": "",
+  "BETTER_AUTH_URL": "",
+  "CORS_ORIGIN": "",
+  "POLAR_ACCESS_TOKEN": "",
+  "POLAR_SUCCESS_URL": "",
+  "PORT": "ENC[AES256_GCM,data:Qs3eSg==,iv:AdSzB1XKAUb0IYMNhm7gbYy0LTrD5hMK9RPedm4ALyQ=,tag:eZ4O4xa0JBGFHKrt7uidLA==,type:str]",
+  "POSTGRES_URL": "ENC[AES256_GCM,data:jNtCDWYCBgXvx7lVaWpXAGSCJYdvVZY8nPUMLjTwFORIb5o54TQrs+oIAuh38J3S8PmmlGJXiZPxQpKjd8HzcjKmMsorFSYcVDo5pxCjcapvQXYbIo2W1ZCVJONvSEVOzcj26e7F4VCgzCUGNFFdLkQnY9p8sghnV9z1cFP5B4Idi7snw1iUValNb40WjNljJsvlKh/slHaS/VMdbaix1fFDgT6t+vAm7A==,iv:nvc5BOkP50M4TMYR5vC6U+lNWZsvfV9E3WcUgYcvRRA=,tag:i42eIXOc16/0a+QIVRn6gQ==,type:str]",
+  "sops": {
+    "age": [
+      {
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHZMYWFYZyBKOHMx\nalFvWlMxSjhwMkphTVRxWE1adFZkVTZsM0tmdlkwVkNjeVdsb1VJClVxM0hmNzBz\nc3JvTnljZ2M3S1lyS2RHblN4c0tSZS9sVGN5UUtEOXJkSjQKLS0tIFlKN1pMSmlq\nSVZKQ2FJNzFGK3J2VDg2Z0Z2ZFcrQ3hJMjl3dU5RYjBENTQK4AWWw5WhIA4G0YnH\nZCLAORDNn3GcBRET2NVa/7eCoFmUZB9n4Re+VxlcEm/uzWnpzYgxhkI9tnw6g2cR\nrg0GDg==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjMrEzKQSq/0eePzgUGXM349sBm6GVCXoz+tJZJaBVT"
+      },
+      {
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEtlVWxBdyB3Yndw\nL3ZvejlmVzFYRUtxWHlwR3Vab3JQT1JzVWgvaDd3eVNZN0pjWURvCmRWY3FoYUlQ\nd0tNQ2F2N0tJUHI2ZkZIc2o2ZXFqV3NHM2t1R3o1S25JcHcKLS0tIENHdzNlWmUx\nSWtVTGEzclZjL24yTVc3bmZYalVEVHlnZFJXSkV6RTZ1c2sKAidp9uwzCHf5Gujs\nuNd73jg3HiiauRiBbvuG71CZPlocXYyERGvsoxn52egou535JGFXJq9bAI+biNXD\nzK8p7g==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIoX0wKjybps6ZHuvA+uwE1ThfWl87MApDLxCjCDUCC9"
+      },
+      {
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFNdXZydyBIOW42\nL3NZL2hRVTVFSTdwWVZ1a3FReWx5WEd1cGpsQUllYmYvVW41L1VvCitNaGgwOW1Y\nSmxBdlFEOEwwWG5DODJEQzdwMFdMS3loamI5VTllVlZRL00KLS0tIGxlMk9UWDFX\nRVlYWkxZRWNSQ1NuQU9nMWZjZ09WQ1VYWCsxYjR2Q2FUbHMKci1HlyURKA8pm9fh\nDQQm4yHFlTu6KeDOG6z7rySKE2N3JXtvTviBx7wYg0KmObDwdcRmxWcToCff3T8n\nr71E7g==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKZPhznHjTDifGroHiGRD3hwWz69B8NsSSPNbwWjfzgW"
+      },
+      {
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGw3N2NtUSBWcWRx\nbHo2UXJrakhtYWt6dlF1cW9JbE9yeG1BdmFTV29jZHU5VmtKVTNjCmorV0N6bm1t\nS3ZHR1dYdDc0Z3czenRvK3NRYUZ2NG1qUEJkczJST0RscUUKLS0tIHFtU2NQdkwv\nYTBJMXdtL2JDdzlPSDdqemkwbCsrU0xYWG0wT09QSXlCWFUKKyVUmCvE+2msmngI\n5sGJYnic7ZKv4P9dkVhzMoTbQeLURvwOSBV5+3T6tdXrBHlL/3eH6u2+hAmNrHfd\nVbxJog==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJF9kzudl00FVTQA7nnSaicAJW2MoBKm47G7wefb6uSm"
+      },
+      {
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpUeE1RUSA1dHFY\nTDBub3JkUDlzcGtVeXlBR3M1Sm1PVG9VSHBDR0lQMUFWSHltampFCjRaMHJoS3B2\nL1dPVUFtR0E1Vk40U2ZQY21kSEVDWVdaMmtWb2pzSU9ld3cKLS0tIHlZcTJKbTM3\nK0l6S3BXZWlwaERvdVFraG9VZE00RzhXdnU2STdOek8vQU0KxJ3AOEw9cRg8VUUd\nV4jRAPyl1dLu1b7+5JYhhie4wJ87LoCszJ83MwsQPiyh74RvniiDJfeAl/C559Jm\nQO83iQ==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDmZV9Oi9hrckXTpqBnDKRrY9mgwj+SJeVBGWmne2+q5"
+      },
+      {
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDF2bHNJdyBldnZt\nMFRncnRybHdIMk9IaFhjWFZOaUpVUmlKZ256MXl5R2N2aThhMFVZCk5sSXJoT3Uw\nRVZLL3B6OUZSMzkxbDhzdkxXaUpOQ2lSL3dYMndEWE8xdzgKLS0tIFQ0WEZHVC8w\nNGJXS09MMXpQRSt5dW5iSkR2Q1BPcGtyNHhVeDd3eS94R1UKi/9loF7uoUTkDjB3\nGoxMdra6apyPbd/VAfVkisG9ykvXWKl06UJseAjvDtNY52U0PWcb1+f8IseY6eyJ\nQqncUg==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA+M/DHDlKgayM6wsiX6r704pE+2qENOsKcytC7sBhKA"
+      },
+      {
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSByMXMw\nRmQ4UjR2WlBiOWtPUXFqcHh1Q2toOE9sRTdIakRzbVlla2xoZWkwCnZFbnBzdnN2\nRU5STko5eDFRb0EyT3o5dFZJQ1FaWUNJUkhabWtmaVh2RzgKLS0tIGJ1TjNIYW8w\nMW1FQWNKeE9UQjZPaUFBeEd3TVJ3U0I4dDczdkplSVY5QmcKGgzpjxYuUavffGpC\niM4RwV4WY169Gc29x1Ju8Mv5zwbkkr9ljh6wTE+V2p3wJ0zgFv+k8mdvzwu8aWn0\n6YZBDg==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINh0gA7reCRW+zQ5pPpIjoJGpaFQSbC/4K8B6vMXJVr+"
+      },
+      {
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtNZGJ1ZyB6QnVm\nSS9MYjM1S01qRkRacnRkVnBaWE50TnRkTHlkZzNCaDVDdGlyRGpjCnE5OU4yY0VP\nWDhMN3o3ZW5SNzgzUjB1TzUwN2pVOG45dFlpMDNhM0JwZFUKLS0tIDlNczZZTE9i\nZlhkajlSdHVyYlRGU3prUHNNblV2ZElPa1N0THVXSFNEUWcKQopz2wahAqC6aZvo\nLO+K+vntmJh6mE8lEV3j8baIRigln8KyeDT/3P9KDAtUmKj6saB09dUg4Cwb/oDK\nkaiC0g==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEmYihgWHfnLw0f8uTfLokCwToLavzV/+k/GggBA4Sz/"
+      },
+      {
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFFONEwvUSAxUWhy\nOHAvaTczbG1rNndUQVlZUUJTU1pNcDNZanBkMDhnZTMxdTdwYWhVCnVCVW90VC93\nbEZzYzRKalAyVEZ0eWh4SEpRUTNRQXdEU0tVT2NCYTFzNTQKLS0tIDlXNmhzeStl\nTzRQMDB5NE12QmFDWFdpVDU2OC9TQ1l1VEZ6TGswUmVJUUkK2XKjMZsa5F6RKf7n\nGfBaYEMcRIbj5qsxUF8CMhOtvRmlPEA2NF7QOaAHduSF8b5x39XBTDnfsPypZjcN\nHWLBkw==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvT1RvcTidgpVYE0OPknc3f5HcAVpyk+rXXrW4AcbzG"
+      },
+      {
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDhjWXRrdyBrTDZH\nRXZvcjRYMnc3ZTMrbVZrRko5MDg1MDRCVWVBOHFScjNMekZkLzJrClJtV3FmMW0w\nRVEyMUdZSE0xZm1RN0JTZHp2YTdjMnV6K0E3RUJmVFJSWkkKLS0tIFNoYzZSRU9F\naGkrWDIvb2ZVSWRLNEI5VTAwUzlKa2dQbGMvK0RsbXlzWEkKU5DPhR10UClRpM5m\ndNBoHUYwVibWJtXLZR1qzcst18h6uTOi67DQkN5Ub4V1QtK1yit2C+7W4SUGTzzS\nCDZ05Q==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEijeq50HS1g27BTRfJ8XWIPrAX9UVkap5fgIOCOtA5+"
+      },
+      {
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBId1ZBVis4VFV2T0FkNTBS\nd1pWNHNsVkM2NVNWU3RhWDlGUzJzazE2SFZ3Cm5sS1UwdWlUcCtnSnhpa1craHNv\nSGVBNXVXYkNjeWhEaFV2d1ZyWnNEdGMKLS0tIEVwRThUbVlZbmIzc1N3SXRRbWg3\nYzd4SkxnM2FleUVqT29EWTVVenlWencK2CMQ7lkkQslqBeYjyxO0mspXO7dXamq0\n66Aeq+M3XOYHgMmjkrqEGbrdcFYBJ1GZv6GOQ68/j94EjRx1nDM0OA==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "age1d9h9mm3u5qalmpl2pf62pyzqj8t654n435emn93rutv0cg9sr32sg64fdj"
+      },
+      {
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG05VmtkdyBhaEVt\nRWdBcnMzdXZsSG5INlIzeDY4TmVrRkxDbnFoTXRLN05IWmg5dVNjCnVBdmozK2VT\ndE00WXlwdGhmYitsa3R2VzdXNHZZYjBlNis2YkZBV016UEUKLS0tIDVJRTAzRXo2\ncXlUbmR1OTJvVVhENTdWWE82VndSNkZOUUREZkZsbUwrY3cK2L9WeFmTzlF2Xxc2\n5R6wWWfiR0ZMX99NM5qzL+ukJiPJe1q4mB0i1iTKLc0iSnN0ChbQMoT6NKyk7zsY\n3URhKQ==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDuzbgoXZccZ2w/9HGgUyT9nJH7lG2/jfQCZJudY4yAN"
+      },
+      {
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDRTOW45QSBaSU1M\nTE8rV1dIUFRTZWg4a1AxWDByeG9iN1RZMXhCbTB0SG8yOWZ3ZXljCnZKaTVPdzV3\nN0JRUmpBR3hRV1BRcnpOODh6NVVLYURwTWJVUGlxMGp5LzgKLS0tIHZoVkVtd2l3\nbHppM2MrRmpYd0c0SVhrZDhtV0drUjljMmpwYzg0aTNZUFEK9LRs8UscB4NVCtYm\nFzd8JEewtY0+vFgx8uZ++xzK6E7a43L0rNkwtaM9rnP4McFPJzjy6tStJxG7jK1j\n/E76GA==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFStro05R+CPmjWMHWtzXUKfGll+OosoZtXAyPtngN7T"
+      },
+      {
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDVucGlodyBvaFBN\nem1YcGFlNFVSbUFMYTlPUFFsWXFCbXQ4Vi9QUmp0VlI3WXdyS2dJCjE5QmlOa0pi\nVVhXbDgzOXRRNHplejhsWE9ZWE1aV1Z5U042SElDbGFrczgKLS0tIFQ0aTVFR3Nt\nNnVRZTBEZ0ZJUXc0ckVpNEI1T25Xcjd6ZHQ4b0dFSG5kN3MKp6JHwe6++3no4WjK\nvgVLp3yU0b11VLna/6KkxZlRsPV6RFl9MAq6m8rUECzqpJCB0klBFAEDXN2Y5aQ7\nBGmV6w==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO5qner13Q0fm5NhdXMx2nkt5kxjC0/SVY2FXh01OiHN"
+      }
+    ],
+    "lastmodified": "2026-04-24T14:30:26Z",
+    "mac": "ENC[AES256_GCM,data:EqHxZ/xrnnjjrMSJSrkfHq44MdRmz5tE4y2tRKvnKNHxs45yue6f2CXlldC/lqpXLuGHp4wHzkoKBPfWNwx+2lh0+YsCnxQrG9LYviv9CR/re14SYcwzoZFJfdFUR0Lzh+597wKzii1jHNfND3k4RyQhZ45VYNQuN42alpVVK4g=,iv:a943B4PcWFJJFvUh53HnQPF2uRLz97GeqiY3+NfqnAA=,tag:sdU/oNIWvftXeNiJe+b0cQ==,type:str]",
+    "unencrypted_comment_regex": ".*",
+    "version": "3.11.0"
+  }
+};
+
+export default JSON.stringify(encryptedPayload);
diff --git a/packages/gen/env/src/runtime/generated-payloads/api/staging.ts b/packages/gen/env/src/runtime/generated-payloads/api/staging.ts
new file mode 100644
index 00000000..d1f07cfd
--- /dev/null
+++ b/packages/gen/env/src/runtime/generated-payloads/api/staging.ts
@@ -0,0 +1,81 @@
+// Auto-generated by Stackpanel — do not edit manually.
+// content-hash: ebc33110b20545ea9f34cbca01f0e86b9bbcac81bcc230ffbaede6589f166284
+const encryptedPayload = {
+  "BETTER_AUTH_SECRET": "",
+  "BETTER_AUTH_URL": "",
+  "CORS_ORIGIN": "",
+  "POLAR_ACCESS_TOKEN": "",
+  "POLAR_SUCCESS_URL": "",
+  "PORT": "ENC[AES256_GCM,data:S80bOQ==,iv:66MDjrIBAe/JnHsQ7brFe5DrQAZ80RFeGr+PNa7Rs+Y=,tag:1Kcd4qp2aSieVH83UCjxsg==,type:str]",
+  "POSTGRES_URL": "ENC[AES256_GCM,data:bWy+bJfQW4DahtHcOvKhN6QE60eCihvWmBqgVQtCYZDG9JO2aotCTLBUYsWCRquA0cWszyNVcsn0PM+YftSa0zNCWFMHHgCPb2891ylvkxYyANTEBtN+7oebRJS686EerAlbrKx7iYpmY+Ar9X1IWFvymUphl3OcLr0wwBQeo/ZRjl8bwdNQqdlyUyr9Zlkgsd+a9oKH8gewKGNTCy3wJRGkd7xpejgJ2A==,iv:hJBmb2GoKLmag0BMOmxjAHXjySsKMad7GVF7Kt9jGCI=,tag:7JbeKtvmy9eaxnoatycvlg==,type:str]",
+  "sops": {
+    "age": [
+      {
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHZMYWFYZyBBM3Qz\nU3dZeS9oNmpUVEU1VFVWMGhTMHdQZWh4UDlsdmpBbXdPZHcydEZvClRNRGw1eGRD\nc2ExSmFnUW5kRGNwMGFBeURpSDJ2RFdxME1rTzN1U1c4Wk0KLS0tIFYzRjZzQ3pI\nY0NDVFIvckRzazBpMlQxaXRqYmZUa2UzdGg4UEZwdjBCRm8K+9i1GKgC3bHy1Eay\nBnPTrgheE355koh1LXIhPGrndx2DrIk5nKdyxrdY24ToWoSJdwdjrKN+Mkcspa9M\nDhSX7w==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjMrEzKQSq/0eePzgUGXM349sBm6GVCXoz+tJZJaBVT"
+      },
+      {
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEtlVWxBdyBYcDBu\nazNic3kvT05DbEVQdjlkaCs3TkduT0JPT1pxN05VM21wSlZxVlQwCkUzaXRscGs2\nTHNtWmo3TDdIZ3l2czJCSThpUGNwSU5jTmFJM2FTRms1dUUKLS0tIHp3K0RFSVdX\ndldvNmpDV2tROW5tUjZDT25ualJCcisrOWYyZkF1bzFYTEUK1VCa7+OwvqWnceos\n2znlrxsI7HKK5/aMgh4+lcDrsy3uAaro80/jxLMdQV78Uk0I46Q4Yvb+63Dwj0s5\nfAsanw==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIoX0wKjybps6ZHuvA+uwE1ThfWl87MApDLxCjCDUCC9"
+      },
+      {
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFNdXZydyAxNjlO\nNEIvUCtiaDdFb3FjWEtLVHAyK3p6TWY4c1VyUlJ5aW1PTlRaMmowCkxwNTRRczNv\ncVl0c3p3dUNhUDJKRGJ0L1A5cXlLR1ZjU0U5NEp4Um80b0kKLS0tIERyeVpwT1lF\nWldaeDdTblRud2EzbnExSmduYXRmWjJpdGxOQ0lyTUVkNnMKhBy6yMQIIhPnY0s+\nDSdYiVW7fipnuCt3fknVTy6bwLqbS+6L4s8phsFfKSQ8kb5qCFqwyDnDtLew+NaU\n7544Bw==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKZPhznHjTDifGroHiGRD3hwWz69B8NsSSPNbwWjfzgW"
+      },
+      {
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGw3N2NtUSBVWFRx\nbTRxQnl1STdNMENnalpNMTNYZ2FVeVhTQko4bjRtbGRGYXNZOUM0CjkyVEpPa0Z3\nYkd6T2tzb281ZTlvQWJEZEs5OW1XVS9hcUpsYUZWMVdhYVEKLS0tIGFZSERWbEtI\nTUIxU0xBcUg3RGxtaWdaeDRSdUpGN1lNTTJyTSsxQlFKSkkKaj4hHc2lyjt1DPK2\nBVuSL/yqADlb9j1lv1RJnv7bBaDqda7VzrAwbrGsw1IawjLQvatGQJ7+w2TNJn39\n2VhS/Q==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJF9kzudl00FVTQA7nnSaicAJW2MoBKm47G7wefb6uSm"
+      },
+      {
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpUeE1RUSA3TXU2\nYm0vdVhjbjI1YTdUK044SzdRekVXNWgwNHlKVW5IUlVTZVhMWWd3Ckg5c2ZXTUhY\nQTY3SEFIcGFYRVYvenNyVklnUVY1Q3NyY1dTeU1LaTZVMU0KLS0tIFpmRVZqMXRm\najViVmROUzJFYXA1UUhCclZzOENDZVFGSmVEZGFpSnFTWE0KT06JuttyKkS/wpDQ\n5Gwe3B3eWOdn9rLRQ21T+zNXZaXNJBoF9TOpCcrGAoo8M1a0jxoSiviigvdN8Cn4\ni44AsA==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDmZV9Oi9hrckXTpqBnDKRrY9mgwj+SJeVBGWmne2+q5"
+      },
+      {
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDF2bHNJdyB5T3hT\nMnNFeWZYS1FWK2JraUNDYlJTV0lZSDhPVEQzbC9HZ0ZaMDVhMFEwCkc3Z3FrdGpE\nVVE4ZkRVd1ZLZG51N3ZFSjJNbHdlbisvNkg4cEZxZk9jdXcKLS0tIFdRMyt3VGEr\nNXBIazlDQXhVcHArNE5OWXZyTVBEMmlRd2pORWZXb0VacmsKq2a0PHjFL8B3VRJo\nP3A7KStXebnj1YPSOb5vtahruFrh6tj3TOJtn93FMWJV2OHXEsPTJD2purSdJjZA\nVgFYYw==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA+M/DHDlKgayM6wsiX6r704pE+2qENOsKcytC7sBhKA"
+      },
+      {
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSA5akhq\nSDg0aDA3a2NSQnZleFpxRXZBcXZDTllEbk5GaEJMY040OWp0R1U0CkJ2S3M3TlhT\nYnJwemlSbGpkSk9haGlDSG54R1BQbFhnVEFWSk1ZNEQvdG8KLS0tIEMxdE9tb3FX\nTnFsanlTUDRUdWdkNDBVRmpqVUZmYVJEMG9Fd0RueXF2VEkK8cDRAFfR9/nnt5ZZ\nEbFcl8qYb7lQT3oB7tBTJyNQ9kO77TvN7ANE9KvySSTnfbr2wHlqedhmP7lytv8w\nktLhIQ==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINh0gA7reCRW+zQ5pPpIjoJGpaFQSbC/4K8B6vMXJVr+"
+      },
+      {
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtNZGJ1ZyBoNitP\nbDNvSVpCbVpzWVhTM3A2TnVmRTdxRmh6aTU2RXVDaXM4U20vYjE4CklJcHlnaUIv\nZ0JnUU5UazR2dDY1YzJaczkwdk52NEtxVmNZa052VFl6TDgKLS0tIHNTbGpNay9C\nSHluSlRicVpvd0FnWkZ6NDcyQno5VG1UNHpObGF6dWFGdFEKMPvtgynkj2Gp7XdZ\n5lZmEei/BAjJUGTjKeLFv98LVi0ucZhSo5CEDLukkDxP/DAZ0akJkVJm6yuVxxkl\nU6jrVA==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEmYihgWHfnLw0f8uTfLokCwToLavzV/+k/GggBA4Sz/"
+      },
+      {
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFFONEwvUSBnUmla\nUUdGLzUyWTE0U0sxZkg1Um1QM0dGR29uN3RLZlFZYVJCdXhDNURZCjBGVkhsa3RG\nMStVNG5lUUZwb3lKYm9DT3VGYTBjR0N4R05sSEl0L0dnZDAKLS0tIHlFL0czL1Q2\nQjNCc3UyTWI5NmhvSHNHODJyWU1tN0JmbzlrMlpQRi9BVUUKfh41bKQH20wajDh5\nemzX8c6kNORrVuGd/atXwAlxlTIt3DIGulj0ZlLKkD90ScGIjUP/4BRDGJbUASU7\nBPQC5g==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvT1RvcTidgpVYE0OPknc3f5HcAVpyk+rXXrW4AcbzG"
+      },
+      {
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDhjWXRrdyBOdkwx\nMk9CNWZTRkZnNVNuZkdNZjg0N1B5eHpVSVluaGxYVHRZQ2NXQUFVCkJncUxjQVVJ\ncVVDb1NaUFlEbjNoU1FCdWduVThaWDRVTGVGOTJxTFViTEUKLS0tIHQvOEpFK3lH\nRUpsMDlMWUJ2N0pyVlNRUVA1RXQwZWYvdW1MVEIyZmNCaEUKJxv64LFO0RztYIYX\noi+AJbogTUrzczAgSew2S90P3dWwuafDGhe0vCDfqg6qsovmJTizO+Wg0FCT7/fq\nKYe8KA==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEijeq50HS1g27BTRfJ8XWIPrAX9UVkap5fgIOCOtA5+"
+      },
+      {
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBZ3cxellxa0N5YjVVYmtF\nckRuNHYwblBkb2lCVENlVlc4M2JNWk5HTVQwCkxycjJRa0hwTXY2a0xtUEdPU0VT\nWkxZQWpad0Q2N1dPbzhBWWxoNSs3UUUKLS0tIDB6WDNIaE1KVk8yRmR0eVgyZHVE\nVzZsVjJTOVE2Uk5VN2VrN0I3cEprMWMKMhVI+nWikhahglLdtnms7lRBOb56+tfs\n1yWlGcVBTt3yxvfYH2P/qt07JDhZBg7BuTWMatNAr7CiTsHRNvbhuw==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "age1d9h9mm3u5qalmpl2pf62pyzqj8t654n435emn93rutv0cg9sr32sg64fdj"
+      },
+      {
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG05VmtkdyB5WDQy\nUEF3dHhkMVZWMUZnTkg3ZVY0Q1B2SCtoOWo5SGNFMmZwQ0p1Y2hJCkxzWVFENlNB\ncFN6SmovaDB5dnpOSFlKUy9tTm83OFI0VWs0cTFlaTF0TW8KLS0tIGtGdDB0N0p5\nRHMwU0ROOHZUU2pNckJ2YXpWb3JpMUY2Q1AxNmNCbW43elkKep7xAE/V51VaHnbz\nEKZH1VL7HxnG2CPDa91+EmX2elfGIYMYxIu5zKg0nMd+leBLwWhSZ3d9pnXMX6pv\nfk+g9w==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDuzbgoXZccZ2w/9HGgUyT9nJH7lG2/jfQCZJudY4yAN"
+      },
+      {
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNMjNWWTludllIYU5uTFUy\nZXdHKysvdjkvSzdKbHJFT0JFTG0rSW9iTkUwCis0TlQwSDN2K3NjZ01TeFhIbWVS\naERHamkzZFdNWFJMaG9GZC9DVVVrRDgKLS0tIDU5NUU1WDIvbU1ycTFRTnUyckZD\nRndqdVV4ZmpYeEYyRWxZSlNSQ1JtODAKp8HeEdq/tx3gOBJpShkHkaWzSwzu1Dcx\nzm0HA1EN+egZ3+tV57EXhSE68xtC2y+d8rc77Wf6r89w24AqRrD6vQ==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "age16wuzuxnkcgfuxzvzgk5e5a5f6hhs386adjewyv54m9esr4yj6uuslpn6tp"
+      },
+      {
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDRTOW45QSBFMGRT\nd3RpVWJxaXUxeDVhOGNuYXpYRFAzWXlOTTJYUkNRQjkrUW1iNGtJCm0xc0N1RjRs\nV3NvUXk4TEIxa3BIYmNJWGJJRmdBQ1hrS0FxRjdjUzlMYjgKLS0tIFdOSmxkVEJ1\nMm5oVFkwWG9GOWFwSVpTL3Y1NDBFaThQQ1lZTCs4TUVnUkEKNzh43b3a8FRL95k9\n0go5Dwx1zAXV1Usrk1olpb4fDRyyEc0OSdd0yEvQcuLjzUMPYMcn5Ae47iWqlbCP\n/O442w==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFStro05R+CPmjWMHWtzXUKfGll+OosoZtXAyPtngN7T"
+      },
+      {
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDVucGlodyBkTUpw\nU29HdUtLS3JLQUQzMFRwWUpKQW4xaFlpUUd6WnRYTHREVzRyRjFRCmx1WGZMY3JI\nSDM1TTVLTEFpSmtNR05yYWdtdlk5elFpeEQ3VDl5T1Q5T1kKLS0tIFRiT1RFcE10\nZHRua2MzdHFiTkF6d0JRSHoxRExvWldoYjk3OFlCd05VMVkKvO19ixqlJI+L3PjM\nNHMo1ZXl4DZ9hDNkh8NeNio9t9fCfNThA92CG+cX8dhORItycWsFFe0N+f3sa0G0\n4lQEEg==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO5qner13Q0fm5NhdXMx2nkt5kxjC0/SVY2FXh01OiHN"
+      }
+    ],
+    "lastmodified": "2026-04-24T14:30:26Z",
+    "mac": "ENC[AES256_GCM,data:1vQUARqLXwACjgXL33huJdWZyubLiPnVLdjMcK/P30cdfIw3Ykm6uXZB5tdULHjQUy0sXHXTCd3rMw+/6fxRpMsbwv22k1CvuOxIpCu8jibzJL96MaBy2iCoKzYjjlzpQcCJ3weJ28Dj+6LKnPWUA7NV1IBTcbg4Cta5J8ZP6fQ=,iv:M5nkzms+CrUQBptkzLdW/vHqKKx4gsMUhk+lqLfk9jw=,tag:8eK68loJPKjlNRipXop1+Q==,type:str]",
+    "unencrypted_comment_regex": ".*",
+    "version": "3.11.0"
+  }
+};
+
+export default JSON.stringify(encryptedPayload);
diff --git a/packages/gen/env/src/runtime/generated-payloads/docs/dev.ts b/packages/gen/env/src/runtime/generated-payloads/docs/dev.ts
index 26eb5a6f..1d72b5cd 100644
--- a/packages/gen/env/src/runtime/generated-payloads/docs/dev.ts
+++ b/packages/gen/env/src/runtime/generated-payloads/docs/dev.ts
@@ -1,84 +1,84 @@
 // Auto-generated by Stackpanel — do not edit manually.
-// content-hash: 997fa940014db7b0666473b4068a382e9a80dfe2aba0d324ebf7febc2164674d
+// content-hash: 149938eeb358fdc454f320082dc0542c94bc5e9a36cac9bba26b546596fed419
 const encryptedPayload = {
   "BETTER_AUTH_SECRET": "",
   "BETTER_AUTH_URL": "",
   "CORS_ORIGIN": "",
   "POLAR_ACCESS_TOKEN": "",
   "POLAR_SUCCESS_URL": "",
-  "PORT": "ENC[AES256_GCM,data:FqTd0Q==,iv:jMNJcHlZJGL6kbpGpGRHmQndR0d143U8tQcn5OCfH1s=,tag:Z238tlAG3X51fLOmJwfhjw==,type:str]",
-  "POSTGRES_URL": "ENC[AES256_GCM,data:S8yNhcN7SM90bHJ/dO8LJvlD6fqIPf5lFGKqjhI6JQtZvEdFAv3v//TGV3cht63F8EBuwNBoLxIvSs1XQ7+OSeYUm5B6Z/Uxp0As4Tos12aGwu2ADb6TT52iHZNnV6YsePrVP4WXFBtRM1AgJS7gWDtrSNSzQjJmZDzrw5DyynbZgb3qS3GhRk2DsRXn9BeM8udg/JOZ4IEQCebBPoAZrNNMYEMHqQexvw==,iv:rLinhGabqw/T7xI8W1pmiwLKYE4sJZrfjFD3j6JucqY=,tag:7l4Yjj5ODEdTzR0PkKSWzw==,type:str]",
+  "PORT": "ENC[AES256_GCM,data:q5zcdw==,iv:AzjGJi+xhdS68qB3N8STRSrurqqYjYW1dJZlCuWCFXo=,tag:/g9WDrgKmkoz9T/Ga2Qf/Q==,type:str]",
+  "POSTGRES_URL": "ENC[AES256_GCM,data:I9XB0OWWacbDGheZ+1gxpOqBnaN7Is/+reKkCW0y5rmrRwl4qLKv1Q5NumeQNs8qKBMxjfL//qpBBQCRAPiHSINQJIkwHJtIw4s73Jb1an/2YCkfV9bdhh3bvIkM2++l3HlO5eTdZQn657lPaURqXpZKU4GxB9WVnTgwjibED9gyGpuVtEQXGc2vkBPDow9RzlDPhGhwy5iSRnJUrliD6EQhyRlY4IVp8w==,iv:RdbZcjVyj3WqSaOd/n/tUBjenFF/wK0kMCPnHuQa+9o=,tag:8f/SkjTuP8/yX2Nz/80Oeg==,type:str]",
   "sops": {
     "age": [
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHZMYWFYZyBXWDB0\nZlA2WVNhT1dDUVZOaWVLc2NWd2YydXU0WW10ZmJ6ais4SnBqNnhJCk5aTGwzNW9K\neDZvZkdIc3pjSXN6R0RJVmxZVStlQnFNZ3IvQWlEVElQb3MKLS0tIHM5WDJpWkZD\nNS9mdUxydUlsdTJCS1prUzJmTHZieEpiOUZMbno1eDlYeXMKDedOow956x4W+RBh\nkRnZYt5em8g+sLspjXPHjOPUYt7JKs3fURHeZs2ERWGq4v69T3dSGItNSgSHw1W6\n2SBPuA==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHZMYWFYZyBSLzZT\nUEQwemFleDN5Z3lIcWxMOWpyVHJOeExPSDAxVUd2RjNQbU41RlRjClkwVTA0SlVX\naDRIV1h3ekN2V01WaFNMVmU4Mkl6a1F1aExQT0ZTd3RQRE0KLS0tIEpnRWJqRU5X\ncVgvSTBtcFdXQTBxTFBsTGd1YmplRzhmS1REMm9QYzV5emcKAr8c49GGwkAf4Mqh\ncdvOxuueP+Zt+kDBvAlbHtOEljkmtWLL8EZIqhH193DiKunZnOKhb0xZH32KkBjy\nlWjeKQ==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjMrEzKQSq/0eePzgUGXM349sBm6GVCXoz+tJZJaBVT"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEtlVWxBdyBqODAy\ndHZnaFVWZXM4blhERHNTUnVKbjU3eVJITWt0WkF5T1QrQTE2eHpZClFhRlFZSm5F\nNVZsTHJXbVBLUnBWcmJqdlV5akxFUzkyS3ZFT3JXODhzVGcKLS0tIEJ1bUVRWjIr\nUXN2TkpIUnp3VkpGd1RQbE44Qnp1MmdBSk56b1c1T1FSVWMKPe84Rpju4Kwd9QgI\n65DGrdYBMjSyo7IEErjB/CHYkqOVQ/MDr54UeiYe4r/GkxcG+ephh9W9Aap9kPzI\nAUYsLA==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEtlVWxBdyA3L2c3\ndDAxNDFkelFJeFdaWXJsbFVzS0ZUM0paWnFTMktpdDFXSFlaMGowCjk1NzlycWNq\nbE5ZOUxDLyt6MCtsWXExclNHN2kyZTM1a2J5R0tGTXZsR2MKLS0tIHVIZUlQRENk\nVzRRUG5zZEYxa29vTTJuNVZucXRtMHcvSXRYRkN3eUxkaEkK80S9B37M95hmw5Nc\nhXeyvIuKavsDASv1SQM2yQQBrQJBwmSezIduhEg1CNBWziTYIsurn3Wiv4CI6p2s\ng8Hc+g==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIoX0wKjybps6ZHuvA+uwE1ThfWl87MApDLxCjCDUCC9"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFNdXZydyB2SHNt\nT3puZ053WUc3RWZIaEE4aTJLczlvQ1o4TTZGMEtuWGFEVDZhSTM4CnUvNTVLS01Q\nYVZZZytua3YvVzhxUFhqaHM2eFhTd0dNanhjMjc0Z2FuUFkKLS0tIFI4WndTNHU3\nclFsY2lDenVVZE5iSzExbzJuZVNnNzBZWllPcm5EYmJJMEUKlX8E636sJmqRnfW3\nV6NvVDWVTi6c0ekT7BAbgMbZU8GqUUIiF3u3EGzTpHrtKiWYlg+j//RIVO2Djx56\nGCAmEw==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFNdXZydyAzaG15\nUjdKbkEyN2tqMDBMVzJRQlN6SVlLcW84NWJoOG9qY2VrcGlTVm1ZClQwcnYyQTR3\nVzdPUGlaaXVDNWxicWViM3F5NlJ5WHFvaDRJenlvNFYxTGMKLS0tIE1zVDVVU05B\nZU13Qm4rTVNENGpoZndFREpKRG9MQUlIMWZTTEtNdmNFNHMKp42KdCFt0St4t1lh\nbgYarg6uUFoaDGaax/LJ+pkvbpYSUyf2YkOAZtXCv6GXFyjrx2kz+r4nS5gTrWPK\n/sa0bw==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKZPhznHjTDifGroHiGRD3hwWz69B8NsSSPNbwWjfzgW"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGw3N2NtUSByZ1BS\ndjd2Unk1dnFPcGFoaStvd25VWktPKzFHcDlKS0RCMWlyU1Q4VldzCllPZHVQaGZY\nMEtidGJ5Z3REam1yVytObFZzRE0vQkU3bmhPZmlCWVhGbk0KLS0tIEc1NDNqY1JR\neExRVHNBVXRXbVRVZjA5d3ZCUGozcGRJRTk5TkM2YklWSlEKDRwMdHCWP52xHDM/\n2RIJJ9Q1sXNweb0M4/w8HDObniFwEyDXYdDLNrduOrkXKBBA9U3TXZqwWMhMFcyX\n/alHAg==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGw3N2NtUSA2K01O\nTWVvQy9rSCtSeFpKTGVoRFpkZGFRK2RGRVVCWU01SHZlMzNxMkZjClFzK29iSzhQ\nVGE0Q1lzYWN4MzI5dzVxMk1BWW8vS1JEeUo3dFpHNkVHNWcKLS0tIFVqMXJ3MjRU\nZWxaS0kxcHNlVGFteHh1bnNVVTJjTzBqRFFCb2g0NFE0dDgKDlQBBKY2dn5NP/3K\nFfQ9+TxGzHL/a9E0ZN5j04/KR7i6xET9q7uQKuQdIma8d6kX5QDpsT0+KKRpAXMr\nvsG3bA==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJF9kzudl00FVTQA7nnSaicAJW2MoBKm47G7wefb6uSm"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpUeE1RUSBXblVY\nbEZjRjRUb3FsSVhJSlZoTVRLQkNHbmlzTGc4UmVjamJNUmVyZ1FvCksydStrM0to\nd25JVUhRaDc2ZHllNjE5RXJQb0pnUzAzYmdmNGZPWlJNUGcKLS0tIE1kL3k3R2Nz\nKzB2OFIwTkhLNHZjYTE3RFdHN2x0ZFhVOGJMb0ZvdXlPY1EKPStMcKpuX3ZrW5qk\nXwmseC3N9XknTMn/HMRkpEOOOUixaSYF4Ozw2sCZI12xBT/TO1g1mb5CSLWGGsc5\ncHqJcQ==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpUeE1RUSB0RXd3\nRWlBU1FpNDM0OTNBbWIyT2d2SlVSSFJlWUljM2ZMN0lGOGx3dmpvCjR4K3V4Z083\nZEpPM21jOGN6YzBBVEE5UmI2MFNhTytSZ29kSm9sOWttS0kKLS0tIHl5amxMU1FP\naEhSTVZobDVCNjVmdnZqdzNaYmlMS0RpUktDS2NaWnhlYVUKDLiyOk37ShZEzq8Z\nrQQBdZzmvkUXJjh1z2vysyVeS7uxIoxR3wJyCWGOexjGsygRUELTuWeP8hnUkBTM\nULip9g==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDmZV9Oi9hrckXTpqBnDKRrY9mgwj+SJeVBGWmne2+q5"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDF2bHNJdyBldUp6\naGY2cU5MY251cndDc0VjU1lOTVB0QlQyclBxeDdIbzE5elJ5M0U0CnVBbGF3Ky9v\nWDR5OGVuaVYwaWJYQUk3bGlEUjNRMkV5RUQvbmtiTmRRYUEKLS0tIDkyZlBkYU54\nTk1NaFZPVCt2aVhKWUJQbkc2K0Rqdi9IOE9XOURjRWlMYlEKjXVcoXfWh8i+Wne9\nUsPivFqHzlAfmIpV/i/CQVnXPD9Z537cDqROZBq1+4gvRdGRIeGf18CgLzA3afcO\n/92CjA==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDF2bHNJdyBTakRr\ncXM4TU5mbVBOS2gwUnpDVERwT0U0WGN5TDJPd1FPZGpWd01oc0JZCnJyVEJkZys3\nZ0c3eGtBU081Yis4TTNmSGQ2VCtwZEtQWHhib2tQaDBYUUkKLS0tIDBBWE1HQ2FZ\nakFNWUs1NnNZRHlDT1NsWjhZQ1RTdXNtbVo0cGVweFFGbnMK6buqLVw2YI+Xumjh\nHwzaJ0RFhRTJQxNVw7kaTcR+Oihe+lm0LDszJCpFdVCXP6hj2FU22/Gpz1cs8Im2\nQ6pG0g==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA+M/DHDlKgayM6wsiX6r704pE+2qENOsKcytC7sBhKA"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSBjM2t6\nN011THpSSklqTVRqbUVkRVVvSWdLck16YVFHT2ZWZ1ZZU1ZNc1I4Ck9EVHhMekFx\nLys0VUZycitnRVFSRk8rT1VmdVd6STZqcjJwcHBXNGJFa2MKLS0tIFErdUxta1ky\nZWRyeXRydXFqV0ZyQUpxejFnMmV6RzEwczdIcFNxTmd5eUUK+VI8Zn6uGWMvjCaF\nhdlCpClec8giaUgi+YVGX+WZviaxFHpPZOkH26ydhfDqHFOXrrZum9/vsziJ5lUY\nVNrxLQ==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSAxemhi\nM0N3VkdwSE96ZStUTm0zeWE1VU1vQy9iUWpTVFo0anhjVElKL0FZClZCbmJTOEl5\nTXZUa0dkekdzdjFGVG5sSWxQT1g0Z1lraGdtZDQ2UU9OY0UKLS0tIGQ2aENnbDVt\nTWh4WmI1QXhLMFduY3gya0Fwbis0Ly9jU2c3NVp3SDNMQUEKA+sEJYQrKmZPKQmW\nhYzB/VIcL0EkBU6DaykzD3K56gy2SlWS54Vq4qO7KVV8gofjNd7zD0fpqXzsGSR0\nRf5OnA==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINh0gA7reCRW+zQ5pPpIjoJGpaFQSbC/4K8B6vMXJVr+"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtNZGJ1ZyBwb01W\nN2ZzbmlyaXI4VDh1ODFQOUVOMUszUVRMM29YUHlGejBzTURSYmxrCit2YVVaM0FV\nWmdQTUdtaUNDTEVtbUY5TU9vS3dsUFIxN1FFencyRXdGQ0EKLS0tIDZYM2FoZHpk\nZEZkS1hOS2RkQ3BveGZ4N21ibmdoTlhzQW94Q0JWMVlPSFUKvejBdVzkEdVg4sPw\nSA9bEJ0IvansG3YR8hJQjM0+9Iw92EZeym6uBS0fW9j+EJ9QHw42gkeLyl86FSqO\nNqadeQ==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtNZGJ1ZyBYaVY2\ncFhUZldZejgyZ1dwOVAxaFdKcmxlSW81blBSR25QZHppNmcySGdFCm5MSkJVOGJX\nODBKM3h1QlhqU0VDUGtIcm9lSVFGeFE2NTltRDNZSmhobEkKLS0tIGMybFd1R0xn\nRkovREIrMy9xd2hnbmZGZHJMQW4zQ01SOHVBanorZVdnaWcKE0evvK2rWbBgKQK4\nxbojLEOszsWphR1is71QyKEmXX2hBQgK/yQ4SqZG/I1p+EAfp4WFzmQdzVTPKTn2\nnd+QZQ==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEmYihgWHfnLw0f8uTfLokCwToLavzV/+k/GggBA4Sz/"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFFONEwvUSBnOXZl\nWXNmUXVINkc0WlczcGl6V3FZclB3Y3JWQlVIVVc3MTZWbldsM21ZClJXSlYvSE5U\nZ1VESEUrVUtiVEJRZno2VkROL3ZWZ0VhRnNMZEcxWkVyQVEKLS0tIE14SGIwamhK\nN1cvTkhDOVV2RXhKRXdPLzFIMDZzdEl3OWtmZTlZS05FTUEKKcWw58+a0/wF5V0M\nyC2GdaufsGtNTRq+ZVPC8zEazXrsrlCi9/vQyL0xcFYbTvds4o8HV7dmAfCpqiYF\nNZqvCw==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFFONEwvUSB0amoz\nSCtDUUF1RHVpdjcyK3VRMWcxVmFhZk5KTzBrVVFhSEJhUHVaUVg0CnVkUWZQUGg2\nNUhhUTJiS3Fjd2szYysrQm8rU2Q2cENYOTBnSm9jKzRhSkkKLS0tIFZXVFNPT3RR\ndGl6bnV5WGR6M2ZIVkpOOXBGc3R0Nlh3dVhoZ0JjRllEUGMKglYZRsRdpwtDRP0H\nh1FhTtCkHOOPyVYhVRpVjduIzfGN//KfL+oNg9btiBUq/AAvAfsrW2ENukG2gbg8\nCokUrQ==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvT1RvcTidgpVYE0OPknc3f5HcAVpyk+rXXrW4AcbzG"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDhjWXRrdyB3SWpB\nSzAzRWFoQ0tOMkJmQ1BRdkdaM1BrVFA5RXlJQzlZcTJxMkdySkRvCjNEVWFpOGJ3\nbTJNdDFIa241V2tEYUtuV1pLSkpDcXg0ZlI0bjRBSmtsRzgKLS0tIDFzMXA1SW91\nRlZwU3RWUGZtcno1TDFDd0lFdXJjZGFxSXltdXVyNUdNa2sKO5Zatmi7BCAA/JtP\nnckRYUanQvRb72AZiDNLA8fySi4LUyvfyKPgQMAXkiO5ITqsS+cEXXXMUiWeWMy+\n/0qQZw==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDhjWXRrdyAwTmlh\nMlpNeGF0YndFTHJ5T0trOWNXKzlUVWlqQnVSWHBzWFFDZUNsN1ZRCklMWWNrcHVl\nWnRpU25PVHlvUStJcjMrYXhhaFQxZUFQTmVSZ2R6MTFxbXcKLS0tIE8yRzRnUEta\nMzFNM0paa0JRS0ovVGNCQm50Vm5udGx4QmhtbTM1ang4MWcKs1U5qN9yscpjggH6\nxAh1ycZZ3PBLxfX9NWy6fLG4K2owc4Eov5HKl9K7jgKZUHUhArgoMj8qGt8uAR6v\nb1SVfw==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEijeq50HS1g27BTRfJ8XWIPrAX9UVkap5fgIOCOtA5+"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYVTQyREx2dHJHclg4My9E\nWThzV3BWcVNCbDQwZkw0RnAzQzhxWWQ4bER3CktDMjF1d3VhdnFFTDYwUGhtY2U0\ndEN2R2hwQlVUUUpMQjV0U21lKzlnSG8KLS0tIDlmZSt1SnJjbWhoL0FZcklqR0JY\nM00wVi9tOFp6eG5jWlF2bkVCL0xiV1UKGbhJjQcpuP+S6wZlW1uf4+eZRt2u91k4\nkC06MY5o+VDGlhYPHUP7J2gvJ/5+m2s+TgdPqfiZ4lmJg9j8fRHsXA==\n-----END AGE ENCRYPTED FILE-----\n",
-        "recipient": "age1eqcj2g0fdekj2wpqp4y0fg9c5myydjdt9zlr5scr0grk6fxszymqkpw5jf"
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6OFFrSFNpdkRhZHNaK1lo\nTFZVWDd6elJ4NTJDaWMrOTE3R2x2dUV6Q2dnCm5RaHY5U1RmUnhDeWI4WlA1djF4\na1NGWW1VajRoYTVrVGlaUlNvcGNKeTAKLS0tIGpZRy9CY3daNmNCMnFjYXpsWjVn\nczRYclprelR5SGcvTUVMbkppUGwxdHcK/1JYtAA7MKXjNLrzftqA3gEK6sxl2N/F\nt4UqT2DXh1IzGlnyNrDA8xilBaKdqcUN2QkdxkLE6Fzv9j8TLmOe+w==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "age1d9h9mm3u5qalmpl2pf62pyzqj8t654n435emn93rutv0cg9sr32sg64fdj"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG05VmtkdyBYdjVl\nZkhWWG9UQ2Jhb0FSOXVMaTJoa2lUWG5lZjdGOXBUMXhITTJ5NEdNCjBrY2VmYllX\nRVlkcGg0cWxNU3dBcnp3b2hNS2g1ZmpUTld5QUE0WmdMdkUKLS0tIHB2YzRsSU5P\nWCsvVE5xMEhIVkZUQmFrUGJOa1VRSTRWSHZwMzlRRFdLaUUKzxkxs+ASXJy9F71l\npq+klFSF4L9TaUAMlUGsGme3blGiBojD/j1om+urj18xhx+IEBCd9ckR6fCfbL3Z\n97gZZw==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG05VmtkdyBRbkwr\najJ2Z2tEQkFtUmtQVklUeHltQ0x1dEQwczdIWkVFTDRkc0JkYlI0ClB4aitZNWtX\nOEFQaGp1amhMWHlFc2M4S1JranEwOFZ5NlZqblNSQ21wUUkKLS0tIGFoUWdRbGFm\nak9ocjJRQmVXSkwrTEY2cWlYRWRQQVlGaGVyeFk0U1dqQ3MKcxvvJOzISy9j/VMt\nrBltPj/ltbib/W7TnQZ8EqzCrDqSsYxOwVfQbhCv/v+A+IxpbbLr291M5xhejB7j\nY8SNaQ==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDuzbgoXZccZ2w/9HGgUyT9nJH7lG2/jfQCZJudY4yAN"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmWURhVnpJNTBJK3FzNTB2\nTlk1TU1ISUJEWDNCY3JWcDQzSGhzMHk2c1I0Cm9pWWE3ZHR0U2ZCVDNHbjdsNTNV\nT2c3UHQwN1E0YUN1VklEaDhSZWFzMEEKLS0tIEtGeEYrSmJZd2pDY0grOExIZTBv\nUnpDclNSSm1TZUhMRUpPNXU2ZjFyVDQK8WZ3SD16RI06p6CIBJi8BlXOP3jPCU8+\ne3pFDJvTcDus7paDJDf1fJxv15Pe0mt2gy6Gs2bFsx2fxnBsVR4rhw==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBZGFxUkxSdmRDUXkyc2NQ\naVAxQVhZUkhneEhjc1VjcUZQUjZyclp0WERvCm1HbnprKy9DUmthb0szdWZGeGxq\nU3FXRUl1MTc4cmZ6VkdmQWFJeHoxMXMKLS0tIHZvaGN0M3h5c0VSTEdYNTcrVEp6\nSXd5djZrTXN5SFFXVTZZbnBPVEhXSHcK0WBkOwTImjI+u7mCI1MHIPHy2BOGXypo\nzKyaygktKQYKCqPJbLRfIO10IV3vHX7WZyKc8X6hT49idTKKrJC0Iw==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "age16wuzuxnkcgfuxzvzgk5e5a5f6hhs386adjewyv54m9esr4yj6uuslpn6tp"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrR0U3WVMybWw5c1RlVTBk\nZEZkMVU1cFZHbmxWT3NZTlFCcmRmeVZiK1RNCjJtRWlVOVlYQnJ1enVVTWl5bkZJ\nODJpYXRVbGVNYURSdVkzelgzV3QvREUKLS0tIFJtSitKSklOR2pPMzE4cDdVS1BT\nT1EwWEJ5K0o1a2p4K0NZYVg5RTE5UXMKefxNUSBSHZql0yZoonFjYXgMeFGO3CBL\nDb3XOqULR1TV+5j4d5tcJ3E8q/3BNMUsZFbaHDMqkc6+CsV9ewm4Gg==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtdHpOb2tNcWQwSXpOdmNs\nbHJxN1ppZzFabTVZMHozVDRYOTNZU3VUN2w4CjB3dlB1SHYxWjJPeWVHbGd5U29s\nS05xakRmUmhBSE9UN0xMK0VRZWZONmsKLS0tIGtReXQrRStoSjV5WUJXaCsrRWo5\nQURSR1lzbEdpbGF3bXBvMXp0cWNSUmcKWUKuBBc0lcpJu9/XznQMSc505n9lHhv7\nSZpLqjQY3cryjNE+2lEPn1xDW7xIqOxE2y+rfCH77pnd0LEL8FbOkA==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "age16rkvks3tljju3y6xu0l7luhjzx634et97g3xe58xf2dgfn2865rqkq6t8f"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDRTOW45QSBwSHVn\nQ0F2TjRQVUg3anRyS29tci9GWE9LRExTbFpMQ3BybFQ0SXUxTWs0ClpCU1IwZ0JM\nZXhhREZiRkc1d2kwWDhMUmwxcHo2TTloY2k2QVVWNDh5TzAKLS0tIGV0TnR0YmEx\ncEtpNm4xVGpPM3U3WFVXUVFtcnNVeVZkQlRvN2k3SDlkV00KMaVlOcijjrxa1rS8\ng36vGaaq0xauZR9m1re3cK+JLgIUt6zMw9wilRb5PnOaYvG74CdFnW1UCgEaz7LQ\n/hAMJQ==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDRTOW45QSBwNmow\nMlZvVXVzd29wY25HbVdvK0ZsOWhZeFEzc2xRR1VqbnlQYWM2bjJrCjJxbTR2aS9x\ndklTSXdhQUxoY0tWQlJYdDErZVRQdjhBeXp6QU5aNG9YTlUKLS0tIFRVc29IT3ZW\nVHBVZ1A2T1hZTDR4Y2dJNkprQlk3YlZjelF6Uk0rUm01S28KFCwNeTuI0Wi2zKEG\nkq508d6ZPOL1KSzvnItY8LTQgSUIs9NFqfdyzaaqp1NF9qnrBivao1k9A8zRm+8m\nwY9kJw==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFStro05R+CPmjWMHWtzXUKfGll+OosoZtXAyPtngN7T"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDVucGlodyBQRUsv\neFEyYnR6dDIxRFhoTnhsVmNSMTUwMEp6MFZKZUxhNXNJQUxWbjNnCnNyYVdEdHl4\nbXVIVkRTUTFXelNVRjBxcmp4RWpmMUZKazhHb1I5VnpMUGMKLS0tIFZNZ2MzNnpt\nd0ZXSnd0MklkWVVrdlNPMFlrNFhXcVFLVk9xaVluZFc4dzQKdCrJzmu0f8v+aXNw\nnnc06zPgPLxf+MhEC/ZDKvY/Ep9w3oHDyn6B2P8HsOszffZ+BPxlOzbJu40VYISR\nX0fK8w==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDVucGlodyBBVWg4\nT3I3TEdwOEcwZEFaNjBsa3VqRVE2b2hkWUNRRGdxZDluc21yK21zClFjem5nV1NB\nNUcvSTNTdjdweVFmS2lGTll5amhLQ1BOS3BoWjhOdXZjT2MKLS0tIFlpSzIvTVVv\nWkZmZTFNaXZPNFFTSWF6UkZJSElPTXJPWTBNdk1HeDViWDgKmCsjdFDBCGx8DV7p\naWJk32NgcjwFTDVRjYzT2m1g/umvmG4GcQkVUbwuL4VOJgv5QRLvxB4RbSyw5Vx8\noOW5+w==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO5qner13Q0fm5NhdXMx2nkt5kxjC0/SVY2FXh01OiHN"
       }
     ],
-    "lastmodified": "2026-04-24T02:42:10Z",
-    "mac": "ENC[AES256_GCM,data:bYfwMAQCQx07Wu5PCKTWEREioDvnPFPmE8TD6IOpBC2/q4a+zSZJS7kZ/SaPqtsUZJiUKYWcExZqakP13MB7yD61ZwH8HzmjoZiyFIqm8kyH99n3aODmKXNJCGXuvxEA01FWUiJSDjwP3t1CzlG/0lsmcSU2oMOtUyBHyfv7KXc=,iv:jXvUrB9U4DJt9yCtwt1jH5HfZY4CYMPwZR2MKWwLH98=,tag:p6z+dQcPSxicZbbTwHkw6g==,type:str]",
+    "lastmodified": "2026-04-24T14:30:26Z",
+    "mac": "ENC[AES256_GCM,data:voMMqG+ZkmdBSSW8k+AMKgIXB531MBxlBFTDU82NyrC5EhR1mk5ld9JC2uTfzbznXdas0DPe64OvGXLdtHZI47bTJ1OUlWE9MwxHrFowHQD+3Msc15ibayh9NpBzhJFjvzb9f3NoH5XgVlYHuEOad0bsvY/DKOkpLFqvDhsOuh8=,iv:NhBdIql4WQVGr9G6cQ9cMD9CoMQy35HClS/s28Bjheg=,tag:wT1fIUjZ2uSgRxpwCXAyBQ==,type:str]",
     "unencrypted_comment_regex": ".*",
-    "version": "3.12.1"
+    "version": "3.11.0"
   }
 };
 
diff --git a/packages/gen/env/src/runtime/generated-payloads/docs/prod.ts b/packages/gen/env/src/runtime/generated-payloads/docs/prod.ts
index e40c200b..9fee439d 100644
--- a/packages/gen/env/src/runtime/generated-payloads/docs/prod.ts
+++ b/packages/gen/env/src/runtime/generated-payloads/docs/prod.ts
@@ -1,76 +1,76 @@
 // Auto-generated by Stackpanel — do not edit manually.
