Migration to PostgreSQL

.gitignore

@@ -0,0 +1 @@
+node_modules/

package-lock.json

@@ -0,0 +1,2076 @@
+{
+  "name": "inferenceport-web",
+  "version": "1.0.0",
+  "lockfileVersion": 3,
+  "requires": true,
+  "packages": {
+    "": {
+      "name": "inferenceport-web",
+      "version": "1.0.0",
+      "dependencies": {
+        "@gradio/client": "^0.20.1",
+        "@supabase/supabase-js": "^2.39.7",
+        "express": "^4.18.2",
+        "express-rate-limit": "8.3.2",
+        "html-to-text": "^9.0.5",
+        "node-fetch": "^3.3.2",
+        "openai": "^6.29.0",
+        "pg": "^8.16.3",
+        "tiktoken": "^1.0.0",
+        "ws": "^8.16.0"
+      }
+    },
+    "node_modules/@gradio/client": {
+      "version": "0.20.1",
+      "resolved": "https://registry.npmjs.org/@gradio/client/-/client-0.20.1.tgz",
+      "integrity": "sha512-c+qB63M36vEkDD2o8K+Pkb/JhujQF5IbD1ecc7KFI+czKs5ojGlPsyPdlhxWGNg/rkl7Ei1MQm+pTIF+j0n0Lg==",
+      "license": "ISC",
+      "dependencies": {
+        "@types/eventsource": "^1.1.15",
+        "bufferutil": "^4.0.7",
+        "eventsource": "^2.0.2",
+        "msw": "^2.2.1",
+        "semiver": "^1.1.0",
+        "typescript": "^5.0.0",
+        "ws": "^8.13.0"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
+    "node_modules/@inquirer/ansi": {
+      "version": "2.0.5",
+      "resolved": "https://registry.npmjs.org/@inquirer/ansi/-/ansi-2.0.5.tgz",
+      "integrity": "sha512-doc2sWgJpbFQ64UflSVd17ibMGDuxO1yKgOgLMwavzESnXjFWJqUeG8saYosqKpHp4kWiM5x1nXvEjbpx90gzw==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=23.5.0 || ^22.13.0 || ^21.7.0 || ^20.12.0"
+      }
+    },
+    "node_modules/@inquirer/confirm": {
+      "version": "6.0.12",
+      "resolved": "https://registry.npmjs.org/@inquirer/confirm/-/confirm-6.0.12.tgz",
+      "integrity": "sha512-h9FgGun3QwVYNj5TWIZZ+slii73bMoBFjPfVIGtnFuL4t8gBiNDV9PcSfIzkuxvgquJKt9nr1QzszpBzTbH8Og==",
+      "license": "MIT",
+      "dependencies": {
+        "@inquirer/core": "^11.1.9",
+        "@inquirer/type": "^4.0.5"
+      },
+      "engines": {
+        "node": ">=23.5.0 || ^22.13.0 || ^21.7.0 || ^20.12.0"
+      },
+      "peerDependencies": {
+        "@types/node": ">=18"
+      },
+      "peerDependenciesMeta": {
+        "@types/node": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@inquirer/core": {
+      "version": "11.1.9",
+      "resolved": "https://registry.npmjs.org/@inquirer/core/-/core-11.1.9.tgz",
+      "integrity": "sha512-BDE4fG22uYh1bGSifcj7JSx119TVYNViMhMu85usp4Fswrzh6M0DV3yld64jA98uOAa2GSQ4Bg4bZRm2d2cwSg==",
+      "license": "MIT",
+      "dependencies": {
+        "@inquirer/ansi": "^2.0.5",
+        "@inquirer/figures": "^2.0.5",
+        "@inquirer/type": "^4.0.5",
+        "cli-width": "^4.1.0",
+        "fast-wrap-ansi": "^0.2.0",
+        "mute-stream": "^3.0.0",
+        "signal-exit": "^4.1.0"
+      },
+      "engines": {
+        "node": ">=23.5.0 || ^22.13.0 || ^21.7.0 || ^20.12.0"
+      },
+      "peerDependencies": {
+        "@types/node": ">=18"
+      },
+      "peerDependenciesMeta": {
+        "@types/node": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@inquirer/figures": {
+      "version": "2.0.5",
+      "resolved": "https://registry.npmjs.org/@inquirer/figures/-/figures-2.0.5.tgz",
+      "integrity": "sha512-NsSs4kzfm12lNetHwAn3GEuH317IzpwrMCbOuMIVytpjnJ90YYHNwdRgYGuKmVxwuIqSgqk3M5qqQt1cDk0tGQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=23.5.0 || ^22.13.0 || ^21.7.0 || ^20.12.0"
+      }
+    },
+    "node_modules/@inquirer/type": {
+      "version": "4.0.5",
+      "resolved": "https://registry.npmjs.org/@inquirer/type/-/type-4.0.5.tgz",
+      "integrity": "sha512-aetVUNeKNc/VriqXlw1NRSW0zhMBB0W4bNbWRJgzRl/3d0QNDQFfk0GO5SDdtjMZVg6o8ZKEiadd7SCCzoOn5Q==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=23.5.0 || ^22.13.0 || ^21.7.0 || ^20.12.0"
+      },
+      "peerDependencies": {
+        "@types/node": ">=18"
+      },
+      "peerDependenciesMeta": {
+        "@types/node": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@mswjs/interceptors": {
+      "version": "0.41.4",
+      "resolved": "https://registry.npmjs.org/@mswjs/interceptors/-/interceptors-0.41.4.tgz",
+      "integrity": "sha512-3B9EinUkrdOUGYzHRzRWSXunQ4YFGboJnyLNRwEJWEde+j8fNhPUHvrN1E3g1DU/iS/s8JQrMNVe+S7AHHVs0w==",
