diff --git a/CHANGES.md b/CHANGES.md
index cee9b1b5..4fffb701 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -6,6 +6,26 @@ Version 0.9.0
 
 To be released.
 
+ -  Added passkey (WebAuthn) authentication.  The admin *Auth* page now
+    has a "Passkeys" section for enrolling and managing passkeys, and
+    the public login page presents a "Sign in with passkey" button
+    (with the email/password form tucked behind a toggle) whenever at
+    least one passkey is enrolled.  Both device-bound and synced
+    (multi-device) passkeys are accepted.  A passkey on its own counts
+    as multi-factor authentication, so a successful passkey sign-in is
+    accepted in place of the TOTP step — the user is not asked for a
+    one-time code in the same session.
+
+    Hollo uses the *@simplewebauthn/server* library for verification
+    and ships the matching browser helper as a static asset linked
+    only from the auth and login pages.  Registration uses
+    `residentKey: required` and `userVerification: required`, so every
+    enrolled passkey is discoverable and tied to a biometric or PIN
+    gesture.  Registration challenges are bound to the current login
+    session with a server-enforced 5-minute TTL, and login challenges
+    are stored in a single-use `passkey_login_challenges` table so a
+    captured cookie + assertion pair can be redeemed at most once.  [[#487]]
+
  -  Added optional split-domain WebFinger support.  When the new
     `HANDLE_HOST` and `WEB_ORIGIN` environment variables are set,
     Hollo uses Fedify's `origin` configuration so that fediverse
@@ -221,6 +241,7 @@ To be released.
 [#482]: https://github.com/fedify-dev/hollo/pull/482
 [#483]: https://github.com/fedify-dev/hollo/pull/483
 [#484]: https://github.com/fedify-dev/hollo/pull/484
+[#487]: https://github.com/fedify-dev/hollo/pull/487
 