-// content-hash: 33db1ec62aaf17a074619b9be7073ae1fb8f996c7f8870c2bbaf9757682479df
+// content-hash: 253055276d3a581fa072bd47befd5ead3a261cd5618b5b2257bc747f4be61732
 const encryptedPayload = {
   "BETTER_AUTH_SECRET": "",
   "BETTER_AUTH_URL": "",
   "CORS_ORIGIN": "",
   "POLAR_ACCESS_TOKEN": "",
   "POLAR_SUCCESS_URL": "",
-  "PORT": "ENC[AES256_GCM,data:f8460w==,iv:2QK67F2buVNFyDsB9H9HKTYi3JK2p+lnpXRHobZrcOM=,tag:q34hP+91g5eXNMFKmoKcAg==,type:str]",
-  "POSTGRES_URL": "ENC[AES256_GCM,data:tfEjMnkuoLpzHBQXXKwWbCXD8Lqlji3CjIU48kEme3/dK0/YKgdvN8On7otsClD0JdlYs6Hw1AySYGnIch2rJHpO57+9J37OEcr+3N5vno1Ts47Xf4YwauDJqL8Y0G6b/qUahxi60wb0u/JQozfIH/Ui/FDGeFnPIBJ8euO6iVU6Fi1CH6Iwl4HE6e59F/kU5AMRKX+6O6bveLcedlnE/xzXCiDO6psj5A==,iv:94VTvczNon5x3Qne/3dXvKRo74YjpkjBMoZ9TSMHld8=,tag:8XfASMDkhErfqpwFnu5VjA==,type:str]",
+  "PORT": "ENC[AES256_GCM,data:jsVWpA==,iv:8DcqJ36rSpGROBpnePRIGggjwaUOnRGxuBlAe6v0u6c=,tag:AcqK0JkkhrD0dGAx/vGpDg==,type:str]",
+  "POSTGRES_URL": "ENC[AES256_GCM,data:qP4dCqL/fswYNgIxGEpbu30CX9noHy1o/BrNOlGLMsCuuB0TJrr8JIGaAC+WXiat55MdgjPlDYivEjmRpiT2+QvleMTnc09MRd07hLkSzKu1YErYmjfu+E+WbQyCl9jqQX4vl15dsAOZQ3STO2TtO0Gw3d3KuTI6iEyLKXoyu09+6NQOCk+xFiXmIEO56LiwsinoyDj6EneUMhixcUaDCFXjgX8Tgcj6Bw==,iv:oWQSGqoRvuIg0Bb+a6/pEeBDfGL7/oiDulG1EKSZS4I=,tag:+g2JI/9hkfumbf9s/QqV4w==,type:str]",
   "sops": {
     "age": [
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHZMYWFYZyBXTG5w\nR3BsY0pIdktzd1B6UVR1NlpBTGJ3cHZaaGUzOTBiM3ZqUlhhMlQ0Cno4N1k5WWxC\nN1dUazZXN09YNUo4TFlwT09tNVNyaW1tekVhTnBVZFpzbXcKLS0tIGlZZlBQc2J5\nUHdoKzg0cWpwTk9lZXpFR1IvL3haYzJsaVBNOFJkdHFLckkK0eXe6AFg4R5onvlw\nH6uiSO+djH52hbmU+eHCW9gfjFqdjQbhVKiZnrPDIXafv0g4QhtFKRvt0xJhNfAA\nghsSQw==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHZMYWFYZyB0aGVn\na3ZZTkNuWDBqT0xFNjNJejhTSVZUaUpqMnVsM3Y1aDVoM2VnbWtRCjVVd1JjVmRW\nY29wbDJoYnViOVlJbWlsRmRsdUtuOElGR0lxVCtCaVZ4YVEKLS0tIG9iTllCbmN5\nMUxLdWI2b3FucFRqWGpuNVBxSXdpc0JtR2RUTG84aWN3OXcK7Ob7g9Eqp4nU8Pf8\nPIxlIURR3lvLgrpve5/X+Ca42V6EWFlST6Bx3R4zr2IpEHMVhjE7KeICH+MFrBvh\nAoapTw==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjMrEzKQSq/0eePzgUGXM349sBm6GVCXoz+tJZJaBVT"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEtlVWxBdyByVThK\ndUhOck9sazA1NDB2dlhLb2UvQ1ZBUlVpbVltMWEyR1YzWC90WlRVCmgvbkdRUVZN\nYUlWN1hKSGRBTUtkNi9kU1ZuTTVIWTljYXVvOVNEYTN1ZzgKLS0tIDFsVTl1MHZ0\nMkk2Y3hnTU03YzF2SEhac3IzbGxFL0t5UzBRUDN0Z01kencKx2PJSIuAagBajqxd\nuq9W8zDZiYIr8N1Mk3ulMOXEwIOALOz6FtrpHe2W1zKKBf+6ciLl+IVRrdYICRIm\nuOzsyQ==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEtlVWxBdyBqWlJn\nZmhOQ3NvaW5mc2ZTdGxWL3RxZEU5RHYrV1Y3dGE1cnNHZ0Q0Qnd3ClRvdjAzODJI\nUlNybHBrT2R1NitQT2xraXladExReEJObTRIbVVJSlYrTlEKLS0tIHBuTmJpN21p\ndFNWc3FQTTcvUUFiQ2EwbER3QXBIVG5oWDhXdnRZU3ZFZzgKd5VXR9xuMowhcnz3\n3Dvyoe7dSicb9+PtXOLW5mndEVCzNY0ru4UHM8k05n7wLkZ/FT3SYpJHOQ2cUr0o\n0yk92w==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIoX0wKjybps6ZHuvA+uwE1ThfWl87MApDLxCjCDUCC9"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFNdXZydyB0Y2lW\ncGtuRVdBOFk1UGd5clpDQ1U5aVEwVmNVckx3NUsvMGxpdHptb1JVCitkVDZJSlMv\nL09FeWRjZzNZNk9pNFZSQVYvZmp0NnV5VXlNbTdEZGFwVnMKLS0tIGtMaVFReUp3\nNVpQaHh1cFZlV21IZGFBSkdVV2Zub2VMdnR5R0VKZm1lYW8KGCcVDNs56UGZnrl9\nuxe4fxL05J/6H3sAw9EFCNvMbkGsLZ8yvDJW5Sc4VvsCtyG8mXNJu71VI4VnXoLT\nTHwaFQ==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFNdXZydyArMGRR\nbXQ5WU5nb093bWhZS3NRQU1MV0hFaWN4WWZuZmhZQlFrSFBKdlYwCkZZcnhXaUI1\nSUpENitOb01yeW5XMjdPSEVESGhPK3RZRkZKRC9rY2diN0UKLS0tIHZsTEpRYTJM\naVdzL2VMWS9VQURYMnJjbEhGdDFTdFE3NmJmMXJiUTQ0cjAKafvdqa4sIdtp+n7e\nsi+3VtW4mwmOKPz+CBsqjZy+dZI/fqzG8f64hU2FjAo/oSHToo7pQRWP/CPmvJH9\nwcTGhA==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKZPhznHjTDifGroHiGRD3hwWz69B8NsSSPNbwWjfzgW"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGw3N2NtUSA5MVI2\nSEdUNzEvRzhXTG40N1dBTjRhVHVmZDg1eVRMZFhzNE1vMkZxaXdzCjZ4Q2V0aDIv\nNVBSNjJMRWlqS0xwSHZjanVmeDh6Mk1xMmJEMEI1MW1WeDgKLS0tIGExRnN6M3VC\nVGFsTHh2bHZhM0l4T0hoQnNxV0Yxdko0QnhmM1NZMGROMXMKYpzAszhjGv1yFs6N\n5+eCP9eFf+R+FkxD712V5oPuuWCv5bKMexlKhL3j9+CftSfBrwAp9LtHvzoEUYkd\n9oXAHw==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGw3N2NtUSB0WHNB\nby9BRWxhM2JEUXpLRjNPOTNJTE9yOXFLby9BOWNMRFFPOTJvY2lZCngyVjl3S0Rn\nTUs5aXJtN0J0b3hQVEZxRzJlL3RwSEtKZFIxdXpuUXRiYW8KLS0tIGxPanY1NG12\nODUxbFdFVVYxcndUUWN1NFlEdmRVdUdvUytLVXNpSVN6eUEKoDta/Ne0GCfhqChI\n5V204g0xZV2nkDUFs27UX/8zHQC0XYl8672ucghfVPWvOEuStmHdHySVo4nsv7Yh\nHDUDCQ==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJF9kzudl00FVTQA7nnSaicAJW2MoBKm47G7wefb6uSm"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpUeE1RUSBtb0dX\ndlNRT0libUdGaGZmL2JWYjZodUJ5cEJIV25aSldrZ1RYVnhGMlJBCkZBWUdpcjA4\nNm5UZzlWQlBkVW5sa3BOUmthTkh0NG9BZ2VHQlhYSDI0RDQKLS0tIC9Xb1pjZjQz\nTlpTdEVCb3crY01qQnorT3VYQ0lvUFZzbnNXM1d1S3dsK2sK09uhvfa4MPV8mIvE\nSrgFZJ62GUYQxuJ97dvInPc5oNEcWD8rT/y9R6FbrvLEVdqT0Emab3a3xP6ryWEs\nd+3sbg==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpUeE1RUSBybWQy\nQjE2L3BkcVI4Y0JiMW1IY0dXdWlDWVZES0pvR05ENC9nRHYyRnowClg1bkVQWE50\nRXR6bm5OT2lScHhFd0tzMnpGZUJaV0hDaDdYNXpVeWdwemsKLS0tIEUyZ3FYRmdS\naHpVQU9RcEZ1cUoyb0JBZ3VoSUg0bGVPaGtnTUQvWVdNTm8K4KM9qiTJXeIjguhP\nRv7bsyQbUFkLkKdf8+eW5qXg1drZhyivINQvfiQ4X5W3KuP3aVI1XK1uqgpjiwyR\nD0BCrg==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDmZV9Oi9hrckXTpqBnDKRrY9mgwj+SJeVBGWmne2+q5"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDF2bHNJdyBxeTBZ\nSzZ6YWFPQ0VpM2FSRGZ0K09mVlpNNzZPblJBNS9zRWJxcjI3WkFZCk9DeTJ1bkc5\nYnNjazJiRnczZzNrVG5WR1dxdnQrZzlKc0g2d1AyN0tpK2sKLS0tIEJmS2RBLzRH\nck5HL0hGZnF0VDd4LzQ3OHRWZzVKNVdlUy9hSnh4WVhTazQK1BRZJV7mgV1Nc9Ew\n486GmJl1btM/qklDHLHi+xaknFHYCTkUSxUMn9bJ5ePQk/NSm1oJAx3mJJPGvEYZ\nrUwTWQ==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDF2bHNJdyBLc0ZB\nUk1hYzBqR202NWpXY1YvdEl0U2dGQ0psSThEaGRLYWpkdFZpaGxrCjl4MlNHU2V3\nTVpWcmcxSjJHYnhwclBOQTZwa0NncVFSb3BMV0VFdjFudW8KLS0tIHJ4aUlRbk1F\nMWZHRGhoRjRWQmNvS1d4Ri9wVFIyN3RQb21JWGsrd04wNTgK4qyS0t8oRiaqRCU7\nN6SSIDU2vXJZUvPDtadGnUCHGimLhJL51u3bW4tdmDHaELlUXqFdzgydWknMtEwo\nDxEvjA==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA+M/DHDlKgayM6wsiX6r704pE+2qENOsKcytC7sBhKA"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSB0M3dT\nMDMyMEZlWUgxZzNOM0tRRTlheXNCek9ZdWVJSkU4ekdiS1hEcW5vCkpDU1IwbU5F\neGdtQ0ZLODlJRXIxcmZDeEJYUm1nN1RBbWZ2UkhRUGVrYXMKLS0tIGg1SHM2SGJU\nNDNvcFN3ekJDTzNEQ2JscmpTOWptSTFKaC9rN1FydFpSUWcKghaYQ8/izbhiUeKT\nw3WnU2zYZDdjPm7VqHWcF8P0+3Te/WQF3poFWU+9o+iHDrCmrPqgfz5HQnMEQ29R\nknxi/A==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSBtTHli\nU2tPKzFUUjZhQUN2ZXFaSXI1UU92QS9qYWR3eXUzN3RoK3ExU2gwCkV1OFYrdkpq\ncHE1UzN1eGhpOVVCcDhFQnNXeDBrZmsxMnkwc3BNQ1lKYjgKLS0tIDRQVDlPb0Nv\naUcrUWRCK0FjVzVWdHNTSUQwRjhoZElJL01lWlBNU2FNUlkKkRniUZkUHIKAhD+V\nqzyWaZm123rQFayyiJTy0tNCSFMb0d6SdivdT/cF1XMuB66SRDNA/QvfB+OJZU6+\nLglQQQ==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINh0gA7reCRW+zQ5pPpIjoJGpaFQSbC/4K8B6vMXJVr+"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtNZGJ1ZyBOcGhm\nS3lBL2pmWWVsSmVKMk41Y0NDUEJBR3FFLzNTNzBLdlc2blhudEdNCklsREgrVm9L\nMlZBdHdVWEpubUJZRWdhcnpubjYrTTBWbnlOZE1IbmJJSmsKLS0tIEJOT2dxNjFZ\nTFpOelBaSlB0TGd1ZHJQdGE2SHUyV2N0R0t4Ly81Qk4xRW8KEUYhKN5/YFhNyXXB\noQpL8vBPEY2BlUSP96JDWz7ZrNoWSpCEX0UEd8epiZf5GvWxsU/EQ4dFJctL0b2h\n/YUtPg==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtNZGJ1ZyBwckZt\nNm5wTlM3cVAzQTBSKy9QcjYvNWtMQmlPcjFPZXpETVdVWFhHN1d3CmJUNzNzWDJP\nbnpQQ0dSbEtPdnl1cUtxUjlGV09SRUFtUXdTdko2U0FLdm8KLS0tIDhnTFBkRlR3\nYVNTKzNNMGt5NDJqR1p4NjdmZDB0SUJkanJVeDd1SnJGWTAKVv9d/AIkWKhw9q0P\nnu2PapJVNduZPOEtL6e+zhwwyBpdGuZp1gA3bWfL8NVCJUAH3cR+D0vbu7rPnwTL\n7bvjiQ==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEmYihgWHfnLw0f8uTfLokCwToLavzV/+k/GggBA4Sz/"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFFONEwvUSBlOEtH\nUkl1RVdnWktGTzVUYlo5d1RWRGFHMFk0SzFUcy9ZS3E3bVN4ZURZCjVQZnM3c2t4\nMFZiQ3RlV3BYS1kvYXJwK1pNL3FqUENpOGQ2Tk1ZQ1FHdzgKLS0tIHBqd0NURi9G\nUXlmSko3MThoZkpKbVF3ZlhNbkFrMFA3RDRhZXNGekM0VTAKKWGHcRTVYBsEyy9b\neqiJOvw6WXcybhT4hAN1Xv6+BnOropATFKlEZKIj1Gp6nyk2p/0sMN0IAT/4QsJj\nopkb/w==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFFONEwvUSB3Ukxo\neHpLYW9wRzIxMThBRkYwM05ZY2FwMGhyWktWREdkRGE5Wi9TMkhJCnFrUFRpclcx\nQnQ2em5sWC9XTkNseEJjM0VaVlgxT0ZRMHRUc2tRdjdsR2MKLS0tIHNKTGlNQ0JH\neFo2UzU5cFRhNC9rdnF0MWhUVlRmaWp1RzJFOVlKdTdNSk0KzTBV7rOu2WNI0lyQ\nKaWkmVZRTUWllJsGwG3amPrvU87xf+X9vNPfQuOEYLk/BphKW/XeTVySXYF6BX/3\npoS/tA==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvT1RvcTidgpVYE0OPknc3f5HcAVpyk+rXXrW4AcbzG"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDhjWXRrdyBTck84\ncVpCYkc1N2U4VFo4TjJnYnlDbGpCQ1lHRnQ0NEl1V1pGZWszYXhjClA4bUM3aU5T\nWEo5U09WbWh1dEhBOFZ6VHNkK3dNN0syUGZNZ2M4SmVybGMKLS0tIGhKTC9ndXV1\nVkhyTzYxa1lXSzhSVS9sb1Naanoyc3l4VEMvaUJOV1A3MnMKlBUuVpqSUQdK++zX\nEwbEYuyFKbJyHspjcrSZuzKtwgeyviG2ojqLSTW5S1uOIggdhVaHqyV3tykcMgAs\n0g2zqg==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDhjWXRrdyBJL2R1\nZUp0YjBpTXd6ampBeXZWbFdXcHc2ZG4vRjFJcWhNZ3JZTDhJSUdZClA2dU9WcWRp\nczMrQW1GSFI5QWhYOXVyMTFEUGpmaUpodjUwSXVZSjBuNEUKLS0tIHc2N0dqejFy\nMytrMGV0NEFacENxOEF2OHpUU0s1d296Wm1XWkI0Y0JJbXcKnI5dK4aD5V7Ig1wS\nH2CoZ5OSFwMfzgjRPl9rTCRUAIc/W1xEgePvnnfa3pd3+2c+vFs/0S08sE6wa+sY\nTUPOKg==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEijeq50HS1g27BTRfJ8XWIPrAX9UVkap5fgIOCOtA5+"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBITzhmMGRITnFCaUV3di9x\nNEw5dVBXbndXK2tWS2lHM1lyWForTzJmb20wCm9DWldrbEd3TjNGZkhiNHlKYzI4\nWXhlbVlHdWsxSGpoZ1lKSGMvZlJNS1EKLS0tIGVsN1JWQmpyY29VTlA2SVNWOVhK\nc0I5Q0wvbWZjZGRTc0k0cW5KRzJtU1kKhpN14OYkP6ogn4oC1ANQR6Y1zsZi0rDz\nd/hXLhTtZBPOjQOslYmer+DjsY4pTcGLfnBql43f5a7D+Vv6okuZfA==\n-----END AGE ENCRYPTED FILE-----\n",
-        "recipient": "age1eqcj2g0fdekj2wpqp4y0fg9c5myydjdt9zlr5scr0grk6fxszymqkpw5jf"
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6SXcxM0dHU0oveXhmOUhK\na0dJdk1NUU1qaExFRlV4UWJqZVVmR25WYmtrCnJ4YUdLeCtJd1NVS3pveXZ6SThL\neC9UVThacFJnZEZRcDVoTktVZzZyT0EKLS0tIEo2VkU3alBXQ3VZQk1lRE5SMEVM\nSUdDMklJalJia0ZhZDkwVmxlblk5YXMKagbVTSVWPPmWIF477wy2/y7BBp8uX9oA\nXLy2XAvmBFqGRNtxdknbNR3F8LUXwYvt1SNd9byl+kgu8PG1ADsNMQ==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "age1d9h9mm3u5qalmpl2pf62pyzqj8t654n435emn93rutv0cg9sr32sg64fdj"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG05VmtkdyBLM0Ey\nQm94NU9UTENZbE8yYk95NEkzUlJCbjF5Vmpnb0RqTW01UmJzekdZCmQraGxtMzVk\nTjRoSGd6ZmRFeVpId1FQSDdSdFhHN0N0ZUFCSCt2Yi9NQ0EKLS0tIFdJdm1qNEVw\neXVTY3hDMFBGZi92eHFBY0FSTHIxbDc5emF4QWY4K3ZEbGsKse8O+6s/nydvw6Ir\ndW2Z6JC4gPSzzokXO0ak1A/eVW2NVVXaZ1p5E7Il7v8LQXukqHpUeLdkzohuRIsH\nx6MitQ==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG05VmtkdyBoaEMy\nM0VFTFphb1kxaTdaOThZTk8yeVErQkM1UXJFMnd2eEc3MHM0ZmlzClZFUkp6Q01t\nQjQyTG53SEpUZE56RjM1akM3SWwyUzhCSDYxU1QwQUwxak0KLS0tIGsrNXNzcjg4\nOEkrbElsQkV0eE5peXZNYmdqVDcrSXV0dHpyN3ZYek90elUK01c8bE3ESfeLZzzX\nSWOHpwftZXkIk7UQnMGJPf1uh8wYRV/BdlLZsyTvEpGGvzK61373Gp/wbd4xjhG/\n3/29eA==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDuzbgoXZccZ2w/9HGgUyT9nJH7lG2/jfQCZJudY4yAN"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDRTOW45QSBTNEQ2\nMUtpczZNbXFlenprTC9RSjN6NmZkRmJNVGpaYjROWjVzenl2azI4CnBWMzZFREts\nUW96Y0tiN3VFQTVQKzBhZDZpT2x4Yisrd1d4MTdYRllFT1EKLS0tIEZvUlBTaW1B\nZVpTdVljbVRRVWFuaUs4N3lucmxwRkx5OFdIN29URnozUG8KjiD8mBnbRRu2NikI\nzNybkFQtAQbT7cKEA3msPCXkFWxjG5A0b9B4Sp3MJ4Xq/mJpts5WowARAfuz1ucO\nj6UaRg==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDRTOW45QSBqVFdh\neVRNcjhJVHVHSEpabGtoSDArK1RFeWRkYW5tTXorOWM1WEY5SUZRCkxHWE9FS3ln\nRG9GUjNidENhVjd4OTZUQXRZb2dIL1JqTlFmOXdWZWlxeUEKLS0tIEtoNW11bzBL\nR25ORk1KUklUZGg5clhDSnBONmZ4UkZSS2dIVmNDRDBNUVUKHh8GqwAOrpeclc7W\nVFKbfispWN6W3G5Hw7nOl5OL5Q52Paw5ylC7qnmeGg/jt7u2EtV5S0cI0Tl6mcRH\nLMfTMA==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFStro05R+CPmjWMHWtzXUKfGll+OosoZtXAyPtngN7T"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDVucGlodyBubjg2\nRWJyYmMzQnpIQTlONmhHU0xJb0wzd1hpWkdlTkRqZjkyaXgyWlEwCjVSRllDTHFS\nWTl4T3kzRysrQWZhOEtJSTMwT3FXTkxTa3dJZ245bndZZUkKLS0tIExxV2FIOFJr\nRlR6dEtoUFN1d1NKZ0ZNYzY2TGZOTCtEQ2hEMUNuWm1iVjQK+WVOhyQC9l6O5rHi\nCQsI9/p8m9vJ0zNRZlfFyNF4TBffqJHqRsnMpWrnYlqyL2+W1XzH6+KTntykCx4H\nH42OkQ==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDVucGlodyBmMGxi\nZXlzbVhsQ1FReDJETll1eEhRRGRncFdQK2dRdDc5NXUvVWY0TFRnCmdnbHFNWG5p\nR3FwYkN6T2pJZHZSWmNKd3NaMEUzZllBandXTS9PSkwyMUEKLS0tIEdnSUo3N0JE\nUzE4RmlmYTVlRnA3ZDdhc2h6TG5kYjNjQ0dLU1p6QVNmQmMKx4gAAcIysAE4Lq/6\nVVjM6PxfgnL0/yzEgp2uj8b1pZBvqe+uyMi315QKRIUOLVpQLczz+GqMmWWXiNEI\n41bWEg==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO5qner13Q0fm5NhdXMx2nkt5kxjC0/SVY2FXh01OiHN"
       }
     ],
-    "lastmodified": "2026-04-24T02:42:10Z",
-    "mac": "ENC[AES256_GCM,data:7AmEbh3FSycQtb9MXQQyoF3hLuYBIYVKDhjv2jV8xd5DoLIJRVq6GfC9omrwjhY2GxcykySYzLZOcM5A/R44wDanQ8Pw73nhYMzYaX7YbIQ+pUMFw7MMtr85Ud6Wp+x/txOYTPMx5Ed3ttSsZS6Qg0bHQEfS2H3WQoBp+qknwyI=,iv:aRoSRzviCLCnPVdvCiAI991A8JMT01cUKaecSDDGzIU=,tag:lGafB/Mlr6rI5rx9Dq+fTw==,type:str]",
+    "lastmodified": "2026-04-24T14:30:26Z",
+    "mac": "ENC[AES256_GCM,data:FU45eLE2F0gjeGWjCbGn15dnrxb5JF1NQEOkOswcj9gOAhwPA/nsYwbF3LJ3wHLCEyJb6Df7zk1z0ipiwe72MjGS6TQatR6+jDoFwHDZ0IH2rOheMh9I83Bw6M7KSm7nBPzmGc5Qn05NGKwN0iYUBcCpQzsV9LHCAl9ZMjAbos0=,iv:eZYZuZZi3mq4MPA2e5Cc2WYmfs4iZlhVSJF+sF9HTm0=,tag:N1uTw1iSxp9IlTEiQdc9Ag==,type:str]",
     "unencrypted_comment_regex": ".*",
-    "version": "3.12.1"
+    "version": "3.11.0"
   }
 };
 
diff --git a/packages/gen/env/src/runtime/generated-payloads/docs/staging.ts b/packages/gen/env/src/runtime/generated-payloads/docs/staging.ts
index f73c263e..8a670524 100644
--- a/packages/gen/env/src/runtime/generated-payloads/docs/staging.ts
+++ b/packages/gen/env/src/runtime/generated-payloads/docs/staging.ts
@@ -1,80 +1,80 @@
 // Auto-generated by Stackpanel — do not edit manually.