+      "license": "MIT",
+      "dependencies": {
+        "@open-draft/deferred-promise": "^2.2.0",
+        "@open-draft/logger": "^0.3.0",
+        "@open-draft/until": "^2.0.0",
+        "is-node-process": "^1.2.0",
+        "outvariant": "^1.4.3",
+        "strict-event-emitter": "^0.5.1"
+      },
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@mswjs/interceptors/node_modules/@open-draft/deferred-promise": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/@open-draft/deferred-promise/-/deferred-promise-2.2.0.tgz",
+      "integrity": "sha512-CecwLWx3rhxVQF6V4bAgPS5t+So2sTbPgAzafKkVizyi7tlwpcFpdFqq+wqF2OwNBmqFuu6tOyouTuxgpMfzmA==",
+      "license": "MIT"
+    },
+    "node_modules/@open-draft/deferred-promise": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/@open-draft/deferred-promise/-/deferred-promise-3.0.0.tgz",
+      "integrity": "sha512-XW375UK8/9SqUVNVa6M0yEy8+iTi4QN5VZ7aZuRFQmy76LRwI9wy5F4YIBU6T+eTe2/DNDo8tqu8RHlwLHM6RA==",
+      "license": "MIT"
+    },
+    "node_modules/@open-draft/logger": {
+      "version": "0.3.0",
+      "resolved": "https://registry.npmjs.org/@open-draft/logger/-/logger-0.3.0.tgz",
+      "integrity": "sha512-X2g45fzhxH238HKO4xbSr7+wBS8Fvw6ixhTDuvLd5mqh6bJJCFAPwU9mPDxbcrRtfxv4u5IHCEH77BmxvXmmxQ==",
+      "license": "MIT",
+      "dependencies": {
+        "is-node-process": "^1.2.0",
+        "outvariant": "^1.4.0"
+      }
+    },
+    "node_modules/@open-draft/until": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/@open-draft/until/-/until-2.1.0.tgz",
+      "integrity": "sha512-U69T3ItWHvLwGg5eJ0n3I62nWuE6ilHlmz7zM0npLBRvPRd7e6NYmg54vvRtP5mZG7kZqZCFVdsTWo7BPtBujg==",
+      "license": "MIT"
+    },
+    "node_modules/@selderee/plugin-htmlparser2": {
+      "version": "0.11.0",
+      "resolved": "https://registry.npmjs.org/@selderee/plugin-htmlparser2/-/plugin-htmlparser2-0.11.0.tgz",
+      "integrity": "sha512-P33hHGdldxGabLFjPPpaTxVolMrzrcegejx+0GxjrIb9Zv48D8yAIA/QTDR2dFl7Uz7urX8aX6+5bCZslr+gWQ==",
+      "license": "MIT",
+      "dependencies": {
+        "domhandler": "^5.0.3",
+        "selderee": "^0.11.0"
+      },
+      "funding": {
+        "url": "https://ko-fi.com/killymxi"
+      }
+    },
+    "node_modules/@supabase/auth-js": {
+      "version": "2.104.0",
+      "resolved": "https://registry.npmjs.org/@supabase/auth-js/-/auth-js-2.104.0.tgz",
+      "integrity": "sha512-Vs0ndL+s5an7rOmXtS/nbYnGXL8m+KXlCSrPIcw9bR96ma6qyLYILnE6syuM+rpDnf+Tg4PVNxNB2+oDwoy6mA==",
+      "license": "MIT",
+      "dependencies": {
+        "tslib": "2.8.1"
+      },
+      "engines": {
+        "node": ">=20.0.0"
+      }
+    },
+    "node_modules/@supabase/functions-js": {
+      "version": "2.104.0",
+      "resolved": "https://registry.npmjs.org/@supabase/functions-js/-/functions-js-2.104.0.tgz",
+      "integrity": "sha512-O8EyEz/RT1kfWhyJNpVc/VbLeBsohHGBVif/CI83zoMB+Iul/t/NIekH1/7RsH6kuO+b2D4wJhfiaW8Qr47sRg==",
+      "license": "MIT",
+      "dependencies": {
+        "tslib": "2.8.1"
+      },
+      "engines": {
+        "node": ">=20.0.0"
+      }
+    },
+    "node_modules/@supabase/phoenix": {
+      "version": "0.4.0",
+      "resolved": "https://registry.npmjs.org/@supabase/phoenix/-/phoenix-0.4.0.tgz",
+      "integrity": "sha512-RHSx8bHS02xwfHdAbX5Lpbo6PXbgyf7lTaXTlwtFDPwOIw64NnVRwFAXGojHhjtVYI+PEPNSWwkL90f4agN3bw==",
+      "license": "MIT"
+    },
+    "node_modules/@supabase/postgrest-js": {
+      "version": "2.104.0",
+      "resolved": "https://registry.npmjs.org/@supabase/postgrest-js/-/postgrest-js-2.104.0.tgz",
+      "integrity": "sha512-ynylEq6wduQEycj6pL3P+/yIfDQ+CTnBC5I6p+PzcAO2ybj9coAITVtMfboi+g/dacgMslN5MH73rXsRMB29+Q==",
+      "license": "MIT",
+      "dependencies": {
+        "tslib": "2.8.1"
+      },
+      "engines": {
+        "node": ">=20.0.0"
+      }
+    },
+    "node_modules/@supabase/realtime-js": {
+      "version": "2.104.0",
+      "resolved": "https://registry.npmjs.org/@supabase/realtime-js/-/realtime-js-2.104.0.tgz",
+      "integrity": "sha512-9fUVDoTVAhn7a79+AmEx+asUlRtf2yBrji7TQckcKn/WK4hvAA9Lia9er+lnhuz3WNiF1x6kkA4x7bRCJrU+KA==",
+      "license": "MIT",
+      "dependencies": {
+        "@supabase/phoenix": "^0.4.0",
+        "@types/ws": "^8.18.1",