 
 Version 0.8.4
diff --git a/DESIGN.md b/DESIGN.md
index 6be50152..aecf4a46 100644
--- a/DESIGN.md
+++ b/DESIGN.md
@@ -352,3 +352,34 @@ shorthand at class extraction time, but the original string still ships
 in the HTML `class` attribute, where the browser splits it on
 whitespace and matches `ring-2` (etc.) as a standalone class.  Always
 write each variant out long-form (`focus:border-brand-500 focus:ring-2 …`).
+
+
+### Page-scoped client scripts
+
+The lightweight-SSR principle still stands: *Layout.tsx* and the
+dashboard chrome stay JavaScript-free.  A handful of existing pages
+emit tiny inline scripts (e.g. `onsubmit="this.submit.ariaBusy='true'"`
+on long-running forms, or `<script dangerouslySetInnerHTML>` blocks
+for small DOM enhancements like dependent field reveal); those are
+fine for one-liners that decorate an otherwise functional form, and
+they're allowed to stay.
+
+For features that genuinely *can't* work without JavaScript — currently
+just the WebAuthn passkey ceremonies on the admin *Auth* page and the
+public login page — prefer the passkey pattern over an inline blob:
+
+ -  Drop a small, hand-written `.js` file into *src/public/* (e.g.
+    *passkey.js*).  Keep it short, IIFE-wrapped, no framework, no build
+    step.  If it depends on a vendored library, copy that library's
+    UMD bundle into *src/public/* as a separate file and add a comment
+    documenting how to re-vendor it after a dep bump.
+ -  Emit `<script src="/public/your-script.js" defer>` at the very end
+    of the JSX tree of only the page(s) that need it — not in
+    *Layout.tsx*.  A referenced static asset stays CSP-friendly and
+    lets the script live as a normal source file with real syntax
+    highlighting.
+ -  The script must degrade gracefully: if it fails to load, the
+    underlying HTML form should still be operable (or the feature
+    should be hidden behind a button the user has to click).
+ -  Wire to the DOM via stable `id`s on the form / button the page
+    already renders.  The server-rendered markup is the contract.
diff --git a/drizzle/0088_passkeys.sql b/drizzle/0088_passkeys.sql
new file mode 100644
index 00000000..fffd37c6
--- /dev/null
+++ b/drizzle/0088_passkeys.sql
@@ -0,0 +1,14 @@
+CREATE TABLE "passkeys" (
+	"id" text PRIMARY KEY NOT NULL,
+	"credential_email" varchar(254) NOT NULL,
+	"public_key" text NOT NULL,
+	"counter" bigint NOT NULL,
+	"transports" text[] DEFAULT (ARRAY[]::text[]) NOT NULL,
+	"device_type" text NOT NULL,
+	"backed_up" boolean NOT NULL,
+	"nickname" text NOT NULL,
+	"last_used" timestamp with time zone,
+	"created" timestamp with time zone DEFAULT CURRENT_TIMESTAMP NOT NULL
+);
+--> statement-breakpoint
+ALTER TABLE "passkeys" ADD CONSTRAINT "passkeys_credential_email_credentials_email_fk" FOREIGN KEY ("credential_email") REFERENCES "public"."credentials"("email") ON DELETE cascade ON UPDATE no action;
\ No newline at end of file
diff --git a/drizzle/0089_passkey_login_challenges.sql b/drizzle/0089_passkey_login_challenges.sql
new file mode 100644
index 00000000..933ab1bd
--- /dev/null
+++ b/drizzle/0089_passkey_login_challenges.sql
@@ -0,0 +1,8 @@
+CREATE TABLE "passkey_login_challenges" (
+	"id" text PRIMARY KEY NOT NULL,
+	"challenge" text NOT NULL,
+	"expires_at" timestamp with time zone NOT NULL,
+	"created" timestamp with time zone DEFAULT CURRENT_TIMESTAMP NOT NULL
+);
+--> statement-breakpoint
+CREATE INDEX "passkey_login_challenges_expires_at_index" ON "passkey_login_challenges" USING btree ("expires_at");
\ No newline at end of file
diff --git a/drizzle/meta/0088_snapshot.json b/drizzle/meta/0088_snapshot.json
new file mode 100644
index 00000000..25ac04cb
--- /dev/null
+++ b/drizzle/meta/0088_snapshot.json
@@ -0,0 +1,4529 @@
+{
+  "id": "6304a3ed-3b7c-4681-bfdc-c5c162553d52",
+  "prevId": "111f8bf6-721d-40fc-a563-fb07818be081",
+  "version": "7",
+  "dialect": "postgresql",
+  "tables": {
+    "public.access_grants": {
+      "name": "access_grants",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "code": {
+          "name": "code",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "expires_in": {
+          "name": "expires_in",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "redirect_uri": {
+          "name": "redirect_uri",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "scopes": {
+          "name": "scopes",
+          "type": "scope[]",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "code_challenge": {
+          "name": "code_challenge",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "code_challenge_method": {
+          "name": "code_challenge_method",
+          "type": "varchar(256)",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "application_id": {
+          "name": "application_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "resource_owner_id": {
+          "name": "resource_owner_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        },
+        "revoked": {
+          "name": "revoked",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "access_grants_resource_owner_id_index": {
+          "name": "access_grants_resource_owner_id_index",
+          "columns": [
+            {
+              "expression": "resource_owner_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "access_grants_application_id_applications_id_fk": {
+          "name": "access_grants_application_id_applications_id_fk",
+          "tableFrom": "access_grants",
+          "tableTo": "applications",
+          "columnsFrom": [
+            "application_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "access_grants_resource_owner_id_account_owners_id_fk": {
+          "name": "access_grants_resource_owner_id_account_owners_id_fk",
+          "tableFrom": "access_grants",
+          "tableTo": "account_owners",
+          "columnsFrom": [
+            "resource_owner_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "access_grants_code_unique": {
+          "name": "access_grants_code_unique",
+          "nullsNotDistinct": false,
+          "columns": [
+            "code"
+          ]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.access_tokens": {
+      "name": "access_tokens",
+      "schema": "",
+      "columns": {
+        "code": {
+          "name": "code",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "application_id": {
+          "name": "application_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "account_owner_id": {
+          "name": "account_owner_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "grant_type": {
+          "name": "grant_type",
+          "type": "grant_type",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'authorization_code'"
+        },
+        "scopes": {
+          "name": "scopes",
+          "type": "scope[]",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "access_tokens_application_id_applications_id_fk": {
+          "name": "access_tokens_application_id_applications_id_fk",
+          "tableFrom": "access_tokens",
+          "tableTo": "applications",
+          "columnsFrom": [
+            "application_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "access_tokens_account_owner_id_account_owners_id_fk": {
+          "name": "access_tokens_account_owner_id_account_owners_id_fk",
+          "tableFrom": "access_tokens",
+          "tableTo": "account_owners",
+          "columnsFrom": [
+            "account_owner_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.account_owners": {
+      "name": "account_owners",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "handle": {
+          "name": "handle",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "rsa_private_key_jwk": {
+          "name": "rsa_private_key_jwk",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "rsa_public_key_jwk": {
+          "name": "rsa_public_key_jwk",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "ed25519_private_key_jwk": {
+          "name": "ed25519_private_key_jwk",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "ed25519_public_key_jwk": {
+          "name": "ed25519_public_key_jwk",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "fields": {
+          "name": "fields",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'::json"
+        },
+        "bio": {
+          "name": "bio",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "followed_tags": {
+          "name": "followed_tags",
+          "type": "text[]",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'"
+        },
+        "visibility": {
+          "name": "visibility",
+          "type": "post_visibility",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'public'"
+        },
+        "language": {
+          "name": "language",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'en'"
+        },
+        "discoverable": {
+          "name": "discoverable",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "expand_spoilers": {
+          "name": "expand_spoilers",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "theme_color": {
+          "name": "theme_color",
+          "type": "theme_color",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "account_owners_id_accounts_id_fk": {
+          "name": "account_owners_id_accounts_id_fk",
+          "tableFrom": "account_owners",
+          "tableTo": "accounts",
+          "columnsFrom": [
+            "id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "account_owners_handle_unique": {
+          "name": "account_owners_handle_unique",
+          "nullsNotDistinct": false,
+          "columns": [
+            "handle"
+          ]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.accounts": {
+      "name": "accounts",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "iri": {
+          "name": "iri",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "type": {
+          "name": "type",
+          "type": "account_type",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "name": {
+          "name": "name",
+          "type": "varchar(100)",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "handle": {
+          "name": "handle",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "bio_html": {
+          "name": "bio_html",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "url": {
+          "name": "url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "protected": {
+          "name": "protected",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "avatar_url": {
+          "name": "avatar_url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "cover_url": {
+          "name": "cover_url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "inbox_url": {
+          "name": "inbox_url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "followers_url": {
+          "name": "followers_url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "shared_inbox_url": {
+          "name": "shared_inbox_url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "featured_url": {
+          "name": "featured_url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "following_count": {
+          "name": "following_count",
+          "type": "bigint",
+          "primaryKey": false,
+          "notNull": false,
+          "default": 0
+        },
+        "followers_count": {
+          "name": "followers_count",
+          "type": "bigint",
+          "primaryKey": false,
+          "notNull": false,
+          "default": 0
+        },
+        "posts_count": {
+          "name": "posts_count",
+          "type": "bigint",
+          "primaryKey": false,
+          "notNull": false,
+          "default": 0
+        },
+        "field_htmls": {
+          "name": "field_htmls",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'::json"
+        },
+        "emojis": {
+          "name": "emojis",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'::jsonb"
+        },
+        "sensitive": {
+          "name": "sensitive",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "successor_id": {
+          "name": "successor_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "aliases": {
+          "name": "aliases",
+          "type": "text[]",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "(ARRAY[]::text[])"
+        },
+        "instance_host": {
+          "name": "instance_host",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "published": {
+          "name": "published",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "updated": {
+          "name": "updated",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        },
+        "fetched": {
+          "name": "fetched",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "accounts_successor_id_accounts_id_fk": {
+          "name": "accounts_successor_id_accounts_id_fk",
+          "tableFrom": "accounts",
+          "tableTo": "accounts",
+          "columnsFrom": [
+            "successor_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "accounts_instance_host_instances_host_fk": {
+          "name": "accounts_instance_host_instances_host_fk",
+          "tableFrom": "accounts",
+          "tableTo": "instances",
+          "columnsFrom": [
+            "instance_host"
+          ],
+          "columnsTo": [
+            "host"
+          ],
+          "onDelete": "no action",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "accounts_iri_unique": {
+          "name": "accounts_iri_unique",
+          "nullsNotDistinct": false,
+          "columns": [
+            "iri"
+          ]
+        },
+        "accounts_handle_unique": {
+          "name": "accounts_handle_unique",
+          "nullsNotDistinct": false,
+          "columns": [
+            "handle"
+          ]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.applications": {
+      "name": "applications",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "name": {
+          "name": "name",
+          "type": "varchar(256)",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "redirect_uris": {
+          "name": "redirect_uris",
+          "type": "text[]",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "scopes": {
+          "name": "scopes",
+          "type": "scope[]",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "website": {
+          "name": "website",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "client_id": {
+          "name": "client_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "client_secret": {
+          "name": "client_secret",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "confidential": {
+          "name": "confidential",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "applications_client_id_unique": {
+          "name": "applications_client_id_unique",
+          "nullsNotDistinct": false,
+          "columns": [
+            "client_id"
+          ]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.blocks": {
+      "name": "blocks",
+      "schema": "",
+      "columns": {
+        "account_id": {
+          "name": "account_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "blocked_account_id": {
+          "name": "blocked_account_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        }
+      },
+      "indexes": {
+        "blocks_account_id_index": {
+          "name": "blocks_account_id_index",
+          "columns": [
+            {
+              "expression": "account_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "blocks_blocked_account_id_index": {
+          "name": "blocks_blocked_account_id_index",
+          "columns": [
+            {
+              "expression": "blocked_account_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "blocks_account_id_accounts_id_fk": {
+          "name": "blocks_account_id_accounts_id_fk",
+          "tableFrom": "blocks",
+          "tableTo": "accounts",
+          "columnsFrom": [
+            "account_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "blocks_blocked_account_id_accounts_id_fk": {
+          "name": "blocks_blocked_account_id_accounts_id_fk",
+          "tableFrom": "blocks",
+          "tableTo": "accounts",
+          "columnsFrom": [
+            "blocked_account_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {
+        "blocks_account_id_blocked_account_id_pk": {
+          "name": "blocks_account_id_blocked_account_id_pk",
+          "columns": [
+            "account_id",
+            "blocked_account_id"
+          ]
+        }
+      },
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.bookmarks": {
+      "name": "bookmarks",
+      "schema": "",
+      "columns": {
+        "post_id": {
+          "name": "post_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "account_owner_id": {
+          "name": "account_owner_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        }
+      },
+      "indexes": {
+        "bookmarks_post_id_account_owner_id_index": {
+          "name": "bookmarks_post_id_account_owner_id_index",
+          "columns": [
+            {
+              "expression": "post_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "account_owner_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "bookmarks_post_id_posts_id_fk": {
+          "name": "bookmarks_post_id_posts_id_fk",
+          "tableFrom": "bookmarks",
+          "tableTo": "posts",
+          "columnsFrom": [
+            "post_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "bookmarks_account_owner_id_account_owners_id_fk": {
+          "name": "bookmarks_account_owner_id_account_owners_id_fk",
+          "tableFrom": "bookmarks",
+          "tableTo": "account_owners",
+          "columnsFrom": [
+            "account_owner_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {
+        "bookmarks_post_id_account_owner_id_pk": {
+          "name": "bookmarks_post_id_account_owner_id_pk",
+          "columns": [
+            "post_id",
+            "account_owner_id"
+          ]
+        }
+      },
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.cleanup_job_items": {
+      "name": "cleanup_job_items",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "job_id": {
+          "name": "job_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "status": {
+          "name": "status",
+          "type": "cleanup_job_status",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'pending'"
+        },
+        "data": {
+          "name": "data",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "error_message": {
+          "name": "error_message",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "processed_at": {
+          "name": "processed_at",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        }
+      },
+      "indexes": {
+        "cleanup_job_items_job_id_status_index": {
+          "name": "cleanup_job_items_job_id_status_index",
+          "columns": [
+            {
+              "expression": "job_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "cleanup_job_items_job_id_cleanup_jobs_id_fk": {
+          "name": "cleanup_job_items_job_id_cleanup_jobs_id_fk",
+          "tableFrom": "cleanup_job_items",
+          "tableTo": "cleanup_jobs",
+          "columnsFrom": [
+            "job_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.cleanup_jobs": {
+      "name": "cleanup_jobs",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "category": {
+          "name": "category",
+          "type": "cleanup_job_category",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "status": {
+          "name": "status",
+          "type": "cleanup_job_status",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'pending'"
+        },
+        "total_items": {
+          "name": "total_items",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "processed_items": {
+          "name": "processed_items",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "successful_items": {
+          "name": "successful_items",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "failed_items": {
+          "name": "failed_items",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "error_message": {
+          "name": "error_message",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        },
+        "started_at": {
+          "name": "started_at",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "completed_at": {
+          "name": "completed_at",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "cleanup_jobs_status_created_index": {
+          "name": "cleanup_jobs_status_created_index",
+          "columns": [
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "created",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.credentials": {
+      "name": "credentials",
+      "schema": "",
+      "columns": {
+        "email": {
+          "name": "email",
+          "type": "varchar(254)",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "password_hash": {
+          "name": "password_hash",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.custom_emojis": {
+      "name": "custom_emojis",
+      "schema": "",
+      "columns": {
+        "shortcode": {
+          "name": "shortcode",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "url": {
+          "name": "url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "category": {
+          "name": "category",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.featured_tags": {
+      "name": "featured_tags",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "account_owner_id": {
+          "name": "account_owner_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "featured_tags_account_owner_id_account_owners_id_fk": {
+          "name": "featured_tags_account_owner_id_account_owners_id_fk",
+          "tableFrom": "featured_tags",
+          "tableTo": "account_owners",
+          "columnsFrom": [
+            "account_owner_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "featured_tags_account_owner_id_name_unique": {
+          "name": "featured_tags_account_owner_id_name_unique",
+          "nullsNotDistinct": false,
+          "columns": [
+            "account_owner_id",
+            "name"
+          ]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.follows": {
+      "name": "follows",
+      "schema": "",
+      "columns": {
+        "iri": {
+          "name": "iri",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "following_id": {
+          "name": "following_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "follower_id": {
+          "name": "follower_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "shares": {
+          "name": "shares",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "notify": {
+          "name": "notify",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "languages": {
+          "name": "languages",
+          "type": "text[]",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        },
+        "approved": {
+          "name": "approved",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "follows_following_id_approved_index": {
+          "name": "follows_following_id_approved_index",
+          "columns": [
+            {
+              "expression": "following_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "approved",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "where": "\"follows\".\"approved\" is not null",
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "follows_follower_id_following_id_approved_index": {
+          "name": "follows_follower_id_following_id_approved_index",
+          "columns": [
+            {
+              "expression": "follower_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "following_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "where": "\"follows\".\"approved\" is not null",
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "follows_following_id_created_index": {
+          "name": "follows_following_id_created_index",
+          "columns": [
+            {
+              "expression": "following_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "created",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "follows_following_id_accounts_id_fk": {
+          "name": "follows_following_id_accounts_id_fk",
+          "tableFrom": "follows",
+          "tableTo": "accounts",
+          "columnsFrom": [
+            "following_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "follows_follower_id_accounts_id_fk": {
+          "name": "follows_follower_id_accounts_id_fk",
+          "tableFrom": "follows",
+          "tableTo": "accounts",
+          "columnsFrom": [
+            "follower_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {
+        "follows_following_id_follower_id_pk": {
+          "name": "follows_following_id_follower_id_pk",
+          "columns": [
+            "following_id",
+            "follower_id"
+          ]
+        }
+      },
+      "uniqueConstraints": {
+        "follows_iri_unique": {
+          "name": "follows_iri_unique",
+          "nullsNotDistinct": false,
+          "columns": [
+            "iri"
+          ]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {
+        "ck_follows_self": {
+          "name": "ck_follows_self",
+          "value": "\"follows\".\"following_id\" != \"follows\".\"follower_id\""
+        }
+      },
+      "isRLSEnabled": false
+    },
+    "public.import_job_items": {
+      "name": "import_job_items",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "job_id": {
+          "name": "job_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "status": {
+          "name": "status",
+          "type": "import_job_status",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'pending'"
+        },
+        "data": {
+          "name": "data",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "error_message": {
+          "name": "error_message",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "processed_at": {
+          "name": "processed_at",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        }
+      },
+      "indexes": {
+        "import_job_items_job_id_status_index": {
+          "name": "import_job_items_job_id_status_index",
+          "columns": [
+            {
+              "expression": "job_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "import_job_items_job_id_import_jobs_id_fk": {
+          "name": "import_job_items_job_id_import_jobs_id_fk",
+          "tableFrom": "import_job_items",
+          "tableTo": "import_jobs",
+          "columnsFrom": [
+            "job_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.import_jobs": {
+      "name": "import_jobs",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "account_owner_id": {
+          "name": "account_owner_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "category": {
+          "name": "category",
+          "type": "import_job_category",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "status": {
+          "name": "status",
+          "type": "import_job_status",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'pending'"
+        },
+        "total_items": {
+          "name": "total_items",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "processed_items": {
+          "name": "processed_items",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "successful_items": {
+          "name": "successful_items",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "failed_items": {
+          "name": "failed_items",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "error_message": {
+          "name": "error_message",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        },
+        "started_at": {
+          "name": "started_at",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "completed_at": {
+          "name": "completed_at",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "import_jobs_account_owner_id_status_index": {
+          "name": "import_jobs_account_owner_id_status_index",
+          "columns": [
+            {
+              "expression": "account_owner_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "import_jobs_status_created_index": {
+          "name": "import_jobs_status_created_index",
+          "columns": [
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "created",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "import_jobs_account_owner_id_account_owners_id_fk": {
+          "name": "import_jobs_account_owner_id_account_owners_id_fk",
+          "tableFrom": "import_jobs",
+          "tableTo": "account_owners",
+          "columnsFrom": [
+            "account_owner_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.instances": {
+      "name": "instances",
+      "schema": "",
+      "columns": {
+        "host": {
+          "name": "host",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "software": {
+          "name": "software",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "software_version": {
+          "name": "software_version",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.likes": {
+      "name": "likes",
+      "schema": "",
+      "columns": {
+        "post_id": {
+          "name": "post_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "account_id": {
+          "name": "account_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        }
+      },
+      "indexes": {
+        "likes_account_id_post_id_index": {
+          "name": "likes_account_id_post_id_index",
+          "columns": [
+            {
+              "expression": "account_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "post_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "likes_created_index": {
+          "name": "likes_created_index",
+          "columns": [
+            {
+              "expression": "created",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "likes_post_id_posts_id_fk": {
+          "name": "likes_post_id_posts_id_fk",
+          "tableFrom": "likes",
+          "tableTo": "posts",
+          "columnsFrom": [
+            "post_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "likes_account_id_accounts_id_fk": {
+          "name": "likes_account_id_accounts_id_fk",
+          "tableFrom": "likes",
+          "tableTo": "accounts",
+          "columnsFrom": [
+            "account_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {
+        "likes_post_id_account_id_pk": {
+          "name": "likes_post_id_account_id_pk",
+          "columns": [
+            "post_id",
+            "account_id"
+          ]
+        }
+      },
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.list_members": {
+      "name": "list_members",
+      "schema": "",
+      "columns": {
+        "list_id": {
+          "name": "list_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "account_id": {
+          "name": "account_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "list_members_list_id_lists_id_fk": {
+          "name": "list_members_list_id_lists_id_fk",
+          "tableFrom": "list_members",
+          "tableTo": "lists",
+          "columnsFrom": [
+            "list_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "list_members_account_id_accounts_id_fk": {
+          "name": "list_members_account_id_accounts_id_fk",
+          "tableFrom": "list_members",
+          "tableTo": "accounts",
+          "columnsFrom": [
+            "account_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {
+        "list_members_list_id_account_id_pk": {
+          "name": "list_members_list_id_account_id_pk",
+          "columns": [
+            "list_id",
+            "account_id"
+          ]
+        }
+      },
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.list_posts": {
+      "name": "list_posts",
+      "schema": "",
+      "columns": {
+        "list_id": {
+          "name": "list_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "post_id": {
+          "name": "post_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        }
+      },
+      "indexes": {
+        "list_posts_list_id_post_id_index": {
+          "name": "list_posts_list_id_post_id_index",
+          "columns": [
+            {
+              "expression": "list_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "post_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "list_posts_list_id_lists_id_fk": {
+          "name": "list_posts_list_id_lists_id_fk",
+          "tableFrom": "list_posts",
+          "tableTo": "lists",
+          "columnsFrom": [
+            "list_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "list_posts_post_id_posts_id_fk": {
+          "name": "list_posts_post_id_posts_id_fk",
+          "tableFrom": "list_posts",
+          "tableTo": "posts",
+          "columnsFrom": [
+            "post_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {
+        "list_posts_list_id_post_id_pk": {
+          "name": "list_posts_list_id_post_id_pk",
+          "columns": [
+            "list_id",
+            "post_id"
+          ]
+        }
+      },
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.lists": {
+      "name": "lists",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "account_owner_id": {
+          "name": "account_owner_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "title": {
+          "name": "title",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "replies_policy": {
+          "name": "replies_policy",
+          "type": "list_replies_policy",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'list'"
+        },
+        "exclusive": {
+          "name": "exclusive",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "lists_account_owner_id_account_owners_id_fk": {
+          "name": "lists_account_owner_id_account_owners_id_fk",
+          "tableFrom": "lists",
+          "tableTo": "account_owners",
+          "columnsFrom": [
+            "account_owner_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.markers": {
+      "name": "markers",
+      "schema": "",
+      "columns": {
+        "account_owner_id": {
+          "name": "account_owner_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "type": {
+          "name": "type",
+          "type": "marker_type",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "last_read_id": {
+          "name": "last_read_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "version": {
+          "name": "version",
+          "type": "bigint",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 1
+        },
+        "updated": {
+          "name": "updated",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "markers_account_owner_id_account_owners_id_fk": {
+          "name": "markers_account_owner_id_account_owners_id_fk",
+          "tableFrom": "markers",
+          "tableTo": "account_owners",
+          "columnsFrom": [
+            "account_owner_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {
+        "markers_account_owner_id_type_pk": {
+          "name": "markers_account_owner_id_type_pk",
+          "columns": [
+            "account_owner_id",
+            "type"
+          ]
+        }
+      },
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.media": {
+      "name": "media",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "post_id": {
+          "name": "post_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "type": {
+          "name": "type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "url": {
+          "name": "url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "width": {
+          "name": "width",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "height": {
+          "name": "height",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "description": {
+          "name": "description",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "thumbnail_type": {
+          "name": "thumbnail_type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "thumbnail_url": {
+          "name": "thumbnail_url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "thumbnail_width": {
+          "name": "thumbnail_width",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "thumbnail_height": {
+          "name": "thumbnail_height",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        },
+        "thumbnail_cleaned": {
+          "name": "thumbnail_cleaned",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        }
+      },
+      "indexes": {
+        "media_post_id_index": {
+          "name": "media_post_id_index",
+          "columns": [
+            {
+              "expression": "post_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "media_post_id_posts_id_fk": {
+          "name": "media_post_id_posts_id_fk",
+          "tableFrom": "media",
+          "tableTo": "posts",
+          "columnsFrom": [
+            "post_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.mentions": {
+      "name": "mentions",
+      "schema": "",
+      "columns": {
+        "post_id": {
+          "name": "post_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "account_id": {
+          "name": "account_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        }
+      },
+      "indexes": {
+        "mentions_post_id_account_id_index": {
+          "name": "mentions_post_id_account_id_index",
+          "columns": [
+            {
+              "expression": "post_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "account_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "mentions_post_id_posts_id_fk": {
+          "name": "mentions_post_id_posts_id_fk",
+          "tableFrom": "mentions",
+          "tableTo": "posts",
+          "columnsFrom": [
+            "post_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "mentions_account_id_accounts_id_fk": {
+          "name": "mentions_account_id_accounts_id_fk",
+          "tableFrom": "mentions",
+          "tableTo": "accounts",
+          "columnsFrom": [
+            "account_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {
+        "mentions_post_id_account_id_pk": {
+          "name": "mentions_post_id_account_id_pk",
+          "columns": [
+            "post_id",
+            "account_id"
+          ]
+        }
+      },
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.mutes": {
+      "name": "mutes",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "account_id": {
+          "name": "account_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "muted_account_id": {
+          "name": "muted_account_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "notifications": {
+          "name": "notifications",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "duration": {
+          "name": "duration",
+          "type": "interval",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        }
+      },
+      "indexes": {
+        "mutes_account_id_index": {
+          "name": "mutes_account_id_index",
+          "columns": [
+            {
+              "expression": "account_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "mutes_account_id_accounts_id_fk": {
+          "name": "mutes_account_id_accounts_id_fk",
+          "tableFrom": "mutes",
+          "tableTo": "accounts",
+          "columnsFrom": [
+            "account_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "mutes_muted_account_id_accounts_id_fk": {
+          "name": "mutes_muted_account_id_accounts_id_fk",
+          "tableFrom": "mutes",
+          "tableTo": "accounts",
+          "columnsFrom": [
+            "muted_account_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "mutes_account_id_muted_account_id_unique": {
+          "name": "mutes_account_id_muted_account_id_unique",
+          "nullsNotDistinct": false,
+          "columns": [
+            "account_id",
+            "muted_account_id"
+          ]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.notification_groups": {
+      "name": "notification_groups",
+      "schema": "",
+      "columns": {
+        "group_key": {
+          "name": "group_key",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "account_owner_id": {
+          "name": "account_owner_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "type": {
+          "name": "type",
+          "type": "notification_type",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "target_post_id": {
+          "name": "target_post_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "notifications_count": {
+          "name": "notifications_count",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "most_recent_notification_id": {
+          "name": "most_recent_notification_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "sample_account_ids": {
+          "name": "sample_account_ids",
+          "type": "uuid[]",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'::uuid[]"
+        },
+        "latest_page_notification_at": {
+          "name": "latest_page_notification_at",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "page_min_id": {
+          "name": "page_min_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "page_max_id": {
+          "name": "page_max_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        },
+        "updated": {
+          "name": "updated",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        }
+      },
+      "indexes": {
+        "notification_groups_account_owner_id_updated_index": {
+          "name": "notification_groups_account_owner_id_updated_index",
+          "columns": [
+            {
+              "expression": "account_owner_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "updated",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "notification_groups_account_owner_id_type_index": {
+          "name": "notification_groups_account_owner_id_type_index",
+          "columns": [
+            {
+              "expression": "account_owner_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "type",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "notification_groups_account_owner_id_account_owners_id_fk": {
+          "name": "notification_groups_account_owner_id_account_owners_id_fk",
+          "tableFrom": "notification_groups",
+          "tableTo": "account_owners",
+          "columnsFrom": [
+            "account_owner_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "notification_groups_target_post_id_posts_id_fk": {
+          "name": "notification_groups_target_post_id_posts_id_fk",
+          "tableFrom": "notification_groups",
+          "tableTo": "posts",
+          "columnsFrom": [
+            "target_post_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "notification_groups_most_recent_notification_id_notifications_id_fk": {
+          "name": "notification_groups_most_recent_notification_id_notifications_id_fk",
+          "tableFrom": "notification_groups",
+          "tableTo": "notifications",
+          "columnsFrom": [
+            "most_recent_notification_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.notifications": {
+      "name": "notifications",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "account_owner_id": {
+          "name": "account_owner_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "type": {
+          "name": "type",
+          "type": "notification_type",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "actor_account_id": {
+          "name": "actor_account_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "target_post_id": {
+          "name": "target_post_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "target_account_id": {
+          "name": "target_account_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "target_poll_id": {
+          "name": "target_poll_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "group_key": {
+          "name": "group_key",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        },
+        "read_at": {
+          "name": "read_at",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "notifications_account_owner_id_created_index": {
+          "name": "notifications_account_owner_id_created_index",
+          "columns": [
+            {
+              "expression": "account_owner_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "created",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "notifications_account_owner_id_read_at_index": {
+          "name": "notifications_account_owner_id_read_at_index",
+          "columns": [
+            {
+              "expression": "account_owner_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "read_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "notifications_group_key_index": {
+          "name": "notifications_group_key_index",
+          "columns": [
+            {
+              "expression": "group_key",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "notifications_created_index": {
+          "name": "notifications_created_index",
+          "columns": [
+            {
+              "expression": "created",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "notifications_account_owner_id_account_owners_id_fk": {
+          "name": "notifications_account_owner_id_account_owners_id_fk",
+          "tableFrom": "notifications",
+          "tableTo": "account_owners",
+          "columnsFrom": [
+            "account_owner_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "notifications_actor_account_id_accounts_id_fk": {
+          "name": "notifications_actor_account_id_accounts_id_fk",
+          "tableFrom": "notifications",
+          "tableTo": "accounts",
+          "columnsFrom": [
+            "actor_account_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "notifications_target_post_id_posts_id_fk": {
+          "name": "notifications_target_post_id_posts_id_fk",
+          "tableFrom": "notifications",
+          "tableTo": "posts",
+          "columnsFrom": [
+            "target_post_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "notifications_target_account_id_accounts_id_fk": {
+          "name": "notifications_target_account_id_accounts_id_fk",
+          "tableFrom": "notifications",
+          "tableTo": "accounts",
+          "columnsFrom": [
+            "target_account_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "notifications_target_poll_id_polls_id_fk": {
+          "name": "notifications_target_poll_id_polls_id_fk",
+          "tableFrom": "notifications",
+          "tableTo": "polls",
+          "columnsFrom": [
+            "target_poll_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.passkeys": {
+      "name": "passkeys",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "credential_email": {
+          "name": "credential_email",
+          "type": "varchar(254)",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "public_key": {
+          "name": "public_key",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "counter": {
+          "name": "counter",
+          "type": "bigint",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "transports": {
+          "name": "transports",
+          "type": "text[]",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "(ARRAY[]::text[])"
+        },
+        "device_type": {
+          "name": "device_type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "backed_up": {
+          "name": "backed_up",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "nickname": {
+          "name": "nickname",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "last_used": {
+          "name": "last_used",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "passkeys_credential_email_credentials_email_fk": {
+          "name": "passkeys_credential_email_credentials_email_fk",
+          "tableFrom": "passkeys",
+          "tableTo": "credentials",
+          "columnsFrom": [
+            "credential_email"
+          ],
+          "columnsTo": [
+            "email"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.pinned_posts": {
+      "name": "pinned_posts",
+      "schema": "",
+      "columns": {
+        "index": {
+          "name": "index",
+          "type": "bigserial",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "post_id": {
+          "name": "post_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "account_id": {
+          "name": "account_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        }
+      },
+      "indexes": {
+        "pinned_posts_account_id_post_id_index": {
+          "name": "pinned_posts_account_id_post_id_index",
+          "columns": [
+            {
+              "expression": "account_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "post_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "pinned_posts_account_id_accounts_id_fk": {
+          "name": "pinned_posts_account_id_accounts_id_fk",
+          "tableFrom": "pinned_posts",
+          "tableTo": "accounts",
+          "columnsFrom": [
+            "account_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "pinned_posts_post_id_account_id_posts_id_actor_id_fk": {
+          "name": "pinned_posts_post_id_account_id_posts_id_actor_id_fk",
+          "tableFrom": "pinned_posts",
+          "tableTo": "posts",
+          "columnsFrom": [
+            "post_id",
+            "account_id"
+          ],
+          "columnsTo": [
+            "id",
+            "actor_id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "pinned_posts_post_id_account_id_unique": {
+          "name": "pinned_posts_post_id_account_id_unique",
+          "nullsNotDistinct": false,
+          "columns": [
+            "post_id",
+            "account_id"
+          ]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.poll_options": {
+      "name": "poll_options",
+      "schema": "",
+      "columns": {
+        "poll_id": {
+          "name": "poll_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "index": {
+          "name": "index",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "title": {
+          "name": "title",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "votes_count": {
+          "name": "votes_count",
+          "type": "bigint",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        }
+      },
+      "indexes": {
+        "poll_options_poll_id_index_index": {
+          "name": "poll_options_poll_id_index_index",
+          "columns": [
+            {
+              "expression": "poll_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "index",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "poll_options_poll_id_polls_id_fk": {
+          "name": "poll_options_poll_id_polls_id_fk",
+          "tableFrom": "poll_options",
+          "tableTo": "polls",
+          "columnsFrom": [
+            "poll_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {
+        "poll_options_poll_id_index_pk": {
+          "name": "poll_options_poll_id_index_pk",
+          "columns": [
+            "poll_id",
+            "index"
+          ]
+        }
+      },
+      "uniqueConstraints": {
+        "poll_options_poll_id_title_unique": {
+          "name": "poll_options_poll_id_title_unique",
+          "nullsNotDistinct": false,
+          "columns": [
+            "poll_id",
+            "title"
+          ]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.poll_votes": {
+      "name": "poll_votes",
+      "schema": "",
+      "columns": {
+        "poll_id": {
+          "name": "poll_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "option_index": {
+          "name": "option_index",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "account_id": {
+          "name": "account_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        }
+      },
+      "indexes": {
+        "poll_votes_poll_id_account_id_index": {
+          "name": "poll_votes_poll_id_account_id_index",
+          "columns": [
+            {
+              "expression": "poll_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "account_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "poll_votes_poll_id_polls_id_fk": {
+          "name": "poll_votes_poll_id_polls_id_fk",
+          "tableFrom": "poll_votes",
+          "tableTo": "polls",
+          "columnsFrom": [
+            "poll_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "poll_votes_account_id_accounts_id_fk": {
+          "name": "poll_votes_account_id_accounts_id_fk",
+          "tableFrom": "poll_votes",
+          "tableTo": "accounts",
+          "columnsFrom": [
+            "account_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "poll_votes_poll_id_option_index_poll_options_poll_id_index_fk": {
+          "name": "poll_votes_poll_id_option_index_poll_options_poll_id_index_fk",
+          "tableFrom": "poll_votes",
+          "tableTo": "poll_options",
+          "columnsFrom": [
+            "poll_id",
+            "option_index"
+          ],
+          "columnsTo": [
+            "poll_id",
+            "index"
+          ],
+          "onDelete": "no action",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {
+        "poll_votes_poll_id_option_index_account_id_pk": {
+          "name": "poll_votes_poll_id_option_index_account_id_pk",
+          "columns": [
+            "poll_id",
+            "option_index",
+            "account_id"
+          ]
+        }
+      },
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.polls": {
+      "name": "polls",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "multiple": {
+          "name": "multiple",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "voters_count": {
+          "name": "voters_count",
+          "type": "bigint",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "expires": {
+          "name": "expires",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.posts": {
+      "name": "posts",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "iri": {
+          "name": "iri",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "type": {
+          "name": "type",
+          "type": "post_type",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "actor_id": {
+          "name": "actor_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "application_id": {
+          "name": "application_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "reply_target_id": {
+          "name": "reply_target_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "sharing_id": {
+          "name": "sharing_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "quote_target_id": {
+          "name": "quote_target_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "quote_target_iri": {
+          "name": "quote_target_iri",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "quote_state": {
+          "name": "quote_state",
+          "type": "quote_state",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "quote_authorization_iri": {
+          "name": "quote_authorization_iri",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "quote_approval_policy": {
+          "name": "quote_approval_policy",
+          "type": "quote_approval_policy",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'public'"
+        },
+        "visibility": {
+          "name": "visibility",
+          "type": "post_visibility",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "summary": {
+          "name": "summary",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "content_html": {
+          "name": "content_html",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "content": {
+          "name": "content",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "poll_id": {
+          "name": "poll_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "language": {
+          "name": "language",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "tags": {
+          "name": "tags",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'::jsonb"
+        },
+        "emojis": {
+          "name": "emojis",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'::jsonb"
+        },
+        "sensitive": {
+          "name": "sensitive",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "url": {
+          "name": "url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "preview_card": {
+          "name": "preview_card",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "replies_count": {
+          "name": "replies_count",
+          "type": "bigint",
+          "primaryKey": false,
+          "notNull": false,
+          "default": 0
+        },
+        "shares_count": {
+          "name": "shares_count",
+          "type": "bigint",
+          "primaryKey": false,
+          "notNull": false,
+          "default": 0
+        },
+        "likes_count": {
+          "name": "likes_count",
+          "type": "bigint",
+          "primaryKey": false,
+          "notNull": false,
+          "default": 0
+        },
+        "quotes_count": {
+          "name": "quotes_count",
+          "type": "bigint",
+          "primaryKey": false,
+          "notNull": false,
+          "default": 0
+        },
+        "idempotence_key": {
+          "name": "idempotence_key",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "published": {
+          "name": "published",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "updated": {
+          "name": "updated",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        }
+      },
+      "indexes": {
+        "posts_sharing_id_index": {
+          "name": "posts_sharing_id_index",
+          "columns": [
+            {
+              "expression": "sharing_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "posts_actor_id_index": {
+          "name": "posts_actor_id_index",
+          "columns": [
+            {
+              "expression": "actor_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "posts_actor_id_sharing_id_index": {
+          "name": "posts_actor_id_sharing_id_index",
+          "columns": [
+            {
+              "expression": "actor_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "sharing_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "posts_reply_target_id_index": {
+          "name": "posts_reply_target_id_index",
+          "columns": [
+            {
+              "expression": "reply_target_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "posts_actor_id_reply_target_id_index": {
+          "name": "posts_actor_id_reply_target_id_index",
+          "columns": [
+            {
+              "expression": "actor_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "reply_target_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "posts_quote_target_id_index": {
+          "name": "posts_quote_target_id_index",
+          "columns": [
+            {
+              "expression": "quote_target_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "where": "\"posts\".\"quote_target_id\" is not null",
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "posts_visibility_actor_id_index": {
+          "name": "posts_visibility_actor_id_index",
+          "columns": [
+            {
+              "expression": "visibility",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "actor_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "posts_visibility_actor_id_sharing_id_index": {
+          "name": "posts_visibility_actor_id_sharing_id_index",
+          "columns": [
+            {
+              "expression": "visibility",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "actor_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "sharing_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "where": "\"posts\".\"sharing_id\" is not null",
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "posts_visibility_actor_id_reply_target_id_index": {
+          "name": "posts_visibility_actor_id_reply_target_id_index",
+          "columns": [
+            {
+              "expression": "visibility",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "actor_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "reply_target_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "where": "\"posts\".\"reply_target_id\" is not null",
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "posts_actor_id_accounts_id_fk": {
+          "name": "posts_actor_id_accounts_id_fk",
+          "tableFrom": "posts",
+          "tableTo": "accounts",
+          "columnsFrom": [
+            "actor_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "posts_application_id_applications_id_fk": {
+          "name": "posts_application_id_applications_id_fk",
+          "tableFrom": "posts",
+          "tableTo": "applications",
+          "columnsFrom": [
+            "application_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        },
+        "posts_reply_target_id_posts_id_fk": {
+          "name": "posts_reply_target_id_posts_id_fk",
+          "tableFrom": "posts",
+          "tableTo": "posts",
+          "columnsFrom": [
+            "reply_target_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        },
+        "posts_sharing_id_posts_id_fk": {
+          "name": "posts_sharing_id_posts_id_fk",
+          "tableFrom": "posts",
+          "tableTo": "posts",
+          "columnsFrom": [
+            "sharing_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "posts_quote_target_id_posts_id_fk": {
+          "name": "posts_quote_target_id_posts_id_fk",
+          "tableFrom": "posts",
+          "tableTo": "posts",
+          "columnsFrom": [
+            "quote_target_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        },
+        "posts_poll_id_polls_id_fk": {
+          "name": "posts_poll_id_polls_id_fk",
+          "tableFrom": "posts",
+          "tableTo": "polls",
+          "columnsFrom": [
+            "poll_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "posts_iri_unique": {
+          "name": "posts_iri_unique",
+          "nullsNotDistinct": false,
+          "columns": [
+            "iri"
+          ]
+        },
+        "posts_id_actor_id_unique": {
+          "name": "posts_id_actor_id_unique",
+          "nullsNotDistinct": false,
+          "columns": [
+            "id",
+            "actor_id"
+          ]
+        },
+        "posts_poll_id_unique": {
+          "name": "posts_poll_id_unique",
+          "nullsNotDistinct": false,
+          "columns": [
+            "poll_id"
+          ]
+        },
+        "posts_actor_id_sharing_id_unique": {
+          "name": "posts_actor_id_sharing_id_unique",
+          "nullsNotDistinct": false,
+          "columns": [
+            "actor_id",
+            "sharing_id"
+          ]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.reactions": {
+      "name": "reactions",
+      "schema": "",
+      "columns": {
+        "post_id": {
+          "name": "post_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "account_id": {
+          "name": "account_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "emoji": {
+          "name": "emoji",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "custom_emoji": {
+          "name": "custom_emoji",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "emoji_iri": {
+          "name": "emoji_iri",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        }
+      },
+      "indexes": {
+        "reactions_post_id_index": {
+          "name": "reactions_post_id_index",
+          "columns": [
+            {
+              "expression": "post_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "reactions_post_id_account_id_index": {
+          "name": "reactions_post_id_account_id_index",
+          "columns": [
+            {
+              "expression": "post_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "account_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "reactions_created_index": {
+          "name": "reactions_created_index",
+          "columns": [
+            {
+              "expression": "created",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "reactions_post_id_posts_id_fk": {
+          "name": "reactions_post_id_posts_id_fk",
+          "tableFrom": "reactions",
+          "tableTo": "posts",
+          "columnsFrom": [
+            "post_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "reactions_account_id_accounts_id_fk": {
+          "name": "reactions_account_id_accounts_id_fk",
+          "tableFrom": "reactions",
+          "tableTo": "accounts",
+          "columnsFrom": [
+            "account_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {
+        "reactions_post_id_account_id_emoji_pk": {
+          "name": "reactions_post_id_account_id_emoji_pk",
+          "columns": [
+            "post_id",
+            "account_id",
+            "emoji"
+          ]
+        }
+      },
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.remote_reply_scrape_jobs": {
+      "name": "remote_reply_scrape_jobs",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "post_id": {
+          "name": "post_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "post_iri": {
+          "name": "post_iri",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "replies_iri": {
+          "name": "replies_iri",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "base_url": {
+          "name": "base_url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "origin_host": {
+          "name": "origin_host",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "depth": {
+          "name": "depth",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "status": {
+          "name": "status",
+          "type": "remote_reply_scrape_job_status",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'pending'"
+        },
+        "attempts": {
+          "name": "attempts",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "fetched_items": {
+          "name": "fetched_items",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "next_attempt_at": {
+          "name": "next_attempt_at",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        },
+        "error_message": {
+          "name": "error_message",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        },
+        "started_at": {
+          "name": "started_at",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "completed_at": {
+          "name": "completed_at",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "updated": {
+          "name": "updated",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        }
+      },
+      "indexes": {
+        "remote_reply_scrape_jobs_claim_index": {
+          "name": "remote_reply_scrape_jobs_claim_index",
+          "columns": [
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "next_attempt_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "created",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "remote_reply_scrape_jobs_origin_claim_index": {
+          "name": "remote_reply_scrape_jobs_origin_claim_index",
+          "columns": [
+            {
+              "expression": "origin_host",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "next_attempt_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "created",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "remote_reply_scrape_jobs_stale_processing_index": {
+          "name": "remote_reply_scrape_jobs_stale_processing_index",
+          "columns": [
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "updated",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "remote_reply_scrape_jobs_post_id_posts_id_fk": {
+          "name": "remote_reply_scrape_jobs_post_id_posts_id_fk",
+          "tableFrom": "remote_reply_scrape_jobs",
+          "tableTo": "posts",
+          "columnsFrom": [
+            "post_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "remote_reply_scrape_jobs_replies_iri_unique": {
+          "name": "remote_reply_scrape_jobs_replies_iri_unique",
+          "nullsNotDistinct": false,
+          "columns": [
+            "replies_iri"
+          ]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.remote_reply_scrape_origins": {
+      "name": "remote_reply_scrape_origins",
+      "schema": "",
+      "columns": {
+        "origin_host": {
+          "name": "origin_host",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "next_request_at": {
+          "name": "next_request_at",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        },
+        "last_request_at": {
+          "name": "last_request_at",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "processing_job_id": {
+          "name": "processing_job_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "processing_started_at": {
+          "name": "processing_started_at",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "updated": {
+          "name": "updated",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        }
+      },
+      "indexes": {
+        "remote_reply_scrape_origins_next_request_at_index": {
+          "name": "remote_reply_scrape_origins_next_request_at_index",
+          "columns": [
+            {
+              "expression": "next_request_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "remote_reply_scrape_origins_processing_job_id_index": {
+          "name": "remote_reply_scrape_origins_processing_job_id_index",
+          "columns": [
+            {
+              "expression": "processing_job_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.reports": {
+      "name": "reports",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "iri": {
+          "name": "iri",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "account_id": {
+          "name": "account_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "target_account_id": {
+          "name": "target_account_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        },
+        "comment": {
+          "name": "comment",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "posts": {
+          "name": "posts",
+          "type": "uuid[]",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'::uuid[]"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "reports_account_id_accounts_id_fk": {
+          "name": "reports_account_id_accounts_id_fk",
+          "tableFrom": "reports",
+          "tableTo": "accounts",
+          "columnsFrom": [
+            "account_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "reports_target_account_id_accounts_id_fk": {
+          "name": "reports_target_account_id_accounts_id_fk",
+          "tableFrom": "reports",
+          "tableTo": "accounts",
+          "columnsFrom": [
+            "target_account_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "reports_iri_unique": {
+          "name": "reports_iri_unique",
+          "nullsNotDistinct": false,
+          "columns": [
+            "iri"
+          ]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.timeline_posts": {
+      "name": "timeline_posts",
+      "schema": "",
+      "columns": {
+        "account_id": {
+          "name": "account_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "post_id": {
+          "name": "post_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        }
+      },
+      "indexes": {
+        "timeline_posts_account_id_post_id_index": {
+          "name": "timeline_posts_account_id_post_id_index",
+          "columns": [
+            {
+              "expression": "account_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "post_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "timeline_posts_account_id_account_owners_id_fk": {
+          "name": "timeline_posts_account_id_account_owners_id_fk",
+          "tableFrom": "timeline_posts",
+          "tableTo": "account_owners",
+          "columnsFrom": [
+            "account_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "timeline_posts_post_id_posts_id_fk": {
+          "name": "timeline_posts_post_id_posts_id_fk",
+          "tableFrom": "timeline_posts",
+          "tableTo": "posts",
+          "columnsFrom": [
+            "post_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {
+        "timeline_posts_account_id_post_id_pk": {
+          "name": "timeline_posts_account_id_post_id_pk",
+          "columns": [
+            "account_id",
+            "post_id"
+          ]
+        }
+      },
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.totps": {
+      "name": "totps",
+      "schema": "",
+      "columns": {
+        "issuer": {
+          "name": "issuer",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "label": {
+          "name": "label",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "algorithm": {
+          "name": "algorithm",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "digits": {
+          "name": "digits",
+          "type": "smallint",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "period": {
+          "name": "period",
+          "type": "smallint",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "secret": {
+          "name": "secret",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    }
+  },
+  "enums": {
+    "public.account_type": {
+      "name": "account_type",
+      "schema": "public",
+      "values": [
+        "Application",
+        "Group",
+        "Organization",
+        "Person",
+        "Service"
+      ]
+    },
+    "public.cleanup_job_category": {
+      "name": "cleanup_job_category",
+      "schema": "public",
+      "values": [
+        "cleanup_thumbnails"
+      ]
+    },
+    "public.cleanup_job_status": {
+      "name": "cleanup_job_status",
+      "schema": "public",
+      "values": [
+        "pending",
+        "processing",
+        "completed",
+        "failed",
+        "cancelled"
+      ]
+    },
+    "public.grant_type": {
+      "name": "grant_type",
+      "schema": "public",
+      "values": [
+        "authorization_code",
+        "client_credentials"
+      ]
+    },
+    "public.import_job_category": {
+      "name": "import_job_category",
+      "schema": "public",
+      "values": [
+        "following_accounts",
+        "lists",
+        "muted_accounts",
+        "blocked_accounts",
+        "bookmarks"
+      ]
+    },
+    "public.import_job_status": {
+      "name": "import_job_status",
+      "schema": "public",
+      "values": [
+        "pending",
+        "processing",
+        "completed",
+        "failed",
+        "cancelled"
+      ]
+    },
+    "public.list_replies_policy": {
+      "name": "list_replies_policy",
+      "schema": "public",
+      "values": [
+        "followed",
+        "list",
+        "none"
+      ]
+    },
+    "public.marker_type": {
+      "name": "marker_type",
+      "schema": "public",
+      "values": [
+        "notifications",
+        "home"
+      ]
+    },
+    "public.notification_type": {
+      "name": "notification_type",
+      "schema": "public",
+      "values": [
+        "mention",
+        "status",
+        "reblog",
+        "follow",
+        "follow_request",
+        "favourite",
+        "emoji_reaction",
+        "poll",
+        "update",
+        "admin.sign_up",
+        "admin.report",
+        "quote",
+        "quoted_update"
+      ]
+    },
+    "public.post_type": {
+      "name": "post_type",
+      "schema": "public",
+      "values": [
+        "Article",
+        "Note",
+        "Question"
+      ]
+    },
+    "public.post_visibility": {
+      "name": "post_visibility",
+      "schema": "public",
+      "values": [
+        "public",
+        "unlisted",
+        "private",
+        "direct"
+      ]
+    },
+    "public.quote_approval_policy": {
+      "name": "quote_approval_policy",
+      "schema": "public",
+      "values": [
+        "public",
+        "followers",
+        "nobody"
+      ]
+    },
+    "public.quote_state": {
+      "name": "quote_state",
+      "schema": "public",
+      "values": [
+        "pending",
+        "accepted",
+        "rejected",
+        "revoked",
+        "unauthorized"
+      ]
+    },
+    "public.remote_reply_scrape_job_status": {
+      "name": "remote_reply_scrape_job_status",
+      "schema": "public",
+      "values": [
+        "pending",
+        "processing",
+        "completed",
+        "failed"
+      ]
+    },
+    "public.scope": {
+      "name": "scope",
+      "schema": "public",
+      "values": [
+        "read",
+        "read:accounts",
+        "read:blocks",
+        "read:bookmarks",
+        "read:favourites",
+        "read:filters",
+        "read:follows",
+        "read:lists",
+        "read:mutes",
+        "read:notifications",
+        "read:search",
+        "read:statuses",
+        "write",
+        "write:accounts",
+        "write:blocks",
+        "write:bookmarks",
+        "write:conversations",
+        "write:favourites",
+        "write:filters",
+        "write:follows",
+        "write:lists",
+        "write:media",
+        "write:mutes",
+        "write:notifications",
+        "write:reports",
+        "write:statuses",
+        "follow",
+        "push",
+        "profile"
+      ]
+    },
+    "public.theme_color": {
+      "name": "theme_color",
+      "schema": "public",
+      "values": [
+        "amber",
+        "azure",
+        "blue",
+        "cyan",
+        "fuchsia",