-// content-hash: 5f8a0a69ede263fae161b22fe63a0703c204eeaa1326f18db08be05f09b8759d
+// content-hash: e924272eaa934653c3d19d4c638e2fe1de496f145982547623d519aa4f1db948
 const encryptedPayload = {
   "BETTER_AUTH_SECRET": "",
   "BETTER_AUTH_URL": "",
   "CORS_ORIGIN": "",
   "POLAR_ACCESS_TOKEN": "",
   "POLAR_SUCCESS_URL": "",
-  "PORT": "ENC[AES256_GCM,data:KXHTyw==,iv:GevV3zvoswJMWZCJFk/0XInj9qerYPjivI+w6GGxjSE=,tag:5vRSYtEFeuRD4pdkpoBLBw==,type:str]",
-  "POSTGRES_URL": "ENC[AES256_GCM,data:lLQyTfwm+pJ2xbi0Tsfki2uwP/VBkBzIHeCsiy1sr6pIcHna5Qea2JyCrlHmM8ICuzMrGS/j43DcbkNPemo41OrjLmbNUETe0+bvk6M5R6SyMNAvgvspJnw21ppcZc69xZHNk1Y6GhkgBB7mAXkypNJpdHMLu7bR4rNPofp7rT3f0JohE3INWB9OLJIZcCB+kGRqPTm3Mi1oqKLHXGnVyRaOIWqFxIO/+A==,iv:OT4yZr8nlNilIgwK+ROvxhuij7WP4lof8jDlYqsUrsg=,tag:CA1nczKcwgkiiKnatBM0HQ==,type:str]",
+  "PORT": "ENC[AES256_GCM,data:RQwvpA==,iv:CbQMZ9kz+9tRmN1yLFeDI+TVOtTqVkAXjDGLBoExG08=,tag:clJEIYoc/6BeRBFfVHenaQ==,type:str]",
+  "POSTGRES_URL": "ENC[AES256_GCM,data:HpjOZu0oIbCLjXEzmCwFXxY7Y/3W0MnSC2gVfR/ZoUehpXYUxjUxgxjrTZoavLmCSk/vPESpaKbicaxtnNbOfY9i5Qo6kQSRBOHvEx07PVth8GzxVh0jAqlRTfsDgQEbv9KUgruXKs4IS0BYNUJBGMTH+6kJ7/ClEIdKKdRa2URr0c2ZtIWntQPH1iYuNaUPUPKnWpy44mqdEmc89e1cg33ov2kLz3Hhxg==,iv:qOE3Ov7Z1bormAlIFXc7U8EgMIrXVpjQmieTx22LA5A=,tag:1d8BrIWZ2S81+AAocBnu+A==,type:str]",
   "sops": {
     "age": [
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHZMYWFYZyA5a3FG\nR3hrenFjYVBGOS92Z2d3amoyUWRIU3FQTHVRVkVvZFM0L2ZIM2xZCnRFNnJFeS9m\nUHBRQXVGeUdaREYyREpPSE9uRDBjUDZEeGRYUk55TldnOFUKLS0tIFlzbHUyeHZI\neWV1SGV6WmxLRHJMV29DSHR2N2dKbWM5alpRTHF4YmdPbk0Ka2aNLy9kywDVyS9w\nK7ZvTPLbf9NN9Nil0ROy/xzFxd+JNJ5DVppe2yiDe1Uni++fHQld7D5InSR5O7nB\nR6Pazg==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHZMYWFYZyBtejk1\nSlhSU1E0TkFBQVZsQkRDM1pDbjh6M3ZxMU5kVmM1NnNRaWs2a3lJCnN1Z2hqMUN5\nMitTZkhyeDJqK0tWbFcxUmdEVG1pdWNGWXpHQzVSYWNmZTQKLS0tIEJ0cjVzNWtw\nVy9LVURXN0RvRnRPVWRYRjBTYm9KbS9MYzVSdEw4djA2VmMK+EiLfmnRyfTr00LY\nQCy1x7zGxDtZAkhOw6A9incd4e+pukbYa4nIT2I7PHn+FLgtrK+exUT9eDl2AqzK\nVz6USw==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjMrEzKQSq/0eePzgUGXM349sBm6GVCXoz+tJZJaBVT"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEtlVWxBdyBCcUV0\nQnVKMjkrSGtnQnp6THpBMU9XTmVYeW9PRVduMFVDZFcrMUNyVGdZCmJrRnM3Zm1U\nN1dlTEprSTNWT0RWeUcyVG1XWVRadHVqcWo5NnVLekNraW8KLS0tIEUvZXovcFk4\nKzVkbnJuMTA4anVlNUpzdHdDUmN6MmN2MVFidVJtSmRSa3MKzUBHwq/UiJDxRPEP\nvzMjkp1bvkyuWSCnVXetqh7t9F6LX4LCcsulSYM85Z1qUnMy9OxacsXTjY0nw+cu\nLbbgsg==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEtlVWxBdyB1bWpt\nMzZIcVNVSkFGN0pCdHdvazVLejZOcEV4eFVJdXBtT2gxbUZwYzEwClVZVTZMa0Zu\nWUNCZi8xc3M3RkQyTXYxUmgxODlpV2pUdXVZaVBKOFNJQzgKLS0tIHh5V3RPOStI\nUC9ZOGV6UWRxTG51aWZOajdWTFJrekg5bVgwajM1SUh4MjQKMuUolt9LVccLzcoy\noM/tQ1p3dHTUBAuayuDYAB0Pq+9GbtakJXj0LGdoE51quHmjxbSM2LV4LUHWSD+W\npM+axw==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIoX0wKjybps6ZHuvA+uwE1ThfWl87MApDLxCjCDUCC9"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFNdXZydyArbFZG\nMEVuc1lpUWl1bDRQT1ZZamwzRTcvZ2RZeG5aVHdXeEZXRExZdTNNCm5kL29EbUhk\nbTEwbW9CTUEvU0dlMDBuT1ZOck90MGZnWDBzYUhvYk5mOEkKLS0tIEFBMWF4TDZM\nZWN3TXhTTW5OWU9Eclcxd2FHTGQxR0pmK05WL2xrTWk0ZGMKLDxZDQfYWAN5xsEE\nODJRYZldtLIPZiCDaXUzjJKWmMvJe3kahR9ta6xeardmQNP3Bmr8drdIk8A3KxrI\nLZCP0g==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFNdXZydyBBK1Z4\ndkgyQmg5b2p6bjFXUzluYmNwYStrUmtGTVhJTGh1bWZyK0RzbWtZCnJ1UDNtQ21C\nTklZSWc1K3pub3R5bmxFOUlmN0xseGJoY1ZmSkZVZVNNZHcKLS0tIGtZdlJ2OHBZ\ncnNRSm42NWsvamhualQ4ZFhld3FQQzBYZHBLUjh4WWI1c1EKmMZ56VoTMdZyzH7E\nvgsqWu+vq1WprhBBxbICZ3n16Nact1VEbh9I/DvdPxERKApMcIj1vLg5oSSYcVtG\n6R/uXg==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKZPhznHjTDifGroHiGRD3hwWz69B8NsSSPNbwWjfzgW"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGw3N2NtUSAwaDFM\nQlM2U1UxVzJHY2xIbmFndjZlUWNRRzFYdlhzZjJuQm9LWHZpNkhFCjFNVkd2U0Vj\ncUZpc2x0WTcrdXc3eTV3S1IySjRleEg4R0QzTlJkNnpYOHMKLS0tIFo4b2hKdWgy\nZDREWHhwc3lLTHhPdnB6K0ZESGV1bzM2RE5Zbno1UnFGUzQKrpjUqvd/MrLukBFP\nQgG/VoUJIwXqVO5I4KuoSLIC5PKOxQyevUR4wE0rk6Oiv8JlgfQ2gcvw0GMaPscc\nvu1TiA==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGw3N2NtUSBtMXZt\nZlE1dHBVMDJiZ1FsTjNZOVFwVm53dEl5U001dmd2Y21PcHdQVEhnClE5WUNUajZ0\nOS9RaitqTytaNGpQa1ZoeFNGeVphVnpVaWFaZ1ByRjNHMkUKLS0tIDFGdmxveVhy\nMmZsQ29qWElpUW9GTFFjRVRQRXRqOXRNWFAxSGwrSVc0ckUKz01OJdJBZlRAqI4c\nB3AjTZvcVhRGQ7DZODymZHBeEaQxdcjE61pSehyYSDZ71fvuaTdkSrsKe2MfP0Bh\n8MjCvQ==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJF9kzudl00FVTQA7nnSaicAJW2MoBKm47G7wefb6uSm"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpUeE1RUSAvRGZN\ndDVIYmNpQzZZMzlUZFVNSitCRmZiQ252TjhURm1lNVVXRysyLzBvCnV6NEYxT2RS\neHZ0b1RsbDUxQWFnRlp3cVRmMFNZaU15UjJNeE9xU1YwcGMKLS0tIGhXU1JYeXYr\ndm5OSkpraUc5bzViNXBXYTZWU2h3M3B3K0kxQktKUkI5Mk0KhtkpwOmOYI+KwGYK\nD+zIzBmMs3GxYUkGFqAI62ceL0MZONdgLUbS4aIpGfA/dQOjEU33Vk0C/hCkEXCj\nOkEkUA==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpUeE1RUSBhTUd4\nSUd5Q0p5eFV2TVlrTFQ2QVRPV085SmhxWmNIc081S0Q3VEZ2UFVNCkxibEhHeURx\nbDRBNWlpZnpLUDArWGgzOUljQlJCTkh6Y3ZkQ2tYMXdxd3MKLS0tIHBZdHlKank0\nL0h5S2EzNXlwVjE3WnBVQmNXNit3a0ZnRjhWZ09XTHczc2MKfhFWeMNOgfFoOtK0\na+49KpCfMBwFW5txt+yhWe7uTVCe6piLQAV1LXZeExmjoZrFARdm/kV9Ggtgs3cN\n9C+V4Q==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDmZV9Oi9hrckXTpqBnDKRrY9mgwj+SJeVBGWmne2+q5"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDF2bHNJdyArVkhp\nTWZFUDhhZzlTdnVEeXk5NnJFQkE2c1VETTlySnpTYVlyU3JZZWs4CmhSZWVUajdn\nYVQzL25mY2JTZWpkam9mZzdJM095Q01QaDh5VGFJa3d0SW8KLS0tIFJVWGszb3pF\nTXZ3YjFJVStqV1d2Y0RvY3RUeTRBSkk3aytRdHVMREl4L0EKYh55lx3RXwQGHm60\nTePfAnwIC0UzseytUkRVGdbpS8B84QDvTJ6eIph7Ww7zH6DanNqrEYkzIPljriTV\n7ZV7yg==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDF2bHNJdyBmTFp3\nck9EeE9mM0EzTkdLaXRRTHNYb216U3p0N2FZV2cyUTBiMU5McUNZCnJZR04xM2dU\nN3o5KzV3bDVhNVdxOHYybnNuQnJqdHBSMEdGa2RBZlQ2VlUKLS0tIFpBSUd2dC9m\nT0ZEZXVFOFJFcWprTXNPeUZIVkxHUVB0UG9nZ2NnZVlCQ2sKW40n59GoFk5P7ezk\ntbmC1e1AXC+WShBgcbA6ZNPKjQaP2k3lOmAcotjWqeqt7OspVtto2vcsllo+cQMq\n6d6RaQ==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA+M/DHDlKgayM6wsiX6r704pE+2qENOsKcytC7sBhKA"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSAvL0Ji\neitOMlRGU2toNjJUa3BFVGIwSkFvcjNVcGhtWllmT28zYzFzUzBNCjA5WUIxeVh3\ndjVEeEcrenNtR3U0OFdQcmFNdjNOZU11OFFqOFQ5Y0RKTm8KLS0tIHN2THE1UXVh\nK3hsRHJFZ0FwdTJzcytnL29OVVNuTFlveFhINnUybDJyNm8KWiiwAm1Fz3qweDQ9\nyg+eu1aw/aXjOn3Th8szZbWydHYGry8VEDJeWvY3mlH9ZPQYV6v+FKuFcKAjS4xE\nKFnJOw==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSBQeXBC\nRGhpSTdheEpiR1NveU9iUDlxSjdnWUN4MUdNQ3VGVlB1bDQxRG1FCkt5YjVVRFpD\nL2FJMDBtaTJpcThzVUJJTHUyVkI5VSsyNWMwVnhHVWNaZG8KLS0tIGNaaDlpR2p0\nbHRSUnptSU5lZjkwRVAzdG9FU0NKRzN0T2V1VGxvWHpHN28KDA/UdjaDy6t0bKBx\nPWZIi0o6DdEu2lFagshjeA1zUNWtDzKYftKJmGKnuieB2rHlikjl6UFXISDe5KxZ\nlXSkRQ==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINh0gA7reCRW+zQ5pPpIjoJGpaFQSbC/4K8B6vMXJVr+"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtNZGJ1ZyAxNVhT\nOFUySFVVMVQxOTVwZjhhMUY3SmZSYmZRS0dML1JzQ2FiZUV3bnlrCnh2ekh2MkJu\nTjNTL0psMVEyS0c0L3h0R2xhdGI4NmhqaU5idU5Tbi9rRGMKLS0tIFhqMWFrYi9G\nU0dxc1FtdVNPVmdCb2tpWGFmSU5iSUdVOGh4RVRjaDkzdTQKRPq3pJZjeu4+gquQ\nZzXE915PyXru/GB1lE0Bs40soXmJSJOnPd1/vD948R0AkDZMyRO+ma9p2/aPWvR9\n3eTzcA==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtNZGJ1ZyBUZm5k\nbkVFMURvTHJZUk5LcDd0ZlNJTUhYWDJlTGI5UzRxSnJzNUJHaGlvCi9mOFBKZS9x\nS2ErdURHakJMZThndFB0OVF6Y1BlMkEvQ0dKbGdOUDNzWkUKLS0tIFZDZ2lTcHdn\ndUFWRDNTVFpmTnNNTEoxRHZ1Tk8ycyt2K1ZzYURTbC9JTDgKhGQL/r/O5nOx7b8/\nRZvnYwS/Uwuyfn9GwRxgnPJn3rdnilIYN0h4Hvizx15nK+HtJ/5lCn4VRRFws/A5\nBiVz2g==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEmYihgWHfnLw0f8uTfLokCwToLavzV/+k/GggBA4Sz/"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFFONEwvUSBvQTJ1\nbXBaVmQ0eEw2cmY2TWxpOGZzcjBOOVVWNnpLeGJ0T042dHlITEJrCmNXNnU2Zy8r\nN0FPQ05sVW1jN0praFlReHhNSXkyczRBU3pndFZvUDBLTUUKLS0tIFdwQUNnRm01\nbkZMNFVnWWUzL1FCV2FNazF3V2h5MGkrODJtdVBRU3JnMmMK0WETd7KCV6DJiFnQ\nX59tR+SLm/e4Khg9mOKiLAYtyGCBPY6ULpXoX6aHt294uDy6MZNXRBvQPDCB+DOf\nAQtSgg==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFFONEwvUSBUVjhQ\nSE41Ujd0enhoZGI0aVhjYldoeHRRSXZpakZHOE94VktEenc2Q1hZCmNIK3hkblg4\nQzFhMlp5YkYwV1B0a0dyRncrMTkrZjJHdGZVT1Frak9VdzgKLS0tIHM2bHN6aVdJ\nODh3M01haTcwcFVwR2hQbWpJOHE1NmlISlNDeVJoeWh6ZjAKGw6N1koC7tMeo2mr\nkDTPiu/ZLvHA2smMwDfnAkmdJSZiAYEHeYJiw0cyw2cBRNPiqk2SFgw8wcjX3f73\nVRmBgw==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvT1RvcTidgpVYE0OPknc3f5HcAVpyk+rXXrW4AcbzG"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDhjWXRrdyBnVmpZ\nU0xQaWNlbEU3WHJFN28wM0lrYmdHOVhXQkJHbGw5RlU4Z1Y2S1dFCkJiL0ZtN2lq\nWE9OVDJNNTdiUTB0TTBTNDdQdFdkOEV1aHh1cFB6ZmMrd3cKLS0tIE9TN09kMis2\nQis2VExJK2NlemJFamtkczBiNUQ2amFwRlFTcUpzY1ZXMUEK/xmqe4IBEF3cCEf3\nqm2pqmMB+LyXx4CN+7t2SHD0FHfBy5X58Fz8qA8vAZn6uC8J+H5TzCOxZjbKkRov\nezUedQ==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDhjWXRrdyBxeE1y\nV05nZHQ1eGUveTdFSUdkcE52bzJqNVJ2Y1ZCT2NkZG5NTXZiZFFrCjZOUkIvRTJJ\nWUh3ZTBXZDZyZEZld0s1MldyYVNiSmk5UmN2YXZtNGN6a0kKLS0tIFlMWXUyV3V1\nbW1ZOFR4M29Qa0xuekFManFGNFRiSDBSNWpsWVZPWXY4V1kKde7o6+twE7DsLIna\nIFLWzUKZkTflxYfCCerdF/4cAhFHdi11vh/U/b/OgZWUIol526gC6/hJYWq+H1mw\n5DbikA==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEijeq50HS1g27BTRfJ8XWIPrAX9UVkap5fgIOCOtA5+"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDVTd3aHdRZnRiaVQvMFJs\nU2dRZFAvV2RVTWY5Z3VoLzFDbGd3WEZYNXlBCnRWMElsVk9ad1Z2U3EvNGxqblJz\nLzNuVkxEQVcwellWZDBpbURYaVN6V00KLS0tIEx4UjBteDhUTTFwamV3RjZoZENR\nREdXQjJRaXlOejJqWnQweDc2ZTlOM2cK8407P5vWjFsza9cbA99PPM8X2bsp0oWZ\nDBHDDSvu6KFYl84I7J5l5B33h4AeWAgT43N7GW9Amr/ZYf/T6d0NBw==\n-----END AGE ENCRYPTED FILE-----\n",
-        "recipient": "age1eqcj2g0fdekj2wpqp4y0fg9c5myydjdt9zlr5scr0grk6fxszymqkpw5jf"
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlaXE4NGZyMlJLMlZKQ2Zs\ncE5rVmhxTmhmN0FxL3FaMUF3ZUEyZ1pJNlJRCkxBc1VTd1hoS1pFMGR1K2RCcFJw\nOUpNeUF0Wm5lbkhSRmxvZUMwaDYvRUEKLS0tIDNTMVpKbTg4VGJsTnE3YVpaSUZQ\nRlN1QWZCMHVGSk1BUDJyWHlOWFhaQ0EKHaofWdSyFwNK6nbndTQLxxZ+hr9ypM1K\nZDqRUg/2E43Jm/0PlIq2b1FMjbiShu6A2QYJwVThiMSdvNRIItcikQ==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "age1d9h9mm3u5qalmpl2pf62pyzqj8t654n435emn93rutv0cg9sr32sg64fdj"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG05VmtkdyA0YjZz\nZ3VMYnpNbkQvRTNYbU1ybE9GUWc0OHFDRkZDSzFkY0k2RllIdTJRClNYY0ErUWdw\nUzFVaUpBVTRyY2srSHNTcmRPRXhZdDlBeWQ1QTdRbnA4aFEKLS0tIFhRbUY1WDJB\nKzI1UmdlOHZCY2djLzJ1cm1pMHhMbVloZmphMVM0eUc2MXMKAejd2m1HHB78FZfl\nOG7H2dth5azeVlA3qTueLADmeb5+Qt8/Dx5hDZb6eKZqkXXLOqsPRw6gvzEm1OsW\ngT1kGQ==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG05VmtkdyBmbFdQ\nSEduZlZZdkhlZTlJZmlCTW9TSUs0YW9NY0NYVVZkd3JxYmJYY0I4CitRVEkvNXN2\nVWYzYTBPQ1BvaUpMaFd4UEhqSUtwNDJkcHlzNUZtd2ZHWWMKLS0tIExDTXNYSmp4\nQXlEamc0T1FxVEkzc3NxS3R4U0lTWHNhOEVRbFRYcS9oQlkKRUAgYxhY/yF7JFSl\nYsEJnQfNOyGgtsH0HdutX5wzheEkH/wvBz8wwypXOZ0c089YDoDbWuObNft9ZrEL\nZwBrTw==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDuzbgoXZccZ2w/9HGgUyT9nJH7lG2/jfQCZJudY4yAN"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVRE8yRFV2ejFDbldSWWJ3\nZGZSaGYrTEFKNDI0ZzZTWkRZbDM1eElVZmtJClR1UVVlK1AyWjZFUmtrWktEY0dD\nMHE1VlNrUlYvVnlzZkJ3NUxrT1ordzgKLS0tIGNxT3BwVlVKTFJIWUg3SmpaSWlx\nWWZjZkEzeGErcGdaZGJBSTlxZXB1RlkKDz0Bha5UhzptAI2fR9DpCqaz6DBEOue7\nlWJGpN6FeYoxhdZneyfhT+bvgEhCyz44QhxDirdbfsCOHceeDUxTUQ==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOMmdCdVpWbEdmWEo2QTRs\nRDNPdCtQeVVWMW54VnR5aFNiam40SkEvZHlRClhVbmZGbHZDczNJdzFBbEtDMlE1\nWS9MSVhFR1gwSnNJbkVDZHJpaXJJcU0KLS0tIEF3R2c3c3NwU0R4Z0pSdVFkM0pC\na2h5ek9GK04rdHAxU2I5V0JFWEFaVFUKApved1FPRT+kC3y/bYUVk1DVPWSV2NLA\nEFVW77udNa1p2Ot1WRSvb/yxhOWSo7hxlWp/XaYzzJs5wUi2Jo3Jpw==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "age16wuzuxnkcgfuxzvzgk5e5a5f6hhs386adjewyv54m9esr4yj6uuslpn6tp"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDRTOW45QSBuWUto\nY2hJbFV1aUlPY1Y1aW1HTnVjaVM1NXUyZ3J3UFBzcGJiSHpmN2tVClNPT0RGMVhs\nRE5IblV5S3ZlV1crTGVla1pwbHhMSHNDeVpMb0JLMDBHQTQKLS0tIHhodXFNNzhH\nYVdPbks1cExqNWphTngyM0J6ODU4UVNyYWtNNVJVcWVQd0EKXU8qLTbnln7lbw/S\n8IdjxDnJ58Z1CC9dFF5+c4Ewsq9LTNS9F8kXgHdAuEacx/FHYC6c2oKbqd1/kC/Z\nOFSEEQ==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDRTOW45QSBHOW5U\ncmNKVWY2Wm5JTUlnUWtpWVMweFJrLzFRLzdYdHNZL3RqMkUzUjFrCjNxSWpLSlhn\nSjNQdDJFSzlhUGFmUjZxVEdyaFRXWC92eklxUUpVaVBMWEkKLS0tIHFrS0EwdHRW\nK2FkZzdpdnFMSHhVZEUxa0MvQm8yQ00yY0E2MmtDNnBIM1kKgAhmqMJA9SXHAqOi\n5VVqIaVEW2K4wX5DbOX+4NMjmoWceJauRUdvCLrc1V9llB+cFzFx1eEsj98tK4HG\nV2lmzw==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFStro05R+CPmjWMHWtzXUKfGll+OosoZtXAyPtngN7T"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDVucGlodyBkTjNG\nVGlwZmJEaGhpM3VUcllxSWI1QU14MHJHQjVkbEc2VjEzU3pvOFg4CnUzNXNTUHJ5\nR0hBWDRXSi9XUEJ0U1BrU1Uwam5oUVBaN3NTWE9FdzU4dEUKLS0tIDh0aHZRMWwz\nTWZxU01yUjBsTThXT0NtS0d0M1ZzZ1pJYnFjVmM0cHN2SncKRUj1wbq1QzcoTgst\nnYA6N80mIpFVrairPaSkQvsj25K6vOyvMx06DdCjyrUCj6JQvsnJNi5PNznl+VTF\nXIjaQw==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDVucGlodyBxTDJw\nWU1idkk5Z1VxdU5wVDlRcGxmZDNwYnc4Q3hGVmVTckpyYUtOZm1JCkRJb1JTVWRM\nT3dGdVlidEZOQnFyTmk3UnhBZUkvaUY0aHRWdjViZmVTKzgKLS0tIC9qQ1ZMSjQz\nWDFlcEZ2OHk1Sy9yaEpDUVNvL2F3UDdNSFNFRlZiL0FwdE0KyeKLmlTCx2R63hLV\no8jAztfYMIDm1nokeT90ueR5RgkpD39goVWFdln3yVIoD0RZDZfMwm3KBCp6w82q\niWoTmw==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO5qner13Q0fm5NhdXMx2nkt5kxjC0/SVY2FXh01OiHN"
       }
     ],
-    "lastmodified": "2026-04-24T02:42:10Z",
-    "mac": "ENC[AES256_GCM,data:36RrYDbRnC0/Nzs9WP99SCn1TxadL6PIrKk4YfLWSwBXSLrvw4CiHI77fzAxgWe8hrhhyBNvFn5Ypk3Ksxg9ObHEOufUar1dYOI5aYUlvuAhDCbMSa5lCHceNCoRFj5f4QTN4YC5jx779Sl/pEDn13qTkelX2tsRPKaHONOQdmk=,iv:IjCkSoPxTDsuqB5fKcUuNPnL2cxDNHxr0fOiG+D6nYI=,tag:ZyE241/6ieMUTFVvzi30qw==,type:str]",
+    "lastmodified": "2026-04-24T14:30:26Z",
+    "mac": "ENC[AES256_GCM,data:Vm92GVDVpXWJGWf0uGOfWl3W9QBafWNxPyDdlRHOvqn3dr1VgawHe3wv6AhMqaj2jSe9J+KvRhJwDzlAS5GmRO2OD24hB0JwViDWa8xAg+LePryfEYPWgyA9BcfVaZ+XTQnt++hIQGrF53QuWaLeuRGepV4l0SS8eoUr+Ut99/w=,iv:btbUdFSoihIH9k9H6os2NmxDQ0arX0T10I2lniW6LpM=,tag:9Pu/f6bC/ZBNs7qwfPDEPg==,type:str]",
     "unencrypted_comment_regex": ".*",
-    "version": "3.12.1"
+    "version": "3.11.0"
   }
 };
 
diff --git a/packages/gen/env/src/runtime/generated-payloads/registry.ts b/packages/gen/env/src/runtime/generated-payloads/registry.ts
index f541c953..45027867 100644
--- a/packages/gen/env/src/runtime/generated-payloads/registry.ts
+++ b/packages/gen/env/src/runtime/generated-payloads/registry.ts
@@ -1,6 +1,34 @@
 // Auto-generated by Stackpanel — do not edit manually.
-// This stub is overwritten by `stackpanel preflight run` once env payloads are built.
+const payloadLoaders: Record<string, Record<string, () => Promise<string>>> = {
+  "_envs": {
+    "deploy": async () => (await import("./_envs/deploy")).default,
+  },
+  "api": {
+    "dev": async () => (await import("./api/dev")).default,
+    "prod": async () => (await import("./api/prod")).default,
+    "staging": async () => (await import("./api/staging")).default,
+  },
+  "docs": {
+    "dev": async () => (await import("./docs/dev")).default,
+    "prod": async () => (await import("./docs/prod")).default,
+    "staging": async () => (await import("./docs/staging")).default,
+  },
+  "stackpanel-go": {
+    "dev": async () => (await import("./stackpanel-go/dev")).default,
+    "prod": async () => (await import("./stackpanel-go/prod")).default,
+    "staging": async () => (await import("./stackpanel-go/staging")).default,
+  },
+  "web": {
+    "dev": async () => (await import("./web/dev")).default,
+    "prod": async () => (await import("./web/prod")).default,
+    "staging": async () => (await import("./web/staging")).default,
+  },
+};
 
-export async function loadGeneratedPayload(_app: string, _env: string): Promise<string | null> {
-  return null;
+export async function loadGeneratedPayload(app: string, env: string): Promise<string | null> {
+  const appLoaders = payloadLoaders[app];
+  if (!appLoaders) return null;
+  const loader = appLoaders[env];
+  if (!loader) return null;
+  return loader();
 }
diff --git a/packages/gen/env/src/runtime/generated-payloads/stackpanel-go/dev.ts b/packages/gen/env/src/runtime/generated-payloads/stackpanel-go/dev.ts
index bf35dc24..21c4cbf3 100644
--- a/packages/gen/env/src/runtime/generated-payloads/stackpanel-go/dev.ts
+++ b/packages/gen/env/src/runtime/generated-payloads/stackpanel-go/dev.ts
@@ -1,78 +1,78 @@
 // Auto-generated by Stackpanel — do not edit manually.
-// content-hash: b7a46897290b06845482f743eb65898a11b931303eb91465388f24000f0f4d5d
+// content-hash: 4f64c73d9acbefbc2760fdcb85a989c9213c9db09a55ce471822ac16d1652ff8
 const encryptedPayload = {
-  "STACKPANEL_TEST_PAIRING_TOKEN": "ENC[AES256_GCM,data:OvcNK0wuSzA=,iv:r/lrDvgLmNCmqVl+o0Q2koLsmYEop7RtcK1x4edi3dE=,tag:QXYFKuJKIGkfxS71gIu/VQ==,type:str]",
+  "STACKPANEL_TEST_PAIRING_TOKEN": "ENC[AES256_GCM,data:aB1Vw0C6lfs=,iv:Nhytiy2Q6xuyDKwJ3ewx02jsFsX+CIN90SRXZtX936A=,tag:22QE3jsParyh33yCRv9qsQ==,type:str]",
   "sops": {
     "age": [
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHZMYWFYZyBYWHhS\nbUp4TkFKVmJTenRDMWNZOUowRjdUd2FNU09lck90c0JLQmFLc2w4ClJpZ3p3b210\nMU9weVkrQWZPS3ZuckJ0STduaXd2MEJsTzBrSlFrSzVESm8KLS0tIE9sWTBLcmhO\nK2FPeUIrdjlrSXFEck1EOE5TbVBacVVidjlJRWhxbDZFQW8KQ9OtD5UJ9orvReTx\nzH/7lgN/o9Dw95wtkZ8rPMCjtsvDz8iRWxDyqkSNhByOiVdZqaYxUGLZTDOzWqyy\njgPDrw==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHZMYWFYZyBtV2dB\nM1dFb0k4ektVdmViTVl0MkdscUMzaWtZaXk0eFZHWDB0bDFsM1FNCmVFRTd2eSs2\naVB3QWdCbkllT3JjQ2tmblhSKyt0RnRXS0NYeW8zdVlTRGcKLS0tIElCZ3NHMnMr\ncHBacDNsOFJNMHBsQml2ZDBWQ3BTbU1OQk5ORmVzZTd4OGcKceSOzUipl/XHCLqE\n3JNs63dyDkZGt2yqZvJPXok4be2P4f+OrryGShlhrCMat9eZhMjx38HCI9e/viQE\nN3iahg==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjMrEzKQSq/0eePzgUGXM349sBm6GVCXoz+tJZJaBVT"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEtlVWxBdyA0ODZj\nZ01jWitsaUJOZlNxSG02VUJEN2xKeGlCSEI2eVZKcU83TWxTRVFzCkFRMFdDSVJL\nVGNrVEtkSFhtZ1A0WTFSVkNRRW8xTXFCZlJ6NUIzRVpJKzQKLS0tIE53NER6TEV1\nNzVwYmtDeHExOG4xcDNEeE5NbGY4SlExU1JzY1UwKzdBekkKAcSPiW2PDvuFUMbV\ndtfklbpQIvKLKdlL3QXIfas38/C+YQOASQf1Lc/uaXpNVIbxNYM/DR+MK2Rrw9yt\n+cFIcg==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEtlVWxBdyBOVTNP\nR24zNFNlMG1tT1hYZEdnZUUybzAxYUJldEs0V0lCaGlyZGMrYlhBCllSRldXNFFr\nTkhnMzhmZDVSUk1lbm1ScVVMYitxQ1A2d3BwejVBcmFsWUEKLS0tIG9saVM1OXl2\nVzF5UzI4NlVSbnpGWVI2ajJNM2F1anQ2ZGZGOGVOb3lUTlUKyMt1uJEZXdKBgAuB\n+MGszs/aCsFgQELMiOEaWgU8HhdY4prd/HUCzbRcuMdANiU3ugmk6ph2+UdGSU+C\nq84cMw==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIoX0wKjybps6ZHuvA+uwE1ThfWl87MApDLxCjCDUCC9"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFNdXZydyArdmdP\nN2F2K1hoRm1ydkRXZnp3SVArYkNJN0xJZDRQOWlETVN0clhZNGw4Cmk4UTFacUxv\nakRmOG5MaTNqMkdISGx0dUxoK1k0cFgxeEFsbGM4RjZsNFUKLS0tIGxlOUs4SnBY\nTzh3MFVpbVNFblk3OGR5MXgrakNCeGxWem9xWTRvbGs0Vk0KCop8w+Pt/Zg+kF0e\nRLR5yQfR3ZTUMJxeZZkoGfYU2GZvrwBXAlEzdRcRup/wiJ+vQ+hRMlCRoWFd+uTR\n1Q2F3g==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFNdXZydyArS3g2\nc05zSVVEcEtHL2gvUGZpTUU5cmk4cFBZU3hKMWZaK3QxQjdPTVhRCk9kYTIwajNT\nemcvWEZWQ1cvSWJTWjM0WWx2dElDUlJxbVZKOVYrdGtiQ2cKLS0tIHJzSzYzMTM0\nWGlsR0M0QTJrNms4RGNReWlrSVl4QUF4cjJNZ09MNVNuUTQKHpHvE62u44qFUxGZ\nhVmXNxSaK5h5L4ZZNjuEri0kWoGC296gi1Irmd0/WJ4XNJZXFAwC/9De+FlMZvro\nKkkpjg==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKZPhznHjTDifGroHiGRD3hwWz69B8NsSSPNbwWjfzgW"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGw3N2NtUSBaRW44\nL0xQTGVqbzI3ZzVKYUJMT1VKT1IycTFDdVMzRzZSWXIwUU9ZeHdzCjNOT2VsSExI\na0ZxOWFlSTRIRkI1d1loVFBaaERJSU9yMEhUeGNNRVR1NmcKLS0tIFY5QmJyUGt2\nUEVxRlpyV0d2ZFRCcmZqTm5ocjU2MlpXb05CV0IyejZFV1UKT3tpBt4PExiRdDBk\nKtvD4u6gbQtxPuuz2Pjm7cuX+GKF+3e8KwgaY+MiuoSmbNZz62/amHIB4zu+7v0D\n0eEd4g==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGw3N2NtUSAreEdP\nVS9tNzVDMTRkeVhHZkFiYjBlZ2lUNCtiMEhONk9RNk1kU204UzNrClk0cUxCcURQ\nRlI5bjBLZ1FCanNMamdGOG9uMC8wTC8zN1p0VTdsdE1DNEUKLS0tIDlCNXlNeVZq\nOW1LVVgzYU1jVC9Nb2tJMVZtRDF2WDJ2Yjd2MlpKdUkvYmMKmxl+9eCO7VB+EiAF\npohLHTHg64xTF+F4FH5wuEz9uxVHTlNYf1fqKYmYGei1HqStciNWGuoEYOrbJJjm\nbYAkuw==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJF9kzudl00FVTQA7nnSaicAJW2MoBKm47G7wefb6uSm"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpUeE1RUSBteGtI\nUG9HNzNDUjV6bjcwdHFEK3p3OXpMLzhVYXBZOU85Qkt6NSt1TTNNClJJTVlwUFh3\nNXkvSTBMMHJqZ3gwM3dIVk0xU29lOFI3ZDlrSDJHazZ0WVEKLS0tIGlILytsS3Y0\nVFdURXRYNjNRaWlaVHR3bmRSRWpPVkhLMHhGWWZ3K25NRVkKzPppkWVQYOKBJETP\nal7tyqByyqbBeAanQUqosPaNpsAwCYUQruOzb5T/rgw84R/BY2ZypPPD5ML9VoUq\nfAIVQQ==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpUeE1RUSA1WHNX\nY0F4MHlvTFlZZmdjZHNDditsMzhKVzJtTFNmdVQvTkNFS3BValNJCkk4dmF3bGd4\nNGFqU01LZ1hIc2xSSE1FWkNNZ3RDR1Q4UHNORFMxUGRmanMKLS0tIGc0eXBFL0VT\nelVHNDhuSzdDVVd5T2FBak5wSDdVOU4va3kvUm5yc0YrRDQK3rm/ohrwkGG2JTWu\nQEjLwkMKdrEJYPU4FECKN4wAOozH7QQjcABbD359E7dryNrG+SH9vPbZqTDMt1vw\n05KfYg==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDmZV9Oi9hrckXTpqBnDKRrY9mgwj+SJeVBGWmne2+q5"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDF2bHNJdyBNVllt\nMjB5MFJEKzdackJCdnB2MGkyNE9BY2FLZjFRSVFNLy9lYVRIbDNNCkdjUmpUR3FE\nbjIvaEJReTlQblVSQ3NpMnJ1czJ3K1dPaFpEU3N2SkY4N3cKLS0tIFZ0NnpTTXUw\nQU1wMitpbEVaNUp5Nmp1UFB2YnV2ekVQUmFYdXkvQnJlT2cK3CNlvILauo/f1z6P\n6sajvF3qhL1JAJOe4B9IdIPZHpW+JWx32q2Ocs+ZD/JJdbpLoHjMoP8JXvQudwcK\nuGRRUw==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDF2bHNJdyBOblRx\naU1ZRTBnWk5vV25yWjZWZFUvdWlhSTlWbmw3NWE3R214d3RHQ1F3CkZmd3o3MkZC\nVjg4UkEwaVZpWkgwZEg1Q1JHRnZDb2VnU3Y4YnpxMDdOUlkKLS0tIGJ1UnRiZVVC\nVUpTNm0wa28yeFgyOUQ3WSthSGpRTXkzZHNuRWY3UG5mSGcK1CJ4Lh1AMccM4363\n/g2Kfsh4KKC2R4kfx8nl4KbAVGXEBwBiYWbZjGIwDE7ROCA+OSZfc49OA9k4AXvl\nag+sWQ==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA+M/DHDlKgayM6wsiX6r704pE+2qENOsKcytC7sBhKA"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSBUWVpP\nN2pqRlNvL3JsRmQvMm5BckZUZFArcUpSeStzb2JxYjhQK3VpUldNClNubnZEdmdR\nWlNCVEMvSWF6TDdDV3lUeTBDcXphVHViekNOYVRSbHljc0kKLS0tIDBOV1cwY3Av\nN3cxRGtjTFhuUE1WTkl6c3ZoblMvcW11aDFPMkk2b0FwaXcKH2L6u+2DBbFd76nQ\nJ5JMcxWZv0bjqm/hj1Rc5XcPWMvyBvdSwvNppA4Wt4ntVB6M68WxlSeIVzd/qyYc\n0dI4ng==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSBQTVUx\nNHordWljQjAxWW9qb1ZXQ09SV3ByaFZOUVBhT2JsdUFlU2FRc0ZJCkkwK1dSWVMv\nSkxKWWVyMXRVMDQ2VEtSdUdoMStTVElqQk82QjQyajRCdDAKLS0tIFFRYW5aOFk4\ndHAvRHBDZndUMklpLzQ4U1NJRTdiUHJEUEsyc3pLSVZjb1kKFJxupJ4gGCcmh61l\nGeFgbiK14af2gIjv/S7Ut0aDis3HlleiDEI+5AXTg6mFEDm9AjnAbNrHUsCrw2bo\nMGLh7A==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINh0gA7reCRW+zQ5pPpIjoJGpaFQSbC/4K8B6vMXJVr+"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtNZGJ1ZyBjMUgy\nTzkxNUhNS3hoQzNZSUJGN0VoM1FHazBLNTJUQkZ6OWlwa0lwRmtrCjFQOXFwNFZE\nQzFiWTVTa2lrOFMrcExwTnlGdkQ3dngyWSt4MnUycWl0em8KLS0tIDhzcCtXc2tO\nSlJWTG9laHJCSkVtOGlqbEp5RllsdlRKQ2hCekFwYUdqaGsKfrLZqHjt+QgqmZjT\nOAUWU4rWBJW5cdfzAvJjhWXDFuugl4UOg188H5vjU+hfksJHRFWlaifGtM/YAa75\ncqTf7g==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtNZGJ1ZyAxdnBr\nUkIyWnJoLzJTL0RiaTFPbnNKalc3eFpTK3lLMmhxc3dOeE1YNXlnCjFyV2Fudndl\nbm0xWHNGRjZjejVJbHBlN3RONWJ3amlJdVAwcmRkcytPQlUKLS0tIGp5QW9SYWZO\nZjJDOCtNaDZCTkswYW0zbmlURXdkbG5Rak9SZ05CZmthQXcKvCd1qcqpsfyBe2tx\ngxa1+UvWYI9EGchXklNHtZB7xNHWwAg75H+HFzRi5G6fco0aN3vBvb0pbv6VqVNw\nZ6yoxQ==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEmYihgWHfnLw0f8uTfLokCwToLavzV/+k/GggBA4Sz/"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFFONEwvUSA1ZmYz\nYndzbmdZYURXbk84L2E1WU1CNGdCQ3gyRDNRb3dtcXVFSXlxVVZ3Cm5ubFFNMmVX\ncVMrLzRaaXhtK2pETGdGNDI3UXJhbmVYSjIrWElZL1pxK1kKLS0tIEg5SEJRd0pS\nY2dQY2xlM2RwbVRBSERBV3lXS0ZZSTlCWUFHb1hPZGtVUFUKW05lNjxx9/DbBja8\ntmjE1RkqAXxcCpQeJGBr0JLbU/VWrx8OvFjUEU/DzhCHOQFwuczZvHNLA03huUpC\nRp1urg==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFFONEwvUSBCN1RP\nc2FhcWZKc2FHcGg3c1BnVjZZNlpCUVFiZ0xXOFdtUTRCcnNFMERjCkYwcVNMN2Yz\ncGZ5TVZvSE5aT01VVklGWDZ6aFN6L0EwOWZ0YmxpUHVOMFEKLS0tIHFyWU9ZSkdv\nbnZjZG9PWWF5dEVLclRjTjd5N3hiR3Fma1lqSXZsd1gwMmMKYRNvB5n9qNUBjddV\nJ7M3d/4cX1hp+bzQ+xbq/4ruARNhB8pgNJLUGCFF7g0Plad136vBa2xHHSaEeIqM\n7hqwZA==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvT1RvcTidgpVYE0OPknc3f5HcAVpyk+rXXrW4AcbzG"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDhjWXRrdyBTdGVW\nS1FWdldmQzB5eVRScW5UdDlzaHBaaHM0Z1ZhcGVYRFE3cktFUFFvCnl5NENna3hF\nS05kdU50VkRDakgya3N2Mlg1MkJNNUdzTklZc2Q5OHdNOHcKLS0tIHBEU2VjMXVl\nNlJwVjVUQ0VDZzhWNkxHT21VRk1WemVsekZMeU8rN1hSMm8KZcqnDgH5U2VTtUUq\niErsn1QZsd/SFZFMuE9F+sXdekGxSgzCSltbjyj/29+AHZdjap1KjDqzVW1JbtwW\nCyFWOg==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDhjWXRrdyBFVlN5\nTkI3NG03djhWZkx0bmlNN2NGUlhaZW1VMFVUMndMR0FiT0xBa0FnCllidVBJU0U1\nZUFreTZLVXh6MW5ndnk0OEx2Z3JTSURGNHdRSEx3OThITjAKLS0tIGxHSEwyNGdM\ncHRrQ0N5S2dPSStCRmtySkdwNCs5SmlkblNvQTFKeXJWdE0KVBqZ/iZJKKXN3TYA\nmQ6m315UiEDQ7ySVx07G1vPcLbw03WQMQvyjPJWRxknSF6A9TboMe36QeuBtje1R\no/COdg==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEijeq50HS1g27BTRfJ8XWIPrAX9UVkap5fgIOCOtA5+"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxMnZyWlJoQnFrNW13SDkz\nRFZ2cE5nYVhrbHVrdTQ3Z3BZOHRxazI5QjFBCkNCSTlUcE43UVRIc2FzUjJSYTVV\nMUZBZGRCcHlRYis0aDVDQmNHOGxkbE0KLS0tIDM1YUl4RVNKNlF4aXNucVJjOVk2\nT2dMaGJYS1IwUCtTSXRpWElBaFRSQlkKETJbSLVGYAWBhFNQ1M/vjTsCCfstwIR8\nTqaiE3b3o5MX7Z2yocK8n4NJVM1FCTT29ZlGL3i1waVR3PA6fZWtRw==\n-----END AGE ENCRYPTED FILE-----\n",
-        "recipient": "age1eqcj2g0fdekj2wpqp4y0fg9c5myydjdt9zlr5scr0grk6fxszymqkpw5jf"
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyUi9HdVc4dFhmV0ZISVNh\nTEtJQTdMR25CYTd1Mmk4dUtJOFhWU3gybjBzCnJyLzlnVHB2QUhmcC9RblUzOGNk\ncDdNc3RLb1RmUHFoVlRyYkE5OTE5MzAKLS0tIC9yRzVna2dGalE5VmJqZHFjZHNx\nOTViT2JNNnJZdWJ4MWU4QTdWMzdTNDAKwcCEDnZA7BhNvPO+tEej1LcSDVEZYesh\nRyYR6p/09fdVNNndazEvI7MkE8g0kLXvCBz7C0tHU2LPJ+2Ax/Fy1g==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "age1d9h9mm3u5qalmpl2pf62pyzqj8t654n435emn93rutv0cg9sr32sg64fdj"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG05VmtkdyA2Q1F2\naFlOaVZwOHBMMURyVzdscGdueXgweFFDS1ZlWUpUMlB4eG5GeldJClZScVZJTS9Z\nWjVXdVFwZWJrWEpKeVljTmJrUmdrcmZ4aGJTcEtzaVlua0EKLS0tIDdLZENkRUEv\nRDBFZlRxUERQREYzLzFEcWVjZ2JYeXhsNkRyWW14ZXVKTHcKGPs6bKQSyLNAEFiH\n6X4TFhLXlwe1NkA/XOXFYCoab8lV1tsVOi1MTPdu9Z2+5rftmNpiWpG6aPAVdbXp\n37y63w==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG05VmtkdyBpS2pP\nZ2lKbDl0Zkg5MlYrTWVRQlF4UVNiR0paQng2MjhkbnY1T2ZtbEVFCnlmejZZamM3\nQU9lbTlOMTU2Rkl4bWgrK0xPN1RONk54TDFuYktKVVRBR2cKLS0tIEdrdGRJUXFM\nZzBBVnpUdVQ0Vkt4dVl3dTdNMHJkSVVkN2dkM1VqcHBWclUK65Xg/roX7lB/imMQ\nQYndU4zf9sI7k2pTfEv1Mrx3OnrVvK7KT88h+hp+rEuAlFc8uH53Ky3fUEQ0DYzB\n2EybuA==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDuzbgoXZccZ2w/9HGgUyT9nJH7lG2/jfQCZJudY4yAN"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxZ2pYMktJSU5mMmFtSHcv\nUmlRdUZWVFdHeDNSNWovVi9oL0FTcEVyU1E4CjdHbHF3MUF1SnJxY1JBdS9XbjNP\ncEpON0doazcybnhxMERsRnZXcWtQcWsKLS0tIGxXTzAvQjV2am15Q0hMbm5vbVlD\nR0p4OEZIbXJLdUVsRHhZLzhwTnNZZGMKHpLx5qzqkXw9Go9R+BPQfrCGPCc91bqz\nN6YJK1el+m08sXl+0vjBeZ69WKi7gQYPI879tqwLtO2BpaX6p21GcA==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1SnFnZ1E4VlRWYm0rcmZ3\naVp4Tk91TUVQalk5L3V4aDlDbGNXcitQbGhvCkR3ZjZldlJDNTh5RjFjL3g5WUIy\ndWZtNHB5SWlMQzVsWGh5aEluNkM1cVEKLS0tIC96Yi84dlJCVVMzalM3ZDlNaW14\nNmJlVVA2dGVzaUpYS2QyZ0V1RTgxSVUKEC/ZJm0XD/eEEuvRgvJfIjbWnW7Osx/W\nXzPSj1w8ycV5RvHd/EHPnhsE4lVpyRxcQaIoaQEp7t6gBMW9WJzopQ==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "age16wuzuxnkcgfuxzvzgk5e5a5f6hhs386adjewyv54m9esr4yj6uuslpn6tp"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvMU9JOVpWTmh5bFF6WXdX\nZ2EvK0dGa0hHYWVKb0FTZW9pRDhVYzlqWXhjCmNYRmZHQTVEb1FuMTJrS0FzM2NI\nZ1BxR1hhQndiZGpieG42Mkw2NndGT2sKLS0tIHAzY0Ezc2NGTkJleW1CbDkrZkRw\nbnpjM2laSXJsK1lRYTFnYkxRMXk4RncK13Eqbo/OIFD0wFrATpFj1CPVeWl6pp73\nVIl1Ly89M7e5iGTU/Cg2ePYPAhUjsxM1cfDJv0T6IcGzMySGWQa/0g==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0ZmoyVVRsRlpSMll3SGdv\na2srQVlYdnkvalFCY1luWVFrMVE0L0c2UXpzCmZQVzNOZzczSmh4OUYreTVGN2g2\ndEFpem1RTkMrcWZXeXVEeHk5WTBTT00KLS0tIGF0QTQ5R1lzdjFnbis2TXhlNzdx\nVEp6amVuNXlqTnFtcTgxTndMZmVNSE0KO1eoy09G1RG3BjX3eBd62mfYeqEepx0l\n+zObcGWN2LXbJfGvrFsax/ZsNnRrNi98GZtmVEEVdPEsUnXKjHIaXQ==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "age16rkvks3tljju3y6xu0l7luhjzx634et97g3xe58xf2dgfn2865rqkq6t8f"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDRTOW45QSBFM1hh\nd2FsOEt0TzFkSGNMVDZtM1VKYStsallsVTJLUGlWMm1tM2dteno0CmFoRWdTNjNp\nZzc3ZU1rY1RwYnQ3ZW9Ca0x5WFY5QVJBakQ1eUswSWNMdTQKLS0tIDVrWk4vM21Z\nNitLTlVMdGswRXNsSldrMlJtTDM0Y1RXWUNxQnNjYXUza3cK85UFTdqV+FfnTzYC\nUKILACnX080JVAtcH8Ecab22n+OL2Fin+J+DSj73zj8APki0TUEPXPebabXCFYnG\nUi1vhA==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDRTOW45QSAxZGZr\nODhOa1BRNHJGVGtTbUNkWVppeHhtVXhIanZkV3ZQcmVuemVERTBZCitSRDdrZlBR\nSDdTRFllQlo2MGhiZ3FjcDJ5dk5CSzU0ZzNsamtmK1IzQ3cKLS0tIGxld3NUd0xP\ndjB1RWx0VzZZWm5XNVBIME80U0s2d3pDdW5oTEVnM3dMRVkKwSG3tOQBn4Lg/Mzr\nTCusfEGBik7mddmdiSFdzVg/N1GrkaqmcOXC1TlnbfDWrT4tkDRH6IJ8wZtcdsVy\nIs2Smw==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFStro05R+CPmjWMHWtzXUKfGll+OosoZtXAyPtngN7T"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDVucGlodyB4ajBl\nTmp4UFBhZ3lxR2dtV2dCYjJlSUVrQXpqZFJUMStNQnhQTXg3WW4wClhrYXZxNnpW\nMVg2RG1BMlVkYjhKQ1p2OGlwTE9PMmlobkRjSFZQRCs3T0EKLS0tIDVIZEpzc09S\nY29FK0VEVUpYWkFXelJvbDNtSjIvVXVGL04rWlN1aXo5b3MKrZ8g3t3BGgxmukrN\nxIytofVBlZUGmV5fsXdTTVHq0zyfxnV+8Uvrwkld0EqD/rfEzYkYGxB0mVmKaFrK\njtVqhg==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDVucGlodyBGdGZG\nRjZoUzZNT3hLS0x2WE1XWkRTNHpuVllwd1FseWhFR2hZNUVkSVFnCmpGdndzUk4w\nRUlONXlhQzhpYUcza2N5ZUZqLzgyS2hSV0JaQTB2REIyWW8KLS0tIDhGTXBzWm5s\nWTNFNE02VUZKd0RRWkxKM1EzUVY0Z3E0eW1zeVpzR0wrTWMKRr85BJC/87QBQqKk\nFgIQzEoIMBZF7xCk7eaRr3LwqrRtAc7zxQbwnBdtVFRMhdydsc2G8+8/1nwGKMi3\nCM8Y6Q==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO5qner13Q0fm5NhdXMx2nkt5kxjC0/SVY2FXh01OiHN"
       }
     ],
-    "lastmodified": "2026-04-24T02:42:10Z",
-    "mac": "ENC[AES256_GCM,data:tJBBu61gGoRmId/VCSthlAnZRAsfFjR4Y32NMwx3PWZzIvNW6ySizsOCtmks6N5xQwt9OXFz9s+Ptebmt9jYy6CT+3vl1fbZBVEYm/zy0m1nLSn9vFQcUzZ7G8+BDclheeJRDz1LP1W9umxx8CVqQTLC8o/VE8tUEPYkE5ovGbU=,iv:6sM8A6gUoNv6wU0uv65Ic837dY97lWxWJ8pKssnvngY=,tag:SWDQd2YO1XBxSrkopYYViw==,type:str]",
+    "lastmodified": "2026-04-24T14:30:26Z",
+    "mac": "ENC[AES256_GCM,data:dlWe/HpQt8mNp14cXYzYOuIWpNWGKqAwNEQhASK8Yi06fL4McW1fYKCjgDWzycEHTzFuTdiINIPIgu0LhQxCdQpKhu8oamwLkpfLAqntjFu4q9rLLs5Hq/Vkf7H/guQBYW0YzCqqMu91eoExf3vTxzvAIYpWTT34Zyn3RKiPZe0=,iv:o6m6xKBPiIf0o6VKK8ydhjxX8hM5xFm8QMaSDDS/hko=,tag:6vhlzjPtTO5JWIEF+vq+PQ==,type:str]",
     "unencrypted_comment_regex": ".*",
-    "version": "3.12.1"
+    "version": "3.11.0"
   }
 };
 
diff --git a/packages/gen/env/src/runtime/generated-payloads/stackpanel-go/prod.ts b/packages/gen/env/src/runtime/generated-payloads/stackpanel-go/prod.ts
index 15e81780..e56615c4 100644
--- a/packages/gen/env/src/runtime/generated-payloads/stackpanel-go/prod.ts
+++ b/packages/gen/env/src/runtime/generated-payloads/stackpanel-go/prod.ts
@@ -1,70 +1,70 @@
 // Auto-generated by Stackpanel — do not edit manually.