+        "tslib": "2.8.1",
+        "ws": "^8.18.2"
+      },
+      "engines": {
+        "node": ">=20.0.0"
+      }
+    },
+    "node_modules/@supabase/storage-js": {
+      "version": "2.104.0",
+      "resolved": "https://registry.npmjs.org/@supabase/storage-js/-/storage-js-2.104.0.tgz",
+      "integrity": "sha512-s2NHtuAWb9nldJ/fS62WnJE6edvCWn31rrO+FJKlAohs99qdVgtLegUReTU2H9WnZiQlVqaBtu386wt6/6lrRw==",
+      "license": "MIT",
+      "dependencies": {
+        "iceberg-js": "^0.8.1",
+        "tslib": "2.8.1"
+      },
+      "engines": {
+        "node": ">=20.0.0"
+      }
+    },
+    "node_modules/@supabase/supabase-js": {
+      "version": "2.104.0",
+      "resolved": "https://registry.npmjs.org/@supabase/supabase-js/-/supabase-js-2.104.0.tgz",
+      "integrity": "sha512-hILwhIjCB53G31jlHUe73NDEmrXudcjcYlVRuvNfEhzf0gyFQaFf7j6rd1UGmYZkFMOg//DFE8Iy9ZbNEgosVw==",
+      "license": "MIT",
+      "dependencies": {
+        "@supabase/auth-js": "2.104.0",
+        "@supabase/functions-js": "2.104.0",
+        "@supabase/postgrest-js": "2.104.0",
+        "@supabase/realtime-js": "2.104.0",
+        "@supabase/storage-js": "2.104.0"
+      },
+      "engines": {
+        "node": ">=20.0.0"
+      }
+    },
+    "node_modules/@types/eventsource": {
+      "version": "1.1.15",
+      "resolved": "https://registry.npmjs.org/@types/eventsource/-/eventsource-1.1.15.tgz",
+      "integrity": "sha512-XQmGcbnxUNa06HR3VBVkc9+A2Vpi9ZyLJcdS5dwaQQ/4ZMWFO+5c90FnMUpbtMZwB/FChoYHwuVg8TvkECacTA==",
+      "license": "MIT"
+    },
+    "node_modules/@types/node": {
+      "version": "25.6.0",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-25.6.0.tgz",
+      "integrity": "sha512-+qIYRKdNYJwY3vRCZMdJbPLJAtGjQBudzZzdzwQYkEPQd+PJGixUL5QfvCLDaULoLv+RhT3LDkwEfKaAkgSmNQ==",
+      "license": "MIT",
+      "dependencies": {
+        "undici-types": "~7.19.0"
+      }
+    },
+    "node_modules/@types/set-cookie-parser": {
+      "version": "2.4.10",
+      "resolved": "https://registry.npmjs.org/@types/set-cookie-parser/-/set-cookie-parser-2.4.10.tgz",
+      "integrity": "sha512-GGmQVGpQWUe5qglJozEjZV/5dyxbOOZ0LHe/lqyWssB88Y4svNfst0uqBVscdDeIKl5Jy5+aPSvy7mI9tYRguw==",
+      "license": "MIT",
+      "dependencies": {
+        "@types/node": "*"
+      }
+    },
+    "node_modules/@types/statuses": {
+      "version": "2.0.6",
+      "resolved": "https://registry.npmjs.org/@types/statuses/-/statuses-2.0.6.tgz",
+      "integrity": "sha512-xMAgYwceFhRA2zY+XbEA7mxYbA093wdiW8Vu6gZPGWy9cmOyU9XesH1tNcEWsKFd5Vzrqx5T3D38PWx1FIIXkA==",
+      "license": "MIT"
+    },
+    "node_modules/@types/ws": {
+      "version": "8.18.1",
+      "resolved": "https://registry.npmjs.org/@types/ws/-/ws-8.18.1.tgz",
+      "integrity": "sha512-ThVF6DCVhA8kUGy+aazFQ4kXQ7E1Ty7A3ypFOe0IcJV8O/M511G99AW24irKrW56Wt44yG9+ij8FaqoBGkuBXg==",
+      "license": "MIT",
+      "dependencies": {
+        "@types/node": "*"
+      }
+    },
+    "node_modules/accepts": {
+      "version": "1.3.8",
+      "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz",
+      "integrity": "sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw==",
+      "license": "MIT",
+      "dependencies": {
+        "mime-types": "~2.1.34",
+        "negotiator": "0.6.3"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/ansi-regex": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz",
+      "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "license": "MIT",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/array-flatten": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz",
+      "integrity": "sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg==",
+      "license": "MIT"
+    },
+    "node_modules/body-parser": {
+      "version": "1.20.4",
+      "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.4.tgz",
+      "integrity": "sha512-ZTgYYLMOXY9qKU/57FAo8F+HA2dGX7bqGc71txDRC1rS4frdFI5R7NhluHxH6M0YItAP0sHB4uqAOcYKxO6uGA==",
+      "license": "MIT",
+      "dependencies": {
+        "bytes": "~3.1.2",
+        "content-type": "~1.0.5",
+        "debug": "2.6.9",
+        "depd": "2.0.0",
+        "destroy": "~1.2.0",
+        "http-errors": "~2.0.1",
+        "iconv-lite": "~0.4.24",
+        "on-finished": "~2.4.1",
+        "qs": "~6.14.0",