+        "green",
+        "grey",
+        "indigo",
+        "jade",
+        "lime",
+        "orange",
+        "pink",
+        "pumpkin",
+        "purple",
+        "red",
+        "sand",
+        "slate",
+        "violet",
+        "yellow",
+        "zinc"
+      ]
+    }
+  },
+  "schemas": {},
+  "sequences": {},
+  "roles": {},
+  "policies": {},
+  "views": {},
+  "_meta": {
+    "columns": {},
+    "schemas": {},
+    "tables": {}
+  }
+}
\ No newline at end of file
diff --git a/drizzle/meta/0089_snapshot.json b/drizzle/meta/0089_snapshot.json
new file mode 100644
index 00000000..064d818d
--- /dev/null
+++ b/drizzle/meta/0089_snapshot.json
@@ -0,0 +1,4583 @@
+{
+  "id": "edb4f923-d7c3-4a7c-8126-1d4dfd6e94d0",
+  "prevId": "6304a3ed-3b7c-4681-bfdc-c5c162553d52",
+  "version": "7",
+  "dialect": "postgresql",
+  "tables": {
+    "public.access_grants": {
+      "name": "access_grants",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "code": {
+          "name": "code",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "expires_in": {
+          "name": "expires_in",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "redirect_uri": {
+          "name": "redirect_uri",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "scopes": {
+          "name": "scopes",
+          "type": "scope[]",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "code_challenge": {
+          "name": "code_challenge",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "code_challenge_method": {
+          "name": "code_challenge_method",
+          "type": "varchar(256)",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "application_id": {
+          "name": "application_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "resource_owner_id": {
+          "name": "resource_owner_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        },
+        "revoked": {
+          "name": "revoked",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "access_grants_resource_owner_id_index": {
+          "name": "access_grants_resource_owner_id_index",
+          "columns": [
+            {
+              "expression": "resource_owner_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "access_grants_application_id_applications_id_fk": {
+          "name": "access_grants_application_id_applications_id_fk",
+          "tableFrom": "access_grants",
+          "tableTo": "applications",
+          "columnsFrom": [
+            "application_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "access_grants_resource_owner_id_account_owners_id_fk": {
+          "name": "access_grants_resource_owner_id_account_owners_id_fk",
+          "tableFrom": "access_grants",
+          "tableTo": "account_owners",
+          "columnsFrom": [
+            "resource_owner_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "access_grants_code_unique": {
+          "name": "access_grants_code_unique",
+          "nullsNotDistinct": false,
+          "columns": [
+            "code"
+          ]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.access_tokens": {
+      "name": "access_tokens",
+      "schema": "",
+      "columns": {
+        "code": {
+          "name": "code",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "application_id": {
+          "name": "application_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "account_owner_id": {
+          "name": "account_owner_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "grant_type": {
+          "name": "grant_type",
+          "type": "grant_type",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'authorization_code'"
+        },
+        "scopes": {
+          "name": "scopes",
+          "type": "scope[]",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "access_tokens_application_id_applications_id_fk": {
+          "name": "access_tokens_application_id_applications_id_fk",
+          "tableFrom": "access_tokens",
+          "tableTo": "applications",
+          "columnsFrom": [
+            "application_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "access_tokens_account_owner_id_account_owners_id_fk": {
+          "name": "access_tokens_account_owner_id_account_owners_id_fk",
+          "tableFrom": "access_tokens",
+          "tableTo": "account_owners",
+          "columnsFrom": [
+            "account_owner_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.account_owners": {
+      "name": "account_owners",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "handle": {
+          "name": "handle",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "rsa_private_key_jwk": {
+          "name": "rsa_private_key_jwk",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "rsa_public_key_jwk": {
+          "name": "rsa_public_key_jwk",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "ed25519_private_key_jwk": {
+          "name": "ed25519_private_key_jwk",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "ed25519_public_key_jwk": {
+          "name": "ed25519_public_key_jwk",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "fields": {
+          "name": "fields",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'::json"
+        },
+        "bio": {
+          "name": "bio",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "followed_tags": {
+          "name": "followed_tags",
+          "type": "text[]",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'"
+        },
+        "visibility": {
+          "name": "visibility",
+          "type": "post_visibility",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'public'"
+        },
+        "language": {
+          "name": "language",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'en'"
+        },
+        "discoverable": {
+          "name": "discoverable",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "expand_spoilers": {
+          "name": "expand_spoilers",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "theme_color": {
+          "name": "theme_color",
+          "type": "theme_color",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "account_owners_id_accounts_id_fk": {
+          "name": "account_owners_id_accounts_id_fk",
+          "tableFrom": "account_owners",
+          "tableTo": "accounts",
+          "columnsFrom": [
+            "id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "account_owners_handle_unique": {
+          "name": "account_owners_handle_unique",
+          "nullsNotDistinct": false,
+          "columns": [
+            "handle"
+          ]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.accounts": {
+      "name": "accounts",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "iri": {
+          "name": "iri",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "type": {
+          "name": "type",
+          "type": "account_type",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "name": {
+          "name": "name",
+          "type": "varchar(100)",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "handle": {
+          "name": "handle",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "bio_html": {
+          "name": "bio_html",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "url": {
+          "name": "url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "protected": {
+          "name": "protected",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "avatar_url": {
+          "name": "avatar_url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "cover_url": {
+          "name": "cover_url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "inbox_url": {
+          "name": "inbox_url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "followers_url": {
+          "name": "followers_url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "shared_inbox_url": {
+          "name": "shared_inbox_url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "featured_url": {
+          "name": "featured_url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "following_count": {
+          "name": "following_count",
+          "type": "bigint",
+          "primaryKey": false,
+          "notNull": false,
+          "default": 0
+        },
+        "followers_count": {
+          "name": "followers_count",
+          "type": "bigint",
+          "primaryKey": false,
+          "notNull": false,
+          "default": 0
+        },
+        "posts_count": {
+          "name": "posts_count",
+          "type": "bigint",
+          "primaryKey": false,
+          "notNull": false,
+          "default": 0
+        },
+        "field_htmls": {
+          "name": "field_htmls",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'::json"
+        },
+        "emojis": {
+          "name": "emojis",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'::jsonb"
+        },
+        "sensitive": {
+          "name": "sensitive",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "successor_id": {
+          "name": "successor_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "aliases": {
+          "name": "aliases",
+          "type": "text[]",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "(ARRAY[]::text[])"
+        },
+        "instance_host": {
+          "name": "instance_host",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "published": {
+          "name": "published",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "updated": {
+          "name": "updated",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        },
+        "fetched": {
+          "name": "fetched",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "accounts_successor_id_accounts_id_fk": {
+          "name": "accounts_successor_id_accounts_id_fk",
+          "tableFrom": "accounts",
+          "tableTo": "accounts",
+          "columnsFrom": [
+            "successor_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "accounts_instance_host_instances_host_fk": {
+          "name": "accounts_instance_host_instances_host_fk",
+          "tableFrom": "accounts",
+          "tableTo": "instances",
+          "columnsFrom": [
+            "instance_host"
+          ],
+          "columnsTo": [
+            "host"
+          ],
+          "onDelete": "no action",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "accounts_iri_unique": {
+          "name": "accounts_iri_unique",
+          "nullsNotDistinct": false,
+          "columns": [
+            "iri"
+          ]
+        },
+        "accounts_handle_unique": {
+          "name": "accounts_handle_unique",
+          "nullsNotDistinct": false,
+          "columns": [
+            "handle"
+          ]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.applications": {
+      "name": "applications",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "name": {
+          "name": "name",
+          "type": "varchar(256)",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "redirect_uris": {
+          "name": "redirect_uris",
+          "type": "text[]",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "scopes": {
+          "name": "scopes",
+          "type": "scope[]",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "website": {
+          "name": "website",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "client_id": {
+          "name": "client_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "client_secret": {
+          "name": "client_secret",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "confidential": {
+          "name": "confidential",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "applications_client_id_unique": {
+          "name": "applications_client_id_unique",
+          "nullsNotDistinct": false,
+          "columns": [
+            "client_id"
+          ]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.blocks": {
+      "name": "blocks",
+      "schema": "",
+      "columns": {
+        "account_id": {
+          "name": "account_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "blocked_account_id": {
+          "name": "blocked_account_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        }
+      },
+      "indexes": {
+        "blocks_account_id_index": {
+          "name": "blocks_account_id_index",
+          "columns": [
+            {
+              "expression": "account_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "blocks_blocked_account_id_index": {
+          "name": "blocks_blocked_account_id_index",
+          "columns": [
+            {
+              "expression": "blocked_account_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "blocks_account_id_accounts_id_fk": {
+          "name": "blocks_account_id_accounts_id_fk",
+          "tableFrom": "blocks",
+          "tableTo": "accounts",
+          "columnsFrom": [
+            "account_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "blocks_blocked_account_id_accounts_id_fk": {
+          "name": "blocks_blocked_account_id_accounts_id_fk",
+          "tableFrom": "blocks",
+          "tableTo": "accounts",
+          "columnsFrom": [
+            "blocked_account_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {
+        "blocks_account_id_blocked_account_id_pk": {
+          "name": "blocks_account_id_blocked_account_id_pk",
+          "columns": [
+            "account_id",
+            "blocked_account_id"
+          ]
+        }
+      },
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.bookmarks": {
+      "name": "bookmarks",
+      "schema": "",
+      "columns": {
+        "post_id": {
+          "name": "post_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "account_owner_id": {
+          "name": "account_owner_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        }
+      },
+      "indexes": {
+        "bookmarks_post_id_account_owner_id_index": {
+          "name": "bookmarks_post_id_account_owner_id_index",
+          "columns": [
+            {
+              "expression": "post_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "account_owner_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "bookmarks_post_id_posts_id_fk": {
+          "name": "bookmarks_post_id_posts_id_fk",
+          "tableFrom": "bookmarks",
+          "tableTo": "posts",
+          "columnsFrom": [
+            "post_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "bookmarks_account_owner_id_account_owners_id_fk": {
+          "name": "bookmarks_account_owner_id_account_owners_id_fk",
+          "tableFrom": "bookmarks",
+          "tableTo": "account_owners",
+          "columnsFrom": [
+            "account_owner_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {
+        "bookmarks_post_id_account_owner_id_pk": {
+          "name": "bookmarks_post_id_account_owner_id_pk",
+          "columns": [
+            "post_id",
+            "account_owner_id"
+          ]
+        }
+      },
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.cleanup_job_items": {
+      "name": "cleanup_job_items",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "job_id": {
+          "name": "job_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "status": {
+          "name": "status",
+          "type": "cleanup_job_status",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'pending'"
+        },
+        "data": {
+          "name": "data",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "error_message": {
+          "name": "error_message",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "processed_at": {
+          "name": "processed_at",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        }
+      },
+      "indexes": {
+        "cleanup_job_items_job_id_status_index": {
+          "name": "cleanup_job_items_job_id_status_index",
+          "columns": [
+            {
+              "expression": "job_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "cleanup_job_items_job_id_cleanup_jobs_id_fk": {
+          "name": "cleanup_job_items_job_id_cleanup_jobs_id_fk",
+          "tableFrom": "cleanup_job_items",
+          "tableTo": "cleanup_jobs",
+          "columnsFrom": [
+            "job_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.cleanup_jobs": {
+      "name": "cleanup_jobs",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "category": {
+          "name": "category",
+          "type": "cleanup_job_category",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "status": {
+          "name": "status",
+          "type": "cleanup_job_status",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'pending'"
+        },
+        "total_items": {
+          "name": "total_items",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "processed_items": {
+          "name": "processed_items",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "successful_items": {
+          "name": "successful_items",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "failed_items": {
+          "name": "failed_items",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "error_message": {
+          "name": "error_message",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        },
+        "started_at": {
+          "name": "started_at",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "completed_at": {
+          "name": "completed_at",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "cleanup_jobs_status_created_index": {
+          "name": "cleanup_jobs_status_created_index",
+          "columns": [
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "created",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.credentials": {
+      "name": "credentials",
+      "schema": "",
+      "columns": {
+        "email": {
+          "name": "email",
+          "type": "varchar(254)",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "password_hash": {
+          "name": "password_hash",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.custom_emojis": {
+      "name": "custom_emojis",
+      "schema": "",
+      "columns": {
+        "shortcode": {
+          "name": "shortcode",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "url": {
+          "name": "url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "category": {
+          "name": "category",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.featured_tags": {
+      "name": "featured_tags",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "account_owner_id": {
+          "name": "account_owner_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "featured_tags_account_owner_id_account_owners_id_fk": {
+          "name": "featured_tags_account_owner_id_account_owners_id_fk",
+          "tableFrom": "featured_tags",
+          "tableTo": "account_owners",
+          "columnsFrom": [
+            "account_owner_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "featured_tags_account_owner_id_name_unique": {
+          "name": "featured_tags_account_owner_id_name_unique",
+          "nullsNotDistinct": false,
+          "columns": [
+            "account_owner_id",
+            "name"
+          ]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.follows": {
+      "name": "follows",
+      "schema": "",
+      "columns": {
+        "iri": {
+          "name": "iri",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "following_id": {
+          "name": "following_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "follower_id": {
+          "name": "follower_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "shares": {
+          "name": "shares",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "notify": {
+          "name": "notify",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "languages": {
+          "name": "languages",
+          "type": "text[]",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        },
+        "approved": {
+          "name": "approved",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "follows_following_id_approved_index": {
+          "name": "follows_following_id_approved_index",
+          "columns": [
+            {
+              "expression": "following_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "approved",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "where": "\"follows\".\"approved\" is not null",
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "follows_follower_id_following_id_approved_index": {
+          "name": "follows_follower_id_following_id_approved_index",
+          "columns": [
+            {
+              "expression": "follower_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "following_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "where": "\"follows\".\"approved\" is not null",
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "follows_following_id_created_index": {
+          "name": "follows_following_id_created_index",
+          "columns": [
+            {
+              "expression": "following_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "created",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "follows_following_id_accounts_id_fk": {
+          "name": "follows_following_id_accounts_id_fk",
+          "tableFrom": "follows",
+          "tableTo": "accounts",
+          "columnsFrom": [
+            "following_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "follows_follower_id_accounts_id_fk": {
+          "name": "follows_follower_id_accounts_id_fk",
+          "tableFrom": "follows",
+          "tableTo": "accounts",
+          "columnsFrom": [
+            "follower_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {
+        "follows_following_id_follower_id_pk": {
+          "name": "follows_following_id_follower_id_pk",
+          "columns": [
+            "following_id",
+            "follower_id"
+          ]
+        }
+      },
+      "uniqueConstraints": {
+        "follows_iri_unique": {
+          "name": "follows_iri_unique",
+          "nullsNotDistinct": false,
+          "columns": [
+            "iri"
+          ]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {
+        "ck_follows_self": {
+          "name": "ck_follows_self",
+          "value": "\"follows\".\"following_id\" != \"follows\".\"follower_id\""
+        }
+      },
+      "isRLSEnabled": false
+    },
+    "public.import_job_items": {
+      "name": "import_job_items",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "job_id": {
+          "name": "job_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "status": {
+          "name": "status",
+          "type": "import_job_status",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'pending'"
+        },
+        "data": {
+          "name": "data",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "error_message": {
+          "name": "error_message",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "processed_at": {
+          "name": "processed_at",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        }
+      },
+      "indexes": {
+        "import_job_items_job_id_status_index": {
+          "name": "import_job_items_job_id_status_index",
+          "columns": [
+            {
+              "expression": "job_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "import_job_items_job_id_import_jobs_id_fk": {
+          "name": "import_job_items_job_id_import_jobs_id_fk",
+          "tableFrom": "import_job_items",
+          "tableTo": "import_jobs",
+          "columnsFrom": [
+            "job_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.import_jobs": {
+      "name": "import_jobs",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "account_owner_id": {
+          "name": "account_owner_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "category": {
+          "name": "category",
+          "type": "import_job_category",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "status": {
+          "name": "status",
+          "type": "import_job_status",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'pending'"
+        },
+        "total_items": {
+          "name": "total_items",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "processed_items": {
+          "name": "processed_items",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "successful_items": {
+          "name": "successful_items",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "failed_items": {
+          "name": "failed_items",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "error_message": {
+          "name": "error_message",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        },
+        "started_at": {
+          "name": "started_at",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "completed_at": {
+          "name": "completed_at",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "import_jobs_account_owner_id_status_index": {
+          "name": "import_jobs_account_owner_id_status_index",
+          "columns": [
+            {
+              "expression": "account_owner_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "import_jobs_status_created_index": {
+          "name": "import_jobs_status_created_index",
+          "columns": [
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "created",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "import_jobs_account_owner_id_account_owners_id_fk": {
+          "name": "import_jobs_account_owner_id_account_owners_id_fk",
+          "tableFrom": "import_jobs",
+          "tableTo": "account_owners",
+          "columnsFrom": [
+            "account_owner_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.instances": {
+      "name": "instances",
+      "schema": "",
+      "columns": {
+        "host": {
+          "name": "host",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "software": {
+          "name": "software",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "software_version": {
+          "name": "software_version",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.likes": {
+      "name": "likes",
+      "schema": "",
+      "columns": {
+        "post_id": {
+          "name": "post_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "account_id": {
+          "name": "account_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        }
+      },
+      "indexes": {
+        "likes_account_id_post_id_index": {
+          "name": "likes_account_id_post_id_index",
+          "columns": [
+            {
+              "expression": "account_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "post_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "likes_created_index": {
+          "name": "likes_created_index",
+          "columns": [
+            {
+              "expression": "created",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "likes_post_id_posts_id_fk": {
+          "name": "likes_post_id_posts_id_fk",
+          "tableFrom": "likes",
+          "tableTo": "posts",
+          "columnsFrom": [
+            "post_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "likes_account_id_accounts_id_fk": {
+          "name": "likes_account_id_accounts_id_fk",
+          "tableFrom": "likes",
+          "tableTo": "accounts",
+          "columnsFrom": [
+            "account_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {
+        "likes_post_id_account_id_pk": {
+          "name": "likes_post_id_account_id_pk",
+          "columns": [
+            "post_id",
+            "account_id"
+          ]
+        }
+      },
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.list_members": {
+      "name": "list_members",
+      "schema": "",
+      "columns": {
+        "list_id": {
+          "name": "list_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "account_id": {
+          "name": "account_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "list_members_list_id_lists_id_fk": {
+          "name": "list_members_list_id_lists_id_fk",
+          "tableFrom": "list_members",
+          "tableTo": "lists",
+          "columnsFrom": [
+            "list_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "list_members_account_id_accounts_id_fk": {
+          "name": "list_members_account_id_accounts_id_fk",
+          "tableFrom": "list_members",
+          "tableTo": "accounts",
+          "columnsFrom": [
+            "account_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {
+        "list_members_list_id_account_id_pk": {
+          "name": "list_members_list_id_account_id_pk",
+          "columns": [
+            "list_id",
+            "account_id"
+          ]
+        }
+      },
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.list_posts": {
+      "name": "list_posts",
+      "schema": "",
+      "columns": {
+        "list_id": {
+          "name": "list_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "post_id": {
+          "name": "post_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        }
+      },
+      "indexes": {
+        "list_posts_list_id_post_id_index": {
+          "name": "list_posts_list_id_post_id_index",
+          "columns": [
+            {
+              "expression": "list_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "post_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "list_posts_list_id_lists_id_fk": {
+          "name": "list_posts_list_id_lists_id_fk",
+          "tableFrom": "list_posts",
+          "tableTo": "lists",
+          "columnsFrom": [
+            "list_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "list_posts_post_id_posts_id_fk": {
+          "name": "list_posts_post_id_posts_id_fk",
+          "tableFrom": "list_posts",
+          "tableTo": "posts",
+          "columnsFrom": [
+            "post_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {
+        "list_posts_list_id_post_id_pk": {
+          "name": "list_posts_list_id_post_id_pk",
+          "columns": [
+            "list_id",
+            "post_id"
+          ]
+        }
+      },
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.lists": {
+      "name": "lists",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "account_owner_id": {
+          "name": "account_owner_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "title": {
+          "name": "title",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "replies_policy": {
+          "name": "replies_policy",
+          "type": "list_replies_policy",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'list'"
+        },
+        "exclusive": {
+          "name": "exclusive",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "lists_account_owner_id_account_owners_id_fk": {
+          "name": "lists_account_owner_id_account_owners_id_fk",
+          "tableFrom": "lists",
+          "tableTo": "account_owners",
+          "columnsFrom": [
+            "account_owner_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.markers": {
+      "name": "markers",
+      "schema": "",
+      "columns": {
+        "account_owner_id": {
+          "name": "account_owner_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "type": {
+          "name": "type",
+          "type": "marker_type",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "last_read_id": {
+          "name": "last_read_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "version": {
+          "name": "version",
+          "type": "bigint",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 1
+        },
+        "updated": {
+          "name": "updated",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "markers_account_owner_id_account_owners_id_fk": {
+          "name": "markers_account_owner_id_account_owners_id_fk",
+          "tableFrom": "markers",
+          "tableTo": "account_owners",
+          "columnsFrom": [
+            "account_owner_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {
+        "markers_account_owner_id_type_pk": {
+          "name": "markers_account_owner_id_type_pk",
+          "columns": [
+            "account_owner_id",
+            "type"
+          ]
+        }
+      },
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.media": {
+      "name": "media",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "post_id": {
+          "name": "post_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "type": {
+          "name": "type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "url": {
+          "name": "url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "width": {
+          "name": "width",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "height": {
+          "name": "height",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "description": {
+          "name": "description",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "thumbnail_type": {
+          "name": "thumbnail_type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "thumbnail_url": {
+          "name": "thumbnail_url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "thumbnail_width": {
+          "name": "thumbnail_width",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "thumbnail_height": {
+          "name": "thumbnail_height",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        },
+        "thumbnail_cleaned": {
+          "name": "thumbnail_cleaned",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        }
+      },
+      "indexes": {
+        "media_post_id_index": {
+          "name": "media_post_id_index",
+          "columns": [
+            {
+              "expression": "post_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "media_post_id_posts_id_fk": {
+          "name": "media_post_id_posts_id_fk",
+          "tableFrom": "media",
+          "tableTo": "posts",
+          "columnsFrom": [
+            "post_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.mentions": {
+      "name": "mentions",
+      "schema": "",
+      "columns": {
+        "post_id": {
+          "name": "post_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "account_id": {
+          "name": "account_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        }
+      },
+      "indexes": {
+        "mentions_post_id_account_id_index": {
+          "name": "mentions_post_id_account_id_index",
+          "columns": [
+            {
+              "expression": "post_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "account_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "mentions_post_id_posts_id_fk": {
+          "name": "mentions_post_id_posts_id_fk",
+          "tableFrom": "mentions",
+          "tableTo": "posts",
+          "columnsFrom": [
+            "post_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "mentions_account_id_accounts_id_fk": {
+          "name": "mentions_account_id_accounts_id_fk",
+          "tableFrom": "mentions",
+          "tableTo": "accounts",
+          "columnsFrom": [
+            "account_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {
+        "mentions_post_id_account_id_pk": {
+          "name": "mentions_post_id_account_id_pk",
+          "columns": [
+            "post_id",
+            "account_id"
+          ]
+        }
+      },
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.mutes": {
+      "name": "mutes",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "account_id": {
+          "name": "account_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "muted_account_id": {
+          "name": "muted_account_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "notifications": {
+          "name": "notifications",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "duration": {
+          "name": "duration",
+          "type": "interval",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        }
+      },
+      "indexes": {
+        "mutes_account_id_index": {
+          "name": "mutes_account_id_index",
+          "columns": [
+            {
+              "expression": "account_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "mutes_account_id_accounts_id_fk": {
+          "name": "mutes_account_id_accounts_id_fk",
+          "tableFrom": "mutes",
+          "tableTo": "accounts",
+          "columnsFrom": [
+            "account_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "mutes_muted_account_id_accounts_id_fk": {
+          "name": "mutes_muted_account_id_accounts_id_fk",
+          "tableFrom": "mutes",
+          "tableTo": "accounts",
+          "columnsFrom": [
+            "muted_account_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "mutes_account_id_muted_account_id_unique": {
+          "name": "mutes_account_id_muted_account_id_unique",
+          "nullsNotDistinct": false,
+          "columns": [
+            "account_id",
+            "muted_account_id"
+          ]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.notification_groups": {
+      "name": "notification_groups",
+      "schema": "",
+      "columns": {
+        "group_key": {
+          "name": "group_key",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "account_owner_id": {
+          "name": "account_owner_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "type": {
+          "name": "type",
+          "type": "notification_type",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "target_post_id": {
+          "name": "target_post_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "notifications_count": {
+          "name": "notifications_count",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "most_recent_notification_id": {
+          "name": "most_recent_notification_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "sample_account_ids": {
+          "name": "sample_account_ids",
+          "type": "uuid[]",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'::uuid[]"
+        },
+        "latest_page_notification_at": {
+          "name": "latest_page_notification_at",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "page_min_id": {
+          "name": "page_min_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "page_max_id": {
+          "name": "page_max_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        },
+        "updated": {
+          "name": "updated",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        }
+      },
+      "indexes": {
+        "notification_groups_account_owner_id_updated_index": {
+          "name": "notification_groups_account_owner_id_updated_index",
+          "columns": [
+            {
+              "expression": "account_owner_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "updated",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "notification_groups_account_owner_id_type_index": {
+          "name": "notification_groups_account_owner_id_type_index",
+          "columns": [
+            {
+              "expression": "account_owner_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "type",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "notification_groups_account_owner_id_account_owners_id_fk": {
+          "name": "notification_groups_account_owner_id_account_owners_id_fk",
+          "tableFrom": "notification_groups",
+          "tableTo": "account_owners",
+          "columnsFrom": [
+            "account_owner_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "notification_groups_target_post_id_posts_id_fk": {
+          "name": "notification_groups_target_post_id_posts_id_fk",
+          "tableFrom": "notification_groups",
+          "tableTo": "posts",
+          "columnsFrom": [
+            "target_post_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "notification_groups_most_recent_notification_id_notifications_id_fk": {
+          "name": "notification_groups_most_recent_notification_id_notifications_id_fk",
+          "tableFrom": "notification_groups",
+          "tableTo": "notifications",
+          "columnsFrom": [
+            "most_recent_notification_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.notifications": {
+      "name": "notifications",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "account_owner_id": {
+          "name": "account_owner_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "type": {
+          "name": "type",
+          "type": "notification_type",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "actor_account_id": {
+          "name": "actor_account_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "target_post_id": {
+          "name": "target_post_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "target_account_id": {
+          "name": "target_account_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "target_poll_id": {
+          "name": "target_poll_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "group_key": {
+          "name": "group_key",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        },
+        "read_at": {
+          "name": "read_at",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "notifications_account_owner_id_created_index": {
+          "name": "notifications_account_owner_id_created_index",
+          "columns": [
+            {
+              "expression": "account_owner_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "created",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "notifications_account_owner_id_read_at_index": {
+          "name": "notifications_account_owner_id_read_at_index",
+          "columns": [
+            {
+              "expression": "account_owner_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "read_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "notifications_group_key_index": {
+          "name": "notifications_group_key_index",
+          "columns": [
+            {
+              "expression": "group_key",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "notifications_created_index": {
+          "name": "notifications_created_index",
+          "columns": [
+            {
+              "expression": "created",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "notifications_account_owner_id_account_owners_id_fk": {
+          "name": "notifications_account_owner_id_account_owners_id_fk",
+          "tableFrom": "notifications",
+          "tableTo": "account_owners",
+          "columnsFrom": [
+            "account_owner_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "notifications_actor_account_id_accounts_id_fk": {
+          "name": "notifications_actor_account_id_accounts_id_fk",
+          "tableFrom": "notifications",
+          "tableTo": "accounts",
+          "columnsFrom": [
+            "actor_account_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "notifications_target_post_id_posts_id_fk": {
+          "name": "notifications_target_post_id_posts_id_fk",
+          "tableFrom": "notifications",
+          "tableTo": "posts",
+          "columnsFrom": [
+            "target_post_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "notifications_target_account_id_accounts_id_fk": {
+          "name": "notifications_target_account_id_accounts_id_fk",
+          "tableFrom": "notifications",
+          "tableTo": "accounts",
+          "columnsFrom": [
+            "target_account_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "notifications_target_poll_id_polls_id_fk": {
+          "name": "notifications_target_poll_id_polls_id_fk",
+          "tableFrom": "notifications",
+          "tableTo": "polls",
+          "columnsFrom": [
+            "target_poll_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.passkey_login_challenges": {
+      "name": "passkey_login_challenges",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "challenge": {
+          "name": "challenge",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "expires_at": {
+          "name": "expires_at",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        }
+      },
+      "indexes": {
+        "passkey_login_challenges_expires_at_index": {
+          "name": "passkey_login_challenges_expires_at_index",
+          "columns": [
+            {
+              "expression": "expires_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.passkeys": {
+      "name": "passkeys",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "credential_email": {
+          "name": "credential_email",
+          "type": "varchar(254)",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "public_key": {
+          "name": "public_key",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "counter": {
+          "name": "counter",
+          "type": "bigint",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "transports": {
+          "name": "transports",
+          "type": "text[]",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "(ARRAY[]::text[])"
+        },
+        "device_type": {
+          "name": "device_type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "backed_up": {
+          "name": "backed_up",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "nickname": {
+          "name": "nickname",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "last_used": {
+          "name": "last_used",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "passkeys_credential_email_credentials_email_fk": {
+          "name": "passkeys_credential_email_credentials_email_fk",
+          "tableFrom": "passkeys",
+          "tableTo": "credentials",
+          "columnsFrom": [
+            "credential_email"
+          ],
+          "columnsTo": [
+            "email"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.pinned_posts": {
+      "name": "pinned_posts",
+      "schema": "",
+      "columns": {
+        "index": {
+          "name": "index",
+          "type": "bigserial",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "post_id": {
+          "name": "post_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "account_id": {
+          "name": "account_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        }
+      },
+      "indexes": {
+        "pinned_posts_account_id_post_id_index": {
+          "name": "pinned_posts_account_id_post_id_index",
+          "columns": [
+            {
+              "expression": "account_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "post_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "pinned_posts_account_id_accounts_id_fk": {
+          "name": "pinned_posts_account_id_accounts_id_fk",
+          "tableFrom": "pinned_posts",
+          "tableTo": "accounts",
+          "columnsFrom": [
+            "account_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "pinned_posts_post_id_account_id_posts_id_actor_id_fk": {
+          "name": "pinned_posts_post_id_account_id_posts_id_actor_id_fk",
+          "tableFrom": "pinned_posts",
+          "tableTo": "posts",
+          "columnsFrom": [
+            "post_id",
+            "account_id"
+          ],
+          "columnsTo": [
+            "id",
+            "actor_id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "pinned_posts_post_id_account_id_unique": {
+          "name": "pinned_posts_post_id_account_id_unique",
+          "nullsNotDistinct": false,
+          "columns": [
+            "post_id",
+            "account_id"
+          ]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.poll_options": {
+      "name": "poll_options",
+      "schema": "",
+      "columns": {
+        "poll_id": {
+          "name": "poll_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "index": {
+          "name": "index",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "title": {
+          "name": "title",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "votes_count": {
+          "name": "votes_count",
+          "type": "bigint",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        }
+      },
+      "indexes": {
+        "poll_options_poll_id_index_index": {
+          "name": "poll_options_poll_id_index_index",
+          "columns": [
+            {
+              "expression": "poll_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "index",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "poll_options_poll_id_polls_id_fk": {
+          "name": "poll_options_poll_id_polls_id_fk",
+          "tableFrom": "poll_options",
+          "tableTo": "polls",
+          "columnsFrom": [
+            "poll_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {
+        "poll_options_poll_id_index_pk": {
+          "name": "poll_options_poll_id_index_pk",
+          "columns": [
+            "poll_id",
+            "index"
+          ]
+        }
+      },
+      "uniqueConstraints": {
+        "poll_options_poll_id_title_unique": {
+          "name": "poll_options_poll_id_title_unique",
+          "nullsNotDistinct": false,
+          "columns": [
+            "poll_id",
+            "title"
+          ]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.poll_votes": {
+      "name": "poll_votes",
+      "schema": "",
+      "columns": {
+        "poll_id": {
+          "name": "poll_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "option_index": {
+          "name": "option_index",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "account_id": {
+          "name": "account_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        }
+      },
+      "indexes": {
+        "poll_votes_poll_id_account_id_index": {
+          "name": "poll_votes_poll_id_account_id_index",
+          "columns": [
+            {
+              "expression": "poll_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "account_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "poll_votes_poll_id_polls_id_fk": {
+          "name": "poll_votes_poll_id_polls_id_fk",
+          "tableFrom": "poll_votes",
+          "tableTo": "polls",
+          "columnsFrom": [
+            "poll_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "poll_votes_account_id_accounts_id_fk": {
+          "name": "poll_votes_account_id_accounts_id_fk",
+          "tableFrom": "poll_votes",
+          "tableTo": "accounts",
+          "columnsFrom": [
+            "account_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "poll_votes_poll_id_option_index_poll_options_poll_id_index_fk": {
+          "name": "poll_votes_poll_id_option_index_poll_options_poll_id_index_fk",
+          "tableFrom": "poll_votes",
+          "tableTo": "poll_options",
+          "columnsFrom": [
+            "poll_id",
+            "option_index"
+          ],
+          "columnsTo": [
+            "poll_id",
+            "index"
+          ],
+          "onDelete": "no action",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {
+        "poll_votes_poll_id_option_index_account_id_pk": {
+          "name": "poll_votes_poll_id_option_index_account_id_pk",
+          "columns": [
+            "poll_id",
+            "option_index",
+            "account_id"
+          ]
+        }
+      },
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.polls": {
+      "name": "polls",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "multiple": {
+          "name": "multiple",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "voters_count": {
+          "name": "voters_count",
+          "type": "bigint",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "expires": {
+          "name": "expires",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.posts": {
+      "name": "posts",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "iri": {
+          "name": "iri",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "type": {
+          "name": "type",
+          "type": "post_type",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "actor_id": {
+          "name": "actor_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "application_id": {
+          "name": "application_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "reply_target_id": {
+          "name": "reply_target_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "sharing_id": {
+          "name": "sharing_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "quote_target_id": {
+          "name": "quote_target_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "quote_target_iri": {
+          "name": "quote_target_iri",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "quote_state": {
+          "name": "quote_state",
+          "type": "quote_state",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "quote_authorization_iri": {
+          "name": "quote_authorization_iri",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "quote_approval_policy": {
+          "name": "quote_approval_policy",
+          "type": "quote_approval_policy",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'public'"
+        },
+        "visibility": {
+          "name": "visibility",
+          "type": "post_visibility",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "summary": {
+          "name": "summary",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "content_html": {
+          "name": "content_html",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "content": {
+          "name": "content",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "poll_id": {
+          "name": "poll_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "language": {
+          "name": "language",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "tags": {
+          "name": "tags",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'::jsonb"
+        },
+        "emojis": {
+          "name": "emojis",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'::jsonb"
+        },
+        "sensitive": {
+          "name": "sensitive",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "url": {
+          "name": "url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "preview_card": {
+          "name": "preview_card",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "replies_count": {
+          "name": "replies_count",
+          "type": "bigint",
+          "primaryKey": false,
+          "notNull": false,
+          "default": 0
+        },
+        "shares_count": {
+          "name": "shares_count",
+          "type": "bigint",
+          "primaryKey": false,
+          "notNull": false,
+          "default": 0
+        },
+        "likes_count": {
+          "name": "likes_count",
+          "type": "bigint",
+          "primaryKey": false,
+          "notNull": false,
+          "default": 0
+        },
+        "quotes_count": {
+          "name": "quotes_count",
+          "type": "bigint",
+          "primaryKey": false,
+          "notNull": false,
+          "default": 0
+        },
+        "idempotence_key": {
+          "name": "idempotence_key",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "published": {
+          "name": "published",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "updated": {
+          "name": "updated",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        }
+      },
+      "indexes": {
+        "posts_sharing_id_index": {
+          "name": "posts_sharing_id_index",
+          "columns": [
+            {
+              "expression": "sharing_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "posts_actor_id_index": {
+          "name": "posts_actor_id_index",
+          "columns": [
+            {
+              "expression": "actor_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "posts_actor_id_sharing_id_index": {
+          "name": "posts_actor_id_sharing_id_index",
+          "columns": [
+            {
+              "expression": "actor_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "sharing_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "posts_reply_target_id_index": {
+          "name": "posts_reply_target_id_index",
+          "columns": [
+            {
+              "expression": "reply_target_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "posts_actor_id_reply_target_id_index": {
+          "name": "posts_actor_id_reply_target_id_index",
+          "columns": [
+            {
+              "expression": "actor_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "reply_target_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "posts_quote_target_id_index": {
+          "name": "posts_quote_target_id_index",
+          "columns": [
+            {
+              "expression": "quote_target_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "where": "\"posts\".\"quote_target_id\" is not null",
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "posts_visibility_actor_id_index": {
+          "name": "posts_visibility_actor_id_index",
+          "columns": [
+            {
+              "expression": "visibility",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "actor_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "posts_visibility_actor_id_sharing_id_index": {
+          "name": "posts_visibility_actor_id_sharing_id_index",
+          "columns": [
+            {
+              "expression": "visibility",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "actor_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "sharing_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "where": "\"posts\".\"sharing_id\" is not null",
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "posts_visibility_actor_id_reply_target_id_index": {
+          "name": "posts_visibility_actor_id_reply_target_id_index",
+          "columns": [
+            {
+              "expression": "visibility",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "actor_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "reply_target_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "where": "\"posts\".\"reply_target_id\" is not null",
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "posts_actor_id_accounts_id_fk": {
+          "name": "posts_actor_id_accounts_id_fk",
+          "tableFrom": "posts",
+          "tableTo": "accounts",
+          "columnsFrom": [
+            "actor_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "posts_application_id_applications_id_fk": {
+          "name": "posts_application_id_applications_id_fk",
+          "tableFrom": "posts",
+          "tableTo": "applications",
+          "columnsFrom": [
+            "application_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        },
+        "posts_reply_target_id_posts_id_fk": {
+          "name": "posts_reply_target_id_posts_id_fk",
+          "tableFrom": "posts",
+          "tableTo": "posts",
+          "columnsFrom": [
+            "reply_target_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        },
+        "posts_sharing_id_posts_id_fk": {
+          "name": "posts_sharing_id_posts_id_fk",
+          "tableFrom": "posts",
+          "tableTo": "posts",
+          "columnsFrom": [
+            "sharing_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "posts_quote_target_id_posts_id_fk": {
+          "name": "posts_quote_target_id_posts_id_fk",
+          "tableFrom": "posts",
+          "tableTo": "posts",
+          "columnsFrom": [
+            "quote_target_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        },
+        "posts_poll_id_polls_id_fk": {
+          "name": "posts_poll_id_polls_id_fk",
+          "tableFrom": "posts",
+          "tableTo": "polls",
+          "columnsFrom": [
+            "poll_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "posts_iri_unique": {
+          "name": "posts_iri_unique",
+          "nullsNotDistinct": false,
+          "columns": [
+            "iri"
+          ]
+        },
+        "posts_id_actor_id_unique": {
+          "name": "posts_id_actor_id_unique",
+          "nullsNotDistinct": false,
+          "columns": [
+            "id",
+            "actor_id"
+          ]
+        },
+        "posts_poll_id_unique": {
+          "name": "posts_poll_id_unique",
+          "nullsNotDistinct": false,
+          "columns": [
+            "poll_id"
+          ]
+        },
+        "posts_actor_id_sharing_id_unique": {
+          "name": "posts_actor_id_sharing_id_unique",
+          "nullsNotDistinct": false,
+          "columns": [
+            "actor_id",
+            "sharing_id"
+          ]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.reactions": {
+      "name": "reactions",
+      "schema": "",
+      "columns": {
+        "post_id": {
+          "name": "post_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "account_id": {
+          "name": "account_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "emoji": {
+          "name": "emoji",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "custom_emoji": {
+          "name": "custom_emoji",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "emoji_iri": {
+          "name": "emoji_iri",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        }
+      },
+      "indexes": {
+        "reactions_post_id_index": {
+          "name": "reactions_post_id_index",
+          "columns": [
+            {
+              "expression": "post_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "reactions_post_id_account_id_index": {
+          "name": "reactions_post_id_account_id_index",
+          "columns": [
+            {
+              "expression": "post_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "account_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "reactions_created_index": {
+          "name": "reactions_created_index",
+          "columns": [
+            {
+              "expression": "created",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "reactions_post_id_posts_id_fk": {
+          "name": "reactions_post_id_posts_id_fk",
+          "tableFrom": "reactions",
+          "tableTo": "posts",
+          "columnsFrom": [
+            "post_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "reactions_account_id_accounts_id_fk": {
+          "name": "reactions_account_id_accounts_id_fk",
+          "tableFrom": "reactions",
+          "tableTo": "accounts",
+          "columnsFrom": [
+            "account_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {
+        "reactions_post_id_account_id_emoji_pk": {
+          "name": "reactions_post_id_account_id_emoji_pk",
+          "columns": [
+            "post_id",
+            "account_id",
+            "emoji"
+          ]
+        }
+      },
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.remote_reply_scrape_jobs": {
+      "name": "remote_reply_scrape_jobs",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "post_id": {
+          "name": "post_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "post_iri": {
+          "name": "post_iri",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "replies_iri": {
+          "name": "replies_iri",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "base_url": {
+          "name": "base_url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "origin_host": {
+          "name": "origin_host",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "depth": {
+          "name": "depth",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "status": {
+          "name": "status",
+          "type": "remote_reply_scrape_job_status",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'pending'"
+        },
+        "attempts": {
+          "name": "attempts",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "fetched_items": {
+          "name": "fetched_items",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "next_attempt_at": {
+          "name": "next_attempt_at",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        },
+        "error_message": {
+          "name": "error_message",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        },
+        "started_at": {
+          "name": "started_at",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "completed_at": {
+          "name": "completed_at",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "updated": {
+          "name": "updated",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        }
+      },
+      "indexes": {
+        "remote_reply_scrape_jobs_claim_index": {
+          "name": "remote_reply_scrape_jobs_claim_index",
+          "columns": [
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "next_attempt_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "created",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "remote_reply_scrape_jobs_origin_claim_index": {
+          "name": "remote_reply_scrape_jobs_origin_claim_index",
+          "columns": [
+            {
+              "expression": "origin_host",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "next_attempt_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "created",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "remote_reply_scrape_jobs_stale_processing_index": {
+          "name": "remote_reply_scrape_jobs_stale_processing_index",
+          "columns": [
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "updated",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "remote_reply_scrape_jobs_post_id_posts_id_fk": {
+          "name": "remote_reply_scrape_jobs_post_id_posts_id_fk",
+          "tableFrom": "remote_reply_scrape_jobs",
+          "tableTo": "posts",
+          "columnsFrom": [
+            "post_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "remote_reply_scrape_jobs_replies_iri_unique": {
+          "name": "remote_reply_scrape_jobs_replies_iri_unique",
+          "nullsNotDistinct": false,
+          "columns": [
+            "replies_iri"
+          ]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.remote_reply_scrape_origins": {
+      "name": "remote_reply_scrape_origins",
+      "schema": "",
+      "columns": {
+        "origin_host": {
+          "name": "origin_host",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "next_request_at": {
+          "name": "next_request_at",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        },
+        "last_request_at": {
+          "name": "last_request_at",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "processing_job_id": {
+          "name": "processing_job_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "processing_started_at": {
+          "name": "processing_started_at",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "updated": {
+          "name": "updated",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        }
+      },
+      "indexes": {
+        "remote_reply_scrape_origins_next_request_at_index": {
+          "name": "remote_reply_scrape_origins_next_request_at_index",
+          "columns": [
+            {
+              "expression": "next_request_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "remote_reply_scrape_origins_processing_job_id_index": {
+          "name": "remote_reply_scrape_origins_processing_job_id_index",
+          "columns": [
+            {
+              "expression": "processing_job_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.reports": {
+      "name": "reports",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "iri": {
+          "name": "iri",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "account_id": {
+          "name": "account_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "target_account_id": {
+          "name": "target_account_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        },
+        "comment": {
+          "name": "comment",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "posts": {
+          "name": "posts",
+          "type": "uuid[]",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'::uuid[]"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "reports_account_id_accounts_id_fk": {
+          "name": "reports_account_id_accounts_id_fk",
+          "tableFrom": "reports",
+          "tableTo": "accounts",
+          "columnsFrom": [
+            "account_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "reports_target_account_id_accounts_id_fk": {
+          "name": "reports_target_account_id_accounts_id_fk",
+          "tableFrom": "reports",
+          "tableTo": "accounts",
+          "columnsFrom": [
+            "target_account_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "reports_iri_unique": {
+          "name": "reports_iri_unique",
+          "nullsNotDistinct": false,
+          "columns": [
+            "iri"
+          ]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.timeline_posts": {
+      "name": "timeline_posts",
+      "schema": "",
+      "columns": {
+        "account_id": {
+          "name": "account_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "post_id": {
+          "name": "post_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        }
+      },
+      "indexes": {
+        "timeline_posts_account_id_post_id_index": {
+          "name": "timeline_posts_account_id_post_id_index",
+          "columns": [
+            {
+              "expression": "account_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "post_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "timeline_posts_account_id_account_owners_id_fk": {
+          "name": "timeline_posts_account_id_account_owners_id_fk",
+          "tableFrom": "timeline_posts",
+          "tableTo": "account_owners",
+          "columnsFrom": [
+            "account_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "timeline_posts_post_id_posts_id_fk": {
+          "name": "timeline_posts_post_id_posts_id_fk",
+          "tableFrom": "timeline_posts",
+          "tableTo": "posts",
+          "columnsFrom": [
+            "post_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {
+        "timeline_posts_account_id_post_id_pk": {
+          "name": "timeline_posts_account_id_post_id_pk",
+          "columns": [
+            "account_id",
+            "post_id"
+          ]
+        }
+      },
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.totps": {
+      "name": "totps",
+      "schema": "",
+      "columns": {
+        "issuer": {
+          "name": "issuer",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "label": {
+          "name": "label",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "algorithm": {
+          "name": "algorithm",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "digits": {
+          "name": "digits",
+          "type": "smallint",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "period": {
+          "name": "period",
+          "type": "smallint",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "secret": {
+          "name": "secret",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created": {
+          "name": "created",
+          "type": "timestamp with time zone",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "CURRENT_TIMESTAMP"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    }
+  },
+  "enums": {
+    "public.account_type": {
+      "name": "account_type",
+      "schema": "public",
+      "values": [
+        "Application",
+        "Group",
+        "Organization",
+        "Person",
+        "Service"
+      ]
+    },
+    "public.cleanup_job_category": {
+      "name": "cleanup_job_category",
+      "schema": "public",
+      "values": [
+        "cleanup_thumbnails"
+      ]
+    },
+    "public.cleanup_job_status": {
+      "name": "cleanup_job_status",
+      "schema": "public",
+      "values": [
+        "pending",
+        "processing",
+        "completed",
+        "failed",
+        "cancelled"
+      ]
+    },
+    "public.grant_type": {
+      "name": "grant_type",
+      "schema": "public",
+      "values": [
+        "authorization_code",
+        "client_credentials"
+      ]
+    },
+    "public.import_job_category": {
+      "name": "import_job_category",
+      "schema": "public",
+      "values": [
+        "following_accounts",
+        "lists",
+        "muted_accounts",
+        "blocked_accounts",
+        "bookmarks"
+      ]
+    },
+    "public.import_job_status": {
+      "name": "import_job_status",
+      "schema": "public",
+      "values": [
+        "pending",
+        "processing",
+        "completed",
+        "failed",
+        "cancelled"
+      ]
+    },
+    "public.list_replies_policy": {
+      "name": "list_replies_policy",
+      "schema": "public",
+      "values": [
+        "followed",
+        "list",
+        "none"
+      ]
+    },
+    "public.marker_type": {
+      "name": "marker_type",
+      "schema": "public",
+      "values": [
+        "notifications",
+        "home"
+      ]
+    },
+    "public.notification_type": {
+      "name": "notification_type",
+      "schema": "public",
+      "values": [
+        "mention",
+        "status",
+        "reblog",
+        "follow",
+        "follow_request",
+        "favourite",
+        "emoji_reaction",
+        "poll",
+        "update",
+        "admin.sign_up",
+        "admin.report",
+        "quote",
+        "quoted_update"
+      ]
+    },
+    "public.post_type": {
+      "name": "post_type",
+      "schema": "public",
+      "values": [
+        "Article",
+        "Note",
+        "Question"
+      ]
+    },
+    "public.post_visibility": {
+      "name": "post_visibility",
+      "schema": "public",
+      "values": [
+        "public",
+        "unlisted",
+        "private",
+        "direct"
+      ]
+    },
+    "public.quote_approval_policy": {
+      "name": "quote_approval_policy",
+      "schema": "public",
+      "values": [
+        "public",
+        "followers",
+        "nobody"
+      ]
+    },
+    "public.quote_state": {
+      "name": "quote_state",
+      "schema": "public",
+      "values": [
+        "pending",
+        "accepted",
+        "rejected",
+        "revoked",
+        "unauthorized"
+      ]
+    },
+    "public.remote_reply_scrape_job_status": {
+      "name": "remote_reply_scrape_job_status",
+      "schema": "public",
+      "values": [
+        "pending",
+        "processing",
+        "completed",
+        "failed"
+      ]
+    },
+    "public.scope": {
+      "name": "scope",
+      "schema": "public",
+      "values": [
+        "read",
+        "read:accounts",
+        "read:blocks",
+        "read:bookmarks",
+        "read:favourites",
+        "read:filters",
+        "read:follows",
+        "read:lists",
+        "read:mutes",
+        "read:notifications",
+        "read:search",
+        "read:statuses",
+        "write",
+        "write:accounts",
+        "write:blocks",
+        "write:bookmarks",
+        "write:conversations",
+        "write:favourites",
+        "write:filters",
+        "write:follows",
+        "write:lists",
+        "write:media",
+        "write:mutes",
+        "write:notifications",
+        "write:reports",
+        "write:statuses",
+        "follow",
+        "push",
+        "profile"
+      ]
+    },
+    "public.theme_color": {
+      "name": "theme_color",
+      "schema": "public",
+      "values": [
+        "amber",
+        "azure",
+        "blue",
+        "cyan",
+        "fuchsia",
+        "green",
+        "grey",
+        "indigo",
+        "jade",
+        "lime",
+        "orange",
+        "pink",
+        "pumpkin",
+        "purple",
+        "red",
+        "sand",
+        "slate",
+        "violet",
+        "yellow",
+        "zinc"
+      ]
+    }
+  },
+  "schemas": {},
+  "sequences": {},
+  "roles": {},
+  "policies": {},
+  "views": {},
+  "_meta": {
+    "columns": {},
+    "schemas": {},
+    "tables": {}
+  }
+}
\ No newline at end of file
diff --git a/drizzle/meta/_journal.json b/drizzle/meta/_journal.json
index 220cee16..ab4d975d 100644
--- a/drizzle/meta/_journal.json
+++ b/drizzle/meta/_journal.json
@@ -617,6 +617,20 @@
       "when": 1777428000000,
       "tag": "0087_quote_authorization_requirement",
       "breakpoints": true
+    },
+    {
+      "idx": 88,
+      "version": "7",
+      "when": 1778782509038,
+      "tag": "0088_passkeys",
+      "breakpoints": true
+    },
+    {
+      "idx": 89,
+      "version": "7",
+      "when": 1778802075419,
+      "tag": "0089_passkey_login_challenges",
+      "breakpoints": true
     }
   ]
-}
+}
\ No newline at end of file
diff --git a/package.json b/package.json
index 067f068f..9ac2ec09 100644
--- a/package.json
+++ b/package.json
@@ -55,6 +55,8 @@
     "@sentry/core": "^10.51.0",
     "@sentry/node": "^10.51.0",
     "@shikijs/markdown-it": "^4.0.2",
+    "@simplewebauthn/browser": "^13.3.0",
+    "@simplewebauthn/server": "^13.3.0",
     "@supercharge/promise-pool": "^3.2.0",
     "argon2": "^0.44.0",
     "cheerio": "^1.2.0",
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index f914a923..9df55821 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -80,6 +80,12 @@ importers:
       '@shikijs/markdown-it':
         specifier: ^4.0.2
         version: 4.0.2
+      '@simplewebauthn/browser':
+        specifier: ^13.3.0
+        version: 13.3.0
+      '@simplewebauthn/server':
+        specifier: ^13.3.0
+        version: 13.3.0
       '@supercharge/promise-pool':
         specifier: ^3.2.0
         version: 3.2.0
@@ -1306,6 +1312,9 @@ packages:
   '@fxts/core@1.26.0':
     resolution: {integrity: sha512-ONaza1CGr8dLKmJ0HQgi0h4XuyDJMr0P70M7o/My/YeeRxuYoSANHjE2nSY7xO4WHgxUD5ojd5dpxlFOzAEJsA==}
 