-// content-hash: a8d411aa72de1af9d191a0d6cca9f52656bb43424a8b70ba6c2c7d2af9f8c77a
+// content-hash: 580bd3d3235f6e37bd578ec4e09a32073e3dba5d4f900188a38f150d0f319ad2
 const encryptedPayload = {
-  "STACKPANEL_TEST_PAIRING_TOKEN": "ENC[AES256_GCM,data:1KAk17eOd3c=,iv:tP8XxladEexB9e3h6bHlYjAovKMjm3B7G/DRg+VpqgE=,tag:7B/ux8dCG6GIQ6ptEMPjRw==,type:str]",
+  "STACKPANEL_TEST_PAIRING_TOKEN": "ENC[AES256_GCM,data:gktx9n9vFc8=,iv:tF6nUwepSDM+kJ9eF1wzMA35dshD+pIGQ6pm7GBO4ZY=,tag:Vksz9DENJggH54BBdTc9PA==,type:str]",
   "sops": {
     "age": [
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHZMYWFYZyBiTTJ6\nZ0hYZkdEMEMvNlByMUQwY01tcDFKdDVRc3c2QUtmZTIrRVl6QjFNCmlSaUlzc0p3\nMzUxdXYzZVZxZjMyTlJ1cWpTeVV2NmNzZGduYmNQQXp6U0kKLS0tIGZZbnZGRUdq\nRTRySEljQU5hSndCTFRoWWEvRDI5dlVxZzFQbjByOEdORVUKOYAv5tcPGH9GXwWF\n9lVW+oJojILKiIF+iW+a1A0yroEMzG8rZo2epoSN0lvgWC6tTP5QJ/67EC3YBOlI\nsVB7Pg==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHZMYWFYZyAzU2JC\nMWVScDN5N2ZPT3Q1b3NHTkwxS3JtQ29wWmNPc1Q2L05YNko0cUdJCmlna2NzdVNk\nK3NQeEtuRzdXdGYwZWdPMk8vOEh1Tm8vL0owTWhoZW5ObE0KLS0tIHdhekg1dUVX\nRVRVYnZadThjaVFZaXhYN2lmazQwMUMreEZZeWR4d1J3dmcKQqIpLGm0GkBOsKqj\nj3wm7HyGeChNOGvGr7NLqrclePrKggMiZV9XErOg6J6AJoXXF4OHTtNvqZ2o6QwE\nouorZA==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjMrEzKQSq/0eePzgUGXM349sBm6GVCXoz+tJZJaBVT"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEtlVWxBdyA4bVl5\ncC9VcVFrLzhEMlFNWUY4TnlDcEdmcGxuRDA5dFdQUk54V0RKRWlvCmtRbGhCSmxN\nbHBDNlZnZGk4cHduOGhkblFHSEgvbklKNGQ4MHdjNUtqNkUKLS0tIExCZHlXUno3\nZFZQNEt2YWlzVzg2VlJFUnlqLy9mc0FucGtxRmVrcFQ2blkKZufr3Fuu2tJ89cNB\n3sZzQMn2QxiLQPaRkCo1FaJ1oXMfymNg36GuaOhfQINyn3f8pgXS5rA0YLVO15x9\nAodTgA==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEtlVWxBdyBvVDV0\nNlh6czZYMWhSM25iMnNCYmhwUEtxSmQ2emI0c1hKa3JuZ2JTODJVCjBIK0V3aWtS\nQnpKL0ROWXVJc01aWk1RS3ZteWoxUXdQbS80N1dOOFIrYmcKLS0tIHZDTFdHSGdj\nRnIyL1N4bTN4UXVXenZaYVZKUTArWFM1b1Y4RmZrcmVWSXMKz+4nMHe3+IXQDFJT\nJxdm3nZtFXv62GSkwuRGDZwgMqErGu7UOhkdWU2DSzMdON+kl9MPrsaETGU73/s5\n1b1+pg==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIoX0wKjybps6ZHuvA+uwE1ThfWl87MApDLxCjCDUCC9"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFNdXZydyBJNzBJ\nRWFreWZCNi9PMndKR0xXbVY1dTRCUE56elRoSVI1QXhsL0pVUXlJCk9STDJKUkZy\nS2x2OUcrUGhlNlRCS2FqLzd1aGhkVUxZWEJoSm9xaUxtR2MKLS0tIDlRbmprWmFk\nMFJvaHJVamRlQXowRFZDUXBwTGdpWVQzOXhhZUVzS2JXN2sK51gds2PMMs8W5Q+d\nEAkCwKqaO+50SSmu3R4cEiFTme0KttTI3arFltUcSjAdn0mg8+B7C2xyp0FKzmOP\nP5ALBw==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFNdXZydyAveTFv\nS1d3WnFHZ3JWS0YrQ0NIMlhMSnZTaXVhalJjVmU0N1pRaEx4NmxjCnVGS01ybXdD\nN2tQSkhKMStMYkozY2hYeGkrc3kyMjIrZ0RVdEM0STZ3eUEKLS0tIGVrQXozdWxV\nSElEenZGQVpNMXhqVFpyK3BQTFhDY29uVVJyUjUwb2RSVVUKwMEMyvGQ8g+vGClc\nd2L6eFTWZHjM0bHHPxFguUfYiRVtakOj3cegBLmsVXltwRHVQgXcm2xArpokbJN1\nPA2ORg==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKZPhznHjTDifGroHiGRD3hwWz69B8NsSSPNbwWjfzgW"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGw3N2NtUSBBS0ZJ\nRlRDWCszbDFMS20zK1pjSTZPTWVTZVFNM0R2THl4NWFHNmZQdXprClJJVGY0akE3\nN1ozOU1za3M5WmtkUlhsM2YrMktYQXYvcWltSWNQbjFXT0UKLS0tIDVsb2grUFNv\nWG5GR0ZVdHlNK0VENFpjT2dwcG94OGZLVUJYTlFxLy90eTAKYgfhjdqNBUs3n7Iu\nXKOBe6+Oi4xApmaLRr3vYHgOUXonCRR61XR6ZWMgMQGvwjf3/wL0lw+ULUyQAqZb\nvWIGHQ==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGw3N2NtUSBrRWZ3\na3NlU3pzTHZkelhJd0JDYWFjSk9lUHc0djl1ODJFT1BMSzFRZTFjCmo4OWV1MXF4\nMG1mUDAxRHBaRnBPNlVKejQ3WTBKUHZNdytZaU56V2Y0QVEKLS0tIElXTmhQZDlu\nSHpvRmxJN1hra0N5RkVHZTZBYmlFV2VBejV0RkR3VjM5d2sKKCjzjKArEfSuYoth\nqkd2uRCfaC9mhO7PcXcWF0hLj6PyNfojzwfbv77SLCEVHWnJpCsw0/dmv/qJtMOc\niF914A==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJF9kzudl00FVTQA7nnSaicAJW2MoBKm47G7wefb6uSm"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpUeE1RUSBxZmpV\nSTVycTZQeEFXOVVKRUs0T2k5bnZWYXFubXBPL1R1S21vVlpQclcwCm8rZ3kwT3ZZ\nZ2hMTWJTOTVXdk4xMTQzeDhRSnVNT08vYXVYanFKZUpxVHMKLS0tIFpDYUtjWWZM\nSFhkcTgxTm1uMU9CV2dDc2hGL3BheUFNNWdrOGpuRGtVQlEKJoxHoFG3MTKxVDb3\nIodWUvqbn9O5OHNQWvY9hfczem6KxNMaUV5DM5mcNmmR0JOLB7MrxIbYeLTCYmcI\nNUxN6g==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpUeE1RUSBLZkZJ\nRHlEZWF5Tk8vTDNNUHAyWlYxbTFHUHpENEluaU9mS0dkME1hWWxnCjZyMytsYSty\nSTQ3RFNEVVhkN2lUYzVkUEZqeis2Y0FvZ2MyOVhVOXRyVU0KLS0tIDNxdjNYRmw2\naDdmY1dydTA1Nit1ejkvMWVrZE1aMFRFYml5TnpqWS9SRTAK/RJ8bXDy/Z8yYUUz\nA93HUZLe7NBKthIm7wp3kg2pWkd3bIPRFCPklDHtWXG2py4PZKa+xpAxk3ECPJ/a\n7/Hx/g==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDmZV9Oi9hrckXTpqBnDKRrY9mgwj+SJeVBGWmne2+q5"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDF2bHNJdyB2VUk2\naklLOWFQREdaYlJzcTM4ZElXQzJGdjYrOVpueFo5cEJhd2U1em1NCjFDQzZla0Nn\nN2JsTmlsWFR0MTZXQ3Jwakdqb3dSVlBlZGloMm9ZQlBmaUUKLS0tIFE2Zm5GdWZs\naFg3UWYzWkh6SVRwNkJWSGlpSFdRTE9YQm90bndiQVVFc1UKi6W1qKhgSHs32s6u\n8sVqYbTfNZafKfS0DNfSTffZGXk0e+dcgnthi3kohTDrDkOTEIEJFrPfuukGo+GS\npexXiA==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDF2bHNJdyBNMU00\nSEF5Um1ZaG1Nei9kdmpoQnRTbmRmWDlyeW4xZkVqbVlsTjkwZWhVCm5EL1dzK3VU\nNHdPSzJUSDBYdFVCNTFuZGdUSlZ4eEVlay9ScUl0d1NObTgKLS0tIG9GcGlTd2VC\nb0UxT1lON1VQcVZxbnVDSS9ncmhjMkVBeG9oSHJTaXNhRVUKNtVwwR8y4GvuMrLK\nknMmlqdxYn3BJfw38F+SPKsnbJzzcOrwZEfD4qvkpBZptTd6JvbEAM3KF7T5fwdz\nkYLQLg==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA+M/DHDlKgayM6wsiX6r704pE+2qENOsKcytC7sBhKA"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSBBdS82\naFNHUzZBWVdXU0svTGtyZXE1UE16UFJIWW1ESzhjeUJTck42TERzCit5c3A5T3Zr\nZWlwTW5aV3VaaEYzWmFYRExZK05NZnBaUE1vWGI5ZGlaaGMKLS0tIGFJWUVwZktz\nU0puQ0JoOXVhSHErWWRqcEpLQkZ1REdsUU5LcXNZc0dTL2sKorD9++bNoZj2ao6H\nw0+MoJMETAj1sAd8kVQlGzkXZRr/7uyDI5k0mfTWfylCDQToeUjHck6fjTO/v6sN\nOQW2hA==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSBzbVFi\nazVqenBRNTN1RlF6czNBWWVBcS9ZWFpCbVRxMVFXZG1ZVFp3QmdJCjl5L1ZnMmJn\nYnZ0ZUJKNGhTcEduRjJhVmdhVThQcERxVTN3UVRxMFFqWmsKLS0tIFh2eVdNVWFK\ncFRhcDZXOHRNeDNvUkdBQnZ4UldIM1VneUZES04rQ0phLzQKPWH0cZ3BHhAkODxZ\nvs0Ita7fafVu6KFlAiViDTiVvSTNQxU1p/RgywNuKdkWHEjEw5RlU7acV0aCpzEt\nHbAHqg==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINh0gA7reCRW+zQ5pPpIjoJGpaFQSbC/4K8B6vMXJVr+"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtNZGJ1ZyBqZnQ5\nK0hDWk9BN042aHFXUkVFcWl2YjVwTjd3V0VaWTQwZ29EaXVXUERnCm9zMlhpZjVw\nK3ErSWNIdlZpSWtENXBLMmd5K2dZYVpvY2ZNeG9MV0FKczQKLS0tIEdtWVVPRG92\nS3g4U0hKUmtYems3VjlZWUJiY1hzMTk1ZkpuL0Jhb0t1blEKWMJ9JY12U6Zt8IQc\nfH2BU1T+jAyL+EcE2SM5mnaqMMlexRIKEXfND4XpqiRBDqJBBm1er9dVmFVsz80g\nyHqAVA==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtNZGJ1ZyBoaUJH\nWEhld05uZ01MVVpGdHZqR2hIcjkwZ3pIZE9Tb3ZtR2g3YkhOUDNNCk5CRGpLOXNS\nN3dobXFnRDhtL0UxVEkyckxnNk94TlFWeW0zb3ZPOUxFdlkKLS0tIGE2L0hjM0VU\nMXB3dktwSXBtUXIvRGFPcXdhSk5oUEFKejF4eUFabE9vRmsKco1lwSik1fXkjZVl\nwyLiQBssJrf6zJynwXJcjoBaxYda11cDbw8x9qB2Fd6eA5C724zT3HzQFBoVQEGi\nvPijaA==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEmYihgWHfnLw0f8uTfLokCwToLavzV/+k/GggBA4Sz/"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFFONEwvUSA0Skxo\nUmhOUzJuS3pRYllXMmVxUEU2RW1kM1E5VFpMNmNSVzY0ZmU5Y244CjZOVTNSa0wz\nSWxhNWNacUllRGhxT2Z3ZlovSkdkOVVzRDl6MTNJd0hVbUEKLS0tIE9wRjVRdTNm\nY0NCb1BnSnl4WVVjQzVlYlZ3N1ZOUEtXNkNJL09iM3ZTSEkKx8sjzfhziG8tId+h\nCflxmZqBOX7LGSAEcr1qPLu3e5cY+CmE3H4S8HpvlwhvWlNJXcDOgs3BYWkCbzpj\nisW7hA==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFFONEwvUSA1S2lK\nU2lwazBsWWtEK2taL3FlK0xnSDBjYlFRSmxRdEIyRzJKR3htNlVRCkVTc1JQb0hM\nMlVLQlVNR0VMejRDTHhhd2dBczZJZXdJVkdYcDQzTmRhY1kKLS0tIHVkd1IxR1Iv\nRUx2bTVlYzdJZUdMZWs5Q1hmQTRTc01ZUjQ5V21XLzJPemsK6qVOVk+SDVoYeQD0\ncpf7kDmG5CMacZzQ5owdxOzo7jAr8h9H4hh0J5jYdU9rmWNsBtSUl1sCLnhic/Bd\n3IOsBg==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvT1RvcTidgpVYE0OPknc3f5HcAVpyk+rXXrW4AcbzG"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDhjWXRrdyBXbTNl\nSW1VektBcDllUDEvT1pvTXFhSGRzQjA1L1FVVmlvaW9nWFNoZm5rCnpIMDUraWdR\nazhncGJIRElJZDN0K1FOZnNjQlM0b0VZa0c4bXBKOTZQMHcKLS0tIDJ2SlpOeHVT\nZVVOTzhOQTdwYmI5bDZNYnZkRmFJajUwRUNkTmxZYTlERUEKYbSTNg8XvZVlY0GM\nu0hMXrnA5WnTfVMxR0YE0nBpHu7Dy40MVbN+rZdYRnQeAsE+VEiXtbyDWKhpGUMa\nG50y0A==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDhjWXRrdyBtbFpJ\nNFhlaWNLZWgvSDhxcDdnVDhzTFVYRzQ2OGNveklGME9hM2xMcUJvCksxMGM3VWpU\ndGFDNm5sK3l0ZllaVTNoYlc5cmUwUXZSWWdWOWQxZmJ2S3MKLS0tIFJ0VFpSbUxo\nVGg3T21WakVieUFRN0h6cE96UkwwTDVLNXNsVmxMeFA1RTQK0s/0MCcupPpIr5hd\nKYw02mgXpR/Ml6a2qtCxOf6iqP6IB6a9e6eY79e9R+Qh2I0/8CHLCyb5VK1Jp/1g\nWR4sgw==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEijeq50HS1g27BTRfJ8XWIPrAX9UVkap5fgIOCOtA5+"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwYkgrdzlYcEtJNkQ0SkU2\nMldqTnFXZnozbTF6dXZEdHFqOXRibzZRREFFClVaVlp5V0d1VTFSRDhZSnlMWksv\nV3FqVGQvOWY3WHdqTEJ3U2xYWmpocXcKLS0tIDNkYVFPM3JlYmJqaDR4Q1VrRFZ2\nQ1hYb083Mjd2SUlEaXI1ZWhneHFWWEkKpnOl48evKfgnFfHTcptU2vOo9miQqkk9\nslzbylcDc+CRC5OOpqcqVuuX7WO97zUaGM2gMAFH2N/XboKkWtE/8g==\n-----END AGE ENCRYPTED FILE-----\n",
-        "recipient": "age1eqcj2g0fdekj2wpqp4y0fg9c5myydjdt9zlr5scr0grk6fxszymqkpw5jf"
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5Qzl6cmtqZE1yNEpubSta\nR1BjQjFaWkRrek5TQU5DOVdHdVpEcFZOZFh3CjJBSVJJMlAvc3NUVHZtRUhmaWpH\ncW0xWTNyKzFLZUxjSjBpK3o5Z3krZDAKLS0tIG5vZ1VYbzZTeGRIMzZuZUhHQ24w\nMEFaMkUzS3Q1OGpQMGc3SDFMdjc2N3MKIw81SLciDODAJndleCOkOHCQcZ02AQr/\n5vCEpwfUPk0lLpQvQksx/Oy8fqChKyGkJ446j3d+dg7ld35j6UM5yg==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "age1d9h9mm3u5qalmpl2pf62pyzqj8t654n435emn93rutv0cg9sr32sg64fdj"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG05VmtkdyBFbjk2\ndEVNY1I1a0RiZEREREtFZkxySmw2Q2pFY2dsRnpBOExqSittcVJZClpseExGRm90\nOUZuYUtsOExpcXZ1TENPaGdTTlJDWG50ay8yRkpadFlhRlUKLS0tIHAzNkZuaUd1\nQ0lvbkRFSzlodERDUXpZeXRkVDlGK04weWpTK0NXQ0NMaTQKdQqhdUYvULAYBvsq\nLGLhSVhSzX+G3YPpGUVGC0PcW5sMG6D2fGhEmcD28L767PBCtoGFjjztqWnDkUDF\no9/5aA==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG05VmtkdyBRNlVs\nbm1QdUQrRDNOQ0RaRGJNVkRrak9qOGRyTk14UTJaeEdnYkQwekNZCnF3NUhxNllp\nYThLd0dWK21GRlYvMGlLZnpwaEFNSTVqeFBIT0NrRGsyZlUKLS0tIGczVTlVcHFO\nbTZYUWlkOWplaHV5dHBYcWZlemhpWWdwSkI5Qnl1YXJpL1kKQpXrjcSKi2UGDt+e\n0AAX25X/JmhxZlyQYIpYOEy1OcWDWvdtaB9DF0Rof7nAQLqV+DpVfSJhy9lsruIX\n1mNP6A==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDuzbgoXZccZ2w/9HGgUyT9nJH7lG2/jfQCZJudY4yAN"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDRTOW45QSBndDN4\nM01RejBSeGkzejRtYU5iWi9LcFJaVkczSEhrd2RKUzZuNkpWY0JNCm5LSE1BOG50\nWThTOGlidElWWGFxLzRFbWMxQ2g1bVFYZ0tvKzBnK1JwdmsKLS0tIEtDbzNMZEZO\naS9aRmVkVVREZ2hraDBYT2xuYXY0Rzhxd2F2aTNvWEVoOXMKkxBuPGg5t7+oM+4c\neq8k0dHpfQKkquotzAJSDyaQlSY6wqCtZeX50Xc0slsORfExjAUKKfRXKI61BqWF\ngQQTLg==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDRTOW45QSBncjhh\nUklQT3ozek9iM3pyNWMzcTJ0eXJNYlhCMTJjc2pZcnF2QW1vblg4Cjh4VENzNHhK\nMFF0Q215MlBpUDlVZ1h0NTVvUjZQUGhEZkVtU3V3VWRvb2MKLS0tIHRPSEhsSjR2\nZ2RqRFdVcnRJSmRJOVpXY281U1FFcEo1VjdNREtYWEloZlUKGHRNMdrHRFudBP+R\nUphxjfW2KoDTJEhcSUyEuBJa4IyY5pYSPEawkvZFmf2+gHxTDU31beBP/zj6f5MM\nPZff/A==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFStro05R+CPmjWMHWtzXUKfGll+OosoZtXAyPtngN7T"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDVucGlodyAzdFRD\ndHA0WjJjL2tXTHNxQXZwenloRTIzKzZ6dDlXWHMvTFNpZkdrSUZ3CkdmWGMrNGxl\nMlU0MWt2RmZ5alkxbUY1MWRNQnRBMG92emJmRGNCdVU5OEEKLS0tIHUwc1VXQjBu\nR1RjcWgyY0FpckhnTHdWOFM4ME5scjV3MlJKdDQvYTlBMVUKlfIHlbr+CPYBU45k\n+42ft54vwU495JT9Po5rWr7wB8C42pfLr6f+nlgSPH9xDAd41c9LG94l7G61Qa5K\nhfwQTw==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDVucGlodyByYmEw\nNUJtUmRPM2VOeThsMHlhWmk4WDlTQ1k3aXBRTk9ZYno5WnVzZm0wCk92SlFJcS9R\nc2cvelFxa21nTXlEeFFVUUpoM29IM21OK2QxcndERmUwdjgKLS0tIHV5dHVVd3F6\ncU9vbkZTTFUzTkFHL21BR0cwQmlqOFlsUU5Eakt0dnNCYm8KJEk5rsEvYsc53xHE\noEu+VrCFGaXmX+gEpL+j980RRMiB3WqM0UJtLWyI5tnNR68k0CSXpF/uccr0C2Je\nHCkTDg==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO5qner13Q0fm5NhdXMx2nkt5kxjC0/SVY2FXh01OiHN"
       }
     ],
-    "lastmodified": "2026-04-24T02:42:10Z",
-    "mac": "ENC[AES256_GCM,data:O3BejMzmVTVJKz3wsFrE5rcYzvoqGF4kiyl9WpElADAYUYOYe0fEMDvH58DibAIs3gcbXXlIcmkQPb9FudYPgirP1jxmCEShCpRDN6EwkPo9nLwJZeuGoRYM4Xnu2JA5/NtS3U2ivqltuOIeVlyKA5jZXBBK+z4+VPRjsauua9M=,iv:lUciopf5oUTHeKyY4bi4XTdAWO61LfSZbkVxfHfsGmw=,tag:KxPXVi0ziEskZ8UH3KxHpg==,type:str]",
+    "lastmodified": "2026-04-24T14:30:26Z",
+    "mac": "ENC[AES256_GCM,data:Xmt/lxjHie4EUNZvrYg/N2GsOG0pXSpZ6/o99aW+5IXu7Dg/XYWj11Ybpwnra7yMEgyaGqJVDyqibPJwJtpyrwHQ5BsR35sZ3l1T4jChmzMVGAOzgOs2CFjpS3w4rRGBVHns3M5Mf/uKnsTD/xC8TAtSkz1DzVWWqTnJkNziEZY=,iv:TGI+8eUn9NnP7vFHRbt04bSKkKC9kcy7Yy6bKwMlSeE=,tag:8yGRSEE0nzL7STqpZRTv8Q==,type:str]",
     "unencrypted_comment_regex": ".*",
-    "version": "3.12.1"
+    "version": "3.11.0"
   }
 };
 
diff --git a/packages/gen/env/src/runtime/generated-payloads/stackpanel-go/staging.ts b/packages/gen/env/src/runtime/generated-payloads/stackpanel-go/staging.ts
index 09762979..5a76a231 100644
--- a/packages/gen/env/src/runtime/generated-payloads/stackpanel-go/staging.ts
+++ b/packages/gen/env/src/runtime/generated-payloads/stackpanel-go/staging.ts
@@ -1,74 +1,74 @@
 // Auto-generated by Stackpanel — do not edit manually.
-// content-hash: 35d74b75b1304a81c98e8238478d7c76bead012c3de5fc26d6fcaf56a231f8c0
+// content-hash: c15738cb589e9ed07f2e86802bc143e52783be5b2c2fe404d6dd381a7713e427
 const encryptedPayload = {
-  "STACKPANEL_TEST_PAIRING_TOKEN": "ENC[AES256_GCM,data:QqKYuoYf0to=,iv:7GRvZ4LCUJIP0J2SYBP0Q+zLo0fBbJMywa3OUDNlVM0=,tag:wWJisxWUsvPAm5FQonEq2g==,type:str]",
+  "STACKPANEL_TEST_PAIRING_TOKEN": "ENC[AES256_GCM,data:WjeCaJMteJI=,iv:9ZK6fcnVE8gf0xtIdcBwvIYlz3iHbQniHYLoiKXcx44=,tag:kLOm+ioojpWtpuxXX8MpGQ==,type:str]",
   "sops": {
     "age": [
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHZMYWFYZyBLaHpB\nTDk2WDB3V0JyTitaWWxUd0gzRzdkeWdUTS9yUU1nbWgrbXRwWmdBCnNEc25mRStz\ncUMrY3U1cERtQUtJb3NpSDd6SEVvN1RqQysvWHNSaFllTmsKLS0tIHBwczRIczZa\nb3pZNGpCMnRCMlgyZUdkaHU0Rjh3RGtFbzZ4Ujlpa2hiT28KmN07hrozRVleHC7n\nOCCSC7FOt9twYISeGoPzbaRYulDilgNNLtdxan8NNLXd67saZ9iHelmKkSJ/X60x\nxg8TxQ==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHZMYWFYZyBJc1Fq\ndENkRExEZ2pQTGtrRlJrRkFpV2pwV3Z1Ry92UVlXeFIvNG5ONGs0Ci9OQk9TZ2p0\nTjQ1Zk5ONlhiNlZxZHJFdlIwaEp1b2l0N29zVXkzOUJ0cDgKLS0tIG1UOWpKT25J\ncER4dk5GUnVwWE1DdzRpMnBPNFJLTjQ1azZaSDRxdG1JOXMKzgDY407Pa11r0R7D\n5yjl9+PSdSH01Ti4YrsGmVHhJe/ue9Qhz625F+ARQLn+E8tL1OxMC+TkDMnnDsXZ\nTNds0w==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjMrEzKQSq/0eePzgUGXM349sBm6GVCXoz+tJZJaBVT"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEtlVWxBdyBTeC9j\nVUw0QTJrcGc5QVlwSWhnYjlXTTBUS1FXclJLOTcwUWVqcXoyeXpVClU1SlgvalQw\ncUxhL1NpZExWMjl5QjFHcW5CVW52WHZzRjYxU2NtTDJRaUEKLS0tIC8yNUo5eUFJ\nSVdLZURWSjIxelpEWk03d1FzQ2ltM3duWWxma2QyUHc5V2sKa0irOQgfBHNKJmdK\nGQ+Qc1uAOK3hH0W+u4j9IRHt2PkXyieAtG6pSK3nLbYaE6ZfpQD43jysBzKJg6cu\np4o9Og==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEtlVWxBdyBuZlhO\ncXZLSGZGZUtLM0pNWkZ0TVBadGxpcHNLNysxRU1xZDhHWWRjdERRClRpcXptWm45\nVktDeGtMR0FUUTl3V1JGMWhLbXNOdEtLRWtBcHh2WE53WFkKLS0tIGhCRHZmOEFF\nbEY0eGJZYWtwSGlLa0Y4T1V4cUZQckV6bE5aWUs1R0xCelUKNGZqb4lCT43vp+e5\nYO932QYc9w+1JJDj36PLnNAPJAoNf2c+UVtlWDDmuGXXPZhdHb0y3EdJzlrDH76P\nPBm0fg==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIoX0wKjybps6ZHuvA+uwE1ThfWl87MApDLxCjCDUCC9"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFNdXZydyAvV3BB\nZkR5UHlOWXFMTDVQT3l1dXhZOGZHOXZnVlo1ZDE1bDZBamVzWEZvClp5Qzl6dndB\nbjZlT3d5RktXU2d1V3pZTzd1S1VOM1liUHhhL2NsaDJyTnMKLS0tIHVQTk0zSXNY\nQm9FL3Ztai9JemdSVFlYU1JIZmhtd3l3aVJhYng0dVoyZXcKuiNCZz4ThWO6zHp/\nhvKir4La5ENYUteG2UzzX46Id8VhiUQK7t2Z2cN147ogCnW4Hb6njgIUIFDILaOI\nb/wZcw==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFNdXZydyA4WHJV\nQ0NDd2VVSlNsSHpGZERUWlhPOTIyZktUYTBLSWg2QVhPY2kyVmlvCkJFQnAxS3l6\nRUY3bXhxYWZvRmNlK2hpUUdvSG5zYlcvUkRGRFpEU1ZIeDAKLS0tIGJ5SDNHSWlm\nWTJDUmxFRTdFTFBPbkNxeUtFRmVhRGlYVytHVFRiWDNESjQKLi7BVFkxCMzVno7c\nq6rGedqpQAFO4uRhybt9pcHtQqh2eqg1lLaCwnWg5y5mtpGb+lN1PWlH8gve8xHh\n16Fktg==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKZPhznHjTDifGroHiGRD3hwWz69B8NsSSPNbwWjfzgW"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGw3N2NtUSBuT1B1\neTBJemJabVFIWTY2TllENmtuZjFmd1RZYUcxU3V1UzVBbFBhWENRCnRBakdtSG1S\nYjlHTFBmTk5GZVNkZFZuTUhvQ1BuMkd0NDhSTWVCdklTMDgKLS0tIERwTnVrenRu\nc09wRGRQT08yMjJIa0VVSVVLT1pNRE5yOFd1Ni8yc1Y5L28Kg6iHFJnhCv2g7Sz1\nqOXzq2asJg+WI7mhCJN9Qmbzmzx/T13P+jYSOuL8dAtM5KJrkER5V/PExHU59bNX\nQKL9ZA==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGw3N2NtUSBoRHVS\nZXU4Z0wrOTB3eGFtSkI5UHg2djA0UURpTE9DRWd0NlErY0JhRjBFCk4wd0F0SnF3\nMGlhM1drcExQNEF3VHFBVDhqT1JOQ2lPY3EvYVJRa2YyOVEKLS0tIGpWMTcvSmUw\nVXhIOWhDa0tFYmttMDFOTG4xKzNyZnpCZmxRVGgxY0UyTVkKyo/xA6MyjH7HHlN8\nAmtOz+HLPjf6uS0KzGAB5qIle0yqF4o/RRN2lwRgE1m29PBpYO05Ffl5iflZl493\nocGZjw==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJF9kzudl00FVTQA7nnSaicAJW2MoBKm47G7wefb6uSm"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpUeE1RUSBpRTBv\ncjUzU1VXelk3T3ZySzhBSjVLbmdzU3V4MzQyWGlJYno1anZjcFNnClhRMUZZZFRn\nT1RocDI5REhNZGdwVFF2Rnpjek5NL1N0bjdSOW9sYkgrTnMKLS0tIDl1amhkcnUz\nOUtsTHd3VGsvcXJoeGg5ZlF5TEpUd0tZdW5UMXJTTFJLdkUK5oaByEOSAYSbVp1X\nVZksOLPvC5LFmQILI65BRzv0uJsGIR6Ycx26YYoxm83Ha4aeP0P2bPuY01MT0ifY\nge4DmA==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpUeE1RUSBHZ0kw\nQkd4aVRRaXQ1ZDNKT2dBL3krSVhiOVNJR1o5OE5SUzFqUDFsNEdvCk04b0ZpL05I\nQVJUUUR0RjNGdDhkTlMyVEJVcFlpODRFT0VrTmVRTVh2RWMKLS0tIFZvNVVscmFJ\nRmNyTnl1cTZIMlR5NXQxUGJsVitoNGZNVUV4bHBCNUpjQTQK7lnIt313jf3ZJame\neUoze0INtfPVUaY1mRumdslR7Z2vbh1ePn2PK6DpNfZc/Tr3SRZSMotvLfOeyJoF\nvjbj/Q==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDmZV9Oi9hrckXTpqBnDKRrY9mgwj+SJeVBGWmne2+q5"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDF2bHNJdyBGNTFj\ncmdvdjdDdng1YnBxaE9qN2hWbE95dHdVKzdBeHN2dGRBcmtwV3kwCkJGZ2Vsdk9t\nUHNka2dUZHRzSmdkT213RUwzY2FPUTVRSkNlY05JeGxqUzQKLS0tIFZqM3dMUEhx\nME9HUnJoNmZBUkVxdXo0Tm5Tazd4WGZSZVdEWWJBZUxlb00K6i/ql0mxWGWPK5Hd\n+Vb2OfO1NV8XAAAwZlPcT9MBKqO8YWUEiST1rHj7bSoRJxoDxSODmbof8BzomX2e\n/51tEQ==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDF2bHNJdyBnNng4\ndkhPSXNHdVphSDBudEdzYnBZRndMN1UzZ3hQRmhPYnNwNm9YVmg4ClVvZWV2b09r\nZDVoRjRCQlBWc2xkcEpwOUxzQzhzTC93NmhJTHI1bUo1UUUKLS0tIEEyMzFuMVhF\nOGlINC9Pc2VMZC9PZ01INWJHM2RnOVlPSHNNYWxwYVl5VlEKvrhy8PpTGyS5z502\nulTFape2O8GCkcK6j/F9b/mf3M9wpJ/zH3TnyuzkG+aZAKg77qrfguH3BRrR8iGy\n+13K6Q==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA+M/DHDlKgayM6wsiX6r704pE+2qENOsKcytC7sBhKA"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSA0aVNE\nbU9jdlBGS3BUWHd6clovMDFMbDVTK2lGb3cyemdHL2h0Wkh5SFdBCjFkK3NjY0VX\nRlJRWHRTZWFoS05TRUVPeTN3V2FVUGkzTmFEaVArbHYyTDQKLS0tIEIyOVpjREwz\nTWxYUERJa1UvUnFpN1NwNDdmTVBrcTZqUWFKRlBlbGZBRzgK5B4zTcg9VMazl+B4\np20i2vTC4YHBHE4BXLbgtBMeqIghzdbzlohW6FGByRmKXcQOtZY5fGOF9czLIlAJ\n7kfUVA==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSAvZUk3\nOEltY0RzNUpYNUZERE84aU9vc3g0RkU5WEYyS0RNRFh6UCs2d2hrCnVselM3Q0pB\nYTFKUTBTT2RvT1lkT2tCZ0x5RmZpTnV1MVduaEZ4eE01TFkKLS0tIHFUaVdZUWFr\nVnNmN3dDSThITWNUY0MzL1V2MFJJMVMzQkZEOUJxRWNKT2MK2zdg6J/oCWxaFYKQ\nZDKbglm49CciqnlCvuviJyf7v7+23ktjbFwp2T3+61kiR2tiH705wQ4crxlmVgzF\nCNA1hQ==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINh0gA7reCRW+zQ5pPpIjoJGpaFQSbC/4K8B6vMXJVr+"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtNZGJ1ZyBOQURi\nVkRDd2FXMWJWL3NuWnBka0w0WERkRC9RYUxuekR4aU8yQVNpTlFvClFVR1JYbVl4\nYWcxd2h2bS9Cd2F4QkJRTWxOd3RrOElJZ0VNS1I2Q1FkWFUKLS0tIHAyMWMxNlNM\nNEJtb2ZjYm5ueTJ2eFdyMDM3ZUU0V0xEK1Q1MUFGYnF2TlkKPoNtQgPL+LAZ8rtb\njzD3SXyGN4VNDnyco6s+L+jZ5TOjLs4s5PPPDFo2RrqlJe7/hhX9Hjo57ePawMIe\nl0q/zw==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtNZGJ1ZyBQTi9X\ncHBaemV1TkdsMEp2S2dYTDVwUTFhYWhkOUVmMFh6dzBzKzdCYW1RCjI0eXhzcUhD\nclVBNXdrVlMzcHpJL2htZ2o1aFlpWnFwTVJoZ1FFZFhGaDQKLS0tIHQwMXZ1L0tZ\nbWdqYktMYnlqa25qekJLVEpNRnBRVDlzenFaUmlxVXlLNlEK83eV2MK9lCQsDn6U\nROOZMnxJdqt7PjZAMbHIe2OyxBaVVf+dQO8ubt4YroVbSQNjc6KWXkfo/HnCHWPL\nR477mA==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEmYihgWHfnLw0f8uTfLokCwToLavzV/+k/GggBA4Sz/"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFFONEwvUSBLS1E0\nYy9sbnp2SkhXQ3YwSCtRQXhKSGJYc2k3RUpoNlBRYkU0MThmTmdNCnVYVm5PQlZE\ndGJMd2U1WjFaM2hkTC9ncFBHZ3dZdDR1K2tmNnF2Ykt2WVEKLS0tIGNIQXU1bjBj\nbFpUenBSODNWcXlxRGU0Z3hib3hKN2c5b3lDL0hERll4dmcKaE/4qYIfy3e32t8g\npkSlZm/55W/NCRf8t3Fkd/LwoGXVjYu5D2Lrqlo6FdcT9kQuqNPXaabFUzp2xEL5\nce0NYw==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFFONEwvUSBKdmda\nMzZjUkJTazhDNzh2WkJ1MnZTL0FHWDd2YXMrZncyZEEyRUNGbzBFClhRK0FJNGJz\nS0JvaGtrcTVsZk9xWE1jL0VQUlY0ZGo3Znk5WDFOU2M4TkkKLS0tIHJ4eFlJUURI\nN0FaRTM4WndMdENJaGRQdkgydHBXSlVVWGlZL05zcnppUE0Ken+JUqjoI8+IKVDh\nUGbVbK3QRBxNlv4vPN6fKTvyFaJzdAvQOjkpPwCtwm95prZF418iy0WbokDzwGNG\n9vtShw==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvT1RvcTidgpVYE0OPknc3f5HcAVpyk+rXXrW4AcbzG"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDhjWXRrdyBLK09n\nUmVocTFGa28yRVlzTzZ6VXlTU1pvUWJHL0U5MU8yNjNDMDA2b3pnCkF1OUg2Tk4w\nTy9GZnpBbVpSTzB6c0VxOHMxSkkyV25GMkZpREFGSHRKWDAKLS0tIG8weUFkakgy\nczM3Z2Q1aUZJWWduNU1wQWxaUTh3VkdPYy9OdHpoR2RrVk0KuuQaZ5BWVYD6FTGS\nWjnVzkTDCQOPp70iuycPvg7KVfPt3PKFQxTV+BXwvrpXtIBtbpPyRchaBJp8rbyZ\ncCcYKg==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDhjWXRrdyBmTjBD\nVFAzUXYvczVaSzN0WlpwdW55Wmp5TElhTG03NnVFcmhYSFNqc1VrCmdoR1dhMEI2\nT29WUzRtU1hJaUhRNWZ3RkJnTmpLejI5MFRxajBXT1hXN0kKLS0tIG9SZnlNZ0VD\nbXBXSTdXbkpIV1kyRzRTM2U4WnRCczIveTJhYmpWcmZuVk0KZeI1GxfHn/B7mm5I\ncUJHFtbsmotslQSZWWJyFfRf3wKa39t9eXLSjV8f6WT91rLQIaXd9GU5pBP3mi/M\nfF5/Fg==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEijeq50HS1g27BTRfJ8XWIPrAX9UVkap5fgIOCOtA5+"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxMlZuZHBCRUVuME9jU3hm\nY1RGNVRRRWEwd2crVkkrS2xaZ2tJZmVKYzNFCnArNmwxWmkrdExTRU1TclYrVStW\nZlBvVkFZNGhQWEhXNmxWTUNXL0d3dTQKLS0tIDMvTDRrUUV4TTBudjhGMXVmM1Ay\nbHFxOUlrK1B1cy80ditjcnN1VmxyWFUKxgWjNqtxu12OwebP/LaZhMu0GKYgqDhm\nLpE4VdXUjjbsbYZwwtdWaPSHp11+vi9EL17UXSTcPR3Z+j/1yR6yLw==\n-----END AGE ENCRYPTED FILE-----\n",
-        "recipient": "age1eqcj2g0fdekj2wpqp4y0fg9c5myydjdt9zlr5scr0grk6fxszymqkpw5jf"
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQcjlNaTRqUERJckZsOVNh\ndnBuVi9uVkgvWHlmZHdpandrK1BsQnltNmhVCkcrL09ia3RLQVVUZVhpWlEzWTRr\neUhCeVp5dGdjUzZjWS9MTEk2dkVuWW8KLS0tIGdoNUExRHNVM1k3cWYvN2xpV1BC\nT3NTNVQ5SFhkMG5xU2l2eWlTT3VyRVUKNBMuTVhMMCdJhctmJi2SJSw/TmMc4pzV\nwJHzfKFkbG6mPJz67DkSD7ySkJoHb54WmUUL7KU1iOm7r+sOzatnAA==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "age1d9h9mm3u5qalmpl2pf62pyzqj8t654n435emn93rutv0cg9sr32sg64fdj"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG05VmtkdyB5NU9h\nV2QvQTN3RFk5WnBCcURwVWVmM0JHTEdIcU5SN1lFRHpPU0Fob2g0CmNqN3RjNlkz\nZkFaamRjMFhDOFhaeHRFYldEVm4za20yQ3FaVUVLM1RnRncKLS0tIEtTYkxiNjl1\nSy9xUmJwT0pNM0VocjY2bFREeVNuaDROS3FhNDJEalJtdmMK0emEsrmV4aynNs8w\nDIWVDUkB+qFod+DPaPDEW1ZjzfKCEjMaXgBT/0Leql9ZnnSlYKUnZ2sTzDF0ZzmE\nne0H+A==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG05VmtkdyBzcFpP\nMkd1L2lyekhwSzF0TUlER1VnR2dXMmJZemJvbDhTTHNuWWRWa2lRCk5KcXR5QVNW\nVmxpeDZQdGhndUszSEpXaENHWS9UODZ2aWREVEZpZk9jUjQKLS0tIHEyTEZzeml0\ndnpuY1V1a1MyTnM3NERXalRiL2xySGNqaUZMVUVyR3liM28KvDRt6TEF//IXdQIz\nRdsUWSTl2+PopSVwshhzI2meBkvsjmfkmXlxFgXkwc/V2NHY8A8CVde+VZFyQyd/\nh47mhQ==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDuzbgoXZccZ2w/9HGgUyT9nJH7lG2/jfQCZJudY4yAN"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5RXBMVFVLWndnWG9ud0hO\nTG56dmJWUHRHaDdHRlZ3SzhuR00wVHF5aGlVCjlmZnRNL21sUjFBT0VSZXJBTDhM\nTXdFZlRsUmhkVmFQc05qVFEzNDZRTmMKLS0tIEh2eUxuQjhGMUV5cW1la00wSDk5\nWGhMZW41WG5xRUwzdzBOQVpqb1B5cEEKbcjKV0+msVwUmyLrK8PiEzUvIb9SHbqu\ndWwBwjeSab1Q+pW3hVPOiiPKdkf/np5xrSPsLXLVKuE65JIXmDGCuQ==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLTnVWK0lJVVRkaGJWNlNK\nV2dOMmNFZ3lZVm9RUXQ5QTE1bU9UVTlyNDBjClBLR0UwNDcyQXBpTFFZZ0VpUk45\nMjNmeEVZZXd2OTh6TVo4c2NpdFJXSGcKLS0tIGxYaWRmWjI2NUlCdVlrUWJvQ3RH\ncFhPS1h5TFhmNkFuTFNEV0t4bmJmckkKFsiNC9x4vz1EwZgl94jBEhY7HIgt2ME8\nMgtQQvSI1PC9q3jwB2Wmlnw+KZr1mVfVEsEfTcD65KG9jrvbkuplTA==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "age16wuzuxnkcgfuxzvzgk5e5a5f6hhs386adjewyv54m9esr4yj6uuslpn6tp"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDRTOW45QSBvUko0\nVHRBVkdyZHRaVmtNNXBkRzFKbVdkU0dvUGNjRXFhL0ROdzVGSFJFCnpuWFdFbHNr\nZjc2Y1VuRGhwOWoxa01sWVRXd3RRdC9mOXRMVTlkOVpBNFkKLS0tIEhtVUNNeDAy\nSEcvWHBoSlA1L1p1Qm0yOFBqSlZxL1NEdytXaXN0aDBRSW8KMwTZpwMGXKN0Vxj3\n541WerZ698C7R+wwPgizf3ge9BxvH2kyrTdLEKjGM/6Z4iobSJ0P8B2LbWpmkh1r\nkphQiQ==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDRTOW45QSBRMTho\nUXNQVEh4SlJzczVvYVAyU0NIRm93YWVIN245SjU5QU5GZmRvQm1NCjNvS2YwT2NZ\naTV6MXRwUU4yNWpETEM2UHBMM252WUZyZXgrdXRZcDlvaWMKLS0tIDlTOFFkLysz\nR0E1Z0duRlFyQWMrV1lmZUpsbFYzSnRvREJkVSt6TVhnOGsKvMGU2oFL997wbtKU\nB7+8kJ/hSX+nksmFKl4eiQK21FspofLVV285oR7/Ul92vagWjMSWwiKDLU5RmGqb\nYBNOcA==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFStro05R+CPmjWMHWtzXUKfGll+OosoZtXAyPtngN7T"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDVucGlodyBHQ1F5\nUCtwcGUvbFJTcEJJS1B1azVaSVpMY3pyaURlaHVGRE1Ga25ERG5zCnVEdE9wNTRs\nWi9iMVFmenpjWFcwMGtLZndCWFZ2bUR4MVR2RFViOGdDelEKLS0tIDdkM3I3b1Ba\nQUM2RFBKaktNVTRZSlZwOEdVZ3ZZTWdDTzhIQjhGS2RIY00KwrrYi2zg5RPnVqQi\np/zePFrUQWVzbRnVVttOStlHK1GQDKr6d8Tv3qbC+uwBHx1bZ/4sQXe/dfy6nnmj\niqbZxQ==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDVucGlodyA4MVdj\ncTNMZUJVY1dEemdkZ0xlTWJGbmdxUVRQR295cm9OaFduY1RjRmxJCk9WaDdqbU10\nbnhuTGtXTjlibDJxTDg2S2cxckV1Z1Z0Z25mdzliNkxOZm8KLS0tIE9DUlFtalY1\nQzFhRXpYRlZoTjhpZnR4bmljdDlCcjZtVlBDUUR4eFNuTkUKOa1g0/libgESlwhZ\nqZ5Tc+y9Bl1iaTXFq84YRzKwV2aRlynN+YdLevA/hqecvJq5YpMkUTil2eBqtHtg\nH2EqUw==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO5qner13Q0fm5NhdXMx2nkt5kxjC0/SVY2FXh01OiHN"
       }
     ],
-    "lastmodified": "2026-04-24T02:42:10Z",
-    "mac": "ENC[AES256_GCM,data:DS77suw9uLo46ELAvCTz1KfYJPkiLg9LhxX8wjIyP7OxKubbvRdY9E82G4zPmLv5s54H7O94AG7VkgA+UNRKOeklKZfiat63l500kcnzdsJEGCwqTWzIG5bXGLZ9XeV/+nADOy7ZDEp9KMnUhZ/N2986mdaqrn86VqhKefVze3g=,iv:Gv0pHU8MAcoCgRp7dbI1nDsmDHYXaMbz/yPbqPzThKI=,tag:wKGiLn7s2cWhzoxGau+Fpw==,type:str]",
+    "lastmodified": "2026-04-24T14:30:26Z",
+    "mac": "ENC[AES256_GCM,data:6HvEm3Jt2d1DsvDdxsyOKLCA6wfP8dgOUlh+TE7zk1XnYF9WNPXaCbIZ5bXwOzS3C73u8sVCQi4yq5xZe6s0YCTjSxVZYCuAKdDRnXPJzjiKL7vMQCThom1uCOc6sLIjKYzAJJ+epAnjZM/HN2t+KjMqhEdlg0U+ogO5zryEElk=,iv:HDnAyiuHaaEh8Moesv7tUz6u3XsKzv5HebM9Mj78/cQ=,tag:LoP3atT8u8LYw5keYhTNeQ==,type:str]",
     "unencrypted_comment_regex": ".*",
-    "version": "3.12.1"
+    "version": "3.11.0"
   }
 };
 
diff --git a/packages/gen/env/src/runtime/generated-payloads/web/dev.ts b/packages/gen/env/src/runtime/generated-payloads/web/dev.ts
index b85a5f62..b9e015de 100644
--- a/packages/gen/env/src/runtime/generated-payloads/web/dev.ts
+++ b/packages/gen/env/src/runtime/generated-payloads/web/dev.ts
@@ -1,89 +1,89 @@
 // Auto-generated by Stackpanel — do not edit manually.