+        "raw-body": "~2.5.3",
+        "type-is": "~1.6.18",
+        "unpipe": "~1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.8",
+        "npm": "1.2.8000 || >= 1.4.16"
+      }
+    },
+    "node_modules/bufferutil": {
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/bufferutil/-/bufferutil-4.1.0.tgz",
+      "integrity": "sha512-ZMANVnAixE6AWWnPzlW2KpUrxhm9woycYvPOo67jWHyFowASTEd9s+QN1EIMsSDtwhIxN4sWE1jotpuDUIgyIw==",
+      "hasInstallScript": true,
+      "license": "MIT",
+      "dependencies": {
+        "node-gyp-build": "^4.3.0"
+      },
+      "engines": {
+        "node": ">=6.14.2"
+      }
+    },
+    "node_modules/bytes": {
+      "version": "3.1.2",
+      "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz",
+      "integrity": "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/call-bind-apply-helpers": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz",
+      "integrity": "sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ==",
+      "license": "MIT",
+      "dependencies": {
+        "es-errors": "^1.3.0",
+        "function-bind": "^1.1.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/call-bound": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/call-bound/-/call-bound-1.0.4.tgz",
+      "integrity": "sha512-+ys997U96po4Kx/ABpBCqhA9EuxJaQWDQg7295H4hBphv3IZg0boBKuwYpt4YXp6MZ5AmZQnU/tyMTlRpaSejg==",
+      "license": "MIT",
+      "dependencies": {
+        "call-bind-apply-helpers": "^1.0.2",
+        "get-intrinsic": "^1.3.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/cli-width": {
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/cli-width/-/cli-width-4.1.0.tgz",
+      "integrity": "sha512-ouuZd4/dm2Sw5Gmqy6bGyNNNe1qt9RpmxveLSO7KcgsTnU7RXfsw+/bukWGo1abgBiMAic068rclZsO4IWmmxQ==",
+      "license": "ISC",
+      "engines": {
+        "node": ">= 12"
+      }
+    },
+    "node_modules/cliui": {
+      "version": "8.0.1",
+      "resolved": "https://registry.npmjs.org/cliui/-/cliui-8.0.1.tgz",
+      "integrity": "sha512-BSeNnyus75C4//NQ9gQt1/csTXyo/8Sb+afLAkzAptFuMsod9HFokGNudZpi/oQV73hnVK+sR+5PVRMd+Dr7YQ==",
+      "license": "ISC",
+      "dependencies": {
+        "string-width": "^4.2.0",
+        "strip-ansi": "^6.0.1",
+        "wrap-ansi": "^7.0.0"
+      },
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "license": "MIT",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==",
+      "license": "MIT"
+    },
+    "node_modules/content-disposition": {
+      "version": "0.5.4",
+      "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz",
+      "integrity": "sha512-FveZTNuGw04cxlAiWbzi6zTAL/lhehaWbTtgluJh4/E95DqMwTmha3KZN1aAWA8cFIhHzMZUvLevkw5Rqk+tSQ==",
+      "license": "MIT",
+      "dependencies": {
+        "safe-buffer": "5.2.1"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/content-type": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz",
+      "integrity": "sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/cookie": {
+      "version": "0.7.2",
+      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.2.tgz",
+      "integrity": "sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/cookie-signature": {
+      "version": "1.0.7",
+      "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.7.tgz",
+      "integrity": "sha512-NXdYc3dLr47pBkpUCHtKSwIOQXLVn8dZEuywboCOJY/osA0wFSLlSawr3KN8qXJEyX66FcONTH8EIlVuK0yyFA==",
+      "license": "MIT"
+    },
+    "node_modules/data-uri-to-buffer": {
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/data-uri-to-buffer/-/data-uri-to-buffer-4.0.1.tgz",
+      "integrity": "sha512-0R9ikRb668HB7QDxT1vkpuUBtqc53YyAwMwGeUFKRojY/NWKvdZ+9UYtRfGmhqNbRkTSVpMbmyhXipFFv2cb/A==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 12"
+      }
+    },
+    "node_modules/debug": {
+      "version": "2.6.9",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
+      "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==",
+      "license": "MIT",
+      "dependencies": {
+        "ms": "2.0.0"
+      }
+    },
+    "node_modules/deepmerge": {
+      "version": "4.3.1",
+      "resolved": "https://registry.npmjs.org/deepmerge/-/deepmerge-4.3.1.tgz",
+      "integrity": "sha512-3sUqbMEc77XqpdNO7FRyRog+eW3ph+GYCbj+rK+uYyRMuwsVy0rMiVtPn+QJlKFvWP/1PYpapqYn0Me2knFn+A==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/depd": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz",