+  '@hexagon/base64@1.1.28':
+    resolution: {integrity: sha512-lhqDEAvWixy3bZ+UOYbPwUbBkwBq5C1LAJ/xPC8Oi+lL54oyakv/npbA0aU2hgCsx/1NUd4IBvV03+aUBWxerw==}
+
   '@hexagon/base64@2.0.4':
     resolution: {integrity: sha512-H/ZY6rGyaEuk0mwQgZ3BVi9hMjFTYpBNFbmtOuec/pPibuGhCMXd8fGtwBaO0h44FkWMurysMsDrpkJsBRmoWQ==}
 
@@ -1529,6 +1538,9 @@ packages:
     resolution: {integrity: sha512-hloP58zRVCRSpgDxmqCWJNlizAlUgJFqG2ypq79DCvyv9tHjRYMDOcPFjzfl/A1/YxDvRCZz8wvZvmapQnKwFQ==}
     engines: {node: '>=12'}
 
+  '@levischuck/tiny-cbor@0.2.11':
+    resolution: {integrity: sha512-llBRm4dT4Z89aRsm6u2oEZ8tfwL/2l6BwpZ7JcyieouniDECM5AqNgr/y08zalEIvW3RSK4upYyybDcmjXqAow==}
+
   '@logtape/drizzle-orm@2.0.7':
     resolution: {integrity: sha512-JndELP5Q1impvcezL6GrlX0AJX+6unskv8lgCL/9Rgcx/9ppsi9OjfyA27E38HO2r803Tm4c2Kj+KL0NcXzBqA==}
     peerDependencies:
@@ -2170,6 +2182,46 @@ packages:
     cpu: [x64]
     os: [win32]
 
+  '@peculiar/asn1-android@2.7.0':
+    resolution: {integrity: sha512-iD3VskhVQnM4nE3PN9cBdPTR7JrqZy3FYk+uD2CeG6DUqKoANqaEfx0f7izPmW+Qm5JBM35ek+viLCmjy18ByQ==}
+
+  '@peculiar/asn1-cms@2.7.0':
+    resolution: {integrity: sha512-hew63shtzzvBcSHbhm+cyAmKe6AIfinT9hzEqSPjDC6opTTMKmTkQ0gHuN2KsWlvqiKw1S/fS94fhag/FJkioQ==}
+
+  '@peculiar/asn1-csr@2.7.0':
+    resolution: {integrity: sha512-VVsAyGqErT9D1SY4aEqozThXMVI+ssVRiv2DDeYuvpBKLIgZ3hYs3Ay3u/VSoKq6ESFi9cf6rf3IOOzfwh7oMA==}
+
+  '@peculiar/asn1-ecc@2.7.0':
+    resolution: {integrity: sha512-n7KEs/Q/wrB415cxy4fHOBhegp4NdJ15fkJPwcB/3/8iNBQC2L/N7SChJPKDJPZGYH0jD4Tg4/0vnHmwghnbKw==}
+
+  '@peculiar/asn1-pfx@2.7.0':
+    resolution: {integrity: sha512-V/nrlQVmhg7lYAsM7E13UDL5erAwFv6kCIVFqNaMIHSVi7dngcT839JkRTkQBqznMG98l2XjxYk74ZztAohZzA==}
+
+  '@peculiar/asn1-pkcs8@2.7.0':
+    resolution: {integrity: sha512-9GTl1nE8Mx1kTZ+7QyYatDyKsm34QcWRBFkY1iPvWC3X4Dona5s/tlLiQsx5WzVdZqiMBZNYT0buyw4/vbhnjw==}
+
+  '@peculiar/asn1-pkcs9@2.7.0':
+    resolution: {integrity: sha512-Bh7m+OuIaSEllPQcSd9OSp93F4ROWH7sbITWV8MI+8dwsjE5111/87VxiWVvYFKyww3vp39geLv9ENqhwWHcew==}
+
+  '@peculiar/asn1-rsa@2.7.0':
+    resolution: {integrity: sha512-/qvENQrXyTZURjMqSeofHul0JJt2sNSzSwk36pl2olkHbaioMQgrASDZAlHXl0xUlnVbHj0uGgOrBMTb5x2aJQ==}
+
+  '@peculiar/asn1-schema@2.7.0':
+    resolution: {integrity: sha512-W8ZfWzLmQnrcky+eh3tni4IozMdqBDiHWU0N+vve/UGjMaUs8c0L7A2oEdkBXS8rTpWDpK/aoI3DG/L/hxmxPg==}
+
+  '@peculiar/asn1-x509-attr@2.7.0':
+    resolution: {integrity: sha512-NS8e7SOgXipkzUPLF/sce7ukpMpWjhxYsH0n6Y+bHYo4TTxOb95Zv7hqwSuL212mj5YxovjdOKQOgH1As3E94w==}
+
+  '@peculiar/asn1-x509@2.7.0':
+    resolution: {integrity: sha512-mUn9RRrkGDnG4ALfunDmzyRW5dg+sWCj/pfnCCqEHYbkGxEpvUt6iVJv8Yw1cyp6SWZ26ZE5oSmI5SqEaen15g==}
+
+  '@peculiar/utils@2.0.3':
+    resolution: {integrity: sha512-+oL3HPFRIZ1St2K50lWCXiioIgSoxzz7R1J3uF6neO2yl1sgmpgY6XXJH4BdpoDkMWznQTeYF6oWNDZLCdQ4eQ==}
+
+  '@peculiar/x509@1.14.3':
+    resolution: {integrity: sha512-C2Xj8FZ0uHWeCXXqX5B4/gVFQmtSkiuOolzAgutjTfseNOHT3pUjljDZsTSxXFGgio54bCzVFqmEOUrIVk8RDA==}
+    engines: {node: '>=20.0.0'}
+
   '@phc/format@1.0.0':
     resolution: {integrity: sha512-m7X9U6BG2+J+R1lSOdCiITLLrxm+cWlNI3HUFA92oLO77ObGNzaKdh8pMLqdZcshtkKuV84olNNXDfMc4FezBQ==}
     engines: {node: '>=10'}
@@ -2533,6 +2585,13 @@ packages:
   '@shikijs/vscode-textmate@10.0.2':
     resolution: {integrity: sha512-83yeghZ2xxin3Nj8z1NMd/NCuca+gsYXswywDy5bHvwlWL8tpTQmzGeUuHd9FC3E/SBEMvzJRwWEOz5gGes9Qg==}
 
+  '@simplewebauthn/browser@13.3.0':
+    resolution: {integrity: sha512-BE/UWv6FOToAdVk0EokzkqQQDOWtNydYlY6+OrmiZ5SCNmb41VehttboTetUM3T/fr6EAFYVXjz4My2wg230rQ==}
+
+  '@simplewebauthn/server@13.3.0':
+    resolution: {integrity: sha512-MLHYFrYG8/wK2i+86XMhiecK72nMaHKKt4bo+7Q1TbuG9iGjlSdfkPWKO5ZFE/BX+ygCJ7pr8H/AJeyAj1EaTQ==}
+    engines: {node: '>=20.0.0'}
+
   '@smithy/abort-controller@3.1.9':
     resolution: {integrity: sha512-yiW0WI30zj8ZKoSYNx90no7ugVn3khlyH/z5W8qtKBtVE6awRALbhSG+2SAHA1r6bO/6M9utxYKVZ3PCJ1rWxw==}
     engines: {node: '>=16.0.0'}
@@ -4995,6 +5054,9 @@ packages:
   recma-stringify@1.0.0:
     resolution: {integrity: sha512-cjwII1MdIIVloKvC9ErQ+OgAtwHBmcZ0Bg4ciz78FtbT8In39aAYbaA7zvxQ61xVMSPE8WxhLwLbhif4Js2C+g==}
 
+  reflect-metadata@0.2.2:
+    resolution: {integrity: sha512-urBwgfrvVP/eAyXx4hluJivBKzuEbSQs9rKWCrCkbSxNv8mxPcUZKeuoF3Uy4mJl3Lwprp6yy5/39VWigZ4K6Q==}
+
   regex-recursion@6.0.2:
     resolution: {integrity: sha512-0YCaSCq2VRIebiaUviZNs0cBz1kg5kVS2UKUfNIx8YVs1cN3AV7NTctO5FOKBA+UT2BPJIWZauYHPqJODG50cg==}
 
@@ -5406,6 +5468,9 @@ packages:
       unplugin-unused:
         optional: true
 
+  tslib@1.14.1:
+    resolution: {integrity: sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==}
+
   tslib@2.8.1:
     resolution: {integrity: sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w==}
 
@@ -5414,6 +5479,10 @@ packages:
     engines: {node: '>=18.0.0'}
     hasBin: true
 
+  tsyringe@4.10.0:
+    resolution: {integrity: sha512-axr3IdNuVIxnaK5XGEUFTu3YmAQ6lllgrvqfEoR16g/HGnYY/6We4oWENtAnzK6/LpJ2ur9PAb80RBt7/U4ugw==}
+    engines: {node: '>= 6.0.0'}
+
   tunnel@0.0.6:
     resolution: {integrity: sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg==}
     engines: {node: '>=0.6.11 <=0.7.0 || >=0.7.3'}
@@ -7641,6 +7710,8 @@ snapshots:
     dependencies:
       tslib: 2.8.1
 