-// content-hash: c643e7c8a72cc32600789096ded49590ac0c010f65f296ddda5d3cecb749a131
+// content-hash: 46f438f32029d70821adac647a9ed6fbd024571c6c6c10d64b2fbf18100b73a4
 const encryptedPayload = {
   "BETTER_AUTH_SECRET": "",
   "BETTER_AUTH_URL": "",
   "CORS_ORIGIN": "",
-  "HOSTNAME": "ENC[AES256_GCM,data:MNIAT9XrqQEhPA59vAI=,iv:pe459SI6vSACkIsE0PjKb+1qyGK0HF+5CjhQefdtC+4=,tag:3agjKdpwtBwDIirecZxWmw==,type:str]",
+  "HOSTNAME": "ENC[AES256_GCM,data:+F31NxSxTlKiXfElJQs=,iv:iVKM59udGtQUU7Qoc58ju9qOohNpIQqS00ntQAMBaXs=,tag:+KJee3C6HAcGYO+lPFfznQ==,type:str]",
   "POLAR_ACCESS_TOKEN": "",
   "POLAR_SUCCESS_URL": "",
-  "PORT": "ENC[AES256_GCM,data:DXi1qQ==,iv:L99jawBoy0cU065LdHfImC6/nzPixJ/iGi755Xrav7s=,tag:3UFr+DChNLwObAbtuKDwgw==,type:str]",
-  "POSTGRES_URL": "ENC[AES256_GCM,data:gOTJ135xz+NmET9jJm9v9Or0lfcHrTjhuJx3q7gKledOsNbUg2Q/3mvQhpTGwHeaen8Myl3Rq+B4hFNi2UIza26e5fSIvUZ0K4f42Sm/2G/t/hfo0RwkTh+qHX5ljHWBkQDDUekljYISsvikb9u1Ye5qlongWf1KFjhEBLqIEuxphGUE8Jcf5PJB0cuzMKYsIrblvrmrUQUUVzMMwsDhwygqOxtkkSBGgg==,iv:4I2OvUUPpUkMKnUF9OxMnVzg1NWYxoC8I1eHPPEtm90=,tag:7m/Uo/lurVaKcnXlqQWNrg==,type:str]",
+  "PORT": "ENC[AES256_GCM,data:O551SQ==,iv:+kOg0nFA/yz02ZdrH4WB/vccVraJ/C0DNpYrxskjyYs=,tag:fwINJ4mXHaFNiXKhq/Y+JA==,type:str]",
+  "POSTGRES_URL": "ENC[AES256_GCM,data:sBnQFNNY1j1bmNKj7FUiFKiVXWEEh/RosFTXEIM7GRy2Quwlkc7L2B+1EStYtWmvk7pLYjBZCS9FAxaUE6vrzTphkFatc4E2ABhvvFYVebwkWJafMuPSMO3A1ttBswNS5CZy7i6WiM03ktVKgX0DzifKoDjKcKaeVeMQCwHbkVSBSbjnCR6/FdgvLAF8x1VPyYdzaR4LeKSqiNMzkxlNC232sCZgtZfRww==,iv:fahQomfv7HfteVHLq6Ipmct6RPwPhLnByZiRsz5pvMY=,tag:qjLprReIBGgjlVqpFz5m9g==,type:str]",
   "sops": {
     "age": [
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHZMYWFYZyAxNXpU\ndEJGRCtUbFJyUmt2OHNibXlMOCtYbkZCRndRWkgwZXZPYno3Q2dnCnZyTE10dFlW\nY2JzbVgwUFhuVlhQVFl6U0xSWmN3cCtLTTlzTzZPakxmazQKLS0tIDc3UHJ2ZmRq\nUS9MdWRZdHpTK2lObnN0Y0xBbGk0cVQxVFN3YkFjSk5UbUEKu1yaopvJ+OvRFymO\nUKPsCmCpXtxNHOeSZ4mRW0n1sf7OaEFQwHIollLBj+vPb++DzZlBy0vXYed1qgeM\nW3FiJA==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHZMYWFYZyBZbzZh\nTUh0dnFUK2xBdmNlQnZpb0U3SmJueXg1WUFQSnlQVjJMZEF3Mm44CmZpU2YxYWVz\nRDVhMzNPNmpBMDRLRWVXaG4raE5MZ1BObC9xb0xJZW1WbUkKLS0tIGllYXZFUW5V\ndm5ENGYwRm1SK0VmbHY0aUVaREdRV1Y2UW9OQk1YeThUM2cKKN171mPEw0d3qfbu\ntDvDGo7zjjvza8yX9ebQi7R/8caoOSZLbqpjpRphdScKld6wCCeHTuWiWbY8lVl8\nLgLL0A==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjMrEzKQSq/0eePzgUGXM349sBm6GVCXoz+tJZJaBVT"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEtlVWxBdyBCMU15\naFFOVkZIVGFQZk5tR3YzWUZTMlBONEZpVjRkNC9YSE9IaStVUkc0ClNFMFJxR2Ew\nNE8xU1NEN1Q2NDVpUW1Wa1hod1NpYm81eGJUdmpvSTNlQlUKLS0tIGlQSnR1a1NQ\nbXQ2V25TVzJReDg1YlliaThLRmh1dlFFRUxtU1hKd3d2TGcKFwA1mPz+OwQUpRpZ\nTVG8AmDsTvt0Q97VbFU8TJ8Ga6y0ajiOEBYZJp1NI/98r5shYfhDsgSX6QI0ZMLB\nbuNzbw==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEtlVWxBdyBLODNE\nRjdJNjdqdFpsV2tXSXFlM29vOHVRbGNrUFYvOFZLdkRTaGlCV0JrCjh6RGdrcEJI\ndmNvb08wS3pRRTA3MytoSEFYZkwvVGdhVGU2MHI3S3hVY2sKLS0tIERUbjJqRUhS\nVys3N29UVjFSYjBJVFV5N1QyVGtjZHJsQXF5UldVUW13dncKq1iCrZk7NdKWve6R\n6FrVNdpDKmrFOWB8LpXRzB687TQkCN3Fud3Ffiu5nzhEWk5AS7pxjQHIbROwa5ty\nweK/Ew==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIoX0wKjybps6ZHuvA+uwE1ThfWl87MApDLxCjCDUCC9"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFNdXZydyBWbUNE\nMmViK2tGQXZlQ1NFZkFPZGVDelFKUy9wTXFnU2JsK0FOcWxrcWlBCkFTdUNicnQ2\nM1ZkbzhWYkYrOWM1bUhzazZ1V01nQjZFWHArRkxGdkdnNmcKLS0tIHd2Ym9ydmZz\nS2R5NE81QU1id290d3dHTFU2WkdOVjAwU0gvSm54cVFuOFUKKs/rY2nFzK2AIKHr\nUCOzyBpllvnI+ExvCsaVMjuyhrE2FK4HytE8PkDmZ8cBSFHSpE/BxgvDIJo+WgEA\nwtdHww==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFNdXZydyBLc2Q2\nZ1VCSUg0VnhsS3FIODdYSTg0QkpGSmRoN2JKY0t6OTMwVFlkNHlZCnB2N0tqMUIz\ncmpjV00vakovNnRZdTRBdEw4NHppdXBjZzd2bVVZbGtmblEKLS0tIFg5ZitWZy8x\naEc5WFlmekNVUjJxQ0ZwYmRTOXY2bnM5RXU1S3RpRldUelEKy0A2xnGZY1I220fU\nIgcVOvZ2O9Yn251LF+UMZToxKjWRkGe6MBs48ObdTm61/LoDCO8zrwI3LTws0Izi\nTxJ4LA==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKZPhznHjTDifGroHiGRD3hwWz69B8NsSSPNbwWjfzgW"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGw3N2NtUSBPL0Vn\nNGl3R1MzVjlzdGF1M1B1K3NMUzBwcW5FZkNVRmhScTVNWGxQalVnCjdzY0RFK0pS\nWGhzcWxQUkJUdWgyaTAvdGYzblFVYUFNL2REZEFJWTZMWk0KLS0tIDdHQmE2NTJu\nZVZ0V0xjZWtwOC9WSWdjcEJpUnphejR1dUdReGlZaWFTUDAK3R2EXAJ6xhit2ydq\nBymphwfByi519NXLzmoX8BF3gvqR0WTf0WN556pEbbjibSB8MbG58lGGC4Eww4fi\njEKzQw==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGw3N2NtUSBVWU1L\nSGxDR2FGdjBVZzR2clZJUUlSdUlmcTZqMElRVTVKWEExR2dOVHhBCmkxKzNaejlz\naksyVEFvdWUrcXZTMUJRalpJZkNBQTdyS0RoUTF5WmhXVE0KLS0tIDNEREJYWTM0\neHdOTGZTclo2UEEzUmRDalg2ZHk5Z0hLU3c5RWplbk4wY1UKcoHy4+gr7b8j52AQ\nNDiHoYgltwAYgl2jEjCtXhlpjhaCRtiLlVHT8dTO24dxAf0t4fvnyt8qFMCJn9DU\nhgwcTg==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJF9kzudl00FVTQA7nnSaicAJW2MoBKm47G7wefb6uSm"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSBodUJH\nNm4vRGFlU0lrd3FmVVJ3bi9LbDB0VGtZTlBCQVFGckxrREpQTkhjCmZvRDdTQTQx\na3FxREtaM214NWtFdUxvTDkxeG1mdXVmeG80UTlmNS93ZFEKLS0tIG9qcjIxS1Yw\nYlVtNW5DbDdDMGFucGZDdmV4YkNQOFpJYUhTMENxTFRBR0EK9okEnkswenI/NLry\njZso0OwkrVQAPIP92+uBmalpUUJktoY4KrOd4IZ8XMNg5Dj9F2byJjzy4KhJ7/nb\n9ILLig==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSBlMFM4\nVnN5WnI0QXVkVzJPUlR2NTJLT2JtT3V0MXhpZ3dGaG8vY2dFdUFRClFBM0FmUDNu\nT0d5SFRkNkp6bDBlTzVDd20vS2R2NEF1SVJVWExlNzdSVHMKLS0tIHpzaFpta2pi\nMXlhYWtOZUxhMmMyTlZJRTZ1VnEvRkc2dnp5MHZXeDJ5SzgK3bH7XRfU4VMP1Qbb\n8DUBq4ag6tnLygb8fncOoc1kvbjouzaP+0RKRXRv9icgEJr3NFuVTtZtWTznhRXs\nrTbemg==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINh0gA7reCRW+zQ5pPpIjoJGpaFQSbC/4K8B6vMXJVr+ cooper@darkmatter.io"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpUeE1RUSBMay81\nd21GM0hpSjFNbVAyMVZLcDVxaVZFV3hKeW44WDZMeEg0aDZBTFVNCnJNbm1SeXZV\nYzliOUFoTFRzOSswOXhuMkN2aXdwY1Y4UHg2Tk9BdUp6QkkKLS0tIGhKaVFidXFO\nM2N6b05KYVVhV1JXZlliOTFWL1VBc1hUUElMbDNETEVHQWMKfobeoya0bfn1qz/p\nMFor6q5KjIT0/2gqOxYUJ6WkE8v6ifTrDKiP6IWGzGRqhK2yLiXzco4Ci4mJGSLF\nJ7QGlQ==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpUeE1RUSBzMlNO\nL01HNTNrbVB5M1REblVDQ3pWMWRabjA1bE5lUjZnRkRqS1Qwc1hFCjhEYUZQb2hl\nZE9kbFhBZW03Y3hrQVJVM09pUWhlQnZ5OCt2MXE3dmFQWmsKLS0tIGw0SlFSWWpv\nTExKSVczbDg5WVRoaG5jWm9uOHp0eDhXYVdzVUs3MC9wZk0KV+Pl+lSldS3WhrSx\n0ki4F3kLBxZJfcOjf3gfYuwDfw//fu/4PpcHBQZl8OulIaHwFuPIm+HOnwI8LKwX\ntP2ULw==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDmZV9Oi9hrckXTpqBnDKRrY9mgwj+SJeVBGWmne2+q5"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDF2bHNJdyA2THlV\nMDdjSVlBOWY2Nkc0MFMyMndGdWpVSU5XcmNWcDZvNkxKT0lpM0hjClo1dG1tSk0w\nSDNtUEtEOVhjMFNSZGQ5ZU9LYUU2RXdYWjhQMGhxNEU4SEEKLS0tIFQ4MUhBL21Q\nS244V0dZNGdtTG1CZDYzcGtIRVJ4UHQyTERHcyt3WXNlZVkKIhJoVBxSdh5yQxOh\nPWgoHMGBBfTBSmCczKNk0DK7T6ZbZMPJ1Rkmsx2QOlUYJ+IRhxBdQbhovl1vK4Ud\ndc/Cjw==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDF2bHNJdyBNOGUr\nU0FMZzFsaDBGUDkza1VtdFpEcnlCeWY1QnVmS0MrMlR4MHFwUWdjCnNzK2cwZi9s\nS1N3c3FVdXVCVUVQR2JuZUI0MWNDWDFjMllLdG5GbEs2bFkKLS0tIGNtRFdxaXhT\nSlljM29hNFBSL2crdXFBM1R6dXJnVC9QdEx2UE42UW1LMGMKN+wlcsoFhZ1iz4L6\n6xji04ZtDLcbbyTtqGXITRL3/auySYXqf2QOTzX0XSqKLHRu3IXtHYuqjZLYKXD2\nCM4b3Q==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA+M/DHDlKgayM6wsiX6r704pE+2qENOsKcytC7sBhKA"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSBxd0hn\nUTdodjZtTEo5OHp1aVA0Wm5tTGRzTW1sMXB1N1ExWnBwamxKbHlRCis0VXNZdi9F\naXFWdkhkZEp5b1BPbHFEVCtETUZrWFYrSFJKTGlvd1FUK2MKLS0tIDVRMFlROEFY\nSS9URDFLMGUxOE9LQmVmVnBTclV1bDVmVHBzM2pIeHBleHMKFTmg57IjrC8t7PRZ\nwPohL7dzsHthFmBJPtvL4kbompsMkpsUSPbuIxALiAE8OinbIkDXC9Qv0hJRY+M8\nWcV2FQ==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSAzL2tx\nN1pmNmQ0OVlTYXJKSisxK1FEYk5SVGpPQXY4aURUdy9Td3JpaVNnCis0T3VhVmRH\nQndKQ3UrZnBTQlI0WDlkZ1lKNlZlMitXS0ZxUWxEcVFRbjAKLS0tIGtXYkIwOW04\nZlRvNlBOcVVVWXVkTzU2aUdGWGNJdUlsekxuaWVoNGpqbXMK7g5JOT1ODozqqma2\n0wBcNc1j1Hf/FbTQ3Odk8BIpOqcnenpXDcU/aTXjIJG1mkIU9Kks+HMexatM/7a2\nO+Jo5A==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINh0gA7reCRW+zQ5pPpIjoJGpaFQSbC/4K8B6vMXJVr+"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtNZGJ1ZyB3UnpR\nSHUzcmtQSk9zb0dXLzVDQ1hWcjlQOFFnTE83V3huUDlpZEhKdUVJCm5hcHBtN0Nj\nSFM3SzRMa2VaRllCaW1JaFYwNW9XWlMvVGJvei9qSkl6a28KLS0tIGc3V3FiZ3pi\nekkxeVZVcTc2ekpDdURNSUI5VVc1SmxON2NYejNEZEdRNUEK6a56+dOZ7thZsLKj\nmCd1NjA7SZ/MjMH2kOty5Oc+M//H/yDy2H30O63HaoxjSq6Y+Cy4ysgyENvSKPVM\nMmyHwg==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtNZGJ1ZyBaZG5r\nRWk1eWxjQmRuSjJzY3k2YThZbnlhT05LYzhPbDl1T01mdW1JR0hnClhqTDQ0VlJx\neE41Y00yK091OUNEektkZERWSHAvWDNDQmwyZ2g5YXI0ZDQKLS0tIDdxQW9yaEdw\nTzhwOGhMY2pwL2JnRmxaM2lWeHZIbklsbUx1TXVKM1U5RTgKLqh/nohnOsaS9IVS\n4NiSL+VzsD9QJbY+PfN4divRPHLAjm5DdcVj7UsjWhNOAoSg9mfqoPXEBHs0Oj47\n57ALig==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEmYihgWHfnLw0f8uTfLokCwToLavzV/+k/GggBA4Sz/"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFFONEwvUSBtUXR6\ndnV1K1dHbnRWMldtcnExWmxhb2FYazg5ODNRQ0Vzb0JHaU9xZHdVClNNL2l6dkhp\nTmJ3TEg1YkdsYnNUT0NWVTB2R2N5b2U5ZVFjbXgvSVlqK1EKLS0tIDVPOVl3WUM4\ncVNLQXdDRWE3WkEwa1R2OGJWWmlDbXgzNG1WRlFJNG8rTzQKxL9MKbyz+FTiMLXn\nJE+aN4xcVQmm/b8UYrO67YGINz+6tzdvvj0SwbvbqNzlv5H+wC9Ypu7KZRHci4XE\nif7RDg==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFFONEwvUSBhZEE0\nWTFEMmpxWWNSTE42SmMvemR3WkxTNUFESmJoa1AwMm1LdTB2YjF3CmNuRVNaMUhF\nNytwbnRscUIwejdKc0hnSENud3hvNlhsZFc0WWNGenFFZ2MKLS0tIFlXbVRtSkky\nRWl1TzZCWHEwdWdzNVY2d1A3eEs2eExHZ0c4TkVDenlrTjQK+ieRYyd27051VjEE\nsPnpguvMofQKOfyaOSH3zUyufnSWwR5rH5CMnH4IDkktKHIsrXDlAz3iw4F+7JdH\nsDJhyw==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvT1RvcTidgpVYE0OPknc3f5HcAVpyk+rXXrW4AcbzG"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDhjWXRrdyA3dDcy\ndGtndnZaVWpYVFVUd0hmaDdKUm5sMXUvcDNyVHRvUHBZa1NqQ2hRCnE5M0puVGJZ\ncTRFKzFiWGFOVDNXbFlSQ003MTM0Tms5bmNNSWV2R015ek0KLS0tIGc2SHpHS2R4\nS1V5VzdvSjVqN1RRRlUvRkhtK2ZUbmNjampuQ2xPWis5U28K85isXmP3/NGgKmT/\nM1MMLIXQv7KvBl+835wSWpVlzz0UCzxcFthQhIavWlA3/l3vAGC9XQoiMN7YbSnl\nFgFjzg==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDhjWXRrdyBlbUxr\ncGEwclFibUQ4YlVoWUliMVJCbXhEd2tjWG5LUWFTQzF2MnNzb21RCnN2YVZGS2h3\nTWtsd1VFYXp2TVFCNDRTOVdDOEMvOWVmZTlyeHhkS2xRUVUKLS0tIHNmZVpKa0Fs\nN1MreDJQU3ZwUlIwdmt0T1NFYmMxU2gwa2VIaGJxa3N1cWsKcmIPM8uPzh6m6t65\nJGZbQvgo4HABkZNg2Yo384QU68WkqrDrkxXLtBlHaZJE+pBCduAaHwU38CAnk4r3\nqKd2Pg==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEijeq50HS1g27BTRfJ8XWIPrAX9UVkap5fgIOCOtA5+"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzcnMwZmdKRzI0UllRQ2Na\nZkoyeUF4UVg1Sk1RS0JLM3F4ZHAreTJOd0R3CmRpNHJ1TkNiV1lIMWtqZU9EVXJw\nWmNiQ1Z0VHVJc2JpdlZTWVlubDYxSzQKLS0tIFQ4NEx0Z3daUEFpeGxBVlN0dnNM\nRWFMcERpSmRTVUFib0dkMzVncTFSMmsKlpZMNc0fOCYXLFjZwHS7PvYnejBOz7NA\nxq3vPVfXdkPOdIImx1Bw6BRPqGt2VISv8Ek66NxNlKLEJeQ+igitdA==\n-----END AGE ENCRYPTED FILE-----\n",
-        "recipient": "age1eqcj2g0fdekj2wpqp4y0fg9c5myydjdt9zlr5scr0grk6fxszymqkpw5jf"
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLT1RVNDh4TDhIL3Y5T0lW\nV1grSGd2Skw3akI4c3A3WmdXNEMrTCtST213CmEyUXUyVHlvcG5MUXM2NXR0bnM0\nb0dTMC9xTXVNWjNBV1JBQ0hvdE9SNGcKLS0tIDVjSVlpeVpTQXJhMU8zQjdEV2Zj\nZE9jOHpVdkFGWVdFNkdQRnF1VWcxVk0KeUW4HScSZ0x4zhfhllufJecPQyhsYvDL\n3GVQvwcYPL3z94y3gyekU34TWuZsSft9G6fRQyrl3AyMY6t6RRWKMw==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "age1d9h9mm3u5qalmpl2pf62pyzqj8t654n435emn93rutv0cg9sr32sg64fdj"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG05VmtkdyB0NllB\nWEJUTUY4MGxzZThjM1BkWFJrU0k4U3JON1h2eDNnWkVxUXhCMFE4CjdUOElKNmhP\nUUpiVDJldHIxQStoUVg4MVI1U2xwaTd6M0UzcnZvTmJ6SlkKLS0tIGhyOUVRaTJJ\nbjUxTC8yMjlxcmVZNDZzN0ZhRi9pZVc0NHBzMnI1VklmS1kKfEndHOqCXGcJbsTS\n4+aOsC2KtuBg+U/i/DitZxCm9Z8TsVhneM0qjscuA7LVZ3ugEY8jrmCxxODxqFph\nvKn8Ug==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG05VmtkdyB6RVJt\nS3c0Sk5ZdkQxY0p0RGtjeXhTVU5hNE1JaWk5WElUV0MwZ1RVR2dvClVCVmZibUsx\nTHk1UXNwL0Q3dGRlR2pzNGl0V0NNMUY4Z0JGNndhNmNtQzQKLS0tICs3S0tXTVRT\nQnpGNFQ2aFlmYk5oQW4xZ1Y1TDBwOW1EUTFZT0UvZk01MEUKQYsqyAsG3Rj2mDV7\nqAN3IFzSqlDNd4T+O8tmbl0QbAJfdKzYnTqPZIdMpJQsdr7cuZu6ilIKj9prrkrb\nl4m4Dg==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDuzbgoXZccZ2w/9HGgUyT9nJH7lG2/jfQCZJudY4yAN"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvMTRBb3VBVGR2OUt4cklp\nb0dGcEhhWTFpVUhRejE3VHZSb0NIZGpxaFRZCjN4aVNuS1ZPYlYxOVZvU3B1N1Qz\nVWM3ZzlnVDhPYXhoOHY3MVlHY2l1VFUKLS0tIFp1bmUrRW83YjhwOFNIY09hOGlB\nMDJCRFg5SEwwL0FlRHNyTFI4bDJJbzQKYJ+h+ms24T6NeDHtFk7n+gmEXwbg5Jol\nWt464jLTftTyC+mXANKbXvbjORNMNsyhrscveQ0LXkD8RPD+U3Owxg==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzWE0vYTV3NnZnUmF6MUlm\nTFVNamdrZXp4akdDVmFKbTJkd213N0tEQjJjCkxsdC9GRUhrK3lVZUtqT05vQ05S\nc2RtWHFocis5YnFSQkV5Vmphakg3dTAKLS0tIG1PVDVRSVZsRVVFTG84NUpFV1B4\nRTMxS21VMDdJejl4NFU4MFRLdlppV2MKrOzygRutboZhz8zlKi1JAUJt5zEujXIg\nTYfUwLeYi2bJ8bq+Bn3OEaWXi/rPpKnFTzNuxOr+JiIQJULzG2+ETg==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "age16wuzuxnkcgfuxzvzgk5e5a5f6hhs386adjewyv54m9esr4yj6uuslpn6tp"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNdEdRVGlFd2N1QmxGWlZa\nQmFQYXlKQ2xBVzNJOSt4OVJ4UzFkZ0V3UXk0CkhzOHluc0t6U2RRRXpvUFB3ZzFM\nbUlJQjFvWTZiMDltWCtNSko1Nnp5a00KLS0tIENZNkh6TmdURk1RZklKbktuTEJj\nUG4xWXN4UGEzRGY1YVhyR25VR1pJeUEKFZOc89BLxvXDhpKDBUGWtd+q5zTA9956\nK1s0WAGBMYVfGVA7wU2Qp58qPi1F5QhCdj3w1fGSK8PZxUUOagJ6TA==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYT0UzNUpWYlNpa1FJZ1Jz\naUJidlp1MXB6dWwrZ1JsdllCaW9PZ0dDWDBRCjRob2Z5ZGZZeTVoM2g2VStlcTNu\nR2tzd2gwVUUrNS9pZ0Z1ZDVvUFcyc3cKLS0tIHp2UmdnbXNucjlBYlQ1TmZWZEp6\nT0dLUEpiZ0pyeHJmc0hDZjI0bVpCY0EKj9oBlblEDqGam7re4JwUidanJSras4Ys\ntWqN9AkgaL0dNUj2Y3fXDgXtM4HsNe5L/aHtdS6wetnom1B9v8QFEA==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "age16rkvks3tljju3y6xu0l7luhjzx634et97g3xe58xf2dgfn2865rqkq6t8f"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDRTOW45QSA1U09W\nMnNmV0RnTHBKakdqelRINHpZaUxaVWc3cTdSVWxaVE9GWU1ETnc0CkNmTCtPT2I3\nUTh3UWdhTXI3OW1haXZoLzFPc0JqMkxmV2NWRlhEc0lZR2MKLS0tIERpTVR1alp1\ncWlSbHZTd295eTUzUkhOSEQ5c1B0N3dETG8yODkvSW5QMmsK0gG5xeA2igNU7DS6\n552XxwR+9E+LG5uw/KFcl/7tkvNTvzeLz2wGnR+mChHUxoJFrFrtrXoj2byF+7t2\n5SlQGw==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDRTOW45QSB5OVNv\nZGY1aDl0bFdUaGMxenBjUEFxekhOYyswU05kRVVxUTBoYXU3UlJVCm9FM1ZwT25E\nK1hTNW42YlNNWEFCYVZrbEcwZWdWRDZYVURYRDM0VU5LeGsKLS0tIHlKZGtodlhj\nRmZqSEVmZlU2Wmt2VjFWZE9MbXJQeld6ci9sQU1POGtqVTgK+XclAFbNTtJ3gEqm\nhlKGlnzTY1CxuR1CJDzHvtmPVDGgwjRqq1VXBEKF3qecw0ctg9gOHyRbCOorZLUF\nhpfxWQ==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFStro05R+CPmjWMHWtzXUKfGll+OosoZtXAyPtngN7T"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDVucGlodyB6amNO\nV1JveDRmUzlxZThJKzlFZi9jb0tLRytQZmUrcXZ4ZVByKzJ3ajN3CkFicjdma0Fz\nQmNobmtDV2ZTTWNPUjg0SkdxbGRXR1lmb042SG1yYjJ6eU0KLS0tIHBSTHVtcGhN\nVmlnZ08vUlJiSXBxRVhTM2dVWjYxSnRGWGNSTGYzT0FqbjgKk3c2EdmggkI4UB5L\nd8K5ZUcIByTvBIdsQRIhNkaFJfD4qEa/K+5wxe/JMBbPAopCpoE4kco/VvqogkjD\nJp6h5w==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDVucGlodyBLMDU3\nZG80cHhoNzNtdWlwVVN2TUVqTE5nOXlwSGl4TUZEcFZCV1BFZFR3CkxyMkd3WmpM\nc1cybGt2ejJBZkZNSWZ3U09QV2wrdGFpOTNDWCtYRHlPd0UKLS0tIDhHK3BLcUp6\nL1J3VnJJVXZ3OGM2SHh4UERmelpsMGNta3lJa2lzSWpaVkEKGTzgCCzFK7paiPUc\nYWcomW6pNQ1gskj5uYhBCLJNKu6Mkr0sRgOvP+ZGsZ6apEKmS6nAyq1W0E2now2T\ndGQnww==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO5qner13Q0fm5NhdXMx2nkt5kxjC0/SVY2FXh01OiHN"
       }
     ],
-    "lastmodified": "2026-04-24T02:42:10Z",
-    "mac": "ENC[AES256_GCM,data:IzjL3K1sAyp76yECJ4yvYLEMl6RpPdT4lteZq22pUB9UMEFgF+ELU/LOFWmxPI6n+XvOHagfKhT+B98Qcth/OuaYbM7r+UJ51IIlnU5DG8RxEjqN0/7zjOjPZ8AGinRkkPVA2tIfAQDsD+/MhjgkLfxHMyH29Wr0x+Nk7zrdDxY=,iv:DCMd65s4yimQVvmUvfFNDAGrGjznAk1xvLU4BQdhhBY=,tag:ENS+WiymIDFPOHm0bMIy3Q==,type:str]",
+    "lastmodified": "2026-04-24T14:30:26Z",
+    "mac": "ENC[AES256_GCM,data:ucEc9eWM+6U7sX93p18AJz3BR7aIbzgyC3AeNfxX5P4VqzK/aqSeiQu2A2gHBlnXWjeHvicgG4sB/z9C/dzRYm/30tLTdX4ZzQl65tly5dXQYLmkg9yG1f9ewMAkDsZOFOhgwzgBgD6PLc9jqgUAjhZSHCvYNYzUFCLUMk7aD0k=,iv:k2zNW1cJ9H/Vc/XlFzBOdoUBbosviOF8ZX5KDAQZwSE=,tag:yjrUou7qBcQJdHdmhsmpXw==,type:str]",
     "unencrypted_comment_regex": ".*",
-    "version": "3.12.1"
+    "version": "3.11.0"
   }
 };
 
diff --git a/packages/gen/env/src/runtime/generated-payloads/web/prod.ts b/packages/gen/env/src/runtime/generated-payloads/web/prod.ts
index b39a4d23..a248df44 100644
--- a/packages/gen/env/src/runtime/generated-payloads/web/prod.ts
+++ b/packages/gen/env/src/runtime/generated-payloads/web/prod.ts
@@ -1,81 +1,81 @@
 // Auto-generated by Stackpanel — do not edit manually.