+      "integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/destroy": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/destroy/-/destroy-1.2.0.tgz",
+      "integrity": "sha512-2sJGJTaXIIaR1w4iJSNoN0hnMY7Gpc/n8D4qSCJw8QqFWXf7cuAgnEHxBpweaVcPevC2l3KpjYCx3NypQQgaJg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8",
+        "npm": "1.2.8000 || >= 1.4.16"
+      }
+    },
+    "node_modules/dom-serializer": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-2.0.0.tgz",
+      "integrity": "sha512-wIkAryiqt/nV5EQKqQpo3SToSOV9J0DnbJqwK7Wv/Trc92zIAYZ4FlMu+JPFW1DfGFt81ZTCGgDEabffXeLyJg==",
+      "license": "MIT",
+      "dependencies": {
+        "domelementtype": "^2.3.0",
+        "domhandler": "^5.0.2",
+        "entities": "^4.2.0"
+      },
+      "funding": {
+        "url": "https://github.com/cheeriojs/dom-serializer?sponsor=1"
+      }
+    },
+    "node_modules/domelementtype": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/domelementtype/-/domelementtype-2.3.0.tgz",
+      "integrity": "sha512-OLETBj6w0OsagBwdXnPdN0cnMfF9opN69co+7ZrbfPGrdpPVNBUj02spi6B1N7wChLQiPn4CSH/zJvXw56gmHw==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/fb55"
+        }
+      ],
+      "license": "BSD-2-Clause"
+    },
+    "node_modules/domhandler": {
+      "version": "5.0.3",
+      "resolved": "https://registry.npmjs.org/domhandler/-/domhandler-5.0.3.tgz",
+      "integrity": "sha512-cgwlv/1iFQiFnU96XXgROh8xTeetsnJiDsTc7TYCLFd9+/WNkIqPTxiM/8pSd8VIrhXGTf1Ny1q1hquVqDJB5w==",
+      "license": "BSD-2-Clause",
+      "dependencies": {
+        "domelementtype": "^2.3.0"
+      },
+      "engines": {
+        "node": ">= 4"
+      },
+      "funding": {
+        "url": "https://github.com/fb55/domhandler?sponsor=1"
+      }
+    },
+    "node_modules/domutils": {
+      "version": "3.2.2",
+      "resolved": "https://registry.npmjs.org/domutils/-/domutils-3.2.2.tgz",
+      "integrity": "sha512-6kZKyUajlDuqlHKVX1w7gyslj9MPIXzIFiz/rGu35uC1wMi+kMhQwGhl4lt9unC9Vb9INnY9Z3/ZA3+FhASLaw==",
+      "license": "BSD-2-Clause",
+      "dependencies": {
+        "dom-serializer": "^2.0.0",
+        "domelementtype": "^2.3.0",
+        "domhandler": "^5.0.3"
+      },
+      "funding": {
+        "url": "https://github.com/fb55/domutils?sponsor=1"
+      }
+    },
+    "node_modules/dunder-proto": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/dunder-proto/-/dunder-proto-1.0.1.tgz",
+      "integrity": "sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A==",
+      "license": "MIT",
+      "dependencies": {
+        "call-bind-apply-helpers": "^1.0.1",
+        "es-errors": "^1.3.0",
+        "gopd": "^1.2.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/ee-first": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz",
+      "integrity": "sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow==",
+      "license": "MIT"
+    },
+    "node_modules/emoji-regex": {
+      "version": "8.0.0",
+      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz",
+      "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==",
+      "license": "MIT"
+    },
+    "node_modules/encodeurl": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-2.0.0.tgz",
+      "integrity": "sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/entities": {
+      "version": "4.5.0",
+      "resolved": "https://registry.npmjs.org/entities/-/entities-4.5.0.tgz",
+      "integrity": "sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw==",
+      "license": "BSD-2-Clause",
+      "engines": {
+        "node": ">=0.12"
+      },
+      "funding": {
+        "url": "https://github.com/fb55/entities?sponsor=1"
+      }
+    },
+    "node_modules/es-define-property": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.1.tgz",
+      "integrity": "sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/es-errors": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz",
+      "integrity": "sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/es-object-atoms": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/es-object-atoms/-/es-object-atoms-1.1.1.tgz",
+      "integrity": "sha512-FGgH2h8zKNim9ljj7dankFPcICIK9Cp5bm+c2gQSYePhpaG5+esrLODihIorn+Pe6FGJzWhXQotPv73jTaldXA==",