+  '@hexagon/base64@1.1.28': {}
+
   '@hexagon/base64@2.0.4': {}
 
   '@hono/node-server@1.19.13(hono@4.12.18)':
@@ -7825,6 +7896,8 @@ snapshots:
     dependencies:
       jsbi: 4.3.0
 
+  '@levischuck/tiny-cbor@0.2.11': {}
+
   '@logtape/drizzle-orm@2.0.7(@logtape/logtape@2.0.7)':
     dependencies:
       '@logtape/logtape': 2.0.7
@@ -8348,6 +8421,106 @@ snapshots:
   '@pagefind/windows-x64@1.4.0':
     optional: true
 
+  '@peculiar/asn1-android@2.7.0':
+    dependencies:
+      '@peculiar/asn1-schema': 2.7.0
+      asn1js: 3.0.10
+      tslib: 2.8.1
+
+  '@peculiar/asn1-cms@2.7.0':
+    dependencies:
+      '@peculiar/asn1-schema': 2.7.0
+      '@peculiar/asn1-x509': 2.7.0
+      '@peculiar/asn1-x509-attr': 2.7.0
+      asn1js: 3.0.10
+      tslib: 2.8.1
+
+  '@peculiar/asn1-csr@2.7.0':
+    dependencies:
+      '@peculiar/asn1-schema': 2.7.0
+      '@peculiar/asn1-x509': 2.7.0
+      asn1js: 3.0.10
+      tslib: 2.8.1
+
+  '@peculiar/asn1-ecc@2.7.0':
+    dependencies:
+      '@peculiar/asn1-schema': 2.7.0
+      '@peculiar/asn1-x509': 2.7.0
+      asn1js: 3.0.10
+      tslib: 2.8.1
+
+  '@peculiar/asn1-pfx@2.7.0':
+    dependencies:
+      '@peculiar/asn1-cms': 2.7.0
+      '@peculiar/asn1-pkcs8': 2.7.0
+      '@peculiar/asn1-rsa': 2.7.0
+      '@peculiar/asn1-schema': 2.7.0
+      asn1js: 3.0.10
+      tslib: 2.8.1
+
+  '@peculiar/asn1-pkcs8@2.7.0':
+    dependencies:
+      '@peculiar/asn1-schema': 2.7.0
+      '@peculiar/asn1-x509': 2.7.0
+      asn1js: 3.0.10
+      tslib: 2.8.1
+
+  '@peculiar/asn1-pkcs9@2.7.0':
+    dependencies:
+      '@peculiar/asn1-cms': 2.7.0
+      '@peculiar/asn1-pfx': 2.7.0
+      '@peculiar/asn1-pkcs8': 2.7.0
+      '@peculiar/asn1-schema': 2.7.0
+      '@peculiar/asn1-x509': 2.7.0
+      '@peculiar/asn1-x509-attr': 2.7.0
+      asn1js: 3.0.10
+      tslib: 2.8.1
+
+  '@peculiar/asn1-rsa@2.7.0':
+    dependencies:
+      '@peculiar/asn1-schema': 2.7.0
+      '@peculiar/asn1-x509': 2.7.0
+      asn1js: 3.0.10
+      tslib: 2.8.1
+
+  '@peculiar/asn1-schema@2.7.0':
+    dependencies:
+      '@peculiar/utils': 2.0.3
+      asn1js: 3.0.10
+      tslib: 2.8.1
+
+  '@peculiar/asn1-x509-attr@2.7.0':
+    dependencies:
+      '@peculiar/asn1-schema': 2.7.0
+      '@peculiar/asn1-x509': 2.7.0
+      asn1js: 3.0.10
+      tslib: 2.8.1
+
+  '@peculiar/asn1-x509@2.7.0':
+    dependencies:
+      '@peculiar/asn1-schema': 2.7.0
+      '@peculiar/utils': 2.0.3
+      asn1js: 3.0.10
+      tslib: 2.8.1
+
+  '@peculiar/utils@2.0.3':
+    dependencies:
+      tslib: 2.8.1
+
+  '@peculiar/x509@1.14.3':
+    dependencies:
+      '@peculiar/asn1-cms': 2.7.0
+      '@peculiar/asn1-csr': 2.7.0
+      '@peculiar/asn1-ecc': 2.7.0
+      '@peculiar/asn1-pkcs9': 2.7.0
+      '@peculiar/asn1-rsa': 2.7.0
+      '@peculiar/asn1-schema': 2.7.0
+      '@peculiar/asn1-x509': 2.7.0
+      pvtsutils: 1.3.6
+      reflect-metadata: 0.2.2
+      tslib: 2.8.1
+      tsyringe: 4.10.0
+
   '@phc/format@1.0.0': {}
 
   '@pkgjs/parseargs@0.11.0':
@@ -8661,6 +8834,19 @@ snapshots:
 
   '@shikijs/vscode-textmate@10.0.2': {}
 
+  '@simplewebauthn/browser@13.3.0': {}
+
+  '@simplewebauthn/server@13.3.0':
+    dependencies:
+      '@hexagon/base64': 1.1.28
+      '@levischuck/tiny-cbor': 0.2.11
+      '@peculiar/asn1-android': 2.7.0
+      '@peculiar/asn1-ecc': 2.7.0
+      '@peculiar/asn1-rsa': 2.7.0
+      '@peculiar/asn1-schema': 2.7.0
+      '@peculiar/asn1-x509': 2.7.0
+      '@peculiar/x509': 1.14.3
+
   '@smithy/abort-controller@3.1.9':
     dependencies:
       '@smithy/types': 3.7.2
@@ -12019,6 +12205,8 @@ snapshots:
       unified: 11.0.5
       vfile: 6.0.3
 
+  reflect-metadata@0.2.2: {}
+
   regex-recursion@6.0.2:
     dependencies:
       regex-utilities: 2.3.0
@@ -12533,6 +12721,8 @@ snapshots:
       - synckit
       - vue-tsc
 
+  tslib@1.14.1: {}
+
   tslib@2.8.1: {}
 
   tsx@4.21.0:
@@ -12542,6 +12732,10 @@ snapshots:
     optionalDependencies:
       fsevents: 2.3.3
 
+  tsyringe@4.10.0:
+    dependencies:
+      tslib: 1.14.1
+
   tunnel@0.0.6: {}
 
   type-check@0.4.0:
diff --git a/src/login.test.ts b/src/login.test.ts
new file mode 100644
index 00000000..9b5e9f30
--- /dev/null
+++ b/src/login.test.ts
@@ -0,0 +1,103 @@
+import { Hono } from "hono";
+import { serializeSigned } from "hono/utils/cookie";
+import { beforeEach, describe, expect, it } from "vitest";
+
+import { cleanDatabase } from "../tests/helpers";
+import db from "./db";
+import { SECRET_KEY } from "./env";
+import { loginRequired } from "./login";
+import { totps } from "./schema";
+
+const app = new Hono();
+app.use(loginRequired);
+app.get("/protected", (c) => c.text("ok"));
+
+async function signed(name: string, value: string): Promise<string> {
+  return serializeSigned(name, value, SECRET_KEY!, { path: "/" });
+}
+
+describe("loginRequired", () => {
+  beforeEach(async () => {
+    await cleanDatabase();
+  });
+
+  it("redirects to /login when no login cookie is present", async () => {
+    const response = await app.request("/protected");
+    expect(response.status).toBe(302);
+    expect(response.headers.get("Location")).toMatch(/^\/login\?next=/);
+  });
+
+  it("lets the request through when login is set and no TOTP is enrolled", async () => {
+    const cookie = await signed("login", new Date().toISOString());
+    const response = await app.request("/protected", {
+      headers: { Cookie: cookie },
+    });
+    expect(response.status).toBe(200);
+    expect(await response.text()).toBe("ok");
+  });
+
+  describe("when a TOTP is enrolled", () => {
+    beforeEach(async () => {
+      await db.insert(totps).values({
+        issuer: "Hollo",
+        label: "test@example.com",
+        algorithm: "SHA1",
+        digits: 6,
+        period: 30,
+        secret: "JBSWY3DPEHPK3PXP",
+      });
+    });
+
+    it("redirects to /login/otp when login is set but no second factor", async () => {
+      const cookie = await signed("login", new Date().toISOString());
+      const response = await app.request("/protected", {
+        headers: { Cookie: cookie },
+      });
+      expect(response.status).toBe(302);
+      expect(response.headers.get("Location")).toMatch(/^\/login\/otp\?next=/);
+    });
+
+    it("lets the request through when the otp cookie matches the login cookie", async () => {
+      const login = new Date().toISOString();
+      const loginCookie = await signed("login", login);
+      const otpCookie = await signed("otp", `${login} totp`);
+      const response = await app.request("/protected", {
+        headers: { Cookie: `${loginCookie}; ${otpCookie}` },
+      });
+      expect(response.status).toBe(200);
+    });
+
+    it("lets the request through when the passkey cookie matches the login cookie", async () => {
+      const login = new Date().toISOString();
+      const loginCookie = await signed("login", login);
+      const passkeyCookie = await signed("passkey", `${login} passkey`);
+      const response = await app.request("/protected", {
+        headers: { Cookie: `${loginCookie}; ${passkeyCookie}` },
+      });
+      expect(response.status).toBe(200);
+    });
+
+    it("redirects to /login/otp when the otp cookie does not match the login cookie", async () => {
+      const loginCookie = await signed("login", new Date().toISOString());
+      const otpCookie = await signed("otp", "1999-01-01T00:00:00.000Z totp");
+      const response = await app.request("/protected", {
+        headers: { Cookie: `${loginCookie}; ${otpCookie}` },
+      });
+      expect(response.status).toBe(302);
+      expect(response.headers.get("Location")).toMatch(/^\/login\/otp\?next=/);
+    });
+
+    it("redirects to /login/otp when the passkey cookie does not match the login cookie", async () => {
+      const loginCookie = await signed("login", new Date().toISOString());
+      const passkeyCookie = await signed(
+        "passkey",
+        "1999-01-01T00:00:00.000Z passkey",
+      );
+      const response = await app.request("/protected", {
+        headers: { Cookie: `${loginCookie}; ${passkeyCookie}` },
+      });
+      expect(response.status).toBe(302);
+      expect(response.headers.get("Location")).toMatch(/^\/login\/otp\?next=/);
+    });
+  });
+});
diff --git a/src/login.ts b/src/login.ts
index c9a7dc78..3e79840c 100644
--- a/src/login.ts
+++ b/src/login.ts
@@ -11,8 +11,17 @@ export const loginRequired = createMiddleware(async (c, next) => {
   }
   const totp = await db.query.totps.findFirst();
   if (totp != null) {
+    // Either a TOTP code challenge or a passkey assertion bound to the
+    // same login session satisfies the second factor.  A passkey is
+    // already multi-factor on its own (something the user has plus a
+    // user-verification gesture), so it stands in for TOTP rather than
+    // stacking on top of it.
     const otp = await getSignedCookie(c, SECRET_KEY, "otp");
-    if (otp == null || otp === false || otp !== `${login} totp`) {
+    const passkey = await getSignedCookie(c, SECRET_KEY, "passkey");
+    const otpOk = otp != null && otp !== false && otp === `${login} totp`;
+    const passkeyOk =
+      passkey != null && passkey !== false && passkey === `${login} passkey`;
+    if (!otpOk && !passkeyOk) {
       return c.redirect(`/login/otp?next=${encodeURIComponent(c.req.url)}`);
     }
   }
diff --git a/src/pages/auth.test.ts b/src/pages/auth.test.ts
new file mode 100644
index 00000000..2f9db05e
--- /dev/null
+++ b/src/pages/auth.test.ts
@@ -0,0 +1,454 @@
+import { hash } from "argon2";
+import { eq } from "drizzle-orm";
+import { beforeEach, describe, expect, it, vi } from "vitest";
+
+import { cleanDatabase } from "../../tests/helpers";
+import { getLoginCookie } from "../../tests/helpers/web";
+import db from "../db";
+import { credentials, passkeys } from "../schema";
+import app from "./index";
+
+vi.mock("../passkey", async () => {
+  const actual =
+    await vi.importActual<typeof import("../passkey")>("../passkey");
+  return {
+    ...actual,
+    verifyRegistration: vi.fn(),
+  };
+});
+
+const { verifyRegistration: mockVerifyRegistration } =
+  await import("../passkey");
+
+const TEST_EMAIL = "owner@example.com";
+
+async function seedCredential(): Promise<void> {
+  await db.insert(credentials).values({
+    email: TEST_EMAIL,
+    passwordHash: await hash("hunter2hunter2"),
+  });
+}
+
+describe("auth passkeys", () => {
+  beforeEach(async () => {
+    await cleanDatabase();
+    vi.mocked(mockVerifyRegistration).mockClear();
+  });
+
+  describe("POST /auth/passkeys/registration/begin", () => {
+    it("redirects to /setup if no credential is configured", async () => {
+      const cookie = await getLoginCookie();
+      const response = await app.request("/auth/passkeys/registration/begin", {
+        method: "POST",
+        headers: { Cookie: cookie },
+      });
+      expect(response.status).toBe(302);
+      expect(response.headers.get("Location")).toBe("/setup");
+    });
+
+    it("returns options JSON and sets a challenge cookie", async () => {
+      await seedCredential();
+      const cookie = await getLoginCookie();
+      const response = await app.request(
+        "http://hollo.test/auth/passkeys/registration/begin",
+        {
+          method: "POST",
+          headers: { Cookie: cookie },
+        },
+      );
+      expect(response.status).toBe(200);
+      const body = (await response.json()) as Record<string, unknown> & {
+        rp: { id: string; name: string };
+        user: { name: string };
+        challenge: string;
+        authenticatorSelection?: {
+          residentKey?: string;
+          userVerification?: string;
+        };
+      };
+      expect(body.rp.id).toBe("hollo.test");
+      expect(body.rp.name).toBe("Hollo");
+      expect(body.user.name).toBe(TEST_EMAIL);
+      expect(typeof body.challenge).toBe("string");
+      expect(body.authenticatorSelection?.residentKey).toBe("required");
+      expect(body.authenticatorSelection?.userVerification).toBe("required");
+      const setCookie = response.headers.get("Set-Cookie") ?? "";
+      expect(setCookie).toMatch(/passkey_reg=/);
+      expect(setCookie).toMatch(/HttpOnly/);
+    });
+
+    it("requires a valid login cookie", async () => {
+      await seedCredential();
+      const response = await app.request(
+        "http://hollo.test/auth/passkeys/registration/begin",
+        { method: "POST" },
+      );
+      expect(response.status).toBe(302);
+      expect(response.headers.get("Location")).toMatch(/^\/login\?next=/);
+    });
+  });
+
+  describe("POST /auth/passkeys/registration/finish", () => {
+    it("rejects requests without a challenge cookie", async () => {
+      await seedCredential();
+      const cookie = await getLoginCookie();
+      const response = await app.request(
+        "http://hollo.test/auth/passkeys/registration/finish",
+        {
+          method: "POST",
+          headers: {
+            Cookie: cookie,
+            "Content-Type": "application/json",
+          },
+          body: JSON.stringify({
+            registrationResponse: {
+              id: "fake",
+              rawId: "fake",
+              type: "public-key",
+              clientExtensionResults: {},
+              response: { clientDataJSON: "", attestationObject: "" },
+            },
+          }),
+        },
+      );
+      expect(response.status).toBe(400);
+      const rows = await db.query.passkeys.findMany();
+      expect(rows).toEqual([]);
+    });
+
+    it("inserts a passkey when verification succeeds", async () => {
+      await seedCredential();
+      const cookie = await getLoginCookie();
+
+      // First: hit /begin to receive a challenge cookie.
+      const beginResponse = await app.request(
+        "http://hollo.test/auth/passkeys/registration/begin",
+        {
+          method: "POST",
+          headers: { Cookie: cookie },
+        },
+      );
+      const challengeCookie = beginResponse.headers.get("Set-Cookie") ?? "";
+      const passkeyRegCookie = challengeCookie.split(";")[0];
+
+      // Pretend the browser produced a valid response.
+      vi.mocked(mockVerifyRegistration).mockResolvedValueOnce({
+        credentialId: "cred-id-abc",
+        publicKey: new Uint8Array([1, 2, 3, 4]),
+        counter: 0,
+        transports: ["internal", "hybrid"],
+        deviceType: "multiDevice",
+        backedUp: true,
+      });
+
+      const finishResponse = await app.request(
+        "http://hollo.test/auth/passkeys/registration/finish",
+        {
+          method: "POST",
+          headers: {
+            Cookie: `${cookie}; ${passkeyRegCookie}`,
+            "Content-Type": "application/json",
+          },
+          body: JSON.stringify({
+            nickname: "My Yubikey",
+            registrationResponse: {
+              id: "cred-id-abc",
+              rawId: "cred-id-abc",
+              type: "public-key",
+              clientExtensionResults: {},
+              response: { clientDataJSON: "", attestationObject: "" },
+            },
+          }),
+        },
+      );
+      expect(finishResponse.status).toBe(204);
+      const setCookie = finishResponse.headers.get("Set-Cookie") ?? "";
+      expect(setCookie).toMatch(/passkey_reg=;/);
+
+      const rows = await db.query.passkeys.findMany();
+      expect(rows).toHaveLength(1);
+      expect(rows[0]).toMatchObject({
+        id: "cred-id-abc",
+        credentialEmail: TEST_EMAIL,
+        counter: 0,
+        transports: ["internal", "hybrid"],
+        deviceType: "multiDevice",
+        backedUp: true,
+        nickname: "My Yubikey",
+      });
+    });
+
+    it("returns 409 when the same credential id is enrolled twice", async () => {
+      await seedCredential();
+      const cookie = await getLoginCookie();
+      const beginResponse = await app.request(
+        "http://hollo.test/auth/passkeys/registration/begin",
+        { method: "POST", headers: { Cookie: cookie } },
+      );
+      const challengeCookie = beginResponse.headers.get("Set-Cookie") ?? "";
+      const passkeyRegCookie = challengeCookie.split(";")[0];
+
+      // Pre-seed the duplicate to simulate "this passkey is already on file."
+      await db.insert(passkeys).values({
+        id: "duplicate-cred-id",
+        credentialEmail: TEST_EMAIL,
+        publicKey: "preexisting-key",
+        counter: 0,
+        transports: ["internal"],
+        deviceType: "multiDevice",
+        backedUp: true,
+        nickname: "Old entry",
+      });
+
+      vi.mocked(mockVerifyRegistration).mockResolvedValueOnce({
+        credentialId: "duplicate-cred-id",
+        publicKey: new Uint8Array([9, 9, 9]),
+        counter: 0,
+        transports: ["internal"],
+        deviceType: "multiDevice",
+        backedUp: true,
+      });
+
+      const finishResponse = await app.request(
+        "http://hollo.test/auth/passkeys/registration/finish",
+        {
+          method: "POST",
+          headers: {
+            Cookie: `${cookie}; ${passkeyRegCookie}`,
+            "Content-Type": "application/json",
+          },
+          body: JSON.stringify({
+            registrationResponse: {
+              id: "duplicate-cred-id",
+              rawId: "duplicate-cred-id",
+              type: "public-key",
+              clientExtensionResults: {},
+              response: { clientDataJSON: "", attestationObject: "" },
+            },
+          }),
+        },
+      );
+      expect(finishResponse.status).toBe(409);
+      const rows = await db.query.passkeys.findMany();
+      expect(rows).toHaveLength(1);
+      expect(rows[0]?.nickname).toBe("Old entry");
+    });
+
+    it("rejects challenge cookies bound to a different login session", async () => {
+      await seedCredential();
+      const beginCookie = await getLoginCookie();
+      const beginResponse = await app.request(
+        "http://hollo.test/auth/passkeys/registration/begin",
+        { method: "POST", headers: { Cookie: beginCookie } },
+      );
+      const challengeCookie = beginResponse.headers.get("Set-Cookie") ?? "";
+      const passkeyRegCookie = challengeCookie.split(";")[0];
+
+      // Different "login" timestamp -> different signed cookie value.
+      await new Promise((r) => setTimeout(r, 5));
+      const otherCookie = await getLoginCookie();
+
+      const finishResponse = await app.request(
+        "http://hollo.test/auth/passkeys/registration/finish",
+        {
+          method: "POST",
+          headers: {
+            Cookie: `${otherCookie}; ${passkeyRegCookie}`,
+            "Content-Type": "application/json",
+          },
+          body: JSON.stringify({
+            registrationResponse: {
+              id: "x",
+              rawId: "x",
+              type: "public-key",
+              clientExtensionResults: {},
+              response: { clientDataJSON: "", attestationObject: "" },
+            },
+          }),
+        },
+      );
+      expect(finishResponse.status).toBe(400);
+      expect(mockVerifyRegistration).not.toHaveBeenCalled();
+    });
+
+    it("returns 400 when verification fails", async () => {
+      await seedCredential();
+      const cookie = await getLoginCookie();
+      const beginResponse = await app.request(
+        "http://hollo.test/auth/passkeys/registration/begin",
+        { method: "POST", headers: { Cookie: cookie } },
+      );
+      const challengeCookie = beginResponse.headers.get("Set-Cookie") ?? "";
+      const passkeyRegCookie = challengeCookie.split(";")[0];
+
+      vi.mocked(mockVerifyRegistration).mockResolvedValueOnce(null);
+
+      const finishResponse = await app.request(
+        "http://hollo.test/auth/passkeys/registration/finish",
+        {
+          method: "POST",
+          headers: {
+            Cookie: `${cookie}; ${passkeyRegCookie}`,
+            "Content-Type": "application/json",
+          },
+          body: JSON.stringify({
+            registrationResponse: {
+              id: "x",
+              rawId: "x",
+              type: "public-key",
+              clientExtensionResults: {},
+              response: { clientDataJSON: "", attestationObject: "" },
+            },
+          }),
+        },
+      );
+      expect(finishResponse.status).toBe(400);
+      const rows = await db.query.passkeys.findMany();
+      expect(rows).toEqual([]);
+    });
+
+    it("derives a friendly default nickname from the User-Agent", async () => {
+      await seedCredential();
+      const cookie = await getLoginCookie();
+      const beginResponse = await app.request(
+        "http://hollo.test/auth/passkeys/registration/begin",
+        { method: "POST", headers: { Cookie: cookie } },
+      );
+      const challengeCookie = beginResponse.headers.get("Set-Cookie") ?? "";
+      const passkeyRegCookie = challengeCookie.split(";")[0];
+
+      vi.mocked(mockVerifyRegistration).mockResolvedValueOnce({
+        credentialId: "cred-id-def",
+        publicKey: new Uint8Array([5, 6, 7, 8]),
+        counter: 0,
+        transports: [],
+        deviceType: "singleDevice",
+        backedUp: false,
+      });
+
+      const finishResponse = await app.request(
+        "http://hollo.test/auth/passkeys/registration/finish",
+        {
+          method: "POST",
+          headers: {
+            Cookie: `${cookie}; ${passkeyRegCookie}`,
+            "Content-Type": "application/json",
+            "User-Agent":
+              "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15",
+          },
+          body: JSON.stringify({
+            registrationResponse: {
+              id: "cred-id-def",
+              rawId: "cred-id-def",
+              type: "public-key",
+              clientExtensionResults: {},
+              response: { clientDataJSON: "", attestationObject: "" },
+            },
+          }),
+        },
+      );
+      expect(finishResponse.status).toBe(204);
+      const row = await db.query.passkeys.findFirst({
+        where: eq(passkeys.id, "cred-id-def"),
+      });
+      expect(row?.nickname).toBe("macOS device");
+    });
+
+    it("consumes the challenge cookie even on a malformed body", async () => {
+      // A malformed first request would previously short-circuit at the
+      // schema validator before the cookie was deleted, leaving the same
+      // signed value usable for the rest of its TTL.
+      await seedCredential();
+      const cookie = await getLoginCookie();
+      const beginResponse = await app.request(
+        "http://hollo.test/auth/passkeys/registration/begin",
+        { method: "POST", headers: { Cookie: cookie } },
+      );
+      const challengeCookie = beginResponse.headers.get("Set-Cookie") ?? "";
+      const passkeyRegCookie = challengeCookie.split(";")[0];
+
+      const finishResponse = await app.request(
+        "http://hollo.test/auth/passkeys/registration/finish",
+        {
+          method: "POST",
+          headers: {
+            Cookie: `${cookie}; ${passkeyRegCookie}`,
+            "Content-Type": "application/json",
+          },
+          // The schema requires `registrationResponse`, so this body is
+          // invalid and used to trip zValidator before the handler ran.
+          body: JSON.stringify({ nickname: "no response" }),
+        },
+      );
+      expect(finishResponse.status).toBe(400);
+      const setCookie = finishResponse.headers.get("Set-Cookie") ?? "";
+      expect(setCookie).toMatch(/passkey_reg=;/);
+    });
+  });
+
+  describe("POST /auth/passkeys/:id/delete", () => {
+    it("deletes the named passkey and redirects to /auth", async () => {
+      await seedCredential();
+      await db.insert(passkeys).values({
+        id: "cred-to-remove",
+        credentialEmail: TEST_EMAIL,
+        publicKey: "public-key-base64url",
+        counter: 0,
+        transports: ["internal"],
+        deviceType: "multiDevice",
+        backedUp: true,
+        nickname: "Old phone",
+      });
+      const cookie = await getLoginCookie();
+      const response = await app.request(
+        "/auth/passkeys/cred-to-remove/delete",
+        {
+          method: "POST",
+          headers: { Cookie: cookie },
+        },
+      );
+      expect(response.status).toBe(302);
+      expect(response.headers.get("Location")).toBe("/auth");
+      const rows = await db.query.passkeys.findMany();
+      expect(rows).toEqual([]);
+    });
+
+    it("redirects to /auth even when the id does not exist", async () => {
+      await seedCredential();
+      const cookie = await getLoginCookie();
+      const response = await app.request(
+        "/auth/passkeys/does-not-exist/delete",
+        {
+          method: "POST",
+          headers: { Cookie: cookie },
+        },
+      );
+      expect(response.status).toBe(302);
+      expect(response.headers.get("Location")).toBe("/auth");
+    });
+  });
+
+  describe("GET /auth", () => {
+    it("renders a Passkeys section with the enrolled passkeys", async () => {
+      await seedCredential();
+      await db.insert(passkeys).values({
+        id: "cred-listing",
+        credentialEmail: TEST_EMAIL,
+        publicKey: "public-key-base64url",
+        counter: 0,
+        transports: ["internal"],
+        deviceType: "multiDevice",
+        backedUp: true,
+        nickname: "My laptop",
+      });
+      const cookie = await getLoginCookie();
+      const response = await app.request("/auth", {
+        headers: { Cookie: cookie },
+      });
+      expect(response.status).toBe(200);
+      const body = await response.text();
+      expect(body).toContain("Passkeys");
+      expect(body).toContain("My laptop");
+    });
+  });
+});
diff --git a/src/pages/auth.tsx b/src/pages/auth.tsx
index 5ae5784f..8ef82291 100644
--- a/src/pages/auth.tsx
+++ b/src/pages/auth.tsx
@@ -1,22 +1,39 @@
 import { zValidator } from "@hono/zod-validator";
 import { getLogger } from "@logtape/logtape";
+import type { AuthenticatorTransportFuture } from "@simplewebauthn/server";
+import { eq } from "drizzle-orm";
 import { Hono } from "hono";
+import { deleteCookie, getSignedCookie, setSignedCookie } from "hono/cookie";
 import type { HOTP, TOTP } from "otpauth";
 import { z } from "zod";
 
 import { DashboardLayout } from "../components/DashboardLayout";
 import db from "../db";
+import { SECRET_KEY } from "../env";
 import { loginRequired } from "../login";
-import { type Totp, totps } from "../schema";
+import {
+  buildRegistrationOptions,
+  encodePublicKey,
+  getRpInfo,
+  nicknameFromUserAgent,
+  verifyRegistration,
+} from "../passkey";
+import { type Passkey, passkeys, type Totp, totps } from "../schema";
 
 const logger = getLogger(["hollo", "pages", "auth"]);
 
+const PASSKEY_REG_COOKIE = "passkey_reg";
+const PASSKEY_REG_MAX_AGE_SECONDS = 5 * 60;
+
 const auth = new Hono();
 
 auth.use(loginRequired);
 
 auth.get("/", async (c) => {
   const totp = await db.query.totps.findFirst();
+  const passkeysList = await db.query.passkeys.findMany({
+    orderBy: (p, { desc }) => [desc(p.created)],
+  });
   const open = c.req.query("open");
   if (totp == null && open === "2fa") {
     const credential = await db.query.credentials.findFirst();
@@ -31,9 +48,9 @@ auth.get("/", async (c) => {
       secret: new Secret({ size: 20 }),
     });
     logger.debug("The TOTP token: {token}", { token: totp.generate() });
-    return c.html(<AuthPage tfa={{ totp }} />);
+    return c.html(<AuthPage tfa={{ totp }} passkeys={passkeysList} />);
   }
-  return c.html(<AuthPage totp={totp} />);
+  return c.html(<AuthPage totp={totp} passkeys={passkeysList} />);
 });
 
 auth.post(
@@ -46,9 +63,15 @@ auth.post(
     const form = c.req.valid("form");
     const { HOTP, URI } = await import("otpauth");
     const totp = URI.parse(form.totp);
+    const passkeysList = await db.query.passkeys.findMany({
+      orderBy: (p, { desc }) => [desc(p.created)],
+    });
     if (totp instanceof HOTP) {
       return c.html(
-        <AuthPage tfa={{ totp, error: "HOTP is not supported." }} />,
+        <AuthPage
+          tfa={{ totp, error: "HOTP is not supported." }}
+          passkeys={passkeysList}
+        />,
       );
     }
     const validated = totp.validate({
@@ -57,7 +80,10 @@ auth.post(
     });
     if (validated == null) {
       return c.html(
-        <AuthPage tfa={{ totp, error: "The code you entered is invalid." }} />,
+        <AuthPage
+          tfa={{ totp, error: "The code you entered is invalid." }}
+          passkeys={passkeysList}
+        />,
       );
     }
     await db.insert(totps).values({
@@ -73,15 +99,164 @@ auth.post("/2fa/disable", async (c) => {
   return c.redirect("/auth");
 });
 