-// content-hash: 6ca54cf798c02e805081f332afda26f102a71c1538981c88a2dc667b8e3f3213
+// content-hash: 0429d9b875f5e3798a5b69d7e5f638ccc3c632b2579d57765598acd88b6e0b0a
 const encryptedPayload = {
   "BETTER_AUTH_SECRET": "",
   "BETTER_AUTH_URL": "",
   "CORS_ORIGIN": "",
-  "HOSTNAME": "ENC[AES256_GCM,data:TZniHwf2Xi2Fcfmls+s=,iv:ymWYNRApnXwNcvENuirE0riyxCC6ZFNJpUGctqzbVrk=,tag:h+lS8KBvFx3+IRY9CPaumA==,type:str]",
+  "HOSTNAME": "ENC[AES256_GCM,data:6sWT6lixenhgb+maNEM=,iv:uNTlMFMzdGuPzDiSIsYBC2A9twzD9+Gl4CPV3pAUtV8=,tag:8nZgLfV3r4+SfDS6F0Df+A==,type:str]",
   "POLAR_ACCESS_TOKEN": "",
   "POLAR_SUCCESS_URL": "",
-  "PORT": "ENC[AES256_GCM,data:MRT6Kw==,iv:BbxIeiKR5GDXdDUIhLri+g8kN2DNlt2RdksTjAOwNm4=,tag:bJP9/IwZm570+GadjzKCxQ==,type:str]",
-  "POSTGRES_URL": "ENC[AES256_GCM,data:/4W7qoABCLDKlYS+iLf8evqxBS5fVLB3TIQKjMhZteQvun5NZP0eFGlm0sMZm6xSaXABy96eHOxPqZrhbHcZKAg1jq//yyffjlmBTl6wNIoUN2alSFgUcfkz78mDI5oMWAMn2F0jLCgyTovuTk35RWZ72CkrOHgIr+2D7y6MaFjli20HGE/sckr9qu6D1j47vsA8yXgSkqSuVJ9US4is26QjdujsqBmyLg==,iv:cRRzUEHuiw+gaWypwDOyiRJ93MIfoNHUKGV2ZH85fqY=,tag:lcvoewHOGQN8SYK+z2enCA==,type:str]",
+  "PORT": "ENC[AES256_GCM,data:PH5hbQ==,iv:Ofjc90sZqORDyPXyiY/p6C1Udx2gel3r/GkFUf8dDYk=,tag:Pk/wVgxACHRW7Wvl0rt13A==,type:str]",
+  "POSTGRES_URL": "ENC[AES256_GCM,data:D5NoSyjA1Xm6G/yWQV9nbSN17WZklO25VcZTbrRqfmZM3sZ87MuRycH2jXaMC6169KRkCVUb5zLDGaK+gmQHcCRXh23od9Y+bFft5R1wTcBVDdVbAGkT9fJjqSl+BCHan/6mTZBjoWa9PN8Bo3ac3+iYTsapXy5jreC0JRRlhRVQe4FED4I7PjkbuEbOcBvYpc047RSZbnbg2akTAbt5MhiqRpf+V20gZA==,iv:IEnUBLBrIHizt+HjgT469W7vU8cPdJ2Ze8xA29APxFs=,tag:Y7I2X41TuHkJjBRtDDyCgw==,type:str]",
   "sops": {
     "age": [
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHZMYWFYZyBNTEFS\nRHFFNklDd3JhdGxzOWZDb0czY0NXbDl0a3V1aHFKY1g3eUt3bm1jCjFCZ2V4aWpy\nYS85cnBxUCtDRzNPVEtTSGVWTnphMjZDZytFdkJGRFhyc0EKLS0tIFRkL2JwSnV2\nZ01uQmpyL0N4L05iZU9sU05HWjNlZVR2aFBtRWhlMFR0cG8KT9s+pjtWEaRFKl5w\nP5SIxmgD3XNgIOGBItbsQRsewU8R9UyLzVSN9lr0poyVWCZVv5txlML9MCZZOvcx\nj0UIOA==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHZMYWFYZyA3bHJm\nYXZXNVBta3pHaktwbk5MTXZNN0k3bVVZazF1NVJzZi9tRkVSY1ZZCmF3L0NkRHIy\ndGFwUGt2dHFRVkE2QVdWNTlYVXA5VlVNQ1RsNEVDOTRvd1EKLS0tIDZ0TlFOTUhZ\neUdBaVpXenFqdERhSXI3Uyt6Umw2QXBTSFRGWEF0SUNGNFkKQUDK9kxzJRu5m2Fw\n0K38iUDf/z6+A5MCXfhiUdoJSz7aoWKOafBqZc15cnjfHnm/Tt8qZN6JWnZBMX3Q\nB8/rjg==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjMrEzKQSq/0eePzgUGXM349sBm6GVCXoz+tJZJaBVT"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEtlVWxBdyAyNGll\nYXZxUWs1TVE1SmNSc253Sk5Fay9nSERiWFFTVm9rWUE4dFlYZUVZCjc1S2hLUjMy\neVZmMHhNVGM2Rmd0ME9YTm9JaVl3K2xlRGgyWitmMzFaMkUKLS0tIHBpaDg0RHZw\nWFFaQW1QeU1jdUxTK2pFcXZhMTQ3WnZUSjVhb1VBajRucmcKwvJvcOVboPPhad+S\njv0Qfj9vK7RSS6dziRPemiQQyxYxf0wYW41z/bCecRltC86y97lq4SNnl93Wj0Ld\nwnInXg==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEtlVWxBdyBpUTVH\nWTVWNGNjZ2ZQdWNjYnNXaXJmZUxpZ0NRNzlWelhlSlBFeS82TlYwCnhDREkvcVE2\nRUNtMU1yczZJcExUYnhLSVhXUjA3RVhYd252NmVGdVVSaXMKLS0tIGZjV1JNZC9D\nbk51SW5EQTNQQlg4TVovRjU2aUFJQU1EZTZ2TXUxclBwa2sKwYQAyTL2uHVFMW4a\nSmK8JcVo8gzdwFYn2pUb5JvoqBOYq49MRAZ8K67Eu/09mwbTwT4HuwJ03Lx0NoJe\n4pilCg==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIoX0wKjybps6ZHuvA+uwE1ThfWl87MApDLxCjCDUCC9"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFNdXZydyA2MGd1\naVNRVzlYWmJPRkdNd2p6SXhvam9ZTzY2VWlrNWNPclVpVUpha1YwCjlMWEt5RkVy\neDdCVGZzbkxSdGpEVU55YS91c0dtU3JYOHpLM05RNUFXRGcKLS0tIHgvbmh3OVZC\ndmJuV3Y4eGxkbzVoNk00blJiS2svUnZLYXp5YTFNSUZFWkkKY47eTMGj+P7e2oxb\nFr922thc33846pMTEYgJB+/lTFHw2lQHhVqQl7GaH27iwggXoHhckdK9lj5Xotpo\nrpMWYw==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFNdXZydyAwS0xq\nYnYvUzU1Y1JyTFdZRGVoUk5hUEpDU2EvUjJyT0M5aXU3dlQxMzFrCjlPYlZCaG5L\nZEQxRy81aFlJVGpJUnkwUzhqNkZUdUZUaWVwZlBMN3JqU00KLS0tIGJOYzdFMU15\nNGpBcW96OVU0VDRlNmdpWlZYQ2RCd0d4cWVOQVJKbm8yRDQKFX41Oj+KBjv2rsIW\nTE6NOvnfpKWC10B4lCaARlSUxUVwDvDhKbUBHtgPW4J+vz07Ipcq0f/JlTBm39nV\nEWKq5g==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKZPhznHjTDifGroHiGRD3hwWz69B8NsSSPNbwWjfzgW"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGw3N2NtUSAvRjZ4\nV29Rcm8zV1Rza0dYU2tFMWN5cktFdE05ZVdLd09USm5KbFF6NjNBCkxLTFBIbU9T\nNENPc3NrK2diS3FvZVJUNE5uV3ZkSDV3d1pEZlZyT1JGMncKLS0tIENwUmlrV2Jm\ndUZBQjk4dmN3YUdXMVkvWGlwVS9qVW1HZS9HSXpYdTFRdkkKK3mr3dkVgNlqrJEh\nyn5tv0n4J54kTp27b3qG8KceaxvPH/M/5r5gy/5EegFagBbtO3uudaxNfRcLUevP\nz0puVw==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGw3N2NtUSB0ckpQ\nZFRXQjZvaWNNTGpaMWE3OGRkclppdGh6RWtMYVZEYUdHNkpQLzF3ClNFRHA3czZF\nMWwxZUlnbHVrMmptb3U5YWlBZi9QVTBSblQ2a1V3NWplZ00KLS0tIGJ6cFB5TTJV\nT0hXcElDUW9ub0JMZE1rK2ZvQ25MM1MveUtZNzBieTRUb1EKZulYxalJUu24ShPL\nZMoanFFPXvGfOWOymQ8PY77IOlKB/xE9slcG5CnAdQtRhqpzDSRrgrFPyIFmnTXX\n4oAMYA==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJF9kzudl00FVTQA7nnSaicAJW2MoBKm47G7wefb6uSm"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSBZNHN1\nSDdLUHJVNVBjZU5hTWxMdU50ZEs4dlRqK05zYzNIMnIzUG0wVW1NCnk0MTFQMmJw\nOW9KRUo0MDNSNWpQTGR4LzJ2UjRuSm9kcHRPSXFqUWNDQTgKLS0tIFpQamJjTWgx\naVlwYnpuSEhVdElkWVZSWEJRQndIT0t3MkxEREZPa3RpNDQKxkequFUn4fcax3YN\nLrBfXy5q4o5571PkTA9GqhJq4fsLmZoc11/WL83jOmDFeiR9TsqoIu17MSUi8tgL\ncgMApw==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSBRUUEv\nZ1RKc09FU05JNGRZL1YwZ1hiKzc3VGYxUEx0Tm5QVjBTcloxOUVVCmp4N1Rwa1Ex\nNTkrVXhsOUFWU3d3WUgrK0tjekMwaVN4UDVROCt6ZHc3b1UKLS0tIG4xWkZrSCt2\nZU9MUFA5VGNVck44d0JVb1JPSlNzc1FFbG5WMWJuZWNFamsKU/38FP6Z8UN8rnwG\n63QlwWUdnCHKf3R+ql8eFdvLPPN2RHax63s0qD+E7k3pgP7QHdRafeN/Z1uHF1gK\ngjfoeA==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINh0gA7reCRW+zQ5pPpIjoJGpaFQSbC/4K8B6vMXJVr+ cooper@darkmatter.io"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpUeE1RUSBxQTE5\nVTI1QkFkcEdPNldBOVRkWU5TRjJxQkhKb2tkc25PenNFQ0c1Y0NFCjRlQlFhd1pJ\nb3htZGtvNm9wZlExN052Vkx6SER5RzFvamEvTWRsR1p3T0UKLS0tIFRXK2dZSzJJ\nNjlEeEtoOTE0U3dzYTZxb2ZsZEs2dFlYRko4ckh5cnBCTmcKD25pRD1R26UAwUsU\nCOFgZKlrRcHvQciZB25AoOxFUy8qORD8vTbN6WVAV7o+BWwiksxFOA5awpztQ3BW\nPGYz0Q==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpUeE1RUSA2TkU4\nRHdXdVF2T2hBRGdOcXRXeW8xamhQbzJrZE9SbFpkSThRaUxCSEhBCmwrVmRtNjRh\nNVNqTitUbU13bGNtNk9rbmRVYU51MGpqR21kK1pJdEE1VVUKLS0tIGRXemgyaEFC\ndFp2NE9renFBRkZMdDVERnRsaFZyRmY2UTNaL3pGK21nWW8KMvZlpk0t4GaYvtIN\nzId6XUR2ytwDiGCmuYc2/cBwj5ncjY7fejZ4bvm2hL0qZIyxHcfOvIWw+WRO53Gz\nOUt3Mg==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDmZV9Oi9hrckXTpqBnDKRrY9mgwj+SJeVBGWmne2+q5"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDF2bHNJdyB2bWt6\ndXdDSjgreTU0T0FqVWpaRm5tbGdmTklHZWd1U25DV293MDhKTzFZCit6cjAxbmlT\nTkNMRzFFMWMvLzBrTWpQUXIyaEcrVDFXaEdmc2ZPbUZNWFUKLS0tIGY0UGFidGJU\nSDIvSzFCT296ekMvL0gxa2hNZkJzZ2VaenJaWlhydjVQSWMKtzW4Dc+kKYSkxa3d\nL6PL44YuSwI0jmyEtp+A9E+gmXCeXKfi+7+Urxv6ELAA9ht+KpXwALoQHPBWiJnF\ng1GKng==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDF2bHNJdyBXeFR5\nMGN0Nlk1L1FKc0FqSGhIVmNoazRuSUJTenpMR3ZIWWdhUThtZlJJCkVVM0lpQVNK\nYmNPQU00Vnk5OGo3Q3g2bGthS2lPMkl0alVzMVVacHpSOTAKLS0tIEpZZUFQV2Qr\nRU1pUnlmZXhCUUZObEZ2UXcwTkI1UHRBc1VoUFJXc01ESFUK+igJD0y5/oUCTTAK\nd3GyfDLyqs9KnLTB1ZEI8Xx3efgj/itUUP2K+tANofSwPVTml8ea1XkM/N3wPoBz\nhUko8Q==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA+M/DHDlKgayM6wsiX6r704pE+2qENOsKcytC7sBhKA"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSBwc1F4\nczlCY2EwcDh4N0syb0dVNjRoSXdXQ0lPR0FlT21jMENWVldUZjE0ClVlRGhnS1Ez\nbVFTbnFoWi9GeE5kY2VMdWFSaGk4RTBQT0JBT2EyWWNRNG8KLS0tIFJWU2NZR0Ja\nayt3MEFnL0tVNFNrTmlpVVE3SVVXVFRtc1owTVE1N3o2cVkK5xsCZbVnI8TrAuyc\n2Kugutuuxpv8O2vABcM0eCe9+ciRiVs1DXnMAlenbNDGDgkVKecZZg4O9acTpEe4\nevZTrg==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSA2TDU4\nOVJNNkJSOFNKSW8wNnBXa0hiUGREais5OUprTlJxeXp0clBrbkNjClZHSTd0NkZV\nd1BDZk45UHJENzFENzN6bEhXR3A2eGF5MlJqM1VicE8zM0UKLS0tIDNtdFB0STVi\nckhKVm5lRXRpSTloRDViVW92NmlSUks5UGJoVTg0Z3pkNkEKxQOvurwHVjtu8ghE\n3wUTwYd5Df83JDLxlCIaf0d9yCb04D89SJZXkT2Od9sazw2cjRnsqP6yeSf80fLn\n3G723A==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINh0gA7reCRW+zQ5pPpIjoJGpaFQSbC/4K8B6vMXJVr+"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtNZGJ1ZyBkczkw\ndHlrOGtaYXdTWEhubWpSVlFmOGYxQlFDZS9BQ2hvRWp4RnkrR2o4Ck56ekhXY1Yz\nNi9JazFQRUNZZXo0Y291di8wREZqQ3dtdWxqS1pXWDYrNkkKLS0tIGxFQkxVUzlW\nOG04Y3c1NVFyVnphRzFwTkRWU3c4Smg5MEFETjZSQktWTWMKZwZaatqIHGkM1T2A\nH6N/s4tpaTqSXmS0sXYj21VUd37NgN5p4IPvYGhMsVXxmfprJcGAmngd7tcEW0oQ\neEovDw==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtNZGJ1ZyBKZVBK\nVVlHazZzRDg2dlFqM25mc0wybW1hVEpUNUdpTE1WTmx2Zmh0eGo0CjBRRSs4eFY4\nT05DQitaekcrSnpLcEVpSUlSbURJQzBqcktLWE5zeGxramMKLS0tIEF5Y3FSQTJq\nbEdhbGxBOTFPK1p2eElCcld2SXpPYmMySzErS2tKVWNzWkUKsQNuGjqORxBwCZCb\nKd5kVCe86tpPszTOFjSFpVZe8jqBRSNp5aurAzkxcP61Z67Dz78Efb55eVssHZjT\nPcqusQ==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEmYihgWHfnLw0f8uTfLokCwToLavzV/+k/GggBA4Sz/"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFFONEwvUSBvanov\nMlhnNDRiL0dGK3E5QnJ4UVYxekpxY0JFWnFRNEl1dXBES29aV0FRCjBiSmtQUlhy\nTVVuS0VqMm9UWGVrT0hCd2Zsbm05UHQ1eVJuTXhKeDhHMEEKLS0tIDJGaFpYakJJ\nRXJaclArMktFZkVhTzRUdGtndHN0NktwS04ySVlISSsyWmMK0EEhOzuMJlssBLfV\nONwQucOxUfLEdHXN2+FeXFQ+zqBQhbevsfvCihyxqjNyZB7Dbuo+OopkPBRoffRm\nBTZKqw==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFFONEwvUSBTOGdW\nZ0p2ajAxVGVTUHhRYnh3a0J1aWtpUzYyUXdGb1NhMXFGK3hYQmowCmJRcElvQmpX\nZTJCOEFQUUdMbEJDSGlCSit3YTNrKzNNSDBSZXJ4c1J5ZTgKLS0tICs5VEJ3ZFJm\nMURtcFl3NGNlYXAwWkRGeFdLNUpJWjYzQjc3a01SSzVDWE0KG9qiW+dtmEUs6JJV\nh+/tP+UV1r4G90Eh0hIrdybTi2BqzVbtWsfbUggxj84BAXOuoymhg2/rkJNr18No\nQIjeMQ==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvT1RvcTidgpVYE0OPknc3f5HcAVpyk+rXXrW4AcbzG"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDhjWXRrdyBnVW9K\nZFZIemROeDdYM3YxN1JXbGZCeWFXMEJWUktzaTRMZnRlTEJBcUZJCkJlQndaVWpk\nRUJoWE85ZW5zZTNodEFaZ1FScmpMZWx4SWJJQW9XRVY0T28KLS0tIGU3RkN2MUpW\ncnhGYSs3WFFzYVIzaXNFQTlKZ3BiWjlUbmxBSzg0Qi84ZEUKEKNrE1oU2vKjwp60\n4agwFAv5XvAg2aTodZPVnnlYeypggD0mXD8zeOt3qEJshJk9uCNT0YNK6zTOSk2O\nlGR0Lw==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDhjWXRrdyBYMGRw\nTmxBNlhPdjNacFZ4V2ZOaHN6QkNlTVE2dm0zamhnaTZIMUZhdmpvClY1K2dtd3NS\naENBQncrYWxVUWRuM3lsc293cmR4c1VPaFVmcWJ2d0JrTVUKLS0tIDl5RjZ3dHJX\nbkxwQjgyTFhxS2J0cEZ6TXBNcHdjZFhRSXF3a0xyYS9qVW8Kk7xlsF9QlwdGCueT\nf8PLbzGD6zmGTxOhpJvY73/cnhuvyorhpc0f2vshDVVSG6KOHJPUFtOWxGTBGf7O\nRe8oBg==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEijeq50HS1g27BTRfJ8XWIPrAX9UVkap5fgIOCOtA5+"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmbzRoUG5kYTdOSGpQelFn\ndGhYd0NheTBxTUUvVTB0aTBORFVDcElFOGpZClZqNnlKOFhYUjc4bjJsMTB0bjk3\nZFJ0N3JxcW5oNEJyL3haZTUxeVh5dGMKLS0tIG5reFA1QjVrZ0Q5bnJ0QW1uWFpR\nNUh4b0hBeFBWNmVCUWozcTd1K3B2RU0KsawIJIGad2gtTZo3SQ29b2raXtISvbj6\n3LUAYIJgv6s736XgChaVMZkE8WtdGMgUVl9IkZrdsxcUvFq4hNGH+w==\n-----END AGE ENCRYPTED FILE-----\n",
-        "recipient": "age1eqcj2g0fdekj2wpqp4y0fg9c5myydjdt9zlr5scr0grk6fxszymqkpw5jf"
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2L3g0SDRJd2dDWnZ6STYr\nVU05UWJWUUtsM1NhVW11SlR5MWNyRW41Rlc4CjhGdXR1TmFsazVpSWJzR1hHY3Y4\nTHdrUEJwQWc1UkYvdHljQ1l4UUJwcFEKLS0tIDk3ZFFKN3l1N3doZHBaSHN6NndS\nSGZsR1pVMEZIU1RjUURDN0lDZ1h5ZEEK/MrikILkL0Q2+a6Z38/USEBRf3oeDc89\nQl1ROrkYiBFGIRNKoqw9/8HryYaMXvMxWfjhSiJ8Pu7cHrR2mrbDUQ==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "age1d9h9mm3u5qalmpl2pf62pyzqj8t654n435emn93rutv0cg9sr32sg64fdj"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG05VmtkdyBnQmpl\nT2J1MnFkZExXYit0TmE3MkRDenBtU0I5cjdkZTdhV284a0ZBWWlBCmt0aGxYVUxh\nSUtXeU5WOGhUVUp2NzJ6VlhvLzFMSWg1eEhCRjhzMEhFNjgKLS0tIFZPYWJTd29H\nUG9KU1IrYitGck40NG9KcFFnN2U4aFFCenBWbUZiNXV5SzgKcDzkmL2V9eRlrSxs\niaYbNhfpX68JyH0p1cc6oDQASUB2Ra301l4EdCg17/DuNJQZ2hwpMbSGCRGm8R6X\nxPhY+w==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG05VmtkdyArV0d2\nTVIxaGtlRk5Rb3BQV2J4Y2o5anNYdkdSTFdQWjBQQ3AyUndONUVNCmdnYVJvdW5E\nSEl2Q242R3BSK2lMWXY2WVhzTWhoaS8zN2VnWFJGMTBLMHcKLS0tIGJuWG5YVmx1\nbnZmd0RqMWtlZ2E4UDhTQWxBeVJsQ1U0VTlteUVNOUpiZDAKchiZtP9pSsIgt6I3\nKoBsBw9Ol3iKM/xJWnYo91ErUUOBnq/aHhERozRAsRZBEwRXzTifzjAggswLtN0h\nSkRu+Q==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDuzbgoXZccZ2w/9HGgUyT9nJH7lG2/jfQCZJudY4yAN"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDRTOW45QSA0cHRS\nWmc2TWJCeHM0TVdBdm50Mmp2b2tTdXZGRUVVV1g2L1BmWW5KWXljCjlUYXZiTUZS\nUk5lTFlYSkVpYnhuMzluNTVlU3RzZms1aTFmWGZha0NOancKLS0tIFl1cWliVCtF\nbThCelNsYjFMa1BTNm5KaFVVV0UzZFpLT0E0bWVIcVhMbXcK3LmFVwPn30kEICYE\nZj+4eHNwsg+gQMIgrp6pP0TyC73g/3ZbAj1vjdPHwjy2c8d14ULBn3/R3wQstXcm\npPSv8g==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDRTOW45QSAxYXpG\nZU5LVTVKcitsUFF5THpPMUc4K3lpcEsrbEZFMUZLNnNjdTU5K1RVClZqUkN2Njc3\nbHRXZVM4cGlFUWxaQ3g5WCtDMmRlSjY3SUduYzhTOWhyQXcKLS0tIGNZZ2R5clhm\nQzNucWhvY2kvMlN1MXlYSjl0QmV3V01FdzRFN3oxVGJZZVUKTgiwnYEaXXliKPw+\nfeZAWkgqCvLG6+yujEmp4jcC+VHsi+/H7krpZvpS6stMwTQN6k1P6kkT64euVYhX\nr4x1ng==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFStro05R+CPmjWMHWtzXUKfGll+OosoZtXAyPtngN7T"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDVucGlodyBNSmoy\nMGdzZDBCOUdhUXNnWlZvNXFYSkRPSTN1VDFFRzJhS0lxbVFpQmtJCk1qNlIrSEw1\ndGt6Ui8zTmo0enN4bUJnRTJoNms2elRUc3RNSGk0c2EzQjQKLS0tIDBNWUlvTXND\nTW93d3IvUURlK2lxK29yUjFZTnFsNGJiYnIzVmhQV29kQzQKDkxvLxsot8JEyp+V\n4k9+LSw5H7PtXQT0BxJyqnn5UU3gtyOtveF0xOuNAFUt8qdcO+amD3g0f/IqtX4E\nDUfkPQ==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDVucGlodyBYVTR1\ncTZtaTZmVUZhV2JwWTduWW1LbEtzUkRpUmx0NGdiZTdVM3FKZzFvCk5NQ0tueVN5\nUkJGVkFadFZsdG5CdnNwR2s3ZVVvSGRxYlFqa2VKbTA0eEkKLS0tIEFVNkd4Wmpo\nNHZtb2MzVFkvTk1ScE5OMUVsOHpHRlVMZEcxaTc5VkYyNU0KhOoFAQe1JPDHeuv1\nKrJwEbTgNJDsABCwcOhoOaFGuVGs8ZJ1Pvhr74ACj9GMIcsbq/FJb60yJDIoA6xy\nSFeP3w==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO5qner13Q0fm5NhdXMx2nkt5kxjC0/SVY2FXh01OiHN"
       }
     ],
-    "lastmodified": "2026-04-24T02:42:10Z",
-    "mac": "ENC[AES256_GCM,data:0+lMO570HKr17USTc+/RMza4IvxmafdPznGARA2JN2KVOx7VeISgeD7KOhERQvXVDT518vhYj7+mcYCZhxFViTM8n4xQPlvqVz8Oz2CekYdx5bHEsXzyAVbquDy49I+CpWmsNcKNb2ozCP6Ci/6KEXnTJU1b3cjTR2VMcOHr7aI=,iv:ZCkCttNwoiWrkig4icKBGZvoE/ZYxyeZy+QNCHEFsag=,tag:RcWHmAnkmIhr8jWXolWE/Q==,type:str]",
+    "lastmodified": "2026-04-24T14:30:26Z",
+    "mac": "ENC[AES256_GCM,data:AviTbzC+XWmrt/RB5vIwo3SMkWMWvtdNyBVDZYduiBdxOvgjduy7CSuPUCawIHC+7u/llS1HTg9G2yQyl3d16fhgRZGruU6jmRzHpcfYMiUEpRBKn6ST5+vjHRwZZFtJ8uBZdezWXqg9TcZDlYFhY20roWbDr0gn3FDHppePDiQ=,iv:7uAZJBTG5Jjnqqq9lFR3UC+J7oLDZMXEkfxRagjb4io=,tag:Tk2M/GqOHm1KuIaWVXpZ9g==,type:str]",
     "unencrypted_comment_regex": ".*",
-    "version": "3.12.1"
+    "version": "3.11.0"
   }
 };
 
diff --git a/packages/gen/env/src/runtime/generated-payloads/web/staging.ts b/packages/gen/env/src/runtime/generated-payloads/web/staging.ts
index 4f80e584..182efeca 100644
--- a/packages/gen/env/src/runtime/generated-payloads/web/staging.ts
+++ b/packages/gen/env/src/runtime/generated-payloads/web/staging.ts
@@ -1,85 +1,85 @@
 // Auto-generated by Stackpanel — do not edit manually.
-// content-hash: a5a8775226c6b4f7d6cbbfbed354c7c0bc572a99bb00f6d0373c5e9d7ec56d29
+// content-hash: 1c61e44f87f19997545562b62512e02aa8c432c02d83cdbb4b4d81c284e7f537
 const encryptedPayload = {
   "BETTER_AUTH_SECRET": "",
   "BETTER_AUTH_URL": "",
   "CORS_ORIGIN": "",
-  "HOSTNAME": "ENC[AES256_GCM,data:rZEDdGN+P9NjKMz3E50=,iv:sHbg6RxKOPMQVpRdylUOqqRygBrSi1WEcY5t6WXWh30=,tag:GoEZiW8ROcLknkYGTER5Ig==,type:str]",
+  "HOSTNAME": "ENC[AES256_GCM,data:ioJLs6z6veNLM3zPNlA=,iv:WMBF0ksR/w+N3U70wxk0VuuAyYTHMsZA2snl0eaoWbo=,tag:lpL+AGuMSbDI1OrN0JRhxg==,type:str]",
   "POLAR_ACCESS_TOKEN": "",
   "POLAR_SUCCESS_URL": "",
-  "PORT": "ENC[AES256_GCM,data:3RLMng==,iv:lKFFRF2mnvYBuIjLbVS4CSkcnxek8rxCcWrDeZcAHZc=,tag:/tiMlDORQNncpU09hDSdbA==,type:str]",
-  "POSTGRES_URL": "ENC[AES256_GCM,data:5g28j13PU5z2WPiRxdJtqqXZotA0UpULT+weKZyLdhVUC/wtULoxgPJmG0lrejtrxqgtJ8VcO8sRT5K+hpXVaC4e8lQuJ318OltEOTSMo7jjJtjlbIS3gM3GELGDfUH6UCEpKek4ShfOnZprvH/aQCSxuQvZk3UO1KrZmgEXBII6Ln0dUijWydjKYcEY4a5uYwUbPdK8e6Q6yxUeQ9KSjlEibfkCxQj5Bg==,iv:IIY7v2dURKuzA7Iw1vH/sEiSwjdvt7/ksihRpsUcpYQ=,tag:oui1H+4DZ88QS39ndSQR1g==,type:str]",
+  "PORT": "ENC[AES256_GCM,data:V2PPvA==,iv:nVF2O6pJ+n4uiTSgoFSnT2fFCSnpLwcad+8n2Y7QgiI=,tag:VerugMsQ2HpK3amvsottXQ==,type:str]",
+  "POSTGRES_URL": "ENC[AES256_GCM,data:5ydZ1mZHvhNb7KSANpSKOMefMVIQ2m9qtHKcIS7mJqborN8jhPZwrhJb7h01b/IP1vEybCk+eC8YSVNjERnfLkYytVGAMbVAUl8lLtPg8ge/oirDTZ0xbEajF4IthwqswMHuf/AJUWljXsrEb+Gil0Rp9XXDcMMWtMw8x+baTyGLxk5oQEvg3lHhFafMI0KU599i+0QH54/+OtW79N2S9X6jIH+Q+IJUSQ==,iv:GiDJEnonnl/sMlxukK42jXO9iT9eHx6EAoXXoyRlrsQ=,tag:2bUtpw583C/0D62mF4M6fA==,type:str]",
   "sops": {
     "age": [
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHZMYWFYZyB4Mk9L\nSjhxcWhiVzdlNGxJSlRGcEMxQXUxcXBrS3FxMUNTQllqOUZHbEVJCkVhYmVhMFp5\nMlcvUGNaYS8vR0MrajBHbFZFUUV2SVdnQzYvVjVSTjhGMlEKLS0tIDhJVEVpU2wv\nL2pUSHptaUw0OHdaL0M4TGxuNm9EK1ZYQVJ1T0NvS25qTGMK+7IXPTDD1IOXHwTo\nOb1Z8flNj5Kq8vHtfCgJ41bZUDoPAW9MMRhF5RvRAaJyhOLmlp+Yd5ql9NfXcmC0\nqPZP9w==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHZMYWFYZyBFbWxm\nSXllQ3VpbkJ4aTNrUDVhc0trU3U1SnRkSmNldExnb1pNZ2RQU0EwCkFWckdsNC8z\nenFpMDRRU3hNVWpDeWQ2dEJILzJLNUhISVZyd0xEeStwUWMKLS0tIGpQVXNrOTlk\nQ1BlYnhSc2ZZWGpiTnFJcXcvVitUc3BBdGMrTFBZYTdMc3MK87Giaw50HLsXuJPq\nR1NMQWT+bAXE9uIpjMrxuWJSIYeUng+38maADl5Vnh2nbixGRTIFDPiXq6E6PRNl\neNlfSg==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjMrEzKQSq/0eePzgUGXM349sBm6GVCXoz+tJZJaBVT"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEtlVWxBdyBuK3ZW\nU2c5RjRGbGRnMjBsQWR5ay8rZHFJOHJvVm13ZGd3c1l4RkhheTNjCitPOUNJK0NB\nOXZmWlhhUko5bUlsaE5TMmFzMTUybDB6WjVXRlBBTGhhSWsKLS0tIFowTkpBcXcr\nVXpxaFpGendlNTV0OGdMMm4wV1Jkamtyb1o2Z29oK2FTNXMKqErDmWp1/45Jynuz\nDnoZVBCQHfiED8pi7SStEaaadpD/6oH+Zl+0CsiFXoD5xGQmEFN4wr0aZOqVtQvB\n7iUWqQ==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEtlVWxBdyBVZFp6\nQkdLQzlXQWNFbUJsMElvTGlXSk0zTFRBenNRZWdvUkMyOGxNVmk0CmZ3djZSWXli\nUFdjWmtJZlhERmQ1RjRNaTR6Q01tbmJBbDU4T0ZMeDVlUk0KLS0tIDB2ZC9BbGdy\nOUZxaFc0aVR2L0gwSE54YUNYZEl5NkNTM2JiTHV1ODgxY2cKwi179VL/vXh3/WJk\non0KtROQcHgD3t/rWH+pQt7/tWu2jOPaz4oKdzHgABM5/VOxjftOfM324Y2aBY41\nvjyGaQ==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIoX0wKjybps6ZHuvA+uwE1ThfWl87MApDLxCjCDUCC9"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFNdXZydyA2VCsr\nY252TjVlRjh2STc5V2I2S2gwYm5qTmI1anp6bnlFNGV6U1JFTW1NCm02MkdaMC9C\nNG1Ecnc4TzBWMkx3eE1xK2ZXdXRpS3hvc2VSNkhMREdTcmMKLS0tIHNwTkdpclBB\nVit5djJCVGN1T1M5dHd4dVVvbG9FYVd6MGltMi9JeW9oUmsKE7ynZDClR3y7WbjJ\nR8HIY5Ik7jtyh85Y/cEmnRltDPk+sJkAS6YbaAQUAHcrvvUy9BFq1lzzWYXrDPc4\nN9tOew==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFNdXZydyBXVEl0\ndzlCb0hDb2Y2U3dzOGlyeGp4OVZtdFdQYU02d0pQcVVvWFJWRTNjCnI4VVgrMDNY\nMWdBaDBQVWpqaW5KZ0lSS1k5T3JGY3E3bFh6RXVkT1JHTmcKLS0tIFUyNFJjZnVo\naU1ZRHUxRUErMGFwMzMycXVtREcxdzdaMWpKaU5VRC8xU2sK4T5OVflIZdr/VgKP\nm7RYY33UtOu47J+ZyLpz4QF34MIrHPF6FC4uSxuJBGO2bqTOprEiLvMYPaRb8cLd\nHi+Z4Q==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKZPhznHjTDifGroHiGRD3hwWz69B8NsSSPNbwWjfzgW"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGw3N2NtUSBsN3Rp\nQ3oyNUN3UWRDWUVHSHFVS1l6SVcwU2dxT1NZK29xWXhacHp5OTBFCjJFSzErT2RQ\nQWtsN2o5TkkvcjRmMDIvTGM2cU1CVnFMTlFEQXZGNmhDKzgKLS0tIExGZ3hNd3lS\nQ0FwRHVCZklRTTkzNFFzdjk0bHpoR2wxZmFMVkF4T21JVjgKLPgYHhlnHdI8974R\nYJ/jQFkliZOt3aFNH1uSvr1c85w86HhSn2TK4yzR6wJNA4OHK6yRFZSNpZ3aaeX2\ngf4gCQ==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGw3N2NtUSBVRFNr\nVmVqUkFleXhQN05VVDJmN3Z0SnpBa0c3TjVJNER3Y284YTNYU0FBCjIrSUNydUFB\nbzBVbFhHUnl5STNYd1BFQkh4eG1WektPNnRmN01Uazh6N0EKLS0tIEU3SG1BSllw\nS1oyNEFRcVNFNUZqeE9zdXN2YllydFM2ZTJSa0hleEZmc0EK8mlH/3aOU3BnZJ/A\nyIXthO31HTn4J08gTkRaEwjMyk4fP03mzQ0zh3nHtbJu7c78j0MyXGidBWVGpNkj\n6p7qfg==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJF9kzudl00FVTQA7nnSaicAJW2MoBKm47G7wefb6uSm"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSBQRXlm\nODhqdldpMnEvUXNNUlh5SG5XNWpYQjBabjRUWUw4VWNtK1g3ZlM4Cit6UytJVW5y\nQWdnaHRUZmlOMERrelZva3BUSmx1VEl3YzJ0MVVQcGwxOXMKLS0tIDk3L1dCOWJ0\nS2lUbzZ2cTRmOTlWNmQ5VnQ5SktkV2thWVN0N1BoL3pxQlEKAU0SrLAJLCWQvRPn\nqxLk9J1ccWziB4t/Uu9eJScqQkg5rpgr1hEU52PTg38EScTZIEui1TIibZyqAZC8\n3AUKJw==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSBlTzBP\nLzBIdVRGcDZ5LytQMjl3dVkwV280WVNrY1NWVG1KemJLWG5oRFU0CmhUVE0xeTRs\nTlFIK2NJdG1UMGlJaU1wMEk3ZVVvY3ZoQXBsRjh0YXZrVVkKLS0tIHNJbWkzbSti\nY0xxbDZ0eStqbFIrOUpyNHlNY2I4a2VDS0toK3gzRkswTGsKmvoI2v06pCRsP2s7\nE0ipXxh9r3L5owzaM3iYki78tEO2egg8uJLevarhjPXhozIkyOvBjLMWhiJ5O4dd\nmaMuZQ==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINh0gA7reCRW+zQ5pPpIjoJGpaFQSbC/4K8B6vMXJVr+ cooper@darkmatter.io"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpUeE1RUSBXZ1J3\nVWtKYWZZd1ViTzFPNjg3dW5jUkQ5QXlhRnprVVBXeU1NZnFZRGpvCjBkRHRmVVJH\nVzZHQXpySjdZcjZWMXE2dzNGa3kzOEpwZk96N0JQMFdzMWcKLS0tIFBHN2JFU1RM\nK1VDTUpCZkdaUWZPNTJQR3ZBZjJxS01RRitSdEZXdEJNT0EKQ1S4KtkHIUAoZcWN\nfV09HE7aN6vQmJGug/O00JwlUWjDn9gwd9mqJvBkodQbhAbFN3UEc9ipLp854uxH\n7CloyQ==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpUeE1RUSA4TjBE\naXhPcGdueC8yOERjUW80cGtJN0Q4Z3NscUhFd3FqTlNteVFrUzNZCkw5NjNWRkZk\nSlFjWHFCdHViMWdWVlZacCtGam9tSEwyNjZkcmNhelBiZDAKLS0tIFhGbFRFRnR6\nTXAwUGoxVXFtM2FDR3RTUTRJRkJCcStxa0hOdG1uSkYyODAK25eoDun6wdF1zYVW\nM0VQe96GvYId3xykHKbn0G12s5hdCTBlK47Zs4XdGiJLSqDToa9nrXsA4iC/UWsp\nWQSG+w==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDmZV9Oi9hrckXTpqBnDKRrY9mgwj+SJeVBGWmne2+q5"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDF2bHNJdyBkTTQ0\nSEFSUy83WUlLTVV4cDl2NkU2TjJNa2J4RFp0eHQyMzdRb21ER3lBClhFc3dMcXVU\nRnlsK2p4UkJvNkNsclhJVjA2VkN1NFFhS25ReGxqeG53blkKLS0tIDVVTHNxNC92\nc21NRUdQS2duU3MxRW9PSS9mam1YblNVaXI3b1NleE50RWsK8aYeuR+/0kN64V3c\nYuACB9rVpnyJuo70pEny8EjgTGTZQx96KnsRqyQr4C7PO/vTipJNzVt5kh0jqnCL\nAHOYOQ==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDF2bHNJdyBBUUE4\nVS9Ib3czTWZnS2YxYWV4UUJYaDVuZElWclh0N0g5MXd0dUxkMHhZCjVaVzRrU3Nh\nYlNlVktzUWFrdVRvcUdkL1BuOFhCeUEvOTMvQ0o2bFRaQjAKLS0tIFk4WXViaFNu\nZVJ3dDkwVkc4cFlaU1Y2YmxOM1hTb2ljRlBKMk1lZjRUbmsKS705AAHZzatFSnQb\n4okS8lXHug6s6zuemPkCw/WLkpkeIDi4i0MAC3IwZlCXA0TNsqVE8eFobhE+kMw5\nb+e9FA==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA+M/DHDlKgayM6wsiX6r704pE+2qENOsKcytC7sBhKA"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSB0RmVq\nczArYWtpKzhZdG1STThTLzF6RGtRVkJaRHhtM01kbjFXVDFhejBrCkM0bEFHTk5V\nS2pHd2d4S3AySUlud1IwWkRrRXE5R0xKMVBNSFdiV0RQbzgKLS0tIEZmYWtjYi9O\nNTZ0ZFdkQmZEeVo5OG1ocWxyVHkwUWFDSnRxRHFtL3ovbzgKGYtJiPfFa6bBMlev\ng7lSXhBcbKIgRm7tkVLl2/2IEwum7hNKBvGLBZ3wDp7nP0YZb15WwotRrLArsZoo\nvowv3Q==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJKM2lMQSArbHNR\nNFBTWnp0NitOd1JsUldoOVZaR3poOEw5cWx6V3FFcTBSRm9zUWpZClQ5RDJyclpS\nemlSZFZGaDhwYVBIaDFBanliclZYODlBdW5FSHRYUDN5UXcKLS0tIG84MmgvRHBw\nV3A5ZXFOZW9BQmsydnpCaUJUakFuaEVmdFFrckZKbUJYa00KgHU7Xny7O3FxwobH\nWLZftfjn49o1Mbqj6kTUi7zU4d2bYk/TSDLsW88X7r6EIJHkV56UODhbzLdD/VtV\neuv0Ng==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINh0gA7reCRW+zQ5pPpIjoJGpaFQSbC/4K8B6vMXJVr+"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtNZGJ1ZyBnRUxR\nalBBdXF0dGwxdmgvWmxKUnZTUnlLV3BQZDhGTE9hcDZqMStFMVdVClFGS0JUZWpy\nNVdEVVRKZ1dTV05sdDZWeFVZR0crQXZOUmlsTzlmcGhPa1kKLS0tIHZFZFZKRlNt\nVHlmcHZBOEYzWkxrVXcrR3VpQ3FhbUI0WUlKdW5IcElZZk0Kz16DvaaB4TC8kwLh\nFE2PqmcnMOUJ1oJB1Em0n8K1poiulPUzv0rIBD5yyr+kIzQ5oWIjua7sPF1YfrSk\nHimCeQ==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtNZGJ1ZyBsK1lM\ndFRtQ01CWk9QS2FZbnplQVZtSlU0TTE5MFEvT3FpeW1hWVViL3dVCmwwY3pzU3ls\nclN3Q20vVEtvSSt0aUlFVWdIOEMvZGMxUnc3a0l6VFpDYjQKLS0tIGF0QVB5VS9a\nTGFHZE12R3crRFl1dWZMYm8veHFsTmFXdWY4dlp4aXVOTEkKoQySNuLt9oG+dTm6\nd27pxHABwWx4vvhwKcjla5+1659GJcfzZvqRhDsHoZ49fRu3UFTDVKCfhe93Idvx\nUsDT9Q==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEmYihgWHfnLw0f8uTfLokCwToLavzV/+k/GggBA4Sz/"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFFONEwvUSBldm9x\nNjBac05Oc3dlTllEVWpyNjdCamQ1ZU5hZkpKQWxDN1g4Mi9od0FJCmhINTJuYlFa\nUW9UdnJlRHhqa1h4dU1jYzdGdGlXWTN5Y20wbXZ1RFZkMlEKLS0tICtDQnp2M2Fa\nVkJEMVZNU253NmhMQnd5NitCRzBNT3l6QjBldFdjcEVnNHMKg4nYYCzv18q3vIIE\nb6p0zyWVGCty8tJi11h3Qfqxji1iMJbuNuNxMRQNfKLBYY3ksKD7LZmm+Oihx/hK\nEJSpJg==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFFONEwvUSBxV29r\naUVlV1gyV2RVWEU1VVVESmZWeDdHQXd5aXBPcERIUU9BTGhiUlNrClRQZG1NYVRE\nbkp6eCtoU3RSU3lvVUd0bGhsYWtyYXgyeDZOSzFTZ1dOVzQKLS0tIFZ5SmI0S0V5\nTmJvYTlMVHgvL1JmM2tReEUzK2dPQU9DODVHeHVEQ1NXUlkKy3C8eub2YxoyJkv9\n+ffUyjCWKDXz6LNrgqLeTDY0Z8J5bFHvbkPnt8zxSfmZamhr99NfHkwai0W53LEj\nsKK4jA==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvT1RvcTidgpVYE0OPknc3f5HcAVpyk+rXXrW4AcbzG"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDhjWXRrdyBZWkp1\nbXpTT3BzdHJuckNTbFRyK1FPMSsvRVhFY0lzc0tvdWZPLzJ5TDI4ClVIdG5HdHU5\nNCs1enU4VjJVODVJTUtHZlNqdW9rZGZxc0tjdnBKWWp4WjAKLS0tIEdwcC9vekhN\nTWh5bElyak5QWnVuc2lXelQ2SmFkSlJSNzVhQ1JZcEpvQ3MKFMGZaqhu5WD1J+4N\nUZeRGv3DJKNlPnH0+X8CPQeqCWD5V711zBek6zbX0N1bOC8cWjiG0MZRNWu9Lo4L\n36uGQg==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDhjWXRrdyBiQTRp\nK2lxNGYrU1pQRzJOMEhCc3FtWEdqVnk3dFBYUHlOdDVERDN6OEE0CndHNkFoYmt0\nL3Z1YlJiRlJRTkJhbGgxamNkOGtUeGJxNW9JaVdZMjRkRkUKLS0tIHlLc2ZkWWhY\nWVJvU2I4cHUwQnlLSmhOeVlzcS8rRWFRaXA1dUJXVkZublkK7QDtJCXc4Geyh8w5\ntMitSUnjKGyMexZZ9I9xF62Q73vUDeiheFTo0ARni2VfWfbYuoudrUDZzLusQIjo\njTiuig==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEijeq50HS1g27BTRfJ8XWIPrAX9UVkap5fgIOCOtA5+"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKSmR0OVBDQVI3SEpXSDBh\nV3ZXVE44cDdrclNGdUtPTkVTMGZaNU9JN0RFCmo4aU40YnBrU2J3cTVPbXA2c1NN\nMExNemIyRURTejRndDI4UGtvQ3V4M2sKLS0tIGZYMzJsTVdHckt5bWJMZXdKcTN4\nMzRxZ2liMlNYbkhSZUhPK0I3dUpqcjAKNdCLO58gyqzG7j+JwvcFDxPPm6/n67rC\nZlMqCdMi5eXsN0TP0fSpMQ3HiYFbOFU8tqX0gOElF6MKau38tjopIw==\n-----END AGE ENCRYPTED FILE-----\n",
-        "recipient": "age1eqcj2g0fdekj2wpqp4y0fg9c5myydjdt9zlr5scr0grk6fxszymqkpw5jf"
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtNEQ0VWsybEtINTRWWFIw\ncDBNMldqOHdIM3FiVlo5YXJuZmZWTmFxbG1ZCnVWU2ZRSzRJRGdHZ2ordVdKN0xl\na0RpekZLbzExYmVtclJEYTlETWo2SEUKLS0tIExSN3NjVEl2TnlQZ3FSRmtZaFpx\nU2JnRzc4UFIvRDArbFVxeTIrVXJPYmMKbOO1fiCeV3BDCMR7z5Z017H4YIKovbP9\nUWu/f2LDNc1vq15vdE038yZwK1dnIl+9uMw+6k8ssFQCB5JCEFP9Fg==\n-----END AGE ENCRYPTED FILE-----\n",
+        "recipient": "age1d9h9mm3u5qalmpl2pf62pyzqj8t654n435emn93rutv0cg9sr32sg64fdj"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG05VmtkdyBsNjdI\nV0RQbHpadWkzRFRnVkpwV3c3S0hBU1p5dmtRTDRpNUhoZXRGZ1hFCjQ3QVYvM2Vy\nb2hHVlp6OUt1bGpWSktMYUtqZnVpemdTSjdNdlRBSE1rNE0KLS0tIHRkV3FsZVE0\nRW5rb0VrV3Y2SE1MSnBucVhuRDlSNXlrYXpJMndGZG1sdmcKl27oRJNFqaDRp++d\nE8zm6/ebq6qI82Nqq5QnA95l/9I6x9EDu3rdwoDkNFsQMLQO/4nnp1vUT1YuGzP7\nXkwzrQ==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG05VmtkdyBQa1dx\nZnVYUFBpdFFGRFVEalNLL1JxMDQvWDVMV2dBdDF3VWtnZUVTM2dFCjRSV3g1alc4\nTHlpMks5YlFHeTFyU3M2ZDY5V0NNSi9tZDljVnAxU0JCTmsKLS0tIHZWQVhmZzI0\nUFNJYStQTERqc3p1Ty9WSjd6SjI1eGExOUg5WWJvV3V1L1kKEHqG0ykiCzh7tOBD\nO52Grk+a1sAS9H7aVrLbjpNl3CkQN2CTbgL2yi9wk+SvprNO3aRCauOF+5H6+NO4\nBXiV1g==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDuzbgoXZccZ2w/9HGgUyT9nJH7lG2/jfQCZJudY4yAN"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSdUpKZnVqZ1B2dnhPK3Nk\nRlJjNnJJRUhRU1AxMGhZQnpreU9hclg4c2dJCmVkVUVXQm1nNFZHYTRMWUVacUtm\nNkRObUs3TU9hd2FGZ1l2ZS95N09kaTAKLS0tIEdzNDE2VDVmTW5NRXhwWFJNa3JJ\nbkdlU1JnYTJLVkZ5Z0hUbTdHSUNhSTAKrOEiJZVfp24FNCNbCRN77yj7awxf6PFL\nX7/PVU45X4d/62kOP1mC86cSwk0w/faPgk40TL6WmyE5Hl9bDVn6dw==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUUDc3S3d6dkRJenMvT0dJ\nSlNZV2ozVk9OV2tFenQrVEU0NEE3SWRTV3pNCm54T0NBWU9ZbjZBRjYwSFRpdFZo\nMTlUUFdHR1ZzbmNqS1o5d3kwdCtTU1kKLS0tIDZRbGFnQjIzc0VIQzFiTXFDSmkw\nVGNaZmJHbkxkSStuSGh5MXNNNTB6YkUKMEdrmzaWcSM4BKapJBevZ5rDDXaRAlfT\n0AUP/+5VdK+3gkGV/MWOWrGa0j1qSozY7FLzf8lg1GfnmgAOtKBpkA==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "age16wuzuxnkcgfuxzvzgk5e5a5f6hhs386adjewyv54m9esr4yj6uuslpn6tp"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDRTOW45QSAzV05U\nNWRtUFVzOTNON0FKL3k5K2N1dVMrTlNsWnNZeWxGNERyNW5NaURJCi9JQ2hjalFU\nUERrMkhuMEY3ay9qSkxwT25NMWZSZzhpTis1ZldESXA5NlUKLS0tIEdVMjBqZE13\nWU1hNm5SUnNrL2ZkSmNQVk9wMElrdm0zTE1JMFZ5ZWMwdUEKE+Gv12VtsA237/Mz\nMjWLsui8+8f4LTZu7oIpXSF3X+vHgAUe0KeqalreVrzSwNl1khGUMFrb4L0UP5es\nlupCWg==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDRTOW45QSAyVkJv\nWWtQWWhoMUU4WE5RbmZxWStHUDB6MCtjZUpJNlVJcHpSMCtQZVZNCmk5MnN1c0hU\nOFFabVBEVGNLKzFQSFVPQmZvOEl3b2VlTk5kdlJwRVU4dGsKLS0tIFR6dDVONnhz\naC9kNmVDeUI1Q3FaKy9NalBlWFpUeUpoNUhvSERYRURWVncKElO/wLRgFSbhKjP1\nH1sJ0CscDusG+6yif48Zb6kN8P5kFkzpYXu1S9TVlhurewmYHpbJPdtzU0k98NuH\nWjv0TQ==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFStro05R+CPmjWMHWtzXUKfGll+OosoZtXAyPtngN7T"
       },
       {
-        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDVucGlodyBtVS8x\nK0VtVnVZREV6NUJWc2NZaEdueFByWWt6UFdqMXJOTyt1Sno0aTF3CmhCR0ZPZDNP\ndHJ0QzF4b1A3eDdObDJWbTJFSW5lVHh5Sm94S2RaOGpzcUUKLS0tIEFBaFBOWlRG\ncGRQR0ZSTy81dmpHOElUUDNrcjAySGExekdaVEdUQlpCelkKAIKx4kHUUb0qAudo\n/1pUZhgGkd2Ayblb0s48DB8iES2ckeEWuTDwgsPCIXnYDbMYuNaxHxNFpbuHNAEC\neIliIQ==\n-----END AGE ENCRYPTED FILE-----\n",
+        "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDVucGlodyAxdEpB\nck5ZcTJtb0NKYjBIUExnZmVsYnBJWUkxUDRtMGNGR0ZHZG5RQ1RFCkJqTVFSUlJX\nTExDdmQvdUxUZjFPN3BLMGU1b2NCQUtucFdERDV1RjNMdTQKLS0tIFl3Und0aCs1\nMmdBa1AydmlEaTZOak9STkRvb3dwV2EyVE5hUzhqRnVJZjQKCAfncxyIujLn4GGV\n08IUKOLfaMGh3tGTCc1/n/Mk1FTci3QDTSjRN0DIuZv6vGZ1oVOIvC+UKRFbzt2M\n9S9x3Q==\n-----END AGE ENCRYPTED FILE-----\n",
         "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO5qner13Q0fm5NhdXMx2nkt5kxjC0/SVY2FXh01OiHN"
       }
     ],
-    "lastmodified": "2026-04-24T02:42:10Z",
-    "mac": "ENC[AES256_GCM,data:UMvY3HPC1coKJqhRWu4fWMN3toYJ38i6jYaFmfYFkXZtjvws0b6A5/5gER2OIWqEpcumgAe7H0iEb3Jt+raNJPjvRRPL0ZQCh1gYekbZRcJ7fBCnBthCGAQpPcV00bjW7Sp4FoqrShXrQRa3bFo+Uq1rjLYulD8oogPtW7hbCgY=,iv:pzbjiNJOffAqdeIGz2jogi2GaKr7hO6VXGsmXkoDe/E=,tag:3V+KR0U2aRASDOfHyxwNcA==,type:str]",
+    "lastmodified": "2026-04-24T14:30:26Z",
+    "mac": "ENC[AES256_GCM,data:99AFP2r81SkILOnsMnKhqLs5qCSzq82qeXzUR7pEfvurDmfNfPCT8sUxGWmunkC4OsmvCovRWQ4QZ/OIeS6CDvIaxLcBdCP6/W8sjT9p8sL1yMWWt6BVpp+5W5uWTwuSAhM7QwcCYypf1MIGHBrgvftr6+WJX6Xd4fkWATx9xcA=,iv:3uc7iIrG29Xx8q7GpdjFwRM5X/dT6Qit2ZY6892bndY=,tag:mg+1IfFB25Z1C7UiMvUVvw==,type:str]",
     "unencrypted_comment_regex": ".*",
-    "version": "3.12.1"
+    "version": "3.11.0"
   }
 };
 
diff --git a/packages/infra/package.json b/packages/infra/package.json
index 41075d13..214bf623 100644
--- a/packages/infra/package.json
+++ b/packages/infra/package.json
@@ -14,12 +14,15 @@
     "@gen/config": "workspace:*",
     "@gen/env": "workspace:*",
     "@pulumi/aws": "^7.15.0",
+    "@stackpanel/api": "workspace:*",
     "@stackpanel/config": "workspace:*",
+    "@trpc/client": "catalog:",
     "alchemy": "^0.81.2",
     "alchemy-effect": "catalog:",
     "better-auth": "^1.6.1",
     "effect": "catalog:",
-    "sst": "^3.17.25"
+    "sst": "^3.17.25",
+    "superjson": "^2.2.6"
   },
   "devDependencies": {
     "bun2nix": "latest"
@@ -38,10 +41,14 @@
     "alchemy:deploy": "alchemy deploy",
     "alchemy:destroy": "alchemy destroy",
     "alchemy:dev": "alchemy dev",
+    "container:build:api": "cd ../.. && nix build --impure .#packages.x86_64-linux.container-api",
+    "container:push:api": "cd ../.. && nix run --impure .#copy-container-api -- docker://registry.fly.io/ --dest-creds x:$(flyctl auth token)",
     "deploy": "alchemy deploy",
+    "deploy:api": "cd ../.. && (flyctl status -a stackpanel-api > /dev/null 2>&1 || flyctl apps create stackpanel-api --org darkmatter) && flyctl deploy --config apps/api/fly.toml --image registry.fly.io/stackpanel-api:latest",
     "destroy": "alchemy destroy",
     "dev": "alchemy dev",
     "postinstall": "test -f bun.lock && bun2nix -o bun.nix || true",
+    "ship:api": "turbo run deploy:api",
     "sst:deploy": "bunx sst deploy",
     "sst:dev": "bunx sst dev",
     "sst:remove": "bunx sst remove",
diff --git a/packages/infra/src/lib/credentials.ts b/packages/infra/src/lib/credentials.ts
index 388d5989..f66bb68a 100644
--- a/packages/infra/src/lib/credentials.ts
+++ b/packages/infra/src/lib/credentials.ts
@@ -1,4 +1,3 @@
-import { loadAppEnv } from "@gen/env/runtime";
 import { fromApiToken } from "@distilled.cloud/cloudflare";
 
 if (!process.env.CLOUDFLARE_API_TOKEN) {
@@ -9,8 +8,6 @@ if (!process.env.CLOUDFLARE_API_TOKEN) {
 - Or export the variable directly.`);
 }
 
-const env = await loadAppEnv("web", process.env.APP_ENV || "dev");
-
 export const cloudflareCredentials = fromApiToken({
-  apiToken: env.CLOUDFLARE_API_TOKEN,
+  apiToken: process.env.CLOUDFLARE_API_TOKEN,
 });
diff --git a/packages/infra/src/resources/docker/volume.ts b/packages/infra/src/resources/docker/volume.ts
index bbacf2fb..7342757d 100644
--- a/packages/infra/src/resources/docker/volume.ts
+++ b/packages/infra/src/resources/docker/volume.ts
@@ -1,3 +1,4 @@
+import * as Provider from "alchemy-effect/Provider";
 import { Resource } from "alchemy-effect/Resource";
 import * as Effect from "effect/Effect";
 import { docker } from "@/lib/exec";
@@ -19,9 +20,10 @@ export const Volume = Resource<Volume>("Docker.Volume");
  * @returns A provider that creates a Docker volume.