+      "license": "MIT",
+      "dependencies": {
+        "es-errors": "^1.3.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/escalade": {
+      "version": "3.2.0",
+      "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.2.0.tgz",
+      "integrity": "sha512-WUj2qlxaQtO4g6Pq5c29GTcWGDyd8itL8zTlipgECz3JesAiiOKotd8JU6otB3PACgG6xkJUyVhboMS+bje/jA==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/escape-html": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz",
+      "integrity": "sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow==",
+      "license": "MIT"
+    },
+    "node_modules/etag": {
+      "version": "1.8.1",
+      "resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz",
+      "integrity": "sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/eventsource": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/eventsource/-/eventsource-2.0.2.tgz",
+      "integrity": "sha512-IzUmBGPR3+oUG9dUeXynyNmf91/3zUSJg1lCktzKw47OXuhco54U3r9B7O4XX+Rb1Itm9OZ2b0RkTs10bICOxA==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=12.0.0"
+      }
+    },
+    "node_modules/express": {
+      "version": "4.22.1",
+      "resolved": "https://registry.npmjs.org/express/-/express-4.22.1.tgz",
+      "integrity": "sha512-F2X8g9P1X7uCPZMA3MVf9wcTqlyNp7IhH5qPCI0izhaOIYXaW9L535tGA3qmjRzpH+bZczqq7hVKxTR4NWnu+g==",
+      "license": "MIT",
+      "dependencies": {
+        "accepts": "~1.3.8",
+        "array-flatten": "1.1.1",
+        "body-parser": "~1.20.3",
+        "content-disposition": "~0.5.4",
+        "content-type": "~1.0.4",
+        "cookie": "~0.7.1",
+        "cookie-signature": "~1.0.6",
+        "debug": "2.6.9",
+        "depd": "2.0.0",
+        "encodeurl": "~2.0.0",
+        "escape-html": "~1.0.3",
+        "etag": "~1.8.1",
+        "finalhandler": "~1.3.1",
+        "fresh": "~0.5.2",
+        "http-errors": "~2.0.0",
+        "merge-descriptors": "1.0.3",
+        "methods": "~1.1.2",
+        "on-finished": "~2.4.1",
+        "parseurl": "~1.3.3",
+        "path-to-regexp": "~0.1.12",
+        "proxy-addr": "~2.0.7",
+        "qs": "~6.14.0",
+        "range-parser": "~1.2.1",
+        "safe-buffer": "5.2.1",
+        "send": "~0.19.0",
+        "serve-static": "~1.16.2",
+        "setprototypeof": "1.2.0",
+        "statuses": "~2.0.1",
+        "type-is": "~1.6.18",
+        "utils-merge": "1.0.1",
+        "vary": "~1.1.2"
+      },
+      "engines": {
+        "node": ">= 0.10.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/express"
+      }
+    },
+    "node_modules/express-rate-limit": {
+      "version": "8.3.2",
+      "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-8.3.2.tgz",
+      "integrity": "sha512-77VmFeJkO0/rvimEDuUC5H30oqUC4EyOhyGccfqoLebB0oiEYfM7nwPrsDsBL1gsTpwfzX8SFy2MT3TDyRq+bg==",
+      "license": "MIT",
+      "dependencies": {
+        "ip-address": "10.1.0"
+      },
+      "engines": {
+        "node": ">= 16"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/express-rate-limit"
+      },
+      "peerDependencies": {
+        "express": ">= 4.11"
+      }
+    },
+    "node_modules/fast-string-truncated-width": {
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/fast-string-truncated-width/-/fast-string-truncated-width-3.0.3.tgz",
+      "integrity": "sha512-0jjjIEL6+0jag3l2XWWizO64/aZVtpiGE3t0Zgqxv0DPuxiMjvB3M24fCyhZUO4KomJQPj3LTSUnDP3GpdwC0g==",
+      "license": "MIT"
+    },
+    "node_modules/fast-string-width": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/fast-string-width/-/fast-string-width-3.0.2.tgz",
+      "integrity": "sha512-gX8LrtNEI5hq8DVUfRQMbr5lpaS4nMIWV+7XEbXk2b8kiQIizgnlr12B4dA3ZEx3308ze0O4Q1R+cHts8kyUJg==",
+      "license": "MIT",
+      "dependencies": {
+        "fast-string-truncated-width": "^3.0.2"
+      }
+    },
+    "node_modules/fast-wrap-ansi": {
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/fast-wrap-ansi/-/fast-wrap-ansi-0.2.0.tgz",
+      "integrity": "sha512-rLV8JHxTyhVmFYhBJuMujcrHqOT2cnO5Zxj37qROj23CP39GXubJRBUFF0z8KFK77Uc0SukZUf7JZhsVEQ6n8w==",
+      "license": "MIT",
+      "dependencies": {
+        "fast-string-width": "^3.0.2"
+      }
+    },
+    "node_modules/fetch-blob": {
+      "version": "3.2.0",