+auth.post("/passkeys/registration/begin", async (c) => {
+  const login = await getSignedCookie(c, SECRET_KEY, "login");
+  // loginRequired ran already, but TypeScript can't narrow that, and the
+  // double check costs nothing.
+  if (login == null || login === false) {
+    return c.redirect(`/login?next=${encodeURIComponent(c.req.url)}`);
+  }
+  const credential = await db.query.credentials.findFirst();
+  if (credential == null) return c.redirect("/setup");
+  const enrolled = await db.query.passkeys.findMany({
+    columns: { id: true, transports: true },
+  });
+  const rpInfo = getRpInfo(c.req.url);
+  const { options, challenge } = await buildRegistrationOptions({
+    rpInfo,
+    email: credential.email,
+    existingCredentials: enrolled.map((p) => ({
+      id: p.id,
+      transports: p.transports as AuthenticatorTransportFuture[],
+    })),
+  });
+  const expiresAt = Date.now() + PASSKEY_REG_MAX_AGE_SECONDS * 1000;
+  // The signed cookie binds the challenge to (a) the current login
+  // session and (b) a server-enforced expiry, so a captured cookie
+  // can't be replayed after logout or after the TTL even though
+  // Max-Age is only a browser hint.  The pipe character is not part
+  // of base64url (the challenge encoding), so it's safe as a
+  // separator.
+  const value = `${challenge}|${expiresAt.toString()}|${login}`;
+  await setSignedCookie(c, PASSKEY_REG_COOKIE, value, SECRET_KEY, {
+    httpOnly: true,
+    secure: rpInfo.origin.startsWith("https://"),
+    sameSite: "Strict",
+    path: "/auth/passkeys",
+    maxAge: PASSKEY_REG_MAX_AGE_SECONDS,
+  });
+  return c.json(options);
+});
+
+const finishBodySchema = z.object({
+  nickname: z.string().trim().max(80).optional(),
+  registrationResponse: z.object({
+    id: z.string().min(1),
+    rawId: z.string().min(1),
+    type: z.literal("public-key"),
+    clientExtensionResults: z.record(z.string(), z.unknown()),
+    authenticatorAttachment: z.string().optional(),
+    response: z.object({
+      clientDataJSON: z.string(),
+      attestationObject: z.string(),
+      authenticatorData: z.string().optional(),
+      publicKey: z.string().optional(),
+      publicKeyAlgorithm: z.number().optional(),
+      transports: z.array(z.string()).optional(),
+    }),
+  }),
+});
+
+auth.post("/passkeys/registration/finish", async (c) => {
+  const login = await getSignedCookie(c, SECRET_KEY, "login");
+  if (login == null || login === false) {
+    return c.redirect(`/login?next=${encodeURIComponent(c.req.url)}`);
+  }
+  // Consume the registration challenge cookie up front, before any body
+  // parsing or schema validation, so a malformed first request still
+  // burns the cookie.  Otherwise zValidator would short-circuit on a bad
+  // payload and leave passkey_reg replayable until its TTL.
+  const cookieValue = await getSignedCookie(c, SECRET_KEY, PASSKEY_REG_COOKIE);
+  deleteCookie(c, PASSKEY_REG_COOKIE, { path: "/auth/passkeys" });
+  if (cookieValue == null || cookieValue === false) {
+    return c.json({ error: "Missing or invalid challenge cookie." }, 400);
+  }
+  const parts = cookieValue.split("|");
+  if (parts.length !== 3) {
+    return c.json({ error: "Malformed challenge cookie." }, 400);
+  }
+  const [challenge, expiresAtStr, boundLogin] = parts;
+  const expiresAt = Number.parseInt(expiresAtStr, 10);
+  if (!Number.isFinite(expiresAt) || Date.now() > expiresAt) {
+    return c.json({ error: "Challenge has expired." }, 400);
+  }
+  if (boundLogin !== login) {
+    return c.json(
+      { error: "Challenge is bound to a different login session." },
+      400,
+    );
+  }
+  const credential = await db.query.credentials.findFirst();
+  if (credential == null) return c.redirect("/setup");
+
+  let rawBody: unknown;
+  try {
+    rawBody = await c.req.json();
+  } catch {
+    return c.json({ error: "Invalid JSON body." }, 400);
+  }
+  const parsed = finishBodySchema.safeParse(rawBody);
+  if (!parsed.success) {
+    return c.json({ error: "Invalid request body." }, 400);
+  }
+  const body = parsed.data;
+  const rpInfo = getRpInfo(c.req.url);
+  const verified = await verifyRegistration({
+    rpInfo,
+    // SimpleWebAuthn validates the inner shape; the Zod schema above
+    // just rejects obviously wrong payloads.
+    // oxlint-disable-next-line typescript/no-explicit-any
+    response: body.registrationResponse as any,
+    expectedChallenge: challenge,
+  });
+  if (verified == null) {
+    return c.json({ error: "Registration could not be verified." }, 400);
+  }
+  // body.nickname has already been .trim()'d by finishBodySchema, so it's
+  // either a non-empty trimmed string, an empty string, or undefined.
+  const nickname =
+    body.nickname != null && body.nickname !== ""
+      ? body.nickname
+      : nicknameFromUserAgent(c.req.header("user-agent"));
+  const inserted = await db
+    .insert(passkeys)
+    .values({
+      id: verified.credentialId,
+      credentialEmail: credential.email,
+      publicKey: encodePublicKey(verified.publicKey),
+      counter: verified.counter,
+      transports: verified.transports,
+      deviceType: verified.deviceType,
+      backedUp: verified.backedUp,
+      nickname,
+    })
+    .onConflictDoNothing()
+    .returning({ id: passkeys.id });
+  if (inserted.length === 0) {
+    return c.json(
+      { error: "This passkey is already enrolled on this account." },
+      409,
+    );
+  }
+  return c.body(null, 204);
+});
+
+auth.post("/passkeys/:id/delete", async (c) => {
+  const id = c.req.param("id");
+  await db.delete(passkeys).where(eq(passkeys.id, id));
+  return c.redirect("/auth");
+});
+
 interface AuthPageProps {
   totp?: Totp;
   tfa?: {
     totp: TOTP | HOTP;
     error?: string;
   };
+  passkeys: Passkey[];
 }
 
-async function AuthPage({ totp, tfa }: AuthPageProps) {
+async function AuthPage({ totp, tfa, passkeys }: AuthPageProps) {
   return (
     <DashboardLayout title="Hollo: Auth" selectedMenu="auth">
       <header class="mb-6">
@@ -209,10 +384,136 @@ async function AuthPage({ totp, tfa }: AuthPageProps) {
           </form>
         )}
       </section>
+
+      <section class="mt-6 rounded-xl border border-neutral-200 bg-white p-6 dark:border-neutral-800 dark:bg-neutral-900">
+        <header class="mb-4 flex flex-wrap items-start justify-between gap-3">
+          <div>
+            <h2 class="text-lg font-semibold text-neutral-900 dark:text-neutral-100">
+              Passkeys
+            </h2>
+            <p class="mt-1 max-w-xl text-sm text-neutral-600 dark:text-neutral-400">
+              Sign in without a password using a device-bound key plus a
+              biometric or PIN. A passkey on its own counts as multi-factor
+              authentication, so the TOTP step is skipped.
+            </p>
+          </div>
+          <span
+            class={
+              passkeys.length === 0
+                ? "inline-flex items-center gap-1 rounded-full bg-neutral-100 px-2.5 py-0.5 text-xs font-medium text-neutral-700 dark:bg-neutral-800 dark:text-neutral-300"
+                : "inline-flex items-center gap-1 rounded-full bg-green-100 px-2.5 py-0.5 text-xs font-medium text-green-800 dark:bg-green-950 dark:text-green-300"
+            }
+          >
+            <span
+              class={
+                passkeys.length === 0
+                  ? "size-1.5 rounded-full bg-neutral-400"
+                  : "size-1.5 rounded-full bg-green-500"
+              }
+              aria-hidden="true"
+            />
+            {passkeys.length === 0
+              ? "None enrolled"
+              : `${passkeys.length.toString()} enrolled`}
+          </span>
+        </header>
+
+        {passkeys.length === 0 ? (
+          <p class="mb-4 text-sm text-neutral-600 dark:text-neutral-400">
+            No passkeys are enrolled yet. Enrolling one lets you sign in from
+            this browser without typing your password.
+          </p>
+        ) : (
+          <ul class="mb-4 divide-y divide-neutral-200 dark:divide-neutral-800">
+            {passkeys.map((p) => (
+              <li class="flex flex-wrap items-center justify-between gap-3 py-3">
+                <div class="min-w-0 flex-1">
+                  <p class="truncate text-sm font-medium text-neutral-900 dark:text-neutral-100">
+                    {p.nickname}
+                  </p>
+                  <p class="mt-0.5 text-xs text-neutral-500 dark:text-neutral-400">
+                    Added{" "}
+                    <time dateTime={p.created.toISOString()}>
+                      {formatDate(p.created)}
+                    </time>
+                    {p.lastUsed != null ? (
+                      <>
+                        {" · last used "}
+                        <time dateTime={p.lastUsed.toISOString()}>
+                          {formatDate(p.lastUsed)}
+                        </time>
+                      </>
+                    ) : (
+                      " · never used"
+                    )}
+                  </p>
+                </div>
+                <form
+                  method="post"
+                  action={`/auth/passkeys/${encodeURIComponent(p.id)}/delete`}
+                  class="m-0"
+                  onsubmit="return window.confirm('Remove this passkey?  You will not be able to sign in with it after this.');"
+                >
+                  <button
+                    type="submit"
+                    class="inline-flex items-center gap-1.5 rounded-md border border-red-300 bg-white px-3 py-1.5 text-xs font-semibold text-red-700 transition-colors hover:bg-red-50 dark:border-red-900 dark:bg-neutral-900 dark:text-red-400 dark:hover:bg-red-950"
+                  >
+                    Remove
+                  </button>
+                </form>
+              </li>
+            ))}
+          </ul>
+        )}
+
+        <form id="passkey-enroll-form" class="space-y-3">
+          <label
+            class="block text-sm font-medium text-neutral-800 dark:text-neutral-200"
+            for="passkey-nickname"
+          >
+            Nickname
+            <span class="ms-2 text-xs font-normal text-neutral-500 dark:text-neutral-400">
+              optional
+            </span>
+          </label>
+          <input
+            id="passkey-nickname"
+            name="nickname"
+            type="text"
+            maxLength={80}
+            placeholder="e.g. iPhone, work laptop, YubiKey"
+            class="w-full rounded-md border border-neutral-300 bg-white px-3 py-2 text-sm text-neutral-900 shadow-sm placeholder:text-neutral-400 focus:border-brand-500 focus:outline-none focus:ring-2 focus:ring-brand-100 dark:border-neutral-700 dark:bg-neutral-950 dark:text-neutral-100 dark:placeholder:text-neutral-500 dark:focus:ring-brand-900"
+          />
+          <div class="flex flex-wrap items-center gap-3">
+            <button
+              type="submit"
+              class="inline-flex items-center gap-1.5 rounded-md bg-brand-600 px-4 py-2 text-sm font-semibold text-white transition-colors hover:bg-brand-700 dark:bg-brand-700 dark:hover:bg-brand-800"
+            >
+              Add passkey
+            </button>
+            <p
+              id="passkey-enroll-status"
+              class="text-xs text-neutral-500 dark:text-neutral-400"
+              aria-live="polite"
+            />
+          </div>
+        </form>
+      </section>
+
+      <script src="/public/simplewebauthn-browser.umd.js" defer />
+      <script src="/public/passkey.js" defer />
     </DashboardLayout>
   );
 }
 
+function formatDate(value: Date): string {
+  // Server-side rendering uses the server's locale, which inside a typical
+  // Hollo container is UTC; the wrapping <time dateTime> attribute carries
+  // the canonical ISO instant so a browser-side enhancement could re-render
+  // it in the visitor's locale.  Same pattern as src/components/AccountList.tsx.
+  return value.toLocaleDateString();
+}
+
 function qrCode(data: string): Promise<string> {
   return new Promise((resolve, reject) => {
     const run = async () => {
diff --git a/src/pages/login.test.ts b/src/pages/login.test.ts
new file mode 100644
index 00000000..0305d781
--- /dev/null
+++ b/src/pages/login.test.ts
@@ -0,0 +1,617 @@
+import { eq } from "drizzle-orm";
+import * as timekeeper from "timekeeper";
+import { beforeEach, describe, expect, it, vi } from "vitest";
+
+import { cleanDatabase } from "../../tests/helpers";
+import db from "../db";
+import { credentials, passkeyLoginChallenges, passkeys } from "../schema";
+import app from "./index";
+
+vi.mock("../passkey", async () => {
+  const actual =
+    await vi.importActual<typeof import("../passkey")>("../passkey");
+  return {
+    ...actual,
+    verifyAuthentication: vi.fn(),
+  };
+});
+
+const { verifyAuthentication: mockVerifyAuthentication } =
+  await import("../passkey");
+
+const TEST_EMAIL = "owner@example.com";
+
+async function seedCredential(): Promise<void> {
+  await db.insert(credentials).values({
+    email: TEST_EMAIL,
+    passwordHash: "$argon2id$stub",
+  });
+}
+
+async function seedPasskey(id = "cred-id-login"): Promise<void> {
+  await db.insert(passkeys).values({
+    id,
+    credentialEmail: TEST_EMAIL,
+    publicKey: "base64url-public-key",
+    counter: 5,
+    transports: ["internal", "hybrid"],
+    deviceType: "multiDevice",
+    backedUp: true,
+    nickname: "My laptop",
+  });
+}
+
+describe("login passkeys", () => {
+  beforeEach(async () => {
+    await cleanDatabase();
+    // mockReset() (not just mockClear) drops any queued
+    // mockResolvedValueOnce / mockImplementationOnce stacks left over
+    // from a prior test — otherwise a follow-up test could pick up the
+    // wrong one-shot return value.
+    vi.mocked(mockVerifyAuthentication).mockReset();
+  });
+
+  describe("GET /login", () => {
+    it("does not show the passkey button when none are enrolled", async () => {
+      const response = await app.request("/login");
+      const body = await response.text();
+      expect(response.status).toBe(200);
+      expect(body).not.toContain("Sign in with passkey");
+    });
+
+    it("shows the passkey button when at least one is enrolled", async () => {
+      await seedCredential();
+      await seedPasskey();
+      const response = await app.request("/login");
+      const body = await response.text();
+      expect(response.status).toBe(200);
+      expect(body).toContain("Sign in with passkey");
+      // The password form is still available behind a toggle.
+      expect(body).toContain("Sign in with password");
+    });
+
+    it("opens the password form when the previous password attempt failed", async () => {
+      await seedCredential();
+      await seedPasskey();
+      const response = await app.request("/login", {
+        method: "POST",
+        body: new URLSearchParams({
+          email: "wrong@example.com",
+          password: "wrong-password",
+        }),
+        headers: { "Content-Type": "application/x-www-form-urlencoded" },
+      });
+      const body = await response.text();
+      // The <details> element rendering its `open` attribute means the
+      // password form is visible by default after a failed attempt.
+      expect(body).toMatch(/<details[^>]*\bopen\b/);
+      expect(body).toContain("Invalid email or password.");
+    });
+  });
+
+  describe("POST /login/passkey/begin", () => {
+    it("returns 404 and does not insert a challenge when no passkeys are enrolled", async () => {
+      const response = await app.request(
+        "http://hollo.test/login/passkey/begin",
+        { method: "POST" },
+      );
+      expect(response.status).toBe(404);
+      const rows = await db.query.passkeyLoginChallenges.findMany();
+      expect(rows).toEqual([]);
+      // No transient cookie should be issued on this rejection path.
+      const setCookie = response.headers.get("Set-Cookie") ?? "";
+      expect(setCookie).not.toMatch(/passkey_login=/);
+    });
+
+    it("evicts the oldest outstanding row instead of 429 when at cap", async () => {
+      // An unauthenticated attacker should not be able to park the
+      // table at the cap to lock out legitimate sign-ins.  When /begin
+      // hits the cap it evicts the oldest unexpired row to make space
+      // and still returns a fresh challenge.
+      await seedCredential();
+      await seedPasskey();
+      const baseExpiry = Date.now() + 60_000;
+      const rows = Array.from({ length: 64 }, (_, i) => ({
+        id: `seeded-${i.toString().padStart(2, "0")}`,
+        challenge: "seeded-challenge",
+        // Older rows expire sooner, so the i=0 row is the FIFO head.
+        expiresAt: new Date(baseExpiry + i * 1000),
+      }));
+      await db.insert(passkeyLoginChallenges).values(rows);
+
+      const response = await app.request(
+        "http://hollo.test/login/passkey/begin",
+        { method: "POST" },
+      );
+      expect(response.status).toBe(200);
+      expect(response.headers.get("Retry-After")).toBeNull();
+      // Table size is unchanged (one evicted, one inserted).
+      const total = await db.$count(passkeyLoginChallenges);
+      expect(total).toBe(64);
+      // The oldest seeded row is the one that got dropped.
+      const evicted = await db.query.passkeyLoginChallenges.findFirst({
+        where: eq(passkeyLoginChallenges.id, "seeded-00"),
+      });
+      expect(evicted).toBeUndefined();
+    });
+
+    it("returns authn options and sets a challenge cookie when at least one is enrolled", async () => {
+      await seedCredential();
+      await seedPasskey();
+      const response = await app.request(
+        "http://hollo.test/login/passkey/begin",
+        { method: "POST" },
+      );
+      expect(response.status).toBe(200);
+      const body = (await response.json()) as {
+        rpId: string;
+        challenge: string;
+        userVerification?: string;
+      };
+      expect(body.rpId).toBe("hollo.test");
+      expect(typeof body.challenge).toBe("string");
+      expect(body.userVerification).toBe("required");
+      const setCookie = response.headers.get("Set-Cookie") ?? "";
+      expect(setCookie).toMatch(/passkey_login=/);
+      expect(setCookie).toMatch(/HttpOnly/);
+    });
+  });
+
+  describe("POST /login/passkey/finish", () => {
+    it("rejects requests without a challenge cookie", async () => {
+      const response = await app.request(
+        "http://hollo.test/login/passkey/finish",
+        {
+          method: "POST",
+          headers: { "Content-Type": "application/json" },
+          body: JSON.stringify({
+            authenticationResponse: {
+              id: "cred-id-login",
+              rawId: "cred-id-login",
+              type: "public-key",
+              clientExtensionResults: {},
+              response: {
+                clientDataJSON: "",
+                authenticatorData: "",
+                signature: "",
+              },
+            },
+          }),
+        },
+      );
+      expect(response.status).toBe(400);
+    });
+
+    it("rejects assertions for unknown credential ids", async () => {
+      // /begin needs at least one passkey enrolled to hand out a
+      // challenge cookie; the actual credential id we send to /finish
+      // is unrelated to it, which is the case under test.
+      await seedCredential();
+      await seedPasskey("a-different-cred");
+      const beginResponse = await app.request(
+        "http://hollo.test/login/passkey/begin",
+        { method: "POST" },
+      );
+      const challengeCookie =
+        beginResponse.headers.get("Set-Cookie")?.split(";")[0] ?? "";
+      const response = await app.request(
+        "http://hollo.test/login/passkey/finish",
+        {
+          method: "POST",
+          headers: {
+            "Content-Type": "application/json",
+            Cookie: challengeCookie,
+          },
+          body: JSON.stringify({
+            authenticationResponse: {
+              id: "unknown-cred",
+              rawId: "unknown-cred",
+              type: "public-key",
+              clientExtensionResults: {},
+              response: {
+                clientDataJSON: "",
+                authenticatorData: "",
+                signature: "",
+              },
+            },
+          }),
+        },
+      );
+      expect(response.status).toBe(400);
+      expect(mockVerifyAuthentication).not.toHaveBeenCalled();
+    });
+
+    it("sets login and passkey cookies and returns a redirect target on success", async () => {
+      await seedCredential();
+      await seedPasskey();
+      vi.mocked(mockVerifyAuthentication).mockResolvedValueOnce({
+        newCounter: 12,
+      });
+
+      const beginResponse = await app.request(
+        "http://hollo.test/login/passkey/begin",
+        { method: "POST" },
+      );
+      const challengeCookie =
+        beginResponse.headers.get("Set-Cookie")?.split(";")[0] ?? "";
+
+      const response = await app.request(
+        "http://hollo.test/login/passkey/finish",
+        {
+          method: "POST",
+          headers: {
+            "Content-Type": "application/json",
+            Cookie: challengeCookie,
+          },
+          body: JSON.stringify({
+            next: "/accounts",
+            authenticationResponse: {
+              id: "cred-id-login",
+              rawId: "cred-id-login",
+              type: "public-key",
+              clientExtensionResults: {},
+              response: {
+                clientDataJSON: "",
+                authenticatorData: "",
+                signature: "",
+              },
+            },
+          }),
+        },
+      );
+      expect(response.status).toBe(200);
+      const body = (await response.json()) as { redirect: string };
+      expect(body.redirect).toBe("/accounts");
+
+      const setCookie = response.headers.get("Set-Cookie") ?? "";
+      expect(setCookie).toMatch(/login=/);
+      expect(setCookie).toMatch(/passkey=/);
+      // The transient challenge cookie is cleared.
+      expect(setCookie).toMatch(/passkey_login=;/);
+
+      // counter and lastUsed are updated on the row.
+      const updated = await db.query.passkeys.findFirst({
+        where: eq(passkeys.id, "cred-id-login"),
+      });
+      expect(updated?.counter).toBe(12);
+      expect(updated?.lastUsed).not.toBeNull();
+    });
+
+    it("returns 400 when verification fails and does not update the counter", async () => {
+      await seedCredential();
+      await seedPasskey();
+      vi.mocked(mockVerifyAuthentication).mockResolvedValueOnce(null);
+
+      const beginResponse = await app.request(
+        "http://hollo.test/login/passkey/begin",
+        { method: "POST" },
+      );
+      const challengeCookie =
+        beginResponse.headers.get("Set-Cookie")?.split(";")[0] ?? "";
+
+      const response = await app.request(
+        "http://hollo.test/login/passkey/finish",
+        {
+          method: "POST",
+          headers: {
+            "Content-Type": "application/json",
+            Cookie: challengeCookie,
+          },
+          body: JSON.stringify({
+            authenticationResponse: {
+              id: "cred-id-login",
+              rawId: "cred-id-login",
+              type: "public-key",
+              clientExtensionResults: {},
+              response: {
+                clientDataJSON: "",
+                authenticatorData: "",
+                signature: "",
+              },
+            },
+          }),
+        },
+      );
+      expect(response.status).toBe(400);
+      const row = await db.query.passkeys.findFirst({
+        where: eq(passkeys.id, "cred-id-login"),
+      });
+      expect(row?.counter).toBe(5);
+      expect(row?.lastUsed).toBeNull();
+    });
+
+    it("rejects a replayed cookie + assertion pair (single-use challenge)", async () => {
+      await seedCredential();
+      await seedPasskey();
+
+      const beginResponse = await app.request(
+        "http://hollo.test/login/passkey/begin",
+        { method: "POST" },
+      );
+      const challengeCookie =
+        beginResponse.headers.get("Set-Cookie")?.split(";")[0] ?? "";
+
+      const finishBody = JSON.stringify({
+        authenticationResponse: {
+          id: "cred-id-login",
+          rawId: "cred-id-login",
+          type: "public-key",
+          clientExtensionResults: {},
+          response: {
+            clientDataJSON: "",
+            authenticatorData: "",
+            signature: "",
+          },
+        },
+      });
+
+      // First /finish: valid assertion + cookie → 200.
+      vi.mocked(mockVerifyAuthentication).mockResolvedValueOnce({
+        newCounter: 12,
+      });
+      const first = await app.request(
+        "http://hollo.test/login/passkey/finish",
+        {
+          method: "POST",
+          headers: {
+            "Content-Type": "application/json",
+            Cookie: challengeCookie,
+          },
+          body: finishBody,
+        },
+      );
+      expect(first.status).toBe(200);
+
+      // Second /finish with the same captured cookie: even within the
+      // TTL it must be rejected because the server-side row was consumed.
+      vi.mocked(mockVerifyAuthentication).mockResolvedValueOnce({
+        newCounter: 13,
+      });
+      const second = await app.request(
+        "http://hollo.test/login/passkey/finish",
+        {
+          method: "POST",
+          headers: {
+            "Content-Type": "application/json",
+            Cookie: challengeCookie,
+          },
+          body: finishBody,
+        },
+      );
+      expect(second.status).toBe(400);
+      // verifyAuthentication must not even be called on the replay.
+      expect(mockVerifyAuthentication).toHaveBeenCalledTimes(1);
+    });
+
+    it("returns 409 when a concurrent assertion has already advanced the counter", async () => {
+      await seedCredential();
+      await seedPasskey();
+      // Race: between the row SELECT and the compare-and-set UPDATE,
+      // another assertion bumps the counter forward.  Using the verifier
+      // mock as a hook point lets us inject that mutation deterministically.
+      vi.mocked(mockVerifyAuthentication).mockImplementationOnce(async () => {
+        await db
+          .update(passkeys)
+          .set({ counter: 9 })
+          .where(eq(passkeys.id, "cred-id-login"));
+        return { newCounter: 10 };
+      });
+
+      const beginResponse = await app.request(
+        "http://hollo.test/login/passkey/begin",
+        { method: "POST" },
+      );
+      const challengeCookie =
+        beginResponse.headers.get("Set-Cookie")?.split(";")[0] ?? "";
+
+      const response = await app.request(
+        "http://hollo.test/login/passkey/finish",
+        {
+          method: "POST",
+          headers: {
+            "Content-Type": "application/json",
+            Cookie: challengeCookie,
+          },
+          body: JSON.stringify({
+            authenticationResponse: {
+              id: "cred-id-login",
+              rawId: "cred-id-login",
+              type: "public-key",
+              clientExtensionResults: {},
+              response: {
+                clientDataJSON: "",
+                authenticatorData: "",
+                signature: "",
+              },
+            },
+          }),
+        },
+      );
+      expect(response.status).toBe(409);
+      const setCookie = response.headers.get("Set-Cookie") ?? "";
+      // login / passkey cookies must NOT be set on a 409 path.
+      expect(setCookie).not.toMatch(/(^|;\s*)login=/);
+      expect(setCookie).not.toMatch(/(^|;\s*)passkey=/);
+    });
+
+    it("rejects a backslash-prefixed next URL (open-redirect guard)", async () => {
+      await seedCredential();
+      await seedPasskey();
+      vi.mocked(mockVerifyAuthentication).mockResolvedValueOnce({
+        newCounter: 12,
+      });
+      const beginResponse = await app.request(
+        "http://hollo.test/login/passkey/begin",
+        { method: "POST" },
+      );
+      const challengeCookie =
+        beginResponse.headers.get("Set-Cookie")?.split(";")[0] ?? "";
+
+      const response = await app.request(
+        "http://hollo.test/login/passkey/finish",
+        {
+          method: "POST",
+          headers: {
+            "Content-Type": "application/json",
+            Cookie: challengeCookie,
+          },
+          body: JSON.stringify({
+            next: "/\\evil.example/path",
+            authenticationResponse: {
+              id: "cred-id-login",
+              rawId: "cred-id-login",
+              type: "public-key",
+              clientExtensionResults: {},
+              response: {
+                clientDataJSON: "",
+                authenticatorData: "",
+                signature: "",
+              },
+            },
+          }),
+        },
+      );
+      expect(response.status).toBe(200);
+      const body = (await response.json()) as { redirect: string };
+      expect(body.redirect).toBe("/");
+    });
+
+    it("rejects a stale challenge cookie even before the browser drops it", async () => {
+      await seedCredential();
+      await seedPasskey();
+
+      // Reach into the in-memory state: ask /begin for a fresh challenge,
+      // capture the signed cookie, then time-travel past the TTL.
+      const beginResponse = await app.request(
+        "http://hollo.test/login/passkey/begin",
+        { method: "POST" },
+      );
+      const challengeCookie =
+        beginResponse.headers.get("Set-Cookie")?.split(";")[0] ?? "";
+
+      // Move past the 5-minute server-side expiry without waiting in real
+      // time.  timekeeper mocks both Date.now() and `new Date()` (the
+      // SQL expiry predicate constructs a Date directly).
+      timekeeper.travel(new Date(Date.now() + 6 * 60_000));
+      try {
+        const response = await app.request(
+          "http://hollo.test/login/passkey/finish",
+          {
+            method: "POST",
+            headers: {
+              "Content-Type": "application/json",
+              Cookie: challengeCookie,
+            },
+            body: JSON.stringify({
+              authenticationResponse: {
+                id: "cred-id-login",
+                rawId: "cred-id-login",
+                type: "public-key",
+                clientExtensionResults: {},
+                response: {
+                  clientDataJSON: "",
+                  authenticatorData: "",
+                  signature: "",
+                },
+              },
+            }),
+          },
+        );
+        expect(response.status).toBe(400);
+        expect(mockVerifyAuthentication).not.toHaveBeenCalled();
+      } finally {
+        timekeeper.reset();
+      }
+    });
+
+    it("rejects an external next URL", async () => {
+      await seedCredential();
+      await seedPasskey();
+      vi.mocked(mockVerifyAuthentication).mockResolvedValueOnce({
+        newCounter: 12,
+      });
+
+      const beginResponse = await app.request(
+        "http://hollo.test/login/passkey/begin",
+        { method: "POST" },
+      );
+      const challengeCookie =
+        beginResponse.headers.get("Set-Cookie")?.split(";")[0] ?? "";
+
+      const response = await app.request(
+        "http://hollo.test/login/passkey/finish",
+        {
+          method: "POST",
+          headers: {
+            "Content-Type": "application/json",
+            Cookie: challengeCookie,
+          },
+          body: JSON.stringify({
+            next: "https://evil.example/phish",
+            authenticationResponse: {
+              id: "cred-id-login",
+              rawId: "cred-id-login",
+              type: "public-key",
+              clientExtensionResults: {},
+              response: {
+                clientDataJSON: "",
+                authenticatorData: "",
+                signature: "",
+              },
+            },
+          }),
+        },
+      );
+      expect(response.status).toBe(200);
+      const body = (await response.json()) as { redirect: string };
+      expect(body.redirect).toBe("/");
+    });
+
+    it("rejects a same-origin next URL whose pathname starts with //", async () => {
+      // The WHATWG URL parser normalises "/.//evil.example/x" into pathname
+      // "//evil.example/x" against the request origin, so the existing
+      // origin check passes but window.location.assign would still treat
+      // the result as protocol-relative.
+      await seedCredential();
+      await seedPasskey();
+      vi.mocked(mockVerifyAuthentication).mockResolvedValueOnce({
+        newCounter: 12,
+      });
+
+      const beginResponse = await app.request(
+        "http://hollo.test/login/passkey/begin",
+        { method: "POST" },
+      );
+      const challengeCookie =
+        beginResponse.headers.get("Set-Cookie")?.split(";")[0] ?? "";
+
+      const response = await app.request(
+        "http://hollo.test/login/passkey/finish",
+        {
+          method: "POST",
+          headers: {
+            "Content-Type": "application/json",
+            Cookie: challengeCookie,
+          },
+          body: JSON.stringify({
+            next: "/.//evil.example/phish",
+            authenticationResponse: {
+              id: "cred-id-login",
+              rawId: "cred-id-login",
+              type: "public-key",
+              clientExtensionResults: {},
+              response: {
+                clientDataJSON: "",
+                authenticatorData: "",
+                signature: "",
+              },
+            },
+          }),
+        },
+      );
+      expect(response.status).toBe(200);
+      const body = (await response.json()) as { redirect: string };
+      expect(body.redirect).toBe("/");
+    });
+  });
+});
diff --git a/src/pages/login.tsx b/src/pages/login.tsx
index 20c68aa1..fc9d14e3 100644
--- a/src/pages/login.tsx
+++ b/src/pages/login.tsx
@@ -1,7 +1,9 @@
+import { randomUUID } from "node:crypto";
+
 import { zValidator } from "@hono/zod-validator";
-import { eq } from "drizzle-orm";
+import { and, asc, eq, gte, lt, sql } from "drizzle-orm";
 import { Hono } from "hono";
-import { getSignedCookie, setSignedCookie } from "hono/cookie";
+import { deleteCookie, getSignedCookie, setSignedCookie } from "hono/cookie";
 import { z } from "zod";
 