  */
 export const VolumeProvider = () =>
-  Volume.provider.effect(
+  Provider.effect(
+    Volume,
     Effect.succeed(
-      Volume.provider.of({
+      Volume.Provider.of({
         stables: ["volumeName"],
         create: Effect.fnUntraced(function* ({ news }) {
           yield* docker("volume", "create", news.name);
diff --git a/packages/infra/src/resources/neon.ts b/packages/infra/src/resources/neon.ts
index bd937e3b..9f335ae5 100644
--- a/packages/infra/src/resources/neon.ts
+++ b/packages/infra/src/resources/neon.ts
@@ -1,4 +1,5 @@
 import { Resource } from "alchemy-effect/Resource";
+import * as Provider from "alchemy-effect/Provider";
 import * as Neon from "@distilled.cloud/neon";
 import {
   createProject,
@@ -34,9 +35,10 @@ export interface NeonProject extends Resource<
 export const NeonProject = Resource<NeonProject>("Neon.Project");
 
 export const NeonProjectProvider = () =>
-  NeonProject.provider.effect(
+  Provider.effect(
+    NeonProject,
     Effect.succeed(
-      NeonProject.provider.of({
+      NeonProject.Provider.of({
         stables: ["projectId"],
 
         read: Effect.fnUntraced(function* ({ output }) {
diff --git a/packages/infra/src/state/HostedState.ts b/packages/infra/src/state/HostedState.ts
new file mode 100644
index 00000000..fa24a51e
--- /dev/null
+++ b/packages/infra/src/state/HostedState.ts
@@ -0,0 +1,186 @@
+import type { AppRouter } from "@stackpanel/api";
+import {
+	State,
+	StateStoreError,
+	type StateService,
+} from "alchemy-effect/State";
+import {
+	createTRPCClient,
+	httpBatchLink,
+	TRPCClientError,
+} from "@trpc/client";
+import * as Effect from "effect/Effect";
+import * as Layer from "effect/Layer";
+import superjson from "superjson";
+
+/**
+ * Hosted alchemy state backend (Pro tier).
+ *
+ * Swaps alchemy-effect's filesystem `LocalState` Layer for one backed by
+ * api.stackpanel.com. Every operation becomes an authenticated tRPC call;
+ * the cloud refuses callers without an active Pro subscription.
+ *
+ * Usage in an alchemy.run.ts:
+ *
+ *   import { HostedState } from "@stackpanel/infra/state/HostedState";
+ *
+ *   export default Stack.make("WebStack", providers)(program).pipe(
+ *     Effect.provide(HostedState),
+ *   );
+ *
+ * Config is read from env so CI and local runs can flip backends with
+ * the same binary:
+ *   STACKPANEL_STATE_BACKEND=hosted      # opt in
+ *   STACKPANEL_API_URL=...               # default https://api.stackpanel.com
+ *   ALCHEMY_STATE_TOKEN=...              # capability JWT (Better-Auth session)
+ *
+ * Errors surface as StateStoreError so alchemy's CLI can print them
+ * without leaking tRPC internals. 402/FORBIDDEN → a clear "Pro required"
+ * message; everything else keeps the original tRPC shape text.
+ */
+
+type HostedStateClient = ReturnType<typeof createTRPCClient<AppRouter>>;
+
+function resolveBaseUrl(): string {
+	return (
+		process.env.STACKPANEL_API_URL ??
+		process.env.ALCHEMY_STATE_URL ??
+		"https://api.stackpanel.com"
+	);
+}
+
+function resolveToken(): string | undefined {
+	return process.env.ALCHEMY_STATE_TOKEN ?? process.env.STACKPANEL_API_TOKEN;
+}
+
+function makeClient(): HostedStateClient {
+	const url = `${resolveBaseUrl().replace(/\/$/, "")}/trpc`;
+	const token = resolveToken();
+	return createTRPCClient<AppRouter>({
+		links: [
+			httpBatchLink({
+				url,
+				transformer: superjson,
+				headers: () => {
+					const headers: Record<string, string> = {};
+					if (token) headers.authorization = `Bearer ${token}`;
+					return headers;
+				},
+			}),
+		],
+	});
+}
+
+function toStateStoreError(err: unknown): StateStoreError {
+	if (err instanceof TRPCClientError) {
+		const code = err.data?.code;
+		if (code === "FORBIDDEN") {
+			return new StateStoreError({
+				message:
+					"Hosted alchemy state requires an active Pro subscription. " +
+					"Visit https://stackpanel.com/pricing or run `stackpanel subscription upgrade`.",
+			});
+		}
+		if (code === "UNAUTHORIZED") {
+			return new StateStoreError({
+				message:
+					"ALCHEMY_STATE_TOKEN is missing or invalid. " +
+					"Run `stackpanel auth login` to refresh it.",
+			});
+		}
+		if (code === "PRECONDITION_FAILED") {
+			return new StateStoreError({
+				message:
+					"No active organization on your session. Run " +
+					"`stackpanel org switch <slug>` or create one in the studio.",
+			});
+		}
+		return new StateStoreError({
+			message: `Hosted state ${code ?? "error"}: ${err.message}`,
+			cause: err,
+		});
+	}
+	const message = err instanceof Error ? err.message : String(err);
+	return new StateStoreError({
+		message,
+		cause: err instanceof Error ? err : undefined,
+	});
+}
+
+function liftPromise<A>(thunk: () => Promise<A>) {
+	return Effect.tryPromise({
+		try: thunk,
+		catch: (err) => toStateStoreError(err),
+	});
+}
+
+/**
+ * StateService implementation. Most methods are a direct translation of
+ * a tRPC procedure. `getReplacedResources` is the exception — the cloud
+ * router doesn't filter by status (keeping it generic), so we compose
+ * list + get here exactly like alchemy-effect's LocalState does.
+ */
+function buildService(client: HostedStateClient): StateService {
+	const service: StateService = {
+		listStacks: () =>
+			liftPromise(() => client.alchemyState.listStacks.query()),
+
+		listStages: (stack) =>
+			liftPromise(() => client.alchemyState.listStages.query({ stack })),
+
+		get: (request) =>
+			liftPromise(() =>
+				client.alchemyState.get.query(request).then((row) =>
+					row ? (row.payload as never) : undefined,
+				),
+			),
+
+		set: (request) =>
+			liftPromise(() =>
+				client.alchemyState.put
+					.mutate({
+						stack: request.stack,
+						stage: request.stage,
+						fqn: request.fqn,
+						payload: request.value,
+					})
+					.then(() => request.value),
+			),
+
+		delete: (request) =>
+			liftPromise(() =>
+				client.alchemyState.delete.mutate(request).then(() => undefined),
+			),
+
+		list: (request) =>
+			liftPromise(() =>
+				client.alchemyState.list.query(request).then((rows) => rows.map((r) => r.fqn)),
+			),
+
+		getReplacedResources: Effect.fnUntraced(function* (request) {
+			const fqns = yield* service.list(request);
+			const states = yield* Effect.all(
+				fqns.map((fqn) =>
+					service.get({ stack: request.stack, stage: request.stage, fqn }),
+				),
+			);
+			return states.filter(
+				(s): s is NonNullable<typeof s> & { status: "replaced" } =>
+					Boolean(s && s.status === "replaced"),
+			);
+		}),
+	};
+	return service;
+}
+
+/**
+ * Layer you provide to swap in the hosted backend. Cached so repeated
+ * yields share one tRPC client (one connection pool per process).
+ */
+export const HostedState = Layer.effect(
+	State,
+	Effect.gen(function* () {
+		const client = yield* Effect.sync(makeClient);
+		return buildService(client);
+	}),
+);
diff --git a/packages/infra/turbo.json b/packages/infra/turbo.json
new file mode 100644
index 00000000..17eae376
--- /dev/null
+++ b/packages/infra/turbo.json
@@ -0,0 +1 @@
+{"extends":["//"]}
\ No newline at end of file
diff --git a/scripts/ALCHEMY_EFFECT_OPENNEXT_UPSTREAM.md b/scripts/ALCHEMY_EFFECT_OPENNEXT_UPSTREAM.md
new file mode 100644
index 00000000..95304e6b
--- /dev/null
+++ b/scripts/ALCHEMY_EFFECT_OPENNEXT_UPSTREAM.md
@@ -0,0 +1,22 @@
+# Upstream PR checklist (`alchemy-effect`)
+
+## Change summary
+
+- **API:** `AssetsProps.sources?: { directory: string; prefix: string }[]` (+ optional `sources` on `AssetsWithHash` in Worker).
+- **Behavior:** `read` / `readAssets` merges overlay trees into the Worker asset manifest; `upload` resolves each manifest path via `filePaths` (absolute source paths). Content hash excludes `filePaths` (machine-local paths).
+- **Tests:** `packages/alchemy/test/Cloudflare/Workers/Assets.test.ts`
+- **Example doc:** `examples/opennext-cloudflare-asset-overlay/README.md`
+
+## Stackpanel validation
+
+- `apps/docs/alchemy.run.ts` passes `sources: [{ directory: ".open-next/cache", prefix: "cdn-cgi/_next_cache" }]`.
+- `bun run build:worker` in `apps/docs` (OpenNext) succeeds until `.open-next/worker.js` + `.open-next/cache` exist.
+- Until npm ships the change, Stackpanel uses **vendored** `vendor/alchemy-effect-opennext-overlay/*.ts` + `postinstall` (`scripts/apply-alchemy-effect-opennext-assets.ts`).
+
+## Suggested PR title
+
+`feat(cloudflare): overlay asset sources for Worker static uploads`
+
+## Remove Stackpanel hook after merge
+
+Delete `vendor/alchemy-effect-opennext-overlay/`, `scripts/apply-alchemy-effect-opennext-assets.ts`, root `postinstall`, bump catalog `alchemy-effect` to the release that contains the feature, and run `bun install`.
diff --git a/scripts/apply-alchemy-effect-opennext-assets.ts b/scripts/apply-alchemy-effect-opennext-assets.ts
new file mode 100644
index 00000000..70d18a6a
--- /dev/null
+++ b/scripts/apply-alchemy-effect-opennext-assets.ts
@@ -0,0 +1,105 @@
+#!/usr/bin/env bun
+/**
+ * Copies vendored `alchemy-effect@0.12.x` Cloudflare Worker asset overlay patches
+ * into every `node_modules/alchemy-effect` tree after `bun install`.
+ *
+ * Replaces `patchedDependencies` (Bun patch format was unreliable for this repo layout).
+ */
+import { copyFileSync, readFileSync, existsSync, readdirSync } from "node:fs";
+import { dirname, join } from "node:path";
+import { fileURLToPath } from "node:url";
+
+const root = join(dirname(fileURLToPath(import.meta.url)), "..");
+const vendorDir = join(root, "vendor", "alchemy-effect-opennext-overlay");
+const srcAssets = join(vendorDir, "Assets.ts");
+const srcWorker = join(vendorDir, "Worker.ts");
+
+if (!existsSync(srcAssets) || !existsSync(srcWorker)) {
+  console.warn(
+    "[apply-alchemy-effect-opennext-assets] vendor files missing; skip",
+  );
+  process.exit(0);
+}
+
+// Vendored sources are derived from alchemy-effect@0.12.x. Refuse to overwrite
+// any other minor — a transitive bump to 0.13+ should fail loudly so we
+// re-vendor instead of silently shipping stale overlays.
+const SUPPORTED_RANGE = /^0\.12\./;
+const skipped: { pkgRoot: string; version: string }[] = [];
+
+function patchInstallAt(pkgRoot: string, seen: Set<string>, n: { v: number }) {
+  if (seen.has(pkgRoot)) return;
+  const pkgPath = join(pkgRoot, "package.json");
+  if (!existsSync(pkgPath)) return;
+  const pkg = JSON.parse(readFileSync(pkgPath, "utf8")) as {
+    name?: string;
+    version?: string;
+  };
+  if (pkg.name !== "alchemy-effect") return;
+  const destAssets = join(pkgRoot, "src", "Cloudflare", "Workers", "Assets.ts");
+  const destWorker = join(pkgRoot, "src", "Cloudflare", "Workers", "Worker.ts");
+  if (!existsSync(dirname(destAssets))) return;
+  seen.add(pkgRoot);
+  if (!pkg.version || !SUPPORTED_RANGE.test(pkg.version)) {
+    skipped.push({ pkgRoot, version: pkg.version ?? "<unknown>" });
+    return;
+  }
+  copyFileSync(srcAssets, destAssets);
+  copyFileSync(srcWorker, destWorker);
+  n.v++;
+}
+
+const seen = new Set<string>();
+const n = { v: 0 };
+
+/** Bun stores duplicated packages under `node_modules/.bun/<name>@<version>+.../`. */
+function scanBunStore(bunRoot: string) {
+  if (!existsSync(bunRoot)) return;
+  for (const entry of readdirSync(bunRoot, { withFileTypes: true })) {
+    if (!entry.isDirectory() || !entry.name.startsWith("alchemy-effect@")) {
+      continue;
+    }
+    const pkgRoot = join(bunRoot, entry.name, "node_modules", "alchemy-effect");
+    patchInstallAt(pkgRoot, seen, n);
+  }
+}
+
+scanBunStore(join(root, "node_modules", ".bun"));
+const appsDir = join(root, "apps");
+if (existsSync(appsDir)) {
+  for (const app of readdirSync(appsDir, { withFileTypes: true })) {
+    if (!app.isDirectory()) continue;
+    scanBunStore(join(appsDir, app.name, "node_modules", ".bun"));
+  }
+}
+
+const glob = new Bun.Glob("**/node_modules/alchemy-effect/package.json");
+for await (const rel of glob.scan({ cwd: root, onlyFiles: true })) {
+  const pkgRoot = join(root, dirname(rel));
+  patchInstallAt(pkgRoot, seen, n);
+}
+
+if (skipped.length > 0) {
+  console.error(
+    `[apply-alchemy-effect-opennext-assets] refusing to patch ${skipped.length} alchemy-effect install(s) outside the vendored 0.12.x range:`,
+  );
+  for (const s of skipped) {
+    console.error(`  - ${s.version}  (${s.pkgRoot})`);
+  }
+  console.error(
+    "  Re-vendor vendor/alchemy-effect-opennext-overlay/{Assets,Worker}.ts from the new version, or pin alchemy-effect back to 0.12.x.",
+  );
+  process.exit(1);
+}
+
+if (n.v === 0) {
+  console.error(
+    "[apply-alchemy-effect-opennext-assets] no alchemy-effect@0.12.x installs found — overlay is not applied. " +
+      "Either alchemy-effect is no longer a dependency (delete this hook), or it resolved to an unsupported version.",
+  );
+  process.exit(1);
+}
+
+console.log(
+  `[apply-alchemy-effect-opennext-assets] patched ${n.v} alchemy-effect install(s)`,
+);
diff --git a/turbo.json b/turbo.json
index dc3c1c33..9b6ce268 100644
--- a/turbo.json
+++ b/turbo.json
@@ -1 +1 @@
-{"$schema":"https://turbo.build/schema.json","tasks":{"alchemy:deploy":{"cache":false},"alchemy:destroy":{"cache":false},"alchemy:ensure":{},"build":{},"clean":{},"db:migrate":{},"db:push":{},"db:studio":{},"dev":{"cache":false},"format":{},"generate:proto":{},"generate:types":{},"lint":{},"test":{},"test:coverage":{},"test:watch":{},"typecheck":{}},"ui":"tui"}
\ No newline at end of file
+{"$schema":"https://turbo.build/schema.json","tasks":{"alchemy:deploy":{"cache":false},"alchemy:destroy":{"cache":false},"alchemy:ensure":{},"build":{},"build:container":{"cache":false},"clean":{},"container:build":{"cache":false,"dependsOn":["build:container"]},"container:push":{"cache":false,"dependsOn":["container:build"]},"db:migrate":{},"db:push":{},"db:studio":{},"deploy":{"cache":false,"dependsOn":["container:push"]},"dev":{"cache":false},"format":{},"generate:proto":{},"generate:types":{},"lint":{},"test":{},"test:coverage":{},"test:watch":{},"typecheck":{}},"ui":"tui"}
\ No newline at end of file
diff --git a/vendor/alchemy-effect-opennext-overlay/Assets.ts b/vendor/alchemy-effect-opennext-overlay/Assets.ts
new file mode 100644
index 00000000..ba12e8af
--- /dev/null
+++ b/vendor/alchemy-effect-opennext-overlay/Assets.ts
@@ -0,0 +1,397 @@
+import * as workers from "@distilled.cloud/cloudflare/workers";
+import * as Context from "effect/Context";
+import * as Data from "effect/Data";
+import * as Effect from "effect/Effect";
+import * as FileSystem from "effect/FileSystem";
+import * as Layer from "effect/Layer";
+import * as Path from "effect/Path";
+import type { PlatformError } from "effect/PlatformError";
+import type { ScopedPlanStatusSession } from "../../Cli/Cli.ts";
+import { sha256, sha256Object } from "../../Util/index.ts";
+
+const MAX_ASSET_SIZE = 1024 * 1024 * 25; // 25MB
+const MAX_ASSET_COUNT = 20_000;
+
+export interface AssetsConfig extends Exclude<
+  Exclude<workers.PutScriptRequest["metadata"]["assets"], undefined>["config"],
+  undefined
+> {}
+
+/** Additional filesystem trees merged into the Worker asset manifest under a URL prefix. */
+export interface AssetSource {
+  readonly directory: string;
+  /**
+   * URL prefix for files from `directory` (no leading slash), e.g.
+   * `cdn-cgi/_next_cache` for OpenNext static incremental cache.
+   */
+  readonly prefix: string;
+}
+
+export interface AssetReadResult {
+  directory: string;
+  config: AssetsConfig | undefined;
+  manifest: Record<string, { hash: string; size: number }>;
+  _headers: string | undefined;
+  _redirects: string | undefined;
+  hash: string;
+  /**
+   * Maps each manifest path to the absolute file to read at upload time
+   * (base directory and overlays may differ).
+   */
+  filePaths: Record<string, string>;
+}
+
+export interface AssetsProps {
+  directory: string;
+  config?: AssetsConfig;
+  /** Optional extra directories merged into the asset manifest (e.g. OpenNext `.open-next/cache`). */
+  sources?: readonly AssetSource[];
+}
+
+export class Assets extends Context.Service<
+  Assets,
+  {
+    read(
+      directory: AssetsProps,
+    ): Effect.Effect<AssetReadResult, PlatformError | ValidationError>;
+    upload(
+      accountId: string,
+      workerName: string,
+      assets: AssetReadResult,
+      session: ScopedPlanStatusSession,
+    ): Effect.Effect<
+      { jwt: string | undefined },
+      | PlatformError
+      | ValidationError
+      | workers.CreateScriptAssetUploadError
+      | workers.CreateAssetUploadError
+    >;
+  }
+>()("Cloudflare.Assets") {}
+
+export type ValidationError =
+  | AssetTooLargeError
+  | TooManyAssetsError
+  | AssetNotFoundError
+  | FailedToReadAssetError
+  | AssetPathCollisionError;
+
+export class AssetTooLargeError extends Data.TaggedError("AssetTooLargeError")<{
+  message: string;
+  name: string;
+  size: number;
+}> {}
+
+export class TooManyAssetsError extends Data.TaggedError("TooManyAssetsError")<{
+  message: string;
+  directory: string;
+  count: number;
+}> {}
+
+export class AssetNotFoundError extends Data.TaggedError("AssetNotFoundError")<{
+  message: string;
+  hash: string;
+}> {}
+
+export class FailedToReadAssetError extends Data.TaggedError(
+  "FailedToReadAssetError",
+)<{
+  message: string;
+  name: string;
+  cause: PlatformError;
+}> {}
+
+export class AssetPathCollisionError extends Data.TaggedError(
+  "AssetPathCollisionError",
+)<{
+  message: string;
+  publicPath: string;
+}> {}
+
+const normalizeUrlPrefix = (prefix: string) =>
+  prefix.replace(/\\/g, "/").replace(/^\/+|\/+$/g, "");
+
+/** Build `/public/path` key for a file relative to an asset root and optional URL prefix. */
+export const manifestPublicPath = (rootRelative: string, urlPrefix: string) => {
+  const rel = (
+    rootRelative.startsWith("/") ? rootRelative.slice(1) : rootRelative
+  ).replace(/\\/g, "/");
+  const p = normalizeUrlPrefix(urlPrefix);
+  if (!p) {
+    return `/${rel}`.replace(/\/+/g, "/");
+  }
+  return `/${p}/${rel}`.replace(/\/+/g, "/");
+};
+
+const getContentType = (name: string) => {
+  if (name.endsWith(".html")) return "text/html";
+  if (name.endsWith(".txt")) return "text/plain";
+  if (name.endsWith(".sql")) return "text/sql";
+  if (name.endsWith(".json")) return "application/json";
+  if (name.endsWith(".js") || name.endsWith(".mjs")) {
+    // Browsers only accept JavaScript module scripts when the MIME type is a
+    // "JavaScript MIME type" (e.g. text/javascript). application/javascript+module
+    // is not valid and causes strict module loading to fail.
+    return "text/javascript; charset=utf-8";
+  }
+  if (name.endsWith(".css")) return "text/css";
+  if (name.endsWith(".wasm")) return "application/wasm";
+  if (name.endsWith(".png")) return "image/png";
+  if (name.endsWith(".svg")) return "image/svg+xml";
+  if (name.endsWith(".ico")) return "image/x-icon";
+  return "application/octet-stream";
+};
+
+export const AssetsProvider = () =>
+  Layer.effect(
+    Assets,
+    Effect.gen(function* () {
+      const fs = yield* FileSystem.FileSystem;
+      const path = yield* Path.Path;
+      const createAssetUpload = yield* workers.createAssetUpload;
+      const createScriptAssetUpload = yield* workers.createScriptAssetUpload;
+
+      const maybeReadString = Effect.fnUntraced(function* (file: string) {
+        return yield* fs.readFileString(file).pipe(
+          Effect.catchIf(
+            (error) =>
+              error._tag === "PlatformError" &&
+              error.reason._tag === "NotFound",
+            () => Effect.succeed(undefined),
+          ),
+        );
+      });
+
+      const createIgnoreMatcher = Effect.fnUntraced(function* (
+        patterns: string[],
+      ) {
+        const matcher = yield* Effect.promise(() =>
+          import("ignore").then(({ default: ignore }) =>
+            ignore().add(patterns),
+          ),
+        );
+        return (file: string) => matcher.ignores(file);
+      });
+
+      return {
+        read: Effect.fnUntraced(function* (props: AssetsProps) {
+          const resolvedDirectory = path.resolve(props.directory);
+          const [files, ignore, _headers, _redirects] = yield* Effect.all([
+            fs.readDirectory(resolvedDirectory, { recursive: true }),
+            maybeReadString(path.join(resolvedDirectory, ".assetsignore")),
+            maybeReadString(path.join(resolvedDirectory, "_headers")),
+            maybeReadString(path.join(resolvedDirectory, "_redirects")),
+          ]);
+          const ignores = yield* createIgnoreMatcher([
+            ".assetsignore",
+            "_headers",
+            "_redirects",
+            ...(ignore
+              ?.split("\n")
+              .map((line) => line.trim())
+              .filter((line) => line.length > 0 && !line.startsWith("#")) ??
+              []),
+          ]);
+          const manifest = new Map<string, { hash: string; size: number }>();
+          const filePaths = new Map<string, string>();
+          let count = 0;
+
+          const addFile = Effect.fnUntraced(function* (
+            rootRelative: string,
+            absoluteFile: string,
+            urlPrefix: string,
+            countLabel: string,
+          ) {
+            const stat = yield* fs.stat(absoluteFile);
+            if (stat.type !== "File") {
+              return;
+            }
+            const size = Number(stat.size);
+            if (size > MAX_ASSET_SIZE) {
+              return yield* new AssetTooLargeError({
+                message: `Asset ${rootRelative} is too large (the maximum size is ${MAX_ASSET_SIZE / 1024 / 1024} MB; this asset is ${size / 1024 / 1024} MB)`,
+                name: rootRelative,
+                size,
+              });
+            }
+            const hash = yield* fs.readFile(absoluteFile).pipe(
+              Effect.flatMap(sha256),
+              Effect.map((h) => h.slice(0, 32)),
+            );
+            const key = manifestPublicPath(rootRelative, urlPrefix);
+            const existing = manifest.get(key);
+            if (existing) {
+              if (existing.hash !== hash) {
+                return yield* new AssetPathCollisionError({
+                  message: `Conflicting asset content for public path ${key}`,
+                  publicPath: key,
+                });
+              }
+              return;
+            }
+            count++;
+            if (count > MAX_ASSET_COUNT) {
+              return yield* new TooManyAssetsError({
+                message: `Too many assets (the maximum count is ${MAX_ASSET_COUNT}; this directory has ${count} assets)`,
+                directory: countLabel,
+                count,
+              });
+            }
+            manifest.set(key, { hash, size });
+            filePaths.set(key, absoluteFile);
+          });
+
+          yield* Effect.forEach(
+            files,
+            Effect.fnUntraced(function* (name) {
+              if (ignores(name)) {
+                return;
+              }
+              const absoluteFile = path.join(resolvedDirectory, name);
+              yield* addFile(
+                name,
+                absoluteFile,
+                "",
+                props.directory,
+              );
+            }),
+          );
+
+          for (const source of props.sources ?? []) {
+            const resolvedSource = path.resolve(source.directory);
+            const overlayFiles = yield* fs.readDirectory(resolvedSource, {
+              recursive: true,
+            });
+            const overlayIgnore = yield* maybeReadString(
+              path.join(resolvedSource, ".assetsignore"),
+            );
+            const overlayIgnores = yield* createIgnoreMatcher([
+              ".assetsignore",
+              ...(overlayIgnore
+                ?.split("\n")
+                .map((line) => line.trim())
+                .filter((line) => line.length > 0 && !line.startsWith("#")) ??
+                []),
+            ]);
+            yield* Effect.forEach(
+              overlayFiles,
+              Effect.fnUntraced(function* (name) {
+                if (overlayIgnores(name)) {
+                  return;
+                }
+                const absoluteFile = path.join(resolvedSource, name);
+                yield* addFile(
+                  name,
+                  absoluteFile,
+                  source.prefix,
+                  source.directory,
+                );
+              }),
+            );
+          }
+
+          const sortedManifest = Object.fromEntries(
+            Array.from(manifest.entries()).sort((a, b) =>
+              a[0].localeCompare(b[0]),
+            ),
+          );
+          const sortedFilePaths = Object.fromEntries(
+            Array.from(filePaths.entries()).sort((a, b) =>
+              a[0].localeCompare(b[0]),
+            ),
+          );
+          const hashPayload = {
+            directory: props.directory,
+            config: props.config,
+            manifest: sortedManifest,
+            _headers,
+            _redirects,
+          };
+          return {
+            ...hashPayload,
+            filePaths: sortedFilePaths,
+            hash: yield* sha256Object(hashPayload),
+          };
+        }),
+        upload: Effect.fnUntraced(function* (
+          accountId: string,
+          workerName: string,
+          assets: AssetReadResult,
+          { note }: ScopedPlanStatusSession,
+        ) {
+          yield* note("Checking assets...");
+          const session = yield* createScriptAssetUpload({
+            accountId,
+            scriptName: workerName,
+            manifest: assets.manifest,
+          });
+          if (!session.buckets?.length) {
+            return { jwt: session.jwt ?? undefined };
+          }
+          if (!session.jwt) {
+            return { jwt: undefined };
+          }
+          const uploadJwt = session.jwt;
+          let uploaded = 0;
+          const total = session.buckets.flat().length;
+          yield* note(`Uploaded ${uploaded} of ${total} assets...`);
+          const assetsByHash = new Map<string, string>();
+          for (const [name, { hash }] of Object.entries(assets.manifest)) {
+            assetsByHash.set(hash, name);
+          }
+          let jwt: string | undefined | null;
+          const directory = path.resolve(assets.directory);
+          yield* Effect.forEach(
+            session.buckets,
+            Effect.fnUntraced(function* (bucket) {
+              const body: Record<string, File> = {};
+              yield* Effect.forEach(
+                bucket,
+                Effect.fnUntraced(function* (hash) {
+                  const name = assetsByHash.get(hash);
+                  if (!name) {
+                    return yield* new AssetNotFoundError({
+                      message: `Asset ${hash} not found in manifest`,
+                      hash,
+                    });
+                  }
+                  const resolvedFile =
+                    assets.filePaths[name] ?? path.join(directory, name);
+                  const file = yield* fs.readFile(resolvedFile).pipe(
+                    Effect.mapError(
+                      (error) =>
+                        new FailedToReadAssetError({
+                          message: `Failed to read asset ${name}: ${error.message}`,
+                          name,
+                          cause: error,
+                        }),
+                    ),
+                  );
+                  body[hash] = new File(
+                    [Buffer.from(file).toString("base64")],
+                    hash,
+                    {
+                      type: getContentType(name),
+                    },
+                  );
+                }),
+              );
+              const result = yield* createAssetUpload({
+                accountId,
+                base64: true,
+                body,
+                jwtToken: uploadJwt,
+              });
+
+              uploaded += bucket.length;
+              yield* note(`Uploaded ${uploaded} of ${total} assets...`);
+              if (result.jwt) {
+                jwt = result.jwt;
+              }
+            }),
+          );
+          return { jwt: jwt ?? undefined };
+        }),
+      };
+    }),
+  );
diff --git a/vendor/alchemy-effect-opennext-overlay/README.md b/vendor/alchemy-effect-opennext-overlay/README.md
new file mode 100644
index 00000000..4d5b85e7
--- /dev/null
+++ b/vendor/alchemy-effect-opennext-overlay/README.md
@@ -0,0 +1,8 @@
+Vendored copies of `alchemy-effect@0.12.x`:
+
+- `Assets.ts` → `src/Cloudflare/Workers/Assets.ts`
+- `Worker.ts` → `src/Cloudflare/Workers/Worker.ts`
+
+After `bun install`, `scripts/apply-alchemy-effect-opennext-assets.ts` (root `postinstall`) copies these into every `alchemy-effect` install (including `node_modules/.bun/alchemy-effect@*/…`).
+
+Upstream: same change lives in `alchemy-effect` / `alchemy` (`feat`: asset `sources` overlays). Remove this vendor hook once a published `alchemy-effect` release includes it.
diff --git a/vendor/alchemy-effect-opennext-overlay/Worker.ts b/vendor/alchemy-effect-opennext-overlay/Worker.ts
new file mode 100644
index 00000000..76574e9b
--- /dev/null
+++ b/vendor/alchemy-effect-opennext-overlay/Worker.ts
@@ -0,0 +1,1770 @@
+import type * as cf from "@cloudflare/workers-types";
+import cloudflareRolldown from "@distilled.cloud/cloudflare-rolldown-plugin";
+import cloudflareVite from "@distilled.cloud/cloudflare-vite-plugin";
+import * as workers from "@distilled.cloud/cloudflare/workers";
+import type * as Cause from "effect/Cause";
+import * as Context from "effect/Context";
+import * as Data from "effect/Data";
+import * as Effect from "effect/Effect";
+import * as FileSystem from "effect/FileSystem";
+import * as Layer from "effect/Layer";
+import * as Option from "effect/Option";
+import * as Path from "effect/Path";
+import * as Queue from "effect/Queue";
+import * as Redacted from "effect/Redacted";
+import * as Schedule from "effect/Schedule";
+import * as Stream from "effect/Stream";
+import * as Socket from "effect/unstable/socket/Socket";
+import type * as rolldown from "rolldown";
+import Sonda from "sonda/rolldown";
+import type * as vite from "vite";
+import * as Artifacts from "../../Artifacts.ts";
+import * as Binding from "../../Binding.ts";
+import { hashDirectory, type MemoOptions } from "../../Build/Memo.ts";
+import * as Bundle from "../../Bundle/Bundle.ts";
+import { findCwdForBundle } from "../../Bundle/TempRoot.ts";
+import type { ScopedPlanStatusSession } from "../../Cli/Cli.ts";
+import { isResolved } from "../../Diff.ts";
+import type { HttpEffect } from "../../Http.ts";
+import type { Input, InputProps } from "../../Input.ts";
+import * as Output from "../../Output.ts";
+import { createPhysicalName } from "../../PhysicalName.ts";
+import {
+  Platform,
+  type Main,
+  type PlatformProps,
+  type Rpc,
+} from "../../Platform.ts";
+import type { LogLine } from "../../Provider.ts";
+import * as Provider from "../../Provider.ts";
+import { Resource, type ResourceBinding } from "../../Resource.ts";
+import { Self } from "../../Self.ts";
+import * as Serverless from "../../Serverless/index.ts";
+import { Stack } from "../../Stack.ts";
+import { Account } from "../Account.ts";
+import { D1Database } from "../D1/D1Database.ts";
+import { fromCloudflareFetcher } from "../Fetcher.ts";
+import { CloudflareLogs } from "../Logs.ts";
+import type { R2Bucket } from "../R2/R2Bucket.ts";
+import type { AssetSource, AssetsConfig, AssetsProps } from "./Assets.ts";
+import * as Assets from "./Assets.ts";
+import cloudflare_workers from "./cloudflare_workers.ts";
+import { isDurableObjectExport } from "./DurableObject.ts";
+import { workersHttpHandler } from "./HttpServer.ts";
+import { Request } from "./Request.ts";
+import { makeRpcStub } from "./Rpc.ts";
+import { isWorkflowExport } from "./Workflow.ts";
+
+const WorkerTypeId = "Cloudflare.Worker";
+type WorkerTypeId = typeof WorkerTypeId;
+
+export const isWorker = <T>(value: T): value is T & Worker =>
+  typeof value === "object" &&
+  value !== null &&
+  "Type" in value &&
+  value.Type === WorkerTypeId;
+
+export class WorkerEnvironment extends Context.Service<
+  WorkerEnvironment,
+  Record<string, any>
+>()("Cloudflare.Workers.WorkerEnvironment") {}
+
+export const WorkerEnvironmentLive = Layer.effect(
+  WorkerEnvironment,
+  cloudflare_workers.pipe(Effect.map((m) => m.env)),
+);
+
+export class ExecutionContext extends Context.Service<
+  ExecutionContext,
+  cf.ExecutionContext
+>()("Cloudflare.Workers.ExecutionContext") {}
+
+export type WorkerEvent = Exclude<
+  {
+    [type in keyof cf.ExportedHandler]: {
+      kind: "Cloudflare.Workers.WorkerEvent";
+      type: type;
+      input: Parameters<Exclude<cf.ExportedHandler[type], undefined>>[0];
+      env: Parameters<Exclude<cf.ExportedHandler[type], undefined>>[1];
+      context: Parameters<Exclude<cf.ExportedHandler[type], undefined>>[2];
+    };
+  }[keyof cf.ExportedHandler],
+  undefined
+>;
+
+export const isWorkerEvent = (value: any): value is WorkerEvent =>
+  value?.kind === "Cloudflare.Workers.WorkerEvent";
+
+/**
+ * Assets configuration that includes a pre-computed hash.
+ * When hash is provided, it's used directly for diffing instead of computing from directory contents.
+ * This is useful when integrating with Build resources that produce a deterministic hash.
+ */
+export interface AssetsWithHash {
+  /**
+   * Path to the assets directory.
+   */
+  path: Input<string>;
+  /**
+   * Pre-computed hash of the assets. When provided, this hash is used for diffing
+   * to determine if the worker needs to be redeployed.
+   */
+  hash: Input<string>;
+  /**
+   * Optional assets configuration.
+   */
+  config?: AssetsConfig;
+  /**
+   * Optional overlay asset directories (same semantics as {@link AssetsProps.sources}).
+   */
+  sources?: readonly AssetSource[];
+}
+
+export interface WorkerObservability extends Exclude<
+  workers.PutScriptRequest["metadata"]["observability"],
+  undefined
+> {}
+
+export interface WorkerLimits extends Exclude<
+  workers.PutScriptRequest["metadata"]["limits"],
+  undefined
+> {}
+
+export type WorkerPlacement = Exclude<
+  workers.PutScriptRequest["metadata"]["placement"],
+  undefined
+>;
+
+export type WorkerBinding = Exclude<
+  workers.PutScriptRequest["metadata"]["bindings"],
+  undefined
+>[number];
+
+type WorkerSettingsBinding = Exclude<
+  workers.GetScriptScriptAndVersionSettingResponse["bindings"],
+  null | undefined
+>[number];
+
+export const ExportedHandlerMethods = [
+  "fetch",
+  "tail",
+  "trace",
+  "tailStream",
+  "scheduled",
+  "test",
+  "email",
+  "queue",
+] as const satisfies (keyof cf.ExportedHandler)[];
+
+export interface WorkerExecutionContext extends Serverless.FunctionContext {
+  export(name: string, value: any): Effect.Effect<void>;
+}
+
+export type WorkerServices = Worker | WorkerEnvironment | Request;
+
+export type WorkerShape = Main<WorkerServices>;
+
+export type WorkerBindingResource = R2Bucket | D1Database;
+
+export type WorkerBindings = {
+  [bindingName in string]: WorkerBindingResource;
+};
+
+export type WorkerBindingProps = {
+  [bindingName in string]:
+    | WorkerBindingResource
+    | Effect.Effect<WorkerBindingResource, any, any>;
+};
+
+export interface WorkerProps<
+  Bindings extends WorkerBindingProps = any,
+> extends PlatformProps {
+  /**
+   * Worker name override. If omitted, Alchemy derives a deterministic physical
+   * name from the stack, stage, and logical ID.
+   */
+  name?: string;
+  /**
+   * Whether to enable a workers.dev URL for this worker
+   * @default true
+   */
+  url?: boolean;
+  /**
+   * Static assets to serve. Can be:
+   * - A string path to the assets directory
+   * - An AssetsProps object with directory and config
+   * - An object with path and hash (e.g., from a Build resource)
+   */
+  assets?:
+    | string
+    | AssetsProps
+    | AssetsWithHash
+    | (AssetsWithHash & { [K: string]: any });
+  subdomain?: {
+    enabled?: boolean;
+    previewsEnabled?: boolean;
+  };
+  /** @internal used by Cloudflare.Vite resource */
+  vite?: {
+    rootDir?: string;
+    memo?: MemoOptions;
+  };
+  logpush?: boolean;
+  observability?: WorkerObservability;
+  tags?: string[];
+  main: string;
+  compatibility?: {
+    date?: string;
+    flags?: ("nodejs_compat" | "nodejs_als" | (string & {}))[];
+  };
+  limits?: WorkerLimits;
+  placement?: WorkerPlacement;
+  env?: Record<string, string | Redacted.Redacted<string>>;
+  exports?: string[];
+  bindings?: Bindings;
+  build?: {
+    /**
+     * Whether to generate a metafile for the worker bundle.
+     * @default false
+     */
+    metafile?: boolean;
+  };
+}
+
+export type Worker<Bindings extends WorkerBindings = any> = Resource<
+  WorkerTypeId,
+  WorkerProps<Bindings>,
+  {
+    workerId: string;
+    workerName: string;
+    logpush: boolean | undefined;
+    url: string | undefined;
+    tags: string[] | undefined;
+    durableObjectNamespaces: Record<string, string>;
+    accountId: string;
+    hash?: {
+      assets: string | undefined;
+      bundle: string | undefined;
+      input: string | undefined;
+    };
+  },
+  {
+    bindings?: WorkerBinding[];
+    containers?: { className: string }[];
+  }
+>;
+
+/**
+ * A Cloudflare Worker host with deploy-time binding support and runtime export
+ * collection.
+ *
+ * `Worker` behaves like a resource during deploy, but it also carries a runtime
+ * execution context so KV, R2, Durable Objects, assets, and service bindings
+ * can be inferred from the worker program itself.