+      "resolved": "https://registry.npmjs.org/fetch-blob/-/fetch-blob-3.2.0.tgz",
+      "integrity": "sha512-7yAQpD2UMJzLi1Dqv7qFYnPbaPx7ZfFK6PiIxQ4PfkGPyNyl2Ugx+a/umUonmKqjhM4DnfbMvdX6otXq83soQQ==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/jimmywarting"
+        },
+        {
+          "type": "paypal",
+          "url": "https://paypal.me/jimmywarting"
+        }
+      ],
+      "license": "MIT",
+      "dependencies": {
+        "node-domexception": "^1.0.0",
+        "web-streams-polyfill": "^3.0.3"
+      },
+      "engines": {
+        "node": "^12.20 || >= 14.13"
+      }
+    },
+    "node_modules/finalhandler": {
+      "version": "1.3.2",
+      "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.3.2.tgz",
+      "integrity": "sha512-aA4RyPcd3badbdABGDuTXCMTtOneUCAYH/gxoYRTZlIJdF0YPWuGqiAsIrhNnnqdXGswYk6dGujem4w80UJFhg==",
+      "license": "MIT",
+      "dependencies": {
+        "debug": "2.6.9",
+        "encodeurl": "~2.0.0",
+        "escape-html": "~1.0.3",
+        "on-finished": "~2.4.1",
+        "parseurl": "~1.3.3",
+        "statuses": "~2.0.2",
+        "unpipe": "~1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/formdata-polyfill": {
+      "version": "4.0.10",
+      "resolved": "https://registry.npmjs.org/formdata-polyfill/-/formdata-polyfill-4.0.10.tgz",
+      "integrity": "sha512-buewHzMvYL29jdeQTVILecSaZKnt/RJWjoZCF5OW60Z67/GmSLBkOFM7qh1PI3zFNtJbaZL5eQu1vLfazOwj4g==",
+      "license": "MIT",
+      "dependencies": {
+        "fetch-blob": "^3.1.2"
+      },
+      "engines": {
+        "node": ">=12.20.0"
+      }
+    },
+    "node_modules/forwarded": {
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz",
+      "integrity": "sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/fresh": {
+      "version": "0.5.2",
+      "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz",
+      "integrity": "sha512-zJ2mQYM18rEFOudeV4GShTGIQ7RbzA7ozbU9I/XBpm7kqgMywgmylMwXHxZJmkVoYkna9d2pVXVXPdYTP9ej8Q==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/function-bind": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz",
+      "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==",
+      "license": "MIT",
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/get-caller-file": {
+      "version": "2.0.5",
+      "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz",
+      "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==",
+      "license": "ISC",
+      "engines": {
+        "node": "6.* || 8.* || >= 10.*"
+      }
+    },
+    "node_modules/get-intrinsic": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.3.0.tgz",
+      "integrity": "sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ==",
+      "license": "MIT",
+      "dependencies": {
+        "call-bind-apply-helpers": "^1.0.2",
+        "es-define-property": "^1.0.1",
+        "es-errors": "^1.3.0",
+        "es-object-atoms": "^1.1.1",
+        "function-bind": "^1.1.2",
+        "get-proto": "^1.0.1",
+        "gopd": "^1.2.0",
+        "has-symbols": "^1.1.0",
+        "hasown": "^2.0.2",
+        "math-intrinsics": "^1.1.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/get-proto": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/get-proto/-/get-proto-1.0.1.tgz",
+      "integrity": "sha512-sTSfBjoXBp89JvIKIefqw7U2CCebsc74kiY6awiGogKtoSGbgjYE/G/+l9sF3MWFPNc9IcoOC4ODfKHfxFmp0g==",
+      "license": "MIT",
+      "dependencies": {
+        "dunder-proto": "^1.0.1",
+        "es-object-atoms": "^1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/gopd": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/gopd/-/gopd-1.2.0.tgz",
+      "integrity": "sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/graphql": {
+      "version": "16.13.2",
+      "resolved": "https://registry.npmjs.org/graphql/-/graphql-16.13.2.tgz",
+      "integrity": "sha512-5bJ+nf/UCpAjHM8i06fl7eLyVC9iuNAjm9qzkiu2ZGhM0VscSvS6WDPfAwkdkBuoXGM9FJSbKl6wylMwP9Ktig==",
+      "license": "MIT",
+      "engines": {
+        "node": "^12.22.0 || ^14.16.0 || ^16.0.0 || >=17.0.0"
+      }
+    },
+    "node_modules/has-symbols": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.1.0.tgz",
+      "integrity": "sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/hasown": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.3.tgz",