 import { AuthCard } from "../components/AuthCard.tsx";
@@ -9,17 +11,66 @@ import { Layout } from "../components/Layout.tsx";
 import { LoginForm } from "../components/LoginForm.tsx";
 import { OtpForm } from "../components/OtpForm.tsx";
 import { db } from "../db.ts";
-import { credentials } from "../schema.ts";
+import { SECRET_KEY } from "../env.ts";
+import {
+  buildAuthenticationOptions,
+  getRpInfo,
+  verifyAuthentication,
+} from "../passkey.ts";
+import { credentials, passkeyLoginChallenges, passkeys } from "../schema.ts";
 
-// oxlint-disable-next-line typescript/dot-notation
-const SECRET_KEY = process.env["SECRET_KEY"];
-if (SECRET_KEY == null) throw new Error("SECRET_KEY is required");
+const PASSKEY_LOGIN_COOKIE = "passkey_login";
+const PASSKEY_LOGIN_MAX_AGE_SECONDS = 5 * 60;
+// Hard cap on unexpired rows in `passkey_login_challenges`.  Hollo is a
+// single-user instance, so even on a popular profile a handful of
+// in-flight ceremonies at a time is the realistic ceiling — well below
+// this number.  The cap exists to bound the table under unauthenticated
+// abuse; when it's reached, /begin evicts the oldest unexpired row to
+// make space rather than refusing the new request, so an attacker can
+// never force a legitimate sign-in into 429.
+const PASSKEY_LOGIN_MAX_OUTSTANDING_CHALLENGES = 64;
+// Stable, arbitrary key for the Postgres advisory lock that serialises
+// the GC + count + insert sequence inside /login/passkey/begin so the
+// cap above can't be bypassed by a flurry of concurrent requests
+// racing between the count and the insert.  The value is just an
+// opaque integer; nothing else in the codebase shares it.
+const PASSKEY_LOGIN_BEGIN_LOCK = 7626128400n;
+
+/**
+ * Accept only same-origin paths so `next=` can't be hijacked into an open
+ * redirect.  Browsers normalise backslashes to forward slashes during URL
+ * parsing (so `/\\evil/x` is treated like `//evil/x`), and historical
+ * implementations have been bitten by `\\` and `/\` prefixes — parsing
+ * against the current request origin and demanding the parsed origin match
+ * is the safest filter.
+ */
+function safeNext(value: unknown, requestUrl: string | URL): string {
+  if (typeof value !== "string" || value === "") return "/";
+  let parsed: URL;
+  try {
+    parsed = new URL(value, requestUrl);
+  } catch {
+    return "/";
+  }
+  const base =
+    requestUrl instanceof URL ? requestUrl : new URL(String(requestUrl));
+  if (parsed.origin !== base.origin) return "/";
+  const path = `${parsed.pathname}${parsed.search}${parsed.hash}`;
+  // The origin check above catches `/\evil.com` style inputs (URL parsing
+  // already moves the origin away from the request origin), but the WHATWG
+  // URL spec normalises `/.//evil.com` into pathname `//evil.com` while
+  // leaving the origin alone.  Returning that lets the browser treat the
+  // redirect target as protocol-relative.  Refuse any pathname starting
+  // with two slashes.
+  return path.startsWith("//") ? "/" : path;
+}
 
 const login = new Hono();
 
-login.get("/", (c) => {
+login.get("/", async (c) => {
   const next = c.req.query("next");
-  return c.html(<LoginPage next={next} />);
+  const passkeyCount = await db.$count(passkeys);
+  return c.html(<LoginPage next={next} passkeyEnrolled={passkeyCount > 0} />);
 });
 
 login.post("/", async (c) => {
@@ -27,6 +78,8 @@ login.post("/", async (c) => {
   const email = form.get("email")?.toString();
   const password = form.get("password")?.toString();
   const next = form.get("next")?.toString();
+  const passkeyCount = await db.$count(passkeys);
+  const passkeyEnrolled = passkeyCount > 0;
   if (email == null || password == null) {
     return c.html(
       <LoginPage
@@ -36,6 +89,7 @@ login.post("/", async (c) => {
           email: email == null ? "Email is required." : undefined,
           password: password == null ? "Password is required." : undefined,
         }}
+        passkeyEnrolled={passkeyEnrolled}
       />,
       400,
     );
@@ -56,6 +110,7 @@ login.post("/", async (c) => {
           email: "Invalid email or password.",
           password: "Invalid email or password.",
         }}
+        passkeyEnrolled={passkeyEnrolled}
       />,
       400,
     );
@@ -73,22 +128,60 @@ interface LoginPageProps {
     email?: string;
     password?: string;
   };
+  passkeyEnrolled: boolean;
 }
 
 function LoginPage(props: LoginPageProps) {
+  const hasPasswordError =
+    props.errors?.email != null || props.errors?.password != null;
   return (
     <Layout title="Sign in to Hollo">
       <AuthCard
         title="Sign in to Hollo"
         subtitle="To continue, sign in with your Hollo account."
       >
-        <LoginForm
-          action="/login"
-          next={props.next}
-          values={props.values}
-          errors={props.errors}
-        />
+        {props.passkeyEnrolled ? (
+          <div class="space-y-3">
+            <button
+              type="button"
+              id="passkey-signin-button"
+              data-next={props.next ?? ""}
+              class="inline-flex w-full items-center justify-center gap-1.5 rounded-md bg-brand-600 px-4 py-2 text-sm font-semibold text-white transition-colors hover:bg-brand-700 focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-brand-400 focus-visible:ring-offset-2 focus-visible:ring-offset-white dark:bg-brand-700 dark:hover:bg-brand-800 dark:focus-visible:ring-offset-neutral-950"
+            >
+              Sign in with passkey
+            </button>
+            <p
+              id="passkey-signin-status"
+              class="text-center text-xs text-neutral-500 dark:text-neutral-400"
+              aria-live="polite"
+            />
+            <details class="group" open={hasPasswordError}>
+              <summary class="cursor-pointer text-center text-xs text-neutral-600 hover:text-neutral-900 dark:text-neutral-400 dark:hover:text-neutral-100 group-open:mb-3">
+                Sign in with password instead
+              </summary>
+              <LoginForm
+                action="/login"
+                next={props.next}
+                values={props.values}
+                errors={props.errors}
+              />
+            </details>
+          </div>
+        ) : (
+          <LoginForm
+            action="/login"
+            next={props.next}
+            values={props.values}
+            errors={props.errors}
+          />
+        )}
       </AuthCard>
+      {props.passkeyEnrolled && (
+        <>
+          <script src="/public/simplewebauthn-browser.umd.js" defer />
+          <script src="/public/passkey.js" defer />
+        </>
+      )}
     </Layout>
   );
 }
@@ -160,4 +253,188 @@ function OtpPage(props: OtpPageProps) {
   );
 }
 