+ *
+ * @section Creating Workers
+ * @example Basic Worker
+ * ```typescript
+ * const worker = yield* Worker("ApiWorker", {
+ *   main: "./src/worker.ts",
+ * });
+ * ```
+ */
+export const Worker: Platform<
+  Worker,
+  WorkerServices,
+  WorkerShape,
+  WorkerExecutionContext
+> & {
+  <const Bindings extends WorkerBindingProps>(
+    id: string,
+    props: InputProps<WorkerProps<Bindings>>,
+  ): Effect.Effect<
+    Worker<{
+      [B in keyof Bindings]: Bindings[B] extends Effect.Effect<
+        infer T extends WorkerBindingResource,
+        any,
+        any
+      >
+        ? T
+        : Extract<Bindings[B], WorkerBindingResource>;
+    }>
+  >;
+} = Platform(WorkerTypeId, {
+  onCreate: Effect.fnUntraced(function* (
+    resource: Worker,
+    props: InputProps<WorkerProps<WorkerBindingProps>>,
+  ) {
+    if (props.bindings) {
+      for (const bindingName in props.bindings) {
+        // @ts-expect-error
+        const bindingEff = props.bindings?.[bindingName] as
+          | WorkerBindingResource
+          | Effect.Effect<WorkerBindingResource>;
+        const binding = Effect.isEffect(bindingEff)
+          ? yield* bindingEff
+          : bindingEff;
+
+        const bindingMeta: InputProps<WorkerBinding> | undefined =
+          binding.Type === "Cloudflare.D1Database"
+            ? {
+                type: "d1",
+                id: binding.databaseId,
+                name: bindingName,
+              }
+            : binding.Type === "Cloudflare.R2Bucket"
+              ? {
+                  type: "r2_bucket",
+                  name: bindingName,
+                  bucketName: binding.bucketName,
+                  jurisdiction: binding.jurisdiction.pipe(
+                    Output.map((jurisdiction) =>
+                      jurisdiction === "default" ? undefined : jurisdiction,
+                    ),
+                  ),
+                }
+              : // TODO(sam): handle others
+                undefined;
+
+        if (bindingMeta) {
+          yield* resource.bind`${bindingName}`({
+            bindings: [bindingMeta],
+          });
+        }
+      }
+    }
+  }),
+  createExecutionContext: (id: string): WorkerExecutionContext => {
+    const listeners: Effect.Effect<Serverless.FunctionListener>[] = [];
+    const exports: Record<string, any> = {};
+    const env: Record<string, any> = {};
+
+    const ctx = {
+      Type: WorkerTypeId,
+      id,
+      env,
+      get: (key: string) =>
+        Effect.serviceOption(WorkerEnvironment).pipe(
+          Effect.map(Option.getOrUndefined),
+          Effect.flatMap((env) =>
+            env
+              ? Effect.succeed(env[key])
+              : Effect.die("WorkerEnvironment not found"),
+          ),
+          Effect.flatMap((value) =>
+            value
+              ? Effect.succeed(value)
+              : Effect.die(`Environment variable '${key}' not found`),
+          ),
+          Effect.map((json) => {
+            try {
+              const value = JSON.parse(json);
+              if (!Redacted.isRedacted(value)) {
+                return Redacted.make(value.value);
+              }
+              return value;
+            } catch {
+              return json;
+            }
+          }),
+        ) as any,
+      set: (id: string, output: Output.Output) =>
+        Effect.sync(() => {
+          const key = id.replaceAll(/[^a-zA-Z0-9]/g, "_");
+          env[key] = output.pipe(
+            Output.map((value) =>
+              Redacted.isRedacted(value)
+                ? JSON.stringify({
+                    _tag: "Redacted",
+                    value: Redacted.value(value),
+                  })
+                : JSON.stringify(value),
+            ),
+          );
+          return key;
+        }),
+      serve: <Req = never>(handler: HttpEffect<Req>) =>
+        ctx.listen(workersHttpHandler(handler)),
+      listen: ((
+        handler:
+          | Serverless.FunctionListener
+          | Effect.Effect<Serverless.FunctionListener>,
+      ) =>
+        Effect.sync(() =>
+          Effect.isEffect(handler)
+            ? listeners.push(handler)
+            : listeners.push(Effect.succeed(handler)),
+        )) as any as Serverless.FunctionContext["listen"],
+      export: (name: string, value: any) =>
+        Effect.sync(() => {
+          exports[name] = value;
+        }),
+      exports: Effect.gen(function* () {
+        const handlers = yield* Effect.all(listeners, {
+          concurrency: "unbounded",
+        });
+        const services = yield* Effect.context();
+        const handle =
+          (type: WorkerEvent["type"]) =>
+          (request: any, env: unknown, context: cf.ExecutionContext) => {
+            const event: WorkerEvent = {
+              kind: "Cloudflare.Workers.WorkerEvent",
+              type,
+              input: request,
+              env,
+              context,
+            };
+            for (const handler of handlers) {
+              const eff = handler(event);
+              if (Effect.isEffect(eff)) {
+                return eff.pipe(
+                  Effect.provideContext(services),
+                  Effect.provide(Layer.succeed(ExecutionContext, context)),
+                  Effect.runPromise,
+                );
+              }
+            }
+            return Promise.reject(new Error("No event handler found"));
+          };
+        return {
+          ...exports,
+          default: Object.fromEntries(
+            ExportedHandlerMethods.map((method) => [method, handle(method)]),
+          ),
+        };
+      }),
+    };
+    return ctx;
+  },
+});
+
+export const bindWorker = Effect.fnUntraced(function* <Shape, Req = never>(
+  workerEff:
+    | (Worker & Rpc<Shape>)
+    | Effect.Effect<Worker & Rpc<Shape>, never, Req>,
+) {
+  const worker = Effect.isEffect(workerEff) ? yield* workerEff : workerEff;
+  const self = yield* Worker;
+  yield* self.bind`${worker}`({
+    bindings: [
+      {
+        type: "service",
+        name: worker.LogicalId,
+        service: worker.workerName,
+      },
+    ],
+  });
+
+  const workerBinding = WorkerEnvironment.asEffect().pipe(
+    Effect.map((env) => env[worker.LogicalId]),
+  );
+
+  const fetcher = workerBinding.pipe(Effect.map(fromCloudflareFetcher));
+  // TODO(sam): update makeRpcStub to support lazily evaluating the Effect<Fetcher>
+  return makeRpcStub<Shape>(fetcher);
+});
+
+export class BindWorkerPolicy extends Binding.Policy<
+  BindWorkerPolicy,
+  (worker: Worker) => Effect.Effect<void>
+>()("Cloudflare.Worker.Bind") {}
+
+export const BindWorkerPolicyLive = BindWorkerPolicy.layer.succeed(
+  Effect.fn(function* (host, worker: Worker) {
+    if (isWorker(host)) {
+      yield* host.bind`${worker}`({
+        bindings: [
+          {
+            type: "service",
+            name: worker.LogicalId,
+            service: worker.workerName,
+          },
+        ],
+      });
+    } else {
+      return yield* Effect.die(
+        new Error(`BindWorkerPolicy does not support runtime '${host.Type}'`),
+      );
+    }
+  }),
+);
+
+class MissingDurableObjectNamespaces extends Data.TaggedError(
+  "MissingDurableObjectNamespaces",
+)<{
+  scriptName: string;
+  expected: string[];
+}> {}
+
+function bumpMigrationTagVersion(
+  oldTag: string | undefined,
+): string | undefined {
+  if (!oldTag) return undefined;
+  const version = oldTag.match(/^(alchemy:)?v(\d+)$/)?.[2];
+  if (!version) return "alchemy:v1";
+  return `alchemy:v${parseInt(version, 10) + 1}`;
+}
+
+function getDurableObjectBindings(
+  bindings: ReadonlyArray<ResourceBinding>,
+  workerName: string,
+) {
+  return bindings.flatMap((binding) =>
+    (binding.data.bindings ?? []).flatMap((item: WorkerBinding) =>
+      item.type === "durable_object_namespace" &&
+      "className" in item &&
+      item.className &&
+      (!("scriptName" in item) ||
+        !item.scriptName ||
+        item.scriptName === workerName)
+        ? [
+            {
+              logicalId: binding.sid,
+              bindingName: item.name,
+              className: item.className,
+            },
+          ]
+        : [],
+    ),
+  );
+}
+
+function getDurableObjectTagMap(tags: ReadonlyArray<string>) {
+  return Object.fromEntries(
+    tags.flatMap((tag) => {
+      if (!tag.startsWith("alchemy:do:")) {
+        return [];
+      }
+      const parts = tag.split(":");
+      const logicalId = parts[2];
+      const className = parts.slice(3).join(":");
+      return logicalId && className ? [[logicalId, className]] : [];
+    }),
+  );
+}
+
+export const WorkerProvider = () =>
+  Provider.effect(
+    Worker,
+    Effect.gen(function* () {
+      const fs = yield* FileSystem.FileSystem;
+      const path = yield* Path.Path;
+
+      const accountId = yield* Account;
+      const virtualEntryPlugin = yield* Bundle.virtualEntryPlugin;
+      const stack = yield* Stack;
+
+      const { read, upload } = yield* Assets.Assets;
+      const createScriptSubdomain = yield* workers.createScriptSubdomain;
+      const createScriptTail = yield* workers.createScriptTail;
+      const deleteScript = yield* workers.deleteScript;
+      const deleteScriptTail = yield* workers.deleteScriptTail;
+      const getScriptSubdomain = yield* workers.getScriptSubdomain;
+      const getScriptSettings = yield* workers.getScriptScriptAndVersionSetting;
+      const getSubdomain = yield* workers.getSubdomain;
+      const listScripts = yield* workers.listScripts;
+      const putScript = yield* workers.putScript;
+      const telemetry = yield* CloudflareLogs;
+      const defaultCompatibilityDate = yield* Effect.promise(() =>
+        // @ts-expect-error no types for workerd
+        import("workerd").then((m) => m.compatibilityDate as string),
+      );
+
+      const getAccountSubdomain = (accountId: string) =>
+        getSubdomain({
+          accountId,
+        }).pipe(Effect.map((result) => result.subdomain));
+
+      const setWorkerSubdomain = (name: string, enabled: boolean) =>
+        createScriptSubdomain({
+          accountId,
+          scriptName: name,
+          enabled,
+        });
+
+      const createWorkerName = (id: string, name: string | undefined) =>
+        name
+          ? Effect.succeed(name)
+          : createPhysicalName({
+              id,
+              maxLength: 54,
+            }).pipe(Effect.map((name) => name.toLowerCase()));
+
+      const createAlchemyWorkerTags = (id: string) => [
+        `alchemy:stack:${stack.name}`,
+        `alchemy:stage:${stack.stage}`,
+        `alchemy:id:${id}`,
+      ];
+
+      const hasAlchemyWorkerTags = (
+        id: string,
+        tags: readonly string[] | undefined,
+      ) => {
+        const actualTags = new Set(tags ?? []);
+        return createAlchemyWorkerTags(id).every((tag) => actualTags.has(tag));
+      };
+
+      const getDurableObjectNamespaces = (
+        bindings: readonly WorkerSettingsBinding[] | null | undefined,
+      ) => {
+        const namespaces = Object.fromEntries(
+          (bindings ?? []).flatMap((binding) =>
+            binding.type === "durable_object_namespace" &&
+            binding.className &&
+            binding.namespaceId
+              ? [[binding.className, binding.namespaceId]]
+              : [],
+          ),
+        );
+        return namespaces;
+      };
+
+      const getExpectedDurableObjectClassNames = (
+        bindings: readonly WorkerBinding[] | undefined,
+      ) =>
+        Array.from(
+          new Set(
+            bindings?.flatMap((binding) =>
+              binding.type === "durable_object_namespace" && binding.className
+                ? [binding.className]
+                : [],
+            ) ?? [],
+          ),
+        );
+
+      const getWorkerSettingsWithDurableObjects = Effect.fnUntraced(function* (
+        scriptName: string,
+        expectedClassNames: readonly string[],
+      ) {
+        return yield* getScriptSettings({
+          accountId,
+          scriptName,
+        }).pipe(
+          Effect.map((settings) => {
+            const namespaces = getDurableObjectNamespaces(settings.bindings);
+            const missing = expectedClassNames.filter(
+              (className) => !namespaces[className],
+            );
+            if (missing.length > 0) {
+              return Effect.fail(
+                new MissingDurableObjectNamespaces({
+                  scriptName,
+                  expected: missing,
+                }),
+              );
+            }
+            return Effect.succeed({
+              settings,
+              durableObjectNamespaces: namespaces,
+            });
+          }),
+          Effect.flatten,
+          Effect.retry({
+            while: (error) => error._tag === "MissingDurableObjectNamespaces",
+            schedule: Schedule.exponential(100).pipe(
+              Schedule.both(Schedule.recurs(20)),
+            ),
+          }),
+        );
+      });
+
+      const prepareAssets = Effect.fnUntraced(function* (
+        assets: WorkerProps["assets"],
+      ) {
+        if (!assets) return undefined;
+
+        // Handle AssetsWithHash (from Build resource)
+        // Props are resolved by Plan, so Input<string> values are already strings at runtime
+        if (
+          typeof assets === "object" &&
+          "path" in assets &&
+          "hash" in assets
+        ) {
+          const result = yield* read({
+            directory: assets.path as string,
+            config: assets.config,
+            sources: assets.sources,
+          });
+          return {
+            ...result,
+            hash: assets.hash as string,
+          };
+        }
+
+        // Handle string path or AssetsProps
+        return yield* read(
+          typeof assets === "string" ? { directory: assets } : assets,
+        );
+      });
+
+      const prepareBundle = (id: string, props: WorkerProps) =>
+        Effect.gen(function* () {
+          const main = yield* fs.realPath(props.main);
+          const cwd = yield* findCwdForBundle(main);
+          const buildBundle = (plugins?: rolldown.RolldownPluginOption) =>
+            Bundle.build(
+              {
+                input: main,
+                cwd,
+                plugins: [
+                  cloudflareRolldown({
+                    compatibilityDate:
+                      props.compatibility?.date ?? defaultCompatibilityDate,
+                    compatibilityFlags: props.compatibility?.flags,
+                  }),
+                  plugins,
+                  ...(props.build?.metafile ? [Sonda({ open: false })] : []),
+                ],
+                checks: {
+                  // Suppress unresolved import warnings for unrelated AWS packages
+                  unresolvedImport: false,
+                },
+              },
+              {
+                format: "esm",
+                sourcemap: "hidden",
+                minify: true,
+                keepNames: true,
+                dir: `.alchemy/bundles/${id}`,
+              },
+            );
+
+          if (props.isExternal) {
+            const bundle = yield* buildBundle();
+            return bundle;
+          }
+
+          const exportMap = (props.exports ?? {}) as Record<string, unknown>;
+          const allExportNames = Object.keys(exportMap).filter(
+            (id) => id !== "default",
+          );
+          const doClasses: string[] = [];
+          const wfClasses: string[] = [];
+          for (const name of allExportNames) {
+            if (isWorkflowExport(exportMap[name])) {
+              wfClasses.push(name);
+            } else if (isDurableObjectExport(exportMap[name])) {
+              doClasses.push(name);
+            }
+          }
+          const hasDoClasses = doClasses.length > 0;
+          const hasWfClasses = wfClasses.length > 0;
+          const script = (importPath: string) => `
+import * as Config from "effect/Config";
+import * as ConfigProvider from "effect/ConfigProvider";
+import * as Console from "effect/Console";
+import * as Effect from "effect/Effect";
+import * as FetchHttpClient from "effect/unstable/http/FetchHttpClient";
+import * as Layer from "effect/Layer";
+import * as Logger from "effect/Logger";
+import * as Context from "effect/Context";
+import * as Stream from "effect/Stream";
+
+import { env, DurableObject${hasWfClasses ? ", WorkflowEntrypoint" : ""} } from "cloudflare:workers";
+import { MinimumLogLevel } from "effect/References";
+import { NodeServices } from "@effect/platform-node";
+import { Stack } from "alchemy-effect/Stack";
+import { WorkerEnvironment, makeDurableObjectBridge${hasWfClasses ? ", makeWorkflowBridge" : ""}, ExportedHandlerMethods } from "alchemy-effect/Cloudflare";
+
+import entry from "${importPath}";
+
+const tag = Context.Service("${Self.key}")
+const layer =
+  typeof entry?.build === "function"
+    ? entry
+    : Layer.effect(tag, typeof entry?.asEffect === "function" ? entry.asEffect() : entry);
+
+const platform = Layer.mergeAll(
+  NodeServices.layer,
+  FetchHttpClient.layer,
+  // TODO(sam): wire this up to telemetry more directly
+  Logger.layer([Logger.consolePretty()]),
+);
+
+const stack = Layer.succeed(
+  Stack,
+  {
+    name: "${stack.name}",
+    stage: "${stack.stage}",
+    bindings: {},
+    resources: {}
+  }
+);
+
+const exportsEffect = tag.asEffect().pipe(
+  Effect.flatMap(func => func.ExecutionContext.exports),
+  Effect.map(exports => exports),
+  Effect.provide(
+    layer.pipe(
+      Layer.provideMerge(stack),
+      // TODO(sam): additional credentials?
+      Layer.provideMerge(platform),
+      Layer.provideMerge(
+        Layer.succeed(
+          ConfigProvider.ConfigProvider,
+          ConfigProvider.orElse(
+            ConfigProvider.fromUnknown({ ALCHEMY_PHASE: "runtime" }),
+            ConfigProvider.fromUnknown(env),
+          ),
+        )
+      ),
+      Layer.provideMerge(
+        Layer.succeed(
+          WorkerEnvironment,
+          env,
+        )
+      ),
+      Layer.provideMerge(
+        Layer.succeed(
+          MinimumLogLevel,
+          env.DEBUG ? "Debug" : "Info",
+        )
+      ),
+    )
+  ),
+  Effect.scoped
+);
+
+// TODO(sam): we could kick this off during module init, but any I/O will break deploy
+// let exportsPromise = Effect.runPromise(exportsEffect);
+
+// for now, we delay initializing the worker until the first request
+let exportsPromise;
+
+// don't initialize the workerEffect during module init because Cloudflare does not allow I/O during module init
+// we cache it synchronously (??=) to guarnatee only one initialization ever happens
+const getExports = () => (exportsPromise ??= Effect.runPromise(exportsEffect))
+const getExport = (name) => getExports().then(exports => exports[name]?.make)
+const worker = () => getExports().then(exports => exports.default)
+
+export default Object.fromEntries(ExportedHandlerMethods.map(
+  method => [method, async (...args) => (await worker())[method](...args)])
+) satisfies Required<cf.ExportedHandler>;
+
+// export class proxy stubs for Durable Objects and Workflows
+${[
+  ...(hasDoClasses
+    ? [
+        "const DurableObjectBridge = makeDurableObjectBridge(DurableObject, getExport);",
+        ...doClasses.map(
+          (id) => `export class ${id} extends DurableObjectBridge("${id}") {}`,
+        ),
+      ]
+    : []),
+  ...(hasWfClasses
+    ? [
+        "const WorkflowBridgeFn = makeWorkflowBridge(WorkflowEntrypoint, getExport);",
+        ...wfClasses.map(
+          (id) => `export class ${id} extends WorkflowBridgeFn("${id}") {}`,
+        ),
+      ]
+    : []),
+].join("\n")}
+`;
+
+          return yield* buildBundle(virtualEntryPlugin(script));
+        }).pipe(Artifacts.cached("build"));
+
+      const viteBuild = Effect.fnUntraced(function* (props: WorkerProps) {
+        const vite = yield* Effect.promise(() => import("vite"));
+        let assetsDirectory: string | undefined;
+        let serverBundle: vite.Rolldown.OutputBundle | undefined;
+
+        yield* Effect.promise(async () => {
+          const builder = await vite.createBuilder(
+            {
+              root: props.vite?.rootDir,
+              // Declare the ssr environment so Vite 8+ creates it.
+              // The cloudflare-vite-plugin config hook merges its
+              // SSR-specific settings on top of this stub.
+              environments: {
+                ssr: {
+                  build: {
+                    // Prevent the SSR build from wiping the client
+                    // build's output (both share the dist/ directory).
+                    emptyOutDir: false,
+                  },
+                },
+              },
+              builder: {
+                sharedConfigBuild: true,
+              },
+              plugins: [
+                cloudflareVite({
+                  compatibilityDate:
+                    props.compatibility?.date ?? defaultCompatibilityDate,
+                  compatibilityFlags: props.compatibility?.flags,
+                }),
+                {
+                  name: "output:ssr",
+                  applyToEnvironment(environment) {
+                    return environment.name === "ssr";
+                  },
+                  generateBundle(_outputOptions, bundle) {
+                    serverBundle = bundle;
+                  },
+                },
+                {
+                  name: "output:client",
+                  applyToEnvironment(environment) {
+                    return environment.name === "client";
+                  },
+                  generateBundle(outputOptions) {
+                    assetsDirectory = outputOptions.dir;
+                  },
+                },
+              ],
+            },
+            // This is the `useLegacyBuilder` option. The Vite CLI implementation uses `null` here.
+            // Originally we used `undefined` here, but this caused the static site build to fail.
+            // https://github.com/vitejs/vite/blob/a07a4bd052ac75f916391c999c408ad5f2867e61/packages/vite/src/node/cli.ts#L367
+            null,
+          );
+          await builder.buildApp();
+        });
+        if (!assetsDirectory && !serverBundle) {
+          return yield* Effect.die(
+            new Error("Vite build produced neither server nor client output"),
+          );
+        }
+        const [assets, bundle] = yield* Effect.all(
+          [
+            assetsDirectory
+              ? read({
+                  directory: assetsDirectory,
+                  config:
+                    typeof props.assets === "object" && "config" in props.assets
+                      ? props.assets.config
+                      : undefined,
+                  sources:
+                    typeof props.assets === "object" &&
+                    props.assets !== null &&
+                    "sources" in props.assets
+                      ? (props.assets as AssetsProps).sources
+                      : undefined,
+                })
+              : Effect.succeed(undefined),
+            serverBundle
+              ? Bundle.bundleOutputFromRolldownOutputBundle(serverBundle)
+              : Effect.succeed(undefined),
+          ],
+          { concurrency: "unbounded" },
+        );
+        return { assets, bundle };
+      });
+
+      const prepareAssetsAndBundle = (id: string, props: WorkerProps) =>
+        Effect.gen(function* () {
+          if (props.vite) {
+            const [{ assets, bundle }, input] = yield* Effect.all(
+              [viteBuild(props), hashDirectory(props.vite)],
+              { concurrency: "unbounded" },
+            );
+            return { assets, bundle, input };
+          }
+          const [assets, bundle] = yield* Effect.all(
+            [prepareAssets(props.assets), prepareBundle(id, props)],
+            { concurrency: "unbounded" },
+          );
+          return { assets, bundle };
+        }).pipe(
+          Effect.map(({ assets, bundle, input }) => ({
+            assets,
+            bundle: {
+              main: bundle?.files[0].path,
+              files: bundle?.files.map(
+                (file) =>
+                  new File([file.content as BlobPart], file.path, {
+                    type: contentTypeFromExtension(path.extname(file.path)),
+                  }),
+              ),
+            },
+            hash: {
+              assets: assets?.hash,
+              bundle: bundle?.hash,
+              input,
+            } satisfies Worker["Attributes"]["hash"],
+          })),
+        );
+
+      const putWorker = Effect.fnUntraced(function* (
+        id: string,
+        news: WorkerProps,
+        bindings: ResourceBinding<Worker["Binding"]>[],
+        olds: WorkerProps | undefined,
+        output: Worker["Attributes"] | undefined,
+        session: ScopedPlanStatusSession,
+        existingSettings?: workers.GetScriptScriptAndVersionSettingResponse,
+      ) {
+        const name = yield* createWorkerName(id, news.name);
+        yield* Effect.logInfo(
+          `Cloudflare Worker ${olds ? "update" : "create"}: preparing bundle for ${name}`,
+        );
+        const { assets, bundle, hash } = yield* prepareAssetsAndBundle(
+          id,
+          news,
+        );
+        const metadataBindings = bindings.flatMap((b) => b.data.bindings ?? []);
+        const expectedDurableObjectClassNames =
+          getExpectedDurableObjectClassNames(metadataBindings);
+        let metadataAssets:
+          | workers.PutScriptRequest["metadata"]["assets"]
+          | undefined;
+        let keepAssets = false;
+        if (assets) {
+          if (output?.hash?.assets !== assets.hash) {
+            yield* Effect.logInfo(
+              `Cloudflare Worker ${olds ? "update" : "create"}: uploading assets for ${name}`,
+            );
+            const { jwt } = yield* upload(accountId, name, assets, session);
+            metadataAssets = {
+              jwt,
+              config: assets.config,
+            };
+          } else {
+            yield* Effect.logInfo(
+              `Cloudflare Worker update: reusing existing assets for ${name}`,
+            );
+            metadataAssets = {
+              config: assets.config,
+            };
+            keepAssets = true;
+          }
+          metadataBindings.push({
+            type: "assets",
+            name: "ASSETS",
+          });
+        }
+        metadataBindings.push(
+          {
+            type: "plain_text",
+            name: "ALCHEMY_STACK_NAME",
+            text: stack.name,
+          },
+          {
+            type: "plain_text",
+            name: "ALCHEMY_STAGE",
+            text: stack.stage,
+          },
+        );
+        // Add environment variables as metadata bindings
+        if (news.env) {
+          for (const [key, value] of Object.entries(news.env)) {
+            if (value == null) continue;
+            if (Redacted.isRedacted(value)) {
+              metadataBindings.push({
+                type: "secret_text",
+                name: key,
+                text: Redacted.value(value),
+              });
+            } else {
+              metadataBindings.push({
+                type: "plain_text",
+                name: key,
+                text: typeof value === "string" ? value : String(value),
+              });
+            }
+          }
+        }
+        yield* Effect.logInfo(
+          `Cloudflare Worker ${olds ? "update" : "create"}: uploading script for ${name}`,
+        );
+        const size =
+          bundle.files
+            ?.filter((file) => !file.name.endsWith(".map"))
+            .reduce((acc, file) => acc + file.size, 0) ?? 0;
+        const sizeKB = size / 1024;
+        const sizeMB = sizeKB / 1024;
+        const bundleSize = `${sizeKB > 1024 ? `${sizeMB.toFixed(2)} MB` : `${sizeKB.toFixed(2)} KB`}`;
+        yield* session.note(`Uploading worker (${bundleSize}) ...`);
+
+        // Read existing worker settings for migration tracking
+        const oldSettings =
+          existingSettings ??
+          (yield* getScriptSettings({
+            accountId,
+            scriptName: name,
+          }).pipe(
+            Effect.map((s) => s as typeof s | undefined),
+            Effect.catch(() => Effect.succeed(undefined)),
+          ));
+
+        const oldTags = Array.from(new Set(oldSettings?.tags ?? []));
+        const oldBindings = oldSettings?.bindings ?? [];
+
+        // Parse alchemy:do:{logicalId}:{className} tags
+        const oldDoClassNameByLogicalId = getDurableObjectTagMap(oldTags);
+        const currentDoBindings = getDurableObjectBindings(bindings, name);
+        const currentDoClassNameByLogicalId = Object.fromEntries(
+          currentDoBindings.map((binding) => [
+            binding.logicalId,
+            binding.className,
+          ]),
+        );
+
+        // Parse alchemy:migration-tag:{version}
+        const oldMigrationTag = oldTags.flatMap((tag) =>
+          tag.startsWith("alchemy:migration-tag:")
+            ? [tag.slice("alchemy:migration-tag:".length)]
+            : [],
+        )[0];
+        const newMigrationTag = bumpMigrationTagVersion(oldMigrationTag);
+
+        // Compute deleted classes
+        const deletedClasses: string[] = [];
+        for (const [logicalId, className] of Object.entries(
+          oldDoClassNameByLogicalId,
+        )) {
+          if (!currentDoClassNameByLogicalId[logicalId]) {
+            deletedClasses.push(className);
+          }
+        }
+
+        // Backward compatibility for old workers that have DO bindings but no
+        // alchemy:do tags yet.
+        if (Object.keys(oldDoClassNameByLogicalId).length === 0) {
+          for (const oldBinding of oldBindings) {
+            if (
+              oldBinding.type === "durable_object_namespace" &&
+              "className" in oldBinding &&
+              oldBinding.className &&
+              (!("scriptName" in oldBinding) ||
+                !oldBinding.scriptName ||
+                oldBinding.scriptName === name) &&
+              !currentDoBindings.some(
+                (binding) => binding.bindingName === oldBinding.name,
+              )
+            ) {
+              deletedClasses.push(oldBinding.className);
+            }
+          }
+        }
+
+        // Collect container-backed class names so we can send container metadata
+        const containerClassNames = new Set(
+          bindings.flatMap((b) =>
+            (b.data.containers ?? []).map((c) => c.className),
+          ),
+        );
+
+        // Compute new and renamed classes
+        const newClasses: string[] = [];
+        const newSqliteClasses: string[] = [];
+        const renamedClasses: { from: string; to: string }[] = [];
+        for (const binding of currentDoBindings) {
+          const previousClassName =
+            oldDoClassNameByLogicalId[binding.logicalId];
+          if (!previousClassName) {
+            // Default all new Durable Object classes to SQLite. Cloudflare
+            // recommends SQLite for new namespaces, and container-backed
+            // Durable Objects require it.
+            newSqliteClasses.push(binding.className);
+          } else if (previousClassName !== binding.className) {
+            renamedClasses.push({
+              from: previousClassName,
+              to: binding.className,
+            });
+          }
+        }
+
+        yield* Effect.logInfo(
+          `Cloudflare Worker put: durable object reconciliation ${JSON.stringify(
+            {
+              oldDoClassNameByLogicalId,
+              currentDoClassNameByLogicalId,
+              deletedClasses,
+              renamedClasses,
+              newSqliteClasses,
+            },
+          )}`,
+        );
+
+        // Build alchemy:do:{logicalId}:{className} tags for each DO binding
+        const alchemyDoTags: string[] = [];
+        for (const binding of currentDoBindings) {
+          alchemyDoTags.push(
+            `alchemy:do:${binding.logicalId}:${binding.className}`,
+          );
+        }
+
+        const metadataTags = Array.from(
+          new Set([
+            ...createAlchemyWorkerTags(id),
+            ...alchemyDoTags,
+            ...(newMigrationTag
+              ? [`alchemy:migration-tag:${newMigrationTag}`]
+              : []),
+            ...(news.tags ?? []),
+          ]),
+        );
+
+        const migrations = {
+          oldTag: oldMigrationTag,
+          newTag: newMigrationTag,
+          newClasses,
+          deletedClasses,
+          renamedClasses,
+          transferredClasses: [] as { from: string; to: string }[],
+          newSqliteClasses,
+        };
+
+        const metadataContainers = [...containerClassNames].map(
+          (className) => ({
+            className,
+          }),
+        );
+
+        const metadata = {
+          assets: metadataAssets,
+          bindings: metadataBindings,
+          bodyPart: undefined,
+          compatibilityDate: news.compatibility?.date ?? "2026-03-10",
+          compatibilityFlags: news.compatibility?.flags,
+          containers:
+            metadataContainers.length > 0 ? metadataContainers : undefined,
+          keepAssets,
+          keepBindings: undefined,
+          limits: news.limits,
+          logpush: news.logpush,
+          mainModule: bundle.main,
+          migrations,
+          observability: news.observability ?? {
+            enabled: true,
+            logs: {
+              enabled: true,
+              invocationLogs: true,
+            },
+          },
+          placement: news.placement,
+          tags: metadataTags,
+          tailConsumers: undefined,
+          usageModel: undefined,
+        };
+        const worker = yield* putScript({
+          accountId,
+          scriptName: name,
+          metadata,
+          files: bundle.files,
+        }).pipe(
+          Effect.catch((err) => {
+            // When adopting a Worker managed by Wrangler (or after a previous
+            // deploy with mismatched migrations), the old_tag precondition
+            // fails. The only way to discover the actual tag is through the
+            // error message — getScriptSettings is meant to return it but
+            // doesn't at runtime.
+            const msg = String(
+              typeof err === "object" && err !== null && "message" in err
+                ? err.message
+                : err,
+            );
+            const expectedTag = msg.match(
+              /when expected tag is ['"]?([^'"]+)['"]?/,
+            )?.[1];
+            if (expectedTag) {
+              return putScript({
+                accountId,
+                scriptName: name,
+                metadata: {
+                  ...metadata,
+                  migrations: {
+                    ...migrations,
+                    oldTag: expectedTag,
+                    newTag: bumpMigrationTagVersion(expectedTag),
+                  },
+                },
+                files: bundle.files,
+              });
+            }
+            return Effect.fail(err as any);
+          }),
+        );
+        const { settings, durableObjectNamespaces } =
+          yield* getWorkerSettingsWithDurableObjects(
+            name,
+            expectedDurableObjectClassNames,
+          );
+        if (!olds || news.url !== olds.url) {
+          const enable = news.url !== false;
+          yield* session.note(
+            `${enable ? "Enabling" : "Disabling"} workers.dev subdomain...`,
+          );
+          yield* setWorkerSubdomain(name, enable);
+        }
+        return {
+          workerId: worker.id ?? name,
+          workerName: name,
+          logpush: worker.logpush ?? undefined,
+          url:
+            news.url !== false
+              ? `https://${name}.${yield* getAccountSubdomain(accountId)}.workers.dev`
+              : undefined,
+          tags: settings.tags ?? metadata.tags,
+          durableObjectNamespaces,
+          accountId,
+          hash,
+        } satisfies Worker["Attributes"];
+      });
+
+      const hasChanged = Effect.fnUntraced(function* (
+        id: string,
+        props: WorkerProps,
+        output: Worker["Attributes"],
+      ) {
+        if (props.vite) {
+          const input = yield* hashDirectory(props.vite);
+          return input !== output.hash?.input;
+        }
+        const [assetsHash, bundleHash] = yield* Effect.all(
+          [
+            "assets" in output && output.hash?.assets
+              ? Effect.succeed(output.hash.assets)
+              : prepareAssets(props.assets).pipe(Effect.map((a) => a?.hash)),
+            prepareBundle(id, props).pipe(Effect.map((b) => b.hash)),
+          ],
+          { concurrency: "unbounded" },
+        );
+        return (
+          assetsHash !== output.hash?.assets ||
+          bundleHash !== output.hash?.bundle
+        );
+      });
+
+      return Worker.Provider.of({
+        stables: ["workerId", "workerName"],
+        diff: Effect.fnUntraced(function* ({ id, news, olds, output }) {
+          if (!isResolved(news)) return undefined;
+          if ((output?.accountId ?? accountId) !== accountId) {
+            return { action: "replace" };
+          }
+          const workerName = yield* createWorkerName(id, news.name);
+          const oldWorkerName = output?.workerName
+            ? output.workerName
+            : yield* createWorkerName(id, olds?.name);
+          if (workerName !== oldWorkerName) {
+            return { action: "replace" };
+          }
+          if (!output) {
+            return;
+          }
+          if (yield* hasChanged(id, news, output)) {
+            return {
+              action: "update",
+              stables:
+                oldWorkerName === workerName ? ["workerName"] : undefined,
+            };
+          }
+        }),
+        precreate: Effect.fnUntraced(function* ({ id, news, session }) {
+          const name = yield* createWorkerName(id, news.name);
+          const exportMap = (news.exports ?? {}) as Record<string, unknown>;
+          const durableObjects = Object.keys(exportMap)
+            .filter((logicalId) => isDurableObjectExport(exportMap[logicalId]))
+            .map((logicalId) => ({
+              logicalId,
+              className: logicalId,
+            }));
+          const doClasses = durableObjects.map((binding) => binding.className);
+          const containers = doClasses.map((className) => ({ className }));
+          const alchemyDoTags = durableObjects.map(
+            ({ logicalId, className }) =>
+              `alchemy:do:${logicalId}:${className}`,
+          );
+          const tags = Array.from(
+            new Set([
+              ...createAlchemyWorkerTags(id),
+              ...alchemyDoTags,
+              ...(news.tags ?? []),
+            ]),
+          );
+          yield* Effect.logInfo(
+            `Cloudflare Worker precreate: starting ${name}`,
+          );
+          yield* Effect.logInfo(
+            `Cloudflare Worker precreate: durable objects ${JSON.stringify(
+              durableObjects,
+            )}`,
+          );
+          const existingSettings = yield* getScriptSettings({
+            accountId,
+            scriptName: name,
+          }).pipe(
+            Effect.catchTag("WorkerNotFound", () => Effect.succeed(undefined)),
+          );
+          let durableObjectNamespaces = getDurableObjectNamespaces(
+            existingSettings?.bindings,
+          );
+
+          if (existingSettings) {
+            if (!hasAlchemyWorkerTags(id, existingSettings.tags ?? [])) {
+              return yield* Effect.die(
+                `Worker "${name}" already exists but is not owned by this stack/stage/resource`,
+              );
+            }
+            yield* Effect.logInfo(
+              `Cloudflare Worker precreate: adopting existing ${name} owned by this stack/stage/resource`,
+            );
+          } else {
+            yield* session.note("Pre-creating worker...");
+            const mainModule = "main.js";
+            const placeholderScript = `${doClasses.length > 0 ? 'import { DurableObject } from "cloudflare:workers";\n\n' : ""}export default { fetch() { return new Response("Alchemy worker is being deployed...") } };\n${doClasses
+              .map(
+                (className) =>
+                  `export class ${className} extends DurableObject {}`,
+              )
+              .join("\n")}`;
+            yield* putScript({
+              accountId,
+              scriptName: name,
+              metadata: {
+                mainModule,
+                bindings:
+                  doClasses.length > 0
+                    ? doClasses.map((className) => ({
+                        type: "durable_object_namespace" as const,
+                        name: className,
+                        className,
+                      }))
+                    : undefined,
+                compatibilityDate:
+                  news.compatibility?.date ?? defaultCompatibilityDate,
+                compatibilityFlags: news.compatibility?.flags,
+                containers,
+                migrations:
+                  doClasses.length > 0
+                    ? {
+                        oldTag: undefined,
+                        newTag: undefined,
+                        newClasses: [],
+                        deletedClasses: [],
+                        renamedClasses: [],
+                        transferredClasses: [],
+                        newSqliteClasses: doClasses,
+                      }
+                    : undefined,
+                observability: news.observability ?? {
+                  enabled: true,
+                  logs: {
+                    enabled: true,
+                    invocationLogs: true,
+                  },
+                },
+                tags,
+              },
+              files: [
+                new File([placeholderScript], mainModule, {
+                  type: "application/javascript+module",
+                }),
+              ],
+            });
+            if (doClasses.length > 0) {
+              ({ durableObjectNamespaces } =
+                yield* getWorkerSettingsWithDurableObjects(name, doClasses));
+            }
+          }
+
+          if (existingSettings && doClasses.length > 0) {
+            ({ durableObjectNamespaces } =
+              yield* getWorkerSettingsWithDurableObjects(name, doClasses));
+          }
+
+          return {
+            workerId: name,
+            workerName: name,
+            logpush: existingSettings?.logpush ?? undefined,
+            url: undefined,
+            tags: existingSettings?.tags ?? tags,
+            durableObjectNamespaces,
+            accountId,
+          } satisfies Worker["Attributes"];
+        }),
+        read: Effect.fnUntraced(
+          function* ({ id, output, olds }) {
+            const workerName =
+              output?.workerName ?? (yield* createWorkerName(id, olds?.name));
+            yield* Effect.logInfo(
+              `Cloudflare Worker read: checking ${workerName}`,
+            );
+            const [worker, subdomain, settings] = yield* Effect.all([
+              listScripts({
+                accountId,
+              }).pipe(
+                Effect.map((workers) =>
+                  workers.result.find((worker) => worker.id === workerName),
+                ),
+              ),
+              getScriptSubdomain({
+                accountId,
+                scriptName: workerName,
+              }),
+              getScriptSettings({
+                accountId,
+                scriptName: workerName,
+              }),
+            ]);
+            if (!worker) {
+              yield* Effect.logInfo(
+                `Cloudflare Worker read: ${workerName} not found in script list`,
+              );
+              return undefined;
+            }
+            yield* Effect.logInfo(
+              `Cloudflare Worker read: found ${workerName}`,
+            );
+            return {
+              accountId,
+              workerId: worker.id ?? workerName,
+              workerName,
+              logpush: worker.logpush ?? undefined,
+              url: subdomain.enabled
+                ? `https://${workerName}.${yield* getAccountSubdomain(accountId)}.workers.dev`
+                : undefined,
+              tags: settings.tags ?? undefined,
+              durableObjectNamespaces: getDurableObjectNamespaces(
+                settings.bindings,
+              ),
+            } satisfies Worker["Attributes"];
+          },
+          (effect) =>
+            effect.pipe(
+              Effect.catchTag("WorkerNotFound", () =>
+                Effect.succeed(undefined),
+              ),
+            ),
+        ),
+        create: Effect.fnUntraced(function* ({
+          id,
+          news,
+          bindings,
+          output,
+          session,
+        }) {
+          const name = yield* createWorkerName(id, news.name);
+          const durableObjects = getDurableObjectBindings(bindings, name).map(
+            ({ logicalId, className }) => ({
+              logicalId,
+              className,
+            }),
+          );
+          yield* Effect.logInfo(`Cloudflare Worker create: starting ${name}`);
+          yield* Effect.logInfo(
+            `Cloudflare Worker create: durable objects ${JSON.stringify(
+              durableObjects,
+            )}`,
+          );
+          const existingSettings = yield* getScriptSettings({
+            accountId,
+            scriptName: name,
+          }).pipe(
+            Effect.catchTag("WorkerNotFound", () => Effect.succeed(undefined)),
+          );
+          yield* Effect.logInfo(
+            `Cloudflare Worker create: existing durable object tags ${JSON.stringify(
+              (existingSettings?.tags ?? []).filter((tag) =>
+                tag.startsWith("alchemy:do:"),
+              ),
+            )}`,
+          );
+          if (existingSettings) {
+            yield* Effect.logInfo(
+              `Cloudflare Worker create: ${name} already exists`,
+            );
+            if (!hasAlchemyWorkerTags(id, existingSettings.tags ?? [])) {
+              return yield* Effect.die(
+                `Worker "${name}" already exists but is not owned by this stack/stage/resource`,
+              );
+            }
+            yield* Effect.logInfo(
+              `Cloudflare Worker create: adopting existing ${name} owned by this stack/stage/resource`,
+            );
+          }
+          return yield* putWorker(
+            id,
+            news,
+            bindings,
+            undefined,
+            output,
+            session,
+            existingSettings,
+          );
+        }),
+        update: Effect.fnUntraced(function* ({
+          id,
+          olds,
+          news,
+          output,
+          bindings,
+          session,
+        }) {
+          const durableObjects = getDurableObjectBindings(
+            bindings,
+            output.workerName,
+          ).map(({ logicalId, className }) => ({
+            logicalId,
+            className,
+          }));
+          yield* Effect.logInfo(
+            `Cloudflare Worker update: starting ${output.workerName}`,
+          );
+          yield* Effect.logInfo(
+            `Cloudflare Worker update: durable objects ${JSON.stringify(
+              durableObjects,
+            )}`,
+          );
+          yield* Effect.logInfo(
+            `Cloudflare Worker update: previous durable object tags ${JSON.stringify(
+              (output.tags ?? []).filter((tag) =>
+                tag.startsWith("alchemy:do:"),
+              ),
+            )}`,
+          );
+          return yield* putWorker(id, news, bindings, olds, output, session);
+        }),
+        delete: Effect.fnUntraced(function* ({ output }) {
+          yield* Effect.logInfo(
+            `Cloudflare Worker delete: deleting ${output.workerName}`,
+          );
+          yield* deleteScript({
+            accountId: output.accountId,
+            scriptName: output.workerName,
+          }).pipe(Effect.catchTag("WorkerNotFound", () => Effect.void));
+        }),
+        tail: ({ output }) => {
+          const runTailSession = Effect.gen(function* () {
+            const { id: tailId, url } = yield* createScriptTail({
+              scriptName: output.workerName,
+              accountId: output.accountId,
+              body: { filters: [] },
+            });
+
+            const socket = yield* Socket.makeWebSocket(url, {
+              protocols: ["trace-v1"],
+            });
+
+            const queue = yield* Queue.make<LogLine, Cause.Done>();
+
+            yield* socket
+              .runRaw((raw) => {
+                const text =
+                  typeof raw === "string" ? raw : new TextDecoder().decode(raw);
+                const data: TailEventMessage = JSON.parse(text);
+                const eventTs = new Date(data.eventTimestamp ?? Date.now());
+
+                if (data.event && "request" in data.event) {
+                  const reqEvent = data.event;
+                  const pathname = (() => {
+                    try {
+                      return new URL(reqEvent.request.url).pathname;
+                    } catch {
+                      return reqEvent.request.url;
+                    }
+                  })();
+                  const status = reqEvent.response?.status ?? 500;
+                  Queue.offerUnsafe(queue, {
+                    timestamp: eventTs,
+                    message: `${reqEvent.request.method} ${pathname} > ${status} (cpu: ${Math.round(data.cpuTime)}ms, wall: ${Math.round(data.wallTime)}ms)`,
+                  });
+                }
+
+                for (const log of data.logs) {
+                  const msg = log.message.join(" ");
+                  Queue.offerUnsafe(queue, {
+                    timestamp: new Date(log.timestamp),
+                    message: log.level === "log" ? msg : `${log.level}: ${msg}`,
+                  });
+                }
+
+                for (const exception of data.exceptions) {
+                  Queue.offerUnsafe(queue, {
+                    timestamp: new Date(exception.timestamp),
+                    message: `${exception.name} ${exception.message}\n${exception.stack}`,
+                  });
+                }
+              })
+              .pipe(
+                Effect.ensuring(
+                  Effect.all([
+                    deleteScriptTail({
+                      scriptName: output.workerName,
+                      id: tailId,
+                      accountId: output.accountId,
+                    }).pipe(Effect.ignore),
+                    Queue.end(queue),
+                  ]),
+                ),
+                Effect.ignore,
+                Effect.forkChild(),
+              );
+
+            return Stream.fromQueue(queue);
+          });
+
+          return Stream.unwrap(runTailSession).pipe(
+            Stream.repeat(Schedule.spaced("1 second")),
+          );
+        },
+        logs: ({ output, options }) =>
+          telemetry.queryLogs({
+            accountId: output.accountId,
+            filters: [
+              {
+                key: "$workers.scriptName",
+                operation: "eq",
+                type: "string",
+                value: output.workerName,
+              },
+            ],
+            options,
+          }),
+      });
+    }),
+  );
+
+interface TailEventMessage {
+  eventTimestamp?: number;
+  wallTime: number;
+  cpuTime: number;
+  truncated: boolean;
+  outcome: string;
+  scriptName: string;
+  exceptions: {
+    name: string;
+    message: string;
+    stack: string;
+    timestamp: string;
+  }[];
+  logs: {
+    message: string[];
+    level: string;
+    timestamp: string;
+  }[];
+  event:
+    | {
+        request: { method: string; url: string };
+        response?: { status: number };
+      }
+    | null
+    | undefined;
+}
+
+const contentTypeFromExtension = (extension: string) => {
+  switch (extension) {
+    case ".wasm":
+      return "application/wasm";
+    case ".txt":
+    case ".html":
+    case ".sql":
+    case ".custom":
+      return "text/plain";
+    case ".bin":
+      return "application/octet-stream";
+    case ".mjs":
+    case ".js":
+      return "application/javascript+module";
+    case ".cjs":
+      return "application/javascript";
+    case ".map":
+      return "application/source-map";
+    default:
+      return "application/octet-stream";
+  }
+};