+login.post("/passkey/begin", async (c) => {
+  // /begin is reachable without a session, so it can't become a cheap
+  // unauthenticated INSERT endpoint.  If no passkeys are enrolled there
+  // is nothing for /finish to verify against either, so refuse early
+  // and skip the DB write entirely.
+  const passkeyCount = await db.$count(passkeys);
+  if (passkeyCount === 0) {
+    return c.json({ error: "No passkeys are enrolled on this server." }, 404);
+  }
+  const rpInfo = getRpInfo(c.req.url);
+  const { options, challenge } = await buildAuthenticationOptions({ rpInfo });
+  const id = randomUUID();
+  const expiresAt = new Date(Date.now() + PASSKEY_LOGIN_MAX_AGE_SECONDS * 1000);
+  // GC + count + (evict +) insert are wrapped in one transaction
+  // guarded by a Postgres advisory transaction lock, so concurrent
+  // /begin requests serialise on the lock instead of racing between the
+  // count and the insert.  This is the only place that takes this
+  // lock, so contention is limited to this endpoint.
+  await db.transaction(async (tx) => {
+    await tx.execute(
+      sql`SELECT pg_advisory_xact_lock(${PASSKEY_LOGIN_BEGIN_LOCK})`,
+    );
+    // One timestamp for the whole transaction so the GC predicate and
+    // the count predicate can't disagree if the wall clock ticks
+    // between them.
+    const now = new Date();
+    // Opportunistically GC expired rows so the table never grows
+    // unbounded even though Hollo doesn't run a separate cleanup
+    // worker for it.
+    await tx
+      .delete(passkeyLoginChallenges)
+      .where(lt(passkeyLoginChallenges.expiresAt, now));
+    // Count after the GC so the cap reflects "still-usable" rows only.
+    const outstanding = await tx.$count(
+      passkeyLoginChallenges,
+      gte(passkeyLoginChallenges.expiresAt, now),
+    );
+    // At the cap, evict the oldest unexpired row to make space.
+    // Refusing the new request would let any unauthenticated caller
+    // park the cap at 64 outstanding rows for the full TTL and force
+    // every legitimate sign-in into 429; eviction keeps the table
+    // bounded without that DoS surface.  An attacker can still race
+    // the legitimate user's row out before /finish, but that's a much
+    // harder attack than holding the door shut.
+    if (outstanding >= PASSKEY_LOGIN_MAX_OUTSTANDING_CHALLENGES) {
+      const oldest = await tx
+        .select({ id: passkeyLoginChallenges.id })
+        .from(passkeyLoginChallenges)
+        .where(gte(passkeyLoginChallenges.expiresAt, now))
+        .orderBy(asc(passkeyLoginChallenges.expiresAt))
+        .limit(1);
+      if (oldest.length > 0) {
+        await tx
+          .delete(passkeyLoginChallenges)
+          .where(eq(passkeyLoginChallenges.id, oldest[0].id));
+      }
+    }
+    await tx.insert(passkeyLoginChallenges).values({
+      id,
+      challenge,
+      expiresAt,
+    });
+  });
+  // The cookie only carries the row id — the challenge itself never
+  // leaves the server.  /finish does the atomic consume so a captured
+  // cookie + assertion pair is good for at most one request.
+  await setSignedCookie(c, PASSKEY_LOGIN_COOKIE, id, SECRET_KEY, {
+    httpOnly: true,
+    secure: rpInfo.origin.startsWith("https://"),
+    sameSite: "Strict",
+    path: "/login/passkey",
+    maxAge: PASSKEY_LOGIN_MAX_AGE_SECONDS,
+  });
+  return c.json(options);
+});
+
+const passkeyFinishSchema = z.object({
+  next: z.string().optional(),
+  authenticationResponse: z.object({
+    id: z.string().min(1),
+    rawId: z.string().min(1),
+    type: z.literal("public-key"),
+    clientExtensionResults: z.record(z.string(), z.unknown()),
+    authenticatorAttachment: z.string().optional(),
+    response: z.object({
+      clientDataJSON: z.string(),
+      authenticatorData: z.string(),
+      signature: z.string(),
+      userHandle: z.string().optional(),
+    }),
+  }),
+});
+
+login.post("/passkey/finish", async (c) => {
+  // Read the cookie and clear the browser-side copy up front, then
+  // atomically consume the matching server-side row.  Whichever path
+  // we leave on, the challenge can only be redeemed once.
+  const cookieId = await getSignedCookie(c, SECRET_KEY, PASSKEY_LOGIN_COOKIE);
+  deleteCookie(c, PASSKEY_LOGIN_COOKIE, { path: "/login/passkey" });
+  if (cookieId == null || cookieId === false) {
+    return c.json({ error: "Missing or invalid challenge cookie." }, 400);
+  }
+  // Atomically consume only an unexpired matching row.  An expired row
+  // is left in place for the next /begin's GC to clean up, since a
+  // captured cookie referring to an expired challenge has nothing to
+  // gain by being deleted earlier than that.
+  const consumed = await db
+    .delete(passkeyLoginChallenges)
+    .where(
+      and(
+        eq(passkeyLoginChallenges.id, cookieId),
+        gte(passkeyLoginChallenges.expiresAt, new Date()),
+      ),
+    )
+    .returning({
+      challenge: passkeyLoginChallenges.challenge,
+    });
+  if (consumed.length === 0) {
+    return c.json(
+      { error: "Challenge has already been used, expired, or never existed." },
+      400,
+    );
+  }
+  const { challenge } = consumed[0];
+
+  let rawBody: unknown;
+  try {
+    rawBody = await c.req.json();
+  } catch {
+    return c.json({ error: "Invalid JSON body." }, 400);
+  }
+  const parsed = passkeyFinishSchema.safeParse(rawBody);
+  if (!parsed.success) {
+    return c.json({ error: "Invalid request body." }, 400);
+  }
+  const body = parsed.data;
+  const credentialId = body.authenticationResponse.id;
+  const storedPasskey = await db.query.passkeys.findFirst({
+    where: eq(passkeys.id, credentialId),
+  });
+  if (storedPasskey == null) {
+    return c.json({ error: "Unknown credential." }, 400);
+  }
+
+  const rpInfo = getRpInfo(c.req.url);
+  const verified = await verifyAuthentication({
+    rpInfo,
+    // SimpleWebAuthn validates the wire shape; the Zod schema above
+    // just rejects obviously wrong payloads.
+    // oxlint-disable-next-line typescript/no-explicit-any
+    response: body.authenticationResponse as any,
+    expectedChallenge: challenge,
+    storedPasskey,
+  });
+  if (verified == null) {
+    return c.json({ error: "Authentication could not be verified." }, 400);
+  }
+
+  // Compare-and-set on the counter to defeat concurrent ceremonies that
+  // verified against the same old value — if some other assertion already
+  // advanced the row, this one loses and the caller is told to retry.
+  const updated = await db
+    .update(passkeys)
+    .set({ counter: verified.newCounter, lastUsed: new Date() })
+    .where(
+      and(
+        eq(passkeys.id, credentialId),
+        eq(passkeys.counter, storedPasskey.counter),
+      ),
+    )
+    .returning({ id: passkeys.id });
+  if (updated.length === 0) {
+    return c.json(
+      { error: "Concurrent assertion detected; please retry." },
+      409,
+    );
+  }
+
+  const loginValue = new Date().toISOString();
+  await setSignedCookie(c, "login", loginValue, SECRET_KEY);
+  await setSignedCookie(c, "passkey", `${loginValue} passkey`, SECRET_KEY);
+  return c.json({ redirect: safeNext(body.next, c.req.url) });
+});
+
 export default login;
diff --git a/src/passkey.test.ts b/src/passkey.test.ts
new file mode 100644
index 00000000..5cdabf67
--- /dev/null
+++ b/src/passkey.test.ts
@@ -0,0 +1,422 @@
+import { describe, expect, it, vi } from "vitest";
+
+import {
+  buildAuthenticationOptions,
+  buildRegistrationOptions,
+  decodePublicKey,
+  encodePublicKey,
+  getRpInfo,
+  nicknameFromUserAgent,
+  sanitizeTransports,
+  userIdFromEmail,
+  verifyAuthentication,
+  verifyRegistration,
+} from "./passkey";
+
+vi.mock("@simplewebauthn/server", async () => {
+  const actual = await vi.importActual<typeof import("@simplewebauthn/server")>(
+    "@simplewebauthn/server",
+  );
+  return {
+    ...actual,
+    verifyRegistrationResponse: vi.fn(),
+    verifyAuthenticationResponse: vi.fn(),
+  };
+});
+
+const {
+  verifyRegistrationResponse: mockVerifyRegistration,
+  verifyAuthenticationResponse: mockVerifyAuthentication,
+} = await import("@simplewebauthn/server");
+
+describe("getRpInfo", () => {
+  it("returns hostname and origin from a same-origin URL", () => {
+    const info = getRpInfo("https://hollo.example/auth/passkeys/begin");
+    expect(info).toEqual({
+      rpID: "hollo.example",
+      origin: "https://hollo.example",
+    });
+  });
+
+  it("strips port and path from the origin string but keeps an explicit port", () => {
+    const info = getRpInfo("http://localhost:3000/login/passkey/begin?x=1");
+    expect(info).toEqual({
+      rpID: "localhost",
+      origin: "http://localhost:3000",
+    });
+  });
+
+  it("uses the request URL's hostname when split-domain (the web origin)", () => {
+    // In split-domain mode the login + admin pages are served from the web
+    // origin (e.g. dorikom.hollo.social) while ActivityPub lives on a
+    // separate host (ap.hollo.social).  Passkey ceremonies always happen
+    // on the web origin, so the rpID comes from the request hostname.
+    const info = getRpInfo("https://dorikom.hollo.social/auth");
+    expect(info.rpID).toBe("dorikom.hollo.social");
+    expect(info.origin).toBe("https://dorikom.hollo.social");
+  });
+
+  it("accepts a URL instance as well as a string", () => {
+    const info = getRpInfo(new URL("https://hollo.example/foo"));
+    expect(info.rpID).toBe("hollo.example");
+  });
+});
+
+describe("userIdFromEmail", () => {
+  it("returns a 32-byte SHA-256 digest", async () => {
+    const id = await userIdFromEmail("alice@example.com");
+    expect(id).toBeInstanceOf(Uint8Array);
+    expect(id.length).toBe(32);
+  });
+
+  it("is deterministic and case-insensitive", async () => {
+    const a = await userIdFromEmail("Alice@Example.com");
+    const b = await userIdFromEmail("alice@example.com");
+    expect(a).toEqual(b);
+  });
+
+  it("differs for different emails", async () => {
+    const a = await userIdFromEmail("alice@example.com");
+    const b = await userIdFromEmail("bob@example.com");
+    expect(a).not.toEqual(b);
+  });
+});
+
+describe("encodePublicKey / decodePublicKey", () => {
+  it("round-trips arbitrary byte sequences", () => {
+    const bytes = new Uint8Array([0, 1, 2, 250, 251, 252, 253, 254, 255]);
+    const encoded = encodePublicKey(bytes);
+    expect(typeof encoded).toBe("string");
+    expect(Array.from(decodePublicKey(encoded))).toEqual(Array.from(bytes));
+  });
+
+  it("encodes to base64url (no +, /, or = padding)", () => {
+    const bytes = new Uint8Array([255, 255, 255, 255, 255]);
+    const encoded = encodePublicKey(bytes);
+    expect(encoded).not.toMatch(/[+/=]/);
+  });
+
+  it("decodes the same value when given a string with padding stripped", () => {
+    const bytes = new Uint8Array([1, 2, 3]);
+    const encoded = encodePublicKey(bytes);
+    expect(Array.from(decodePublicKey(encoded))).toEqual(Array.from(bytes));
+  });
+});
+
+describe("sanitizeTransports", () => {
+  it("keeps the values WebAuthn defines", () => {
+    expect(
+      sanitizeTransports([
+        "internal",
+        "hybrid",
+        "usb",
+        "nfc",
+        "ble",
+        "cable",
+        "smart-card",
+      ]),
+    ).toEqual([
+      "internal",
+      "hybrid",
+      "usb",
+      "nfc",
+      "ble",
+      "cable",
+      "smart-card",
+    ]);
+  });
+
+  it("drops unknown transport hints", () => {
+    expect(
+      sanitizeTransports(["internal", "totally-fake", "DROP TABLE passkeys"]),
+    ).toEqual(["internal"]);
+  });
+
+  it("returns [] for undefined input", () => {
+    expect(sanitizeTransports(undefined)).toEqual([]);
+  });
+});
+
+describe("nicknameFromUserAgent", () => {
+  it("falls back to 'Passkey' for null/empty input", () => {
+    expect(nicknameFromUserAgent(null)).toBe("Passkey");
+    expect(nicknameFromUserAgent(undefined)).toBe("Passkey");
+    expect(nicknameFromUserAgent("")).toBe("Passkey");
+    expect(nicknameFromUserAgent("   ")).toBe("Passkey");
+  });
+
+  it("labels common platforms", () => {
+    expect(
+      nicknameFromUserAgent(
+        "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15",
+      ),
+    ).toContain("macOS");
+    expect(
+      nicknameFromUserAgent(
+        "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36",
+      ),
+    ).toContain("Windows");
+    expect(
+      nicknameFromUserAgent(
+        "Mozilla/5.0 (iPhone; CPU iPhone OS 17_0 like Mac OS X)",
+      ),
+    ).toContain("iOS");
+    expect(
+      nicknameFromUserAgent(
+        "Mozilla/5.0 (Linux; Android 14; Pixel 8) AppleWebKit/537.36",
+      ),
+    ).toContain("Android");
+    expect(
+      nicknameFromUserAgent(
+        "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36",
+      ),
+    ).toContain("Linux");
+  });
+
+  it("returns 'Passkey' for an unrecognized UA", () => {
+    expect(nicknameFromUserAgent("some-random-thing/1.0")).toBe("Passkey");
+  });
+});
+
+describe("buildRegistrationOptions", () => {
+  it("populates rp, user, and authenticator selection from inputs", async () => {
+    const { options, challenge } = await buildRegistrationOptions({
+      rpInfo: { rpID: "hollo.example", origin: "https://hollo.example" },
+      email: "alice@example.com",
+      existingCredentials: [],
+    });
+    expect(options.rp.id).toBe("hollo.example");
+    expect(options.rp.name).toBe("Hollo");
+    expect(options.user.name).toBe("alice@example.com");
+    expect(options.user.displayName).toBe("alice@example.com");
+    expect(typeof options.user.id).toBe("string");
+    expect(options.challenge).toBe(challenge);
+    expect(options.authenticatorSelection?.residentKey).toBe("required");
+    expect(options.authenticatorSelection?.userVerification).toBe("required");
+    expect(options.attestation).toBe("none");
+  });
+
+  it("threads excludeCredentials through", async () => {
+    const { options } = await buildRegistrationOptions({
+      rpInfo: { rpID: "hollo.example", origin: "https://hollo.example" },
+      email: "alice@example.com",
+      existingCredentials: [
+        { id: "abc-123", transports: ["internal", "hybrid"] },
+        { id: "def-456" },
+      ],
+    });
+    expect(options.excludeCredentials).toEqual([
+      { id: "abc-123", transports: ["internal", "hybrid"], type: "public-key" },
+      { id: "def-456", type: "public-key" },
+    ]);
+  });
+});
+
+describe("buildAuthenticationOptions", () => {
+  it("emits options with the configured rpID and no allowCredentials by default", async () => {
+    const { options, challenge } = await buildAuthenticationOptions({
+      rpInfo: { rpID: "hollo.example", origin: "https://hollo.example" },
+    });
+    expect(options.rpId).toBe("hollo.example");
+    expect(options.allowCredentials).toBeUndefined();
+    expect(options.challenge).toBe(challenge);
+    expect(options.userVerification).toBe("required");
+  });
+
+  it("threads allowedCredentials through", async () => {
+    const { options } = await buildAuthenticationOptions({
+      rpInfo: { rpID: "hollo.example", origin: "https://hollo.example" },
+      allowedCredentials: [{ id: "abc-123", transports: ["internal"] }],
+    });
+    expect(options.allowCredentials).toEqual([
+      { id: "abc-123", transports: ["internal"], type: "public-key" },
+    ]);
+  });
+});
+
+describe("verifyRegistration", () => {
+  it("returns the credential ready for insert when verification succeeds", async () => {
+    vi.mocked(mockVerifyRegistration).mockResolvedValueOnce({
+      verified: true,
+      registrationInfo: {
+        fmt: "none",
+        aaguid: "00000000-0000-0000-0000-000000000000",
+        credential: {
+          id: "cred-id-1",
+          publicKey: new Uint8Array([1, 2, 3, 4]),
+          counter: 0,
+        },
+        credentialType: "public-key",
+        attestationObject: new Uint8Array(0),
+        userVerified: true,
+        credentialDeviceType: "multiDevice",
+        credentialBackedUp: true,
+        origin: "https://hollo.example",
+        rpID: "hollo.example",
+      },
+    });
+    const result = await verifyRegistration({
+      rpInfo: { rpID: "hollo.example", origin: "https://hollo.example" },
+      response: {
+        id: "cred-id-1",
+        rawId: "cred-id-1",
+        type: "public-key",
+        clientExtensionResults: {},
+        response: {
+          clientDataJSON: "",
+          attestationObject: "",
+          transports: ["internal"],
+        },
+      },
+      expectedChallenge: "challenge-abc",
+    });
+    expect(result).toEqual({
+      credentialId: "cred-id-1",
+      publicKey: new Uint8Array([1, 2, 3, 4]),
+      counter: 0,
+      transports: ["internal"],
+      deviceType: "multiDevice",
+      backedUp: true,
+    });
+  });
+
+  it("returns null when SimpleWebAuthn rejects the response", async () => {
+    vi.mocked(mockVerifyRegistration).mockResolvedValueOnce({
+      verified: false,
+    });
+    const result = await verifyRegistration({
+      rpInfo: { rpID: "hollo.example", origin: "https://hollo.example" },
+      response: {
+        id: "x",
+        rawId: "x",
+        type: "public-key",
+        clientExtensionResults: {},
+        response: { clientDataJSON: "", attestationObject: "" },
+      },
+      expectedChallenge: "challenge",
+    });
+    expect(result).toBeNull();
+  });
+
+  it("returns null when SimpleWebAuthn throws (malformed response, etc.)", async () => {
+    vi.mocked(mockVerifyRegistration).mockRejectedValueOnce(
+      new Error("Unexpected RP ID hash"),
+    );
+    const result = await verifyRegistration({
+      rpInfo: { rpID: "hollo.example", origin: "https://hollo.example" },
+      response: {
+        id: "x",
+        rawId: "x",
+        type: "public-key",
+        clientExtensionResults: {},
+        response: { clientDataJSON: "", attestationObject: "" },
+      },
+      expectedChallenge: "challenge",
+    });
+    expect(result).toBeNull();
+  });
+});
+
+describe("verifyAuthentication", () => {
+  it("returns the new counter when verification succeeds", async () => {
+    vi.mocked(mockVerifyAuthentication).mockResolvedValueOnce({
+      verified: true,
+      authenticationInfo: {
+        credentialID: "cred-id-1",
+        newCounter: 42,
+        userVerified: true,
+        credentialDeviceType: "multiDevice",
+        credentialBackedUp: true,
+        origin: "https://hollo.example",
+        rpID: "hollo.example",
+      },
+    });
+    const result = await verifyAuthentication({
+      rpInfo: { rpID: "hollo.example", origin: "https://hollo.example" },
+      response: {
+        id: "cred-id-1",
+        rawId: "cred-id-1",
+        type: "public-key",
+        clientExtensionResults: {},
+        response: {
+          clientDataJSON: "",
+          authenticatorData: "",
+          signature: "",
+        },
+      },
+      expectedChallenge: "challenge-abc",
+      storedPasskey: {
+        id: "cred-id-1",
+        publicKey: encodePublicKey(new Uint8Array([1, 2, 3, 4])),
+        counter: 10,
+        transports: ["internal"],
+      },
+    });
+    expect(result).toEqual({ newCounter: 42 });
+  });
+
+  it("returns null when SimpleWebAuthn rejects the assertion", async () => {
+    vi.mocked(mockVerifyAuthentication).mockResolvedValueOnce({
+      verified: false,
+      authenticationInfo: {
+        credentialID: "cred-id-1",
+        newCounter: 0,
+        userVerified: false,
+        credentialDeviceType: "singleDevice",
+        credentialBackedUp: false,
+        origin: "https://hollo.example",
+        rpID: "hollo.example",
+      },
+    });
+    const result = await verifyAuthentication({
+      rpInfo: { rpID: "hollo.example", origin: "https://hollo.example" },
+      response: {
+        id: "cred-id-1",
+        rawId: "cred-id-1",
+        type: "public-key",
+        clientExtensionResults: {},
+        response: {
+          clientDataJSON: "",
+          authenticatorData: "",
+          signature: "",
+        },
+      },
+      expectedChallenge: "challenge-abc",
+      storedPasskey: {
+        id: "cred-id-1",
+        publicKey: encodePublicKey(new Uint8Array([1, 2, 3, 4])),
+        counter: 10,
+        transports: ["internal"],
+      },
+    });
+    expect(result).toBeNull();
+  });
+
+  it("returns null when SimpleWebAuthn throws (counter rollback, etc.)", async () => {
+    vi.mocked(mockVerifyAuthentication).mockRejectedValueOnce(
+      new Error("Response signature invalid"),
+    );
+    const result = await verifyAuthentication({
+      rpInfo: { rpID: "hollo.example", origin: "https://hollo.example" },
+      response: {
+        id: "cred-id-1",
+        rawId: "cred-id-1",
+        type: "public-key",
+        clientExtensionResults: {},
+        response: {
+          clientDataJSON: "",
+          authenticatorData: "",
+          signature: "",
+        },
+      },
+      expectedChallenge: "challenge-abc",
+      storedPasskey: {
+        id: "cred-id-1",
+        publicKey: encodePublicKey(new Uint8Array([1, 2, 3, 4])),
+        counter: 10,
+        transports: ["internal"],
+      },
+    });
+    expect(result).toBeNull();
+  });
+});
diff --git a/src/passkey.ts b/src/passkey.ts
new file mode 100644
index 00000000..b01887b6
--- /dev/null
+++ b/src/passkey.ts
@@ -0,0 +1,251 @@
+import { Buffer } from "node:buffer";
+
+import {
+  generateAuthenticationOptions,
+  generateRegistrationOptions,
+  verifyAuthenticationResponse,
+  verifyRegistrationResponse,
+} from "@simplewebauthn/server";
+import type {
+  AuthenticationResponseJSON,
+  AuthenticatorTransportFuture,
+  Base64URLString,
+  CredentialDeviceType,
+  PublicKeyCredentialCreationOptionsJSON,
+  PublicKeyCredentialRequestOptionsJSON,
+  RegistrationResponseJSON,
+} from "@simplewebauthn/server";
+
+import type { Passkey } from "./schema";
+
+export const RP_NAME = "Hollo";
+
+export interface RpInfo {
+  rpID: string;
+  origin: string;
+}
+
+/** Derive WebAuthn relying-party info from an incoming request URL. */
+export function getRpInfo(requestUrl: string | URL): RpInfo {
+  const url = requestUrl instanceof URL ? requestUrl : new URL(requestUrl);
+  return { rpID: url.hostname, origin: url.origin };
+}
+
+/** Derive a stable, opaque WebAuthn user handle from the credential email. */
+export async function userIdFromEmail(
+  email: string,
+): Promise<Uint8Array<ArrayBuffer>> {
+  const data = new TextEncoder().encode(email.toLowerCase());
+  const digest = await crypto.subtle.digest("SHA-256", data);
+  return new Uint8Array(digest);
+}
+
+export interface BuildRegistrationOptionsInput {
+  rpInfo: RpInfo;
+  email: string;
+  existingCredentials: ReadonlyArray<{
+    id: Base64URLString;
+    transports?: ReadonlyArray<AuthenticatorTransportFuture>;
+  }>;
+}
+
+export interface BuildRegistrationOptionsResult {
+  options: PublicKeyCredentialCreationOptionsJSON;
+  challenge: Base64URLString;
+}
+
+export async function buildRegistrationOptions(
+  input: BuildRegistrationOptionsInput,
+): Promise<BuildRegistrationOptionsResult> {
+  const userID = await userIdFromEmail(input.email);
+  const options = await generateRegistrationOptions({
+    rpName: RP_NAME,
+    rpID: input.rpInfo.rpID,
+    userName: input.email,
+    userDisplayName: input.email,
+    userID,
+    attestationType: "none",
+    excludeCredentials: input.existingCredentials.map((c) => ({
+      id: c.id,
+      transports: c.transports == null ? undefined : [...c.transports],
+    })),
+    authenticatorSelection: {
+      residentKey: "required",
+      userVerification: "required",
+    },
+  });
+  return { options, challenge: options.challenge };
+}
+
+export interface VerifyRegistrationInput {
+  rpInfo: RpInfo;
+  response: RegistrationResponseJSON;
+  expectedChallenge: Base64URLString;
+}
+
+export interface VerifiedRegistration {
+  credentialId: Base64URLString;
+  publicKey: Uint8Array;
+  counter: number;
+  transports: AuthenticatorTransportFuture[];
+  deviceType: CredentialDeviceType;
+  backedUp: boolean;
+}
+
+// The set of transport hint values WebAuthn defines.  Anything else the
+// browser passes through gets dropped before we store it, so a malicious
+// or buggy client can't poison future `excludeCredentials` payloads.
+const VALID_TRANSPORTS: ReadonlySet<AuthenticatorTransportFuture> = new Set([
+  "ble",
+  "cable",
+  "hybrid",
+  "internal",
+  "nfc",
+  "smart-card",
+  "usb",
+]);
+
+export function sanitizeTransports(
+  values: readonly string[] | undefined,
+): AuthenticatorTransportFuture[] {
+  if (values == null) return [];
+  const out: AuthenticatorTransportFuture[] = [];
+  for (const v of values) {
+    if (VALID_TRANSPORTS.has(v as AuthenticatorTransportFuture)) {
+      out.push(v as AuthenticatorTransportFuture);
+    }
+  }
+  return out;
+}
+
+export async function verifyRegistration(
+  input: VerifyRegistrationInput,
+): Promise<VerifiedRegistration | null> {
+  let verification: Awaited<ReturnType<typeof verifyRegistrationResponse>>;
+  try {
+    verification = await verifyRegistrationResponse({
+      response: input.response,
+      expectedChallenge: input.expectedChallenge,
+      expectedOrigin: input.rpInfo.origin,
+      expectedRPID: input.rpInfo.rpID,
+      requireUserVerification: true,
+    });
+  } catch {
+    // SimpleWebAuthn throws on malformed responses, origin / rpID
+    // mismatches, unsupported attestation, etc.  Surface every failure
+    // mode uniformly so callers can return a plain 400.
+    return null;
+  }
+  if (!verification.verified || verification.registrationInfo == null) {
+    return null;
+  }
+  const { credential, credentialDeviceType, credentialBackedUp } =
+    verification.registrationInfo;
+  return {
+    credentialId: credential.id,
+    publicKey: credential.publicKey,
+    counter: credential.counter,
+    transports: sanitizeTransports(input.response.response.transports),
+    deviceType: credentialDeviceType,
+    backedUp: credentialBackedUp,
+  };
+}
+
+export interface BuildAuthenticationOptionsInput {
+  rpInfo: RpInfo;
+  allowedCredentials?: ReadonlyArray<{
+    id: Base64URLString;
+    transports?: ReadonlyArray<AuthenticatorTransportFuture>;
+  }>;
+}
+
+export interface BuildAuthenticationOptionsResult {
+  options: PublicKeyCredentialRequestOptionsJSON;
+  challenge: Base64URLString;
+}
+
+export async function buildAuthenticationOptions(
+  input: BuildAuthenticationOptionsInput,
+): Promise<BuildAuthenticationOptionsResult> {
+  const options = await generateAuthenticationOptions({
+    rpID: input.rpInfo.rpID,
+    allowCredentials:
+      input.allowedCredentials == null
+        ? undefined
+        : input.allowedCredentials.map((c) => ({
+            id: c.id,
+            transports: c.transports == null ? undefined : [...c.transports],
+          })),
+    userVerification: "required",
+  });
+  return { options, challenge: options.challenge };
+}
+
+export interface VerifyAuthenticationInput {
+  rpInfo: RpInfo;
+  response: AuthenticationResponseJSON;
+  expectedChallenge: Base64URLString;
+  storedPasskey: Pick<Passkey, "id" | "publicKey" | "counter" | "transports">;
+}
+
+export interface VerifiedAuthentication {
+  newCounter: number;
+}
+
+export async function verifyAuthentication(
+  input: VerifyAuthenticationInput,
+): Promise<VerifiedAuthentication | null> {
+  let verification: Awaited<ReturnType<typeof verifyAuthenticationResponse>>;
+  try {
+    verification = await verifyAuthenticationResponse({
+      response: input.response,
+      expectedChallenge: input.expectedChallenge,
+      expectedOrigin: input.rpInfo.origin,
+      expectedRPID: input.rpInfo.rpID,
+      requireUserVerification: true,
+      credential: {
+        id: input.storedPasskey.id,
+        publicKey: decodePublicKey(input.storedPasskey.publicKey),
+        counter: input.storedPasskey.counter,
+        transports: input.storedPasskey
+          .transports as AuthenticatorTransportFuture[],
+      },
+    });
+  } catch {
+    return null;
+  }
+  if (!verification.verified) return null;
+  return { newCounter: verification.authenticationInfo.newCounter };
+}
+
+/** Encode a binary public-key blob for storage in a text column. */
+export function encodePublicKey(bytes: Uint8Array): string {
+  return Buffer.from(bytes).toString("base64url");
+}
+
+/** Decode a base64url-encoded public-key blob back into bytes. */
+export function decodePublicKey(encoded: string): Uint8Array<ArrayBuffer> {
+  return Buffer.from(encoded, "base64url");
+}
+
+const PLATFORM_LABELS: ReadonlyArray<{ pattern: RegExp; label: string }> = [
+  // Order matters: iOS / iPadOS strings include "Mac OS X", so they go first.
+  { pattern: /\biPhone\b|\biPad\b|\biPod\b/, label: "iOS device" },
+  { pattern: /\bAndroid\b/, label: "Android device" },
+  { pattern: /\bMac OS X\b|\bMacintosh\b/, label: "macOS device" },
+  { pattern: /\bWindows\b/, label: "Windows device" },
+  { pattern: /\bLinux\b|\bX11\b/, label: "Linux device" },
+];
+
+/** Best-effort friendly device label derived from a User-Agent string. */
+export function nicknameFromUserAgent(
+  userAgent: string | null | undefined,
+): string {
+  if (userAgent == null) return "Passkey";
+  const trimmed = userAgent.trim();
+  if (trimmed === "") return "Passkey";
+  for (const { pattern, label } of PLATFORM_LABELS) {
+    if (pattern.test(trimmed)) return label;
+  }
+  return "Passkey";
+}
diff --git a/src/public/passkey.js b/src/public/passkey.js
new file mode 100644
index 00000000..9fc76afb
--- /dev/null
+++ b/src/public/passkey.js
@@ -0,0 +1,139 @@
+// Glue between Hollo's auth/login pages and @simplewebauthn/browser.
+// The library is vendored in simplewebauthn-browser.umd.js (which exposes
+// `window.SimpleWebAuthnBrowser`) and is loaded immediately before this
+// script.  Both are dropped into a page only on the auth dashboard and
+// the public login screen — the rest of the dashboard stays zero-JS.
+//
+// To upgrade the vendored library, run:
+//   cp node_modules/@simplewebauthn/browser/dist/bundle/index.umd.min.js \
+//      src/public/simplewebauthn-browser.umd.js
+"use strict";
+
+(function () {
+  const lib = window.SimpleWebAuthnBrowser;
+  if (lib == null) return;
+
+  function setStatus(el, message, isError) {
+    if (el == null) return;
+    el.textContent = message;
+    el.classList.toggle("text-red-600", Boolean(isError));
+    el.classList.toggle("dark:text-red-400", Boolean(isError));
+  }
+
+  async function postJson(path, body) {
+    const response = await fetch(path, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      credentials: "same-origin",
+      body: body == null ? "{}" : JSON.stringify(body),
+    });
+    // The auth-gated /auth/passkeys/* endpoints can answer with a
+    // redirect to /login when the session is gone (e.g., the user
+    // logged out in another tab and then triggered an enrollment
+    // here).  fetch() follows that redirect, so response.ok stays
+    // true and the final HTML page lands here.  Detect it and send
+    // the browser to /login itself instead of trying to parse HTML
+    // as JSON.
+    if (response.redirected) {
+      window.location.assign(response.url);
+      throw new Error("Session expired; redirecting to sign in.");
+    }
+    if (!response.ok) {
+      let detail;
+      try {
+        detail = await response.json();
+      } catch (_err) {
+        detail = null;
+      }
+      const error = new Error(
+        (detail && detail.error) ||
+          "Request failed with status " + response.status,
+      );
+      error.status = response.status;
+      throw error;
+    }
+    // 204 No Content (used by the registration-finish endpoint on success)
+    // has an empty body and would throw if we asked for JSON.
+    if (response.status === 204) return null;
+    const len = response.headers.get("Content-Length");
+    if (len === "0") return null;
+    return response.json();
+  }
+
+  function bindEnroll(form) {
+    if (form == null) return;
+    const status = document.getElementById("passkey-enroll-status");
+    form.addEventListener("submit", async (event) => {
+      event.preventDefault();
+      const nicknameInput = form.querySelector('input[name="nickname"]');
+      const nickname = nicknameInput ? nicknameInput.value.trim() : "";
+      const submitButton = form.querySelector('button[type="submit"]');
+      if (submitButton) submitButton.disabled = true;
+      setStatus(status, "Follow the prompts on your device…", false);
+      try {
+        const options = await postJson("/auth/passkeys/registration/begin");
+        const registrationResponse = await lib.startRegistration({
+          optionsJSON: options,
+        });
+        await postJson("/auth/passkeys/registration/finish", {
+          nickname: nickname,
+          registrationResponse: registrationResponse,
+        });
+        setStatus(status, "Passkey added.", false);
+        window.location.reload();
+      } catch (err) {
+        const name = err && err.name ? err.name : "";
+        const message =
+          name === "NotAllowedError"
+            ? "Enrollment was cancelled."
+            : err && err.message
+              ? err.message
+              : "Could not enroll a passkey.";
+        setStatus(status, message, true);
+        if (submitButton) submitButton.disabled = false;
+      }
+    });
+  }
+
+  function bindSignIn(button) {
+    if (button == null) return;
+    const status = document.getElementById("passkey-signin-status");
+    button.addEventListener("click", async () => {
+      const next = button.getAttribute("data-next") || "";
+      button.disabled = true;
+      setStatus(status, "Choose a passkey on your device…", false);
+      try {
+        const options = await postJson("/login/passkey/begin");
+        const authenticationResponse = await lib.startAuthentication({
+          optionsJSON: options,
+        });
+        const result = await postJson("/login/passkey/finish", {
+          next: next,
+          authenticationResponse: authenticationResponse,
+        });
+        window.location.assign(result.redirect || "/");
+      } catch (err) {
+        const name = err && err.name ? err.name : "";
+        const message =
+          name === "NotAllowedError"
+            ? "Sign-in was cancelled."
+            : err && err.message
+              ? err.message
+              : "Could not sign in with a passkey.";
+        setStatus(status, message, true);
+        button.disabled = false;
+      }
+    });
+  }
+
+  function init() {
+    bindEnroll(document.getElementById("passkey-enroll-form"));
+    bindSignIn(document.getElementById("passkey-signin-button"));
+  }
+
+  if (document.readyState === "loading") {
+    document.addEventListener("DOMContentLoaded", init);
+  } else {
+    init();
+  }
+})();
diff --git a/src/public/simplewebauthn-browser.umd.js b/src/public/simplewebauthn-browser.umd.js
new file mode 100644
index 00000000..e7ca05f4
--- /dev/null
+++ b/src/public/simplewebauthn-browser.umd.js
@@ -0,0 +1,2 @@
+/* [@simplewebauthn/browser@13.3.0] */
+!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globalThis:e||self).SimpleWebAuthnBrowser={})}(this,(function(e){"use strict";function t(e){const t=new Uint8Array(e);let r="";for(const e of t)r+=String.fromCharCode(e);return btoa(r).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")}function r(e){const t=e.replace(/-/g,"+").replace(/_/g,"/"),r=(4-t.length%4)%4,n=t.padEnd(t.length+r,"="),o=atob(n),i=new ArrayBuffer(o.length),a=new Uint8Array(i);for(let e=0;e<o.length;e++)a[e]=o.charCodeAt(e);return i}function n(){return o.stubThis(void 0!==globalThis?.PublicKeyCredential&&"function"==typeof globalThis.PublicKeyCredential)}const o={stubThis:e=>e};function i(e){const{id:t}=e;return{...e,id:r(t),transports:e.transports}}function a(e){return"localhost"===e||/^((xn--[a-z0-9-]+|[a-z0-9]+(-[a-z0-9]+)*)\.)+([a-z]{2,}|xn--[a-z0-9-]+)$/i.test(e)}class s extends Error{constructor({message:e,code:t,cause:r,name:n}){super(e,{cause:r}),Object.defineProperty(this,"code",{enumerable:!0,configurable:!0,writable:!0,value:void 0}),this.name=n??r.name,this.code=t}}const l=new class{constructor(){Object.defineProperty(this,"controller",{enumerable:!0,configurable:!0,writable:!0,value:void 0})}createNewAbortSignal(){if(this.controller){const e=new Error("Cancelling existing WebAuthn API call for new one");e.name="AbortError",this.controller.abort(e)}const e=new AbortController;return this.controller=e,e.signal}cancelCeremony(){if(this.controller){const e=new Error("Manually cancelling existing WebAuthn API call");e.name="AbortError",this.controller.abort(e),this.controller=void 0}}},c=["cross-platform","platform"];function u(e){if(e&&!(c.indexOf(e)<0))return e}function d(e,t){console.warn(`The browser extension that intercepted this WebAuthn API call incorrectly implemented ${e}. You should report this error to them.\n`,t)}function h(){if(!n())return p.stubThis(new Promise((e=>e(!1))));const e=globalThis.PublicKeyCredential;return void 0===e?.isConditionalMediationAvailable?p.stubThis(new Promise((e=>e(!1)))):p.stubThis(e.isConditionalMediationAvailable())}const p={stubThis:e=>e};e.WebAuthnAbortService=l,e.WebAuthnError=s,e._browserSupportsWebAuthnAutofillInternals=p,e._browserSupportsWebAuthnInternals=o,e.base64URLStringToBuffer=r,e.browserSupportsWebAuthn=n,e.browserSupportsWebAuthnAutofill=h,e.bufferToBase64URLString=t,e.platformAuthenticatorIsAvailable=function(){return n()?PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable():new Promise((e=>e(!1)))},e.startAuthentication=async function(e){!e.optionsJSON&&e.challenge&&(console.warn("startAuthentication() was not called correctly. It will try to continue with the provided options, but this call should be refactored to use the expected call structure instead. See https://simplewebauthn.dev/docs/packages/browser#typeerror-cannot-read-properties-of-undefined-reading-challenge for more information."),e={optionsJSON:e});const{optionsJSON:o,useBrowserAutofill:c=!1,verifyBrowserAutofillInput:d=!0}=e;if(!n())throw new Error("WebAuthn is not supported in this browser");let p;0!==o.allowCredentials?.length&&(p=o.allowCredentials?.map(i));const f={...o,challenge:r(o.challenge),allowCredentials:p},b={};if(c){if(!await h())throw Error("Browser does not support WebAuthn autofill");if(document.querySelectorAll("input[autocomplete$='webauthn']").length<1&&d)throw Error('No <input> with "webauthn" as the only or last value in its `autocomplete` attribute was detected');b.mediation="conditional",f.allowCredentials=[]}let R;b.publicKey=f,b.signal=l.createNewAbortSignal();try{R=await navigator.credentials.get(b)}catch(e){throw function({error:e,options:t}){const{publicKey:r}=t;if(!r)throw Error("options was missing required publicKey property");if("AbortError"===e.name){if(t.signal instanceof AbortSignal)return new s({message:"Authentication ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:e})}else{if("NotAllowedError"===e.name)return new s({message:e.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:e});if("SecurityError"===e.name){const t=globalThis.location.hostname;if(!a(t))return new s({message:`${globalThis.location.hostname} is an invalid domain`,code:"ERROR_INVALID_DOMAIN",cause:e});if(r.rpId!==t)return new s({message:`The RP ID "${r.rpId}" is invalid for this domain`,code:"ERROR_INVALID_RP_ID",cause:e})}else if("UnknownError"===e.name)return new s({message:"The authenticator was unable to process the specified options, or could not create a new assertion signature",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:e})}return e}({error:e,options:b})}if(!R)throw new Error("Authentication was not completed");const{id:g,rawId:w,response:A,type:E}=R;let m;return A.userHandle&&(m=t(A.userHandle)),{id:g,rawId:t(w),response:{authenticatorData:t(A.authenticatorData),clientDataJSON:t(A.clientDataJSON),signature:t(A.signature),userHandle:m},type:E,clientExtensionResults:R.getClientExtensionResults(),authenticatorAttachment:u(R.authenticatorAttachment)}},e.startRegistration=async function(e){!e.optionsJSON&&e.challenge&&(console.warn("startRegistration() was not called correctly. It will try to continue with the provided options, but this call should be refactored to use the expected call structure instead. See https://simplewebauthn.dev/docs/packages/browser#typeerror-cannot-read-properties-of-undefined-reading-challenge for more information."),e={optionsJSON:e});const{optionsJSON:o,useAutoRegister:c=!1}=e;if(!n())throw new Error("WebAuthn is not supported in this browser");const h={...o,challenge:r(o.challenge),user:{...o.user,id:r(o.user.id)},excludeCredentials:o.excludeCredentials?.map(i)},p={};let f;c&&(p.mediation="conditional"),p.publicKey=h,p.signal=l.createNewAbortSignal();try{f=await navigator.credentials.create(p)}catch(e){throw function({error:e,options:t}){const{publicKey:r}=t;if(!r)throw Error("options was missing required publicKey property");if("AbortError"===e.name){if(t.signal instanceof AbortSignal)return new s({message:"Registration ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:e})}else if("ConstraintError"===e.name){if(!0===r.authenticatorSelection?.requireResidentKey)return new s({message:"Discoverable credentials were required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT",cause:e});if("conditional"===t.mediation&&"required"===r.authenticatorSelection?.userVerification)return new s({message:"User verification was required during automatic registration but it could not be performed",code:"ERROR_AUTO_REGISTER_USER_VERIFICATION_FAILURE",cause:e});if("required"===r.authenticatorSelection?.userVerification)return new s({message:"User verification was required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT",cause:e})}else{if("InvalidStateError"===e.name)return new s({message:"The authenticator was previously registered",code:"ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED",cause:e});if("NotAllowedError"===e.name)return new s({message:e.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:e});if("NotSupportedError"===e.name)return 0===r.pubKeyCredParams.filter((e=>"public-key"===e.type)).length?new s({message:'No entry in pubKeyCredParams was of type "public-key"',code:"ERROR_MALFORMED_PUBKEYCREDPARAMS",cause:e}):new s({message:"No available authenticator supported any of the specified pubKeyCredParams algorithms",code:"ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG",cause:e});if("SecurityError"===e.name){const t=globalThis.location.hostname;if(!a(t))return new s({message:`${globalThis.location.hostname} is an invalid domain`,code:"ERROR_INVALID_DOMAIN",cause:e});if(r.rp.id!==t)return new s({message:`The RP ID "${r.rp.id}" is invalid for this domain`,code:"ERROR_INVALID_RP_ID",cause:e})}else if("TypeError"===e.name){if(r.user.id.byteLength<1||r.user.id.byteLength>64)return new s({message:"User ID was not between 1 and 64 characters",code:"ERROR_INVALID_USER_ID_LENGTH",cause:e})}else if("UnknownError"===e.name)return new s({message:"The authenticator was unable to process the specified options, or could not create a new credential",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:e})}return e}({error:e,options:p})}if(!f)throw new Error("Registration was not completed");const{id:b,rawId:R,response:g,type:w}=f;let A,E,m,y;if("function"==typeof g.getTransports&&(A=g.getTransports()),"function"==typeof g.getPublicKeyAlgorithm)try{E=g.getPublicKeyAlgorithm()}catch(e){d("getPublicKeyAlgorithm()",e)}if("function"==typeof g.getPublicKey)try{const e=g.getPublicKey();null!==e&&(m=t(e))}catch(e){d("getPublicKey()",e)}if("function"==typeof g.getAuthenticatorData)try{y=t(g.getAuthenticatorData())}catch(e){d("getAuthenticatorData()",e)}return{id:b,rawId:t(R),response:{attestationObject:t(g.attestationObject),clientDataJSON:t(g.clientDataJSON),transports:A,publicKeyAlgorithm:E,publicKey:m,authenticatorData:y},type:w,clientExtensionResults:f.getClientExtensionResults(),authenticatorAttachment:u(f.authenticatorAttachment)}}}));
diff --git a/src/schema.ts b/src/schema.ts
index 8810f493..0fd8f726 100644
--- a/src/schema.ts
+++ b/src/schema.ts
@@ -53,6 +53,59 @@ export const totps = pgTable("totps", {
 export type Totp = typeof totps.$inferSelect;
 export type NewTotp = typeof totps.$inferInsert;
 
+export const passkeys = pgTable("passkeys", {
+  id: text("id").primaryKey(),
+  credentialEmail: varchar("credential_email", { length: 254 })
+    .notNull()
+    .references(() => credentials.email, { onDelete: "cascade" }),
+  publicKey: text("public_key").notNull(),
+  counter: bigint("counter", { mode: "number" }).notNull(),
+  transports: text("transports")
+    .array()
+    .notNull()
+    .default(sql`(ARRAY[]::text[])`),
+  deviceType: text("device_type").notNull(),
+  backedUp: boolean("backed_up").notNull(),
+  nickname: text("nickname").notNull(),
+  lastUsed: timestamp("last_used", { withTimezone: true }),
+  created: timestamp("created", { withTimezone: true })
+    .notNull()
+    .default(currentTimestamp),
+});
+
+export const passkeyRelations = relations(passkeys, ({ one }) => ({
+  credential: one(credentials, {
+    fields: [passkeys.credentialEmail],
+    references: [credentials.email],
+  }),
+}));
+
+export type Passkey = typeof passkeys.$inferSelect;
+export type NewPasskey = typeof passkeys.$inferInsert;
+
+// One row per in-flight passkey *login* ceremony.  The signed cookie sent
+// to the browser holds just `id`; the actual WebAuthn challenge lives
+// here so /finish can atomically `DELETE … WHERE id AND expires_at > now()
+// RETURNING challenge`, making a captured cookie + assertion pair good
+// for at most one /finish call even within the TTL.  Registration is
+// already bound to the logged-in session, so it doesn't need this.
+export const passkeyLoginChallenges = pgTable(
+  "passkey_login_challenges",
+  {
+    id: text("id").primaryKey(),
+    challenge: text("challenge").notNull(),
+    expiresAt: timestamp("expires_at", { withTimezone: true }).notNull(),
+    created: timestamp("created", { withTimezone: true })
+      .notNull()
+      .default(currentTimestamp),
+  },
+  (table) => [index().on(table.expiresAt)],
+);
+
+export type PasskeyLoginChallenge = typeof passkeyLoginChallenges.$inferSelect;
+export type NewPasskeyLoginChallenge =
+  typeof passkeyLoginChallenges.$inferInsert;
+
 export const accountTypeEnum = pgEnum("account_type", [
   "Application",
   "Group",