+      "integrity": "sha512-ej4AhfhfL2Q2zpMmLo7U1Uv9+PyhIZpgQLGT1F9miIGmiCJIoCgSmczFdrc97mWT4kVY72KA+WnnhJ5pghSvSg==",
+      "license": "MIT",
+      "dependencies": {
+        "function-bind": "^1.1.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/headers-polyfill": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/headers-polyfill/-/headers-polyfill-5.0.1.tgz",
+      "integrity": "sha512-1TJ6Fih/b8h5TIcv+1+Hw0PDQWJTKDKzFZzcKOiW1wJza3XoAQlkCuXLbymPYB8+ZQyw8mHvdw560e8zVFIWyA==",
+      "license": "MIT",
+      "dependencies": {
+        "@types/set-cookie-parser": "^2.4.10",
+        "set-cookie-parser": "^3.0.1"
+      }
+    },
+    "node_modules/html-to-text": {
+      "version": "9.0.5",
+      "resolved": "https://registry.npmjs.org/html-to-text/-/html-to-text-9.0.5.tgz",
+      "integrity": "sha512-qY60FjREgVZL03vJU6IfMV4GDjGBIoOyvuFdpBDIX9yTlDw0TjxVBQp+P8NvpdIXNJvfWBTNul7fsAQJq2FNpg==",
+      "license": "MIT",
+      "dependencies": {
+        "@selderee/plugin-htmlparser2": "^0.11.0",
+        "deepmerge": "^4.3.1",
+        "dom-serializer": "^2.0.0",
+        "htmlparser2": "^8.0.2",
+        "selderee": "^0.11.0"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/htmlparser2": {
+      "version": "8.0.2",
+      "resolved": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-8.0.2.tgz",
+      "integrity": "sha512-GYdjWKDkbRLkZ5geuHs5NY1puJ+PXwP7+fHPRz06Eirsb9ugf6d8kkXav6ADhcODhFFPMIXyxkxSuMf3D6NCFA==",
+      "funding": [
+        "https://github.com/fb55/htmlparser2?sponsor=1",
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/fb55"
+        }
+      ],
+      "license": "MIT",
+      "dependencies": {
+        "domelementtype": "^2.3.0",
+        "domhandler": "^5.0.3",
+        "domutils": "^3.0.1",
+        "entities": "^4.4.0"
+      }
+    },
+    "node_modules/http-errors": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.1.tgz",
+      "integrity": "sha512-4FbRdAX+bSdmo4AUFuS0WNiPz8NgFt+r8ThgNWmlrjQjt1Q7ZR9+zTlce2859x4KSXrwIsaeTqDoKQmtP8pLmQ==",
+      "license": "MIT",
+      "dependencies": {
+        "depd": "~2.0.0",
+        "inherits": "~2.0.4",
+        "setprototypeof": "~1.2.0",
+        "statuses": "~2.0.2",
+        "toidentifier": "~1.0.1"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/express"
+      }
+    },
+    "node_modules/iceberg-js": {
+      "version": "0.8.1",
+      "resolved": "https://registry.npmjs.org/iceberg-js/-/iceberg-js-0.8.1.tgz",
+      "integrity": "sha512-1dhVQZXhcHje7798IVM+xoo/1ZdVfzOMIc8/rgVSijRK38EDqOJoGula9N/8ZI5RD8QTxNQtK/Gozpr+qUqRRA==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=20.0.0"
+      }
+    },
+    "node_modules/iconv-lite": {
+      "version": "0.4.24",
+      "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz",
+      "integrity": "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==",
+      "license": "MIT",
+      "dependencies": {
+        "safer-buffer": ">= 2.1.2 < 3"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/inherits": {
+      "version": "2.0.4",
+      "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz",
+      "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==",
+      "license": "ISC"
+    },
+    "node_modules/ip-address": {
+      "version": "10.1.0",
+      "resolved": "https://registry.npmjs.org/ip-address/-/ip-address-10.1.0.tgz",
+      "integrity": "sha512-XXADHxXmvT9+CRxhXg56LJovE+bmWnEWB78LB83VZTprKTmaC5QfruXocxzTZ2Kl0DNwKuBdlIhjL8LeY8Sf8Q==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 12"
+      }
+    },
+    "node_modules/ipaddr.js": {
+      "version": "1.9.1",
+      "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz",
+      "integrity": "sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.10"
+      }
+    },
+    "node_modules/is-fullwidth-code-point": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz",
+      "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/is-node-process": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/is-node-process/-/is-node-process-1.2.0.tgz",
+      "integrity": "sha512-Vg4o6/fqPxIjtxgUH5QLJhwZ7gW5diGCVlXpuUfELC62CuxM1iHcRe51f2W1FDy04Ai4KJkagKjx3XaqyfRKXw==",
+      "license": "MIT"
+    },
+    "node_modules/leac": {
+      "version": "0.6.0",
+      "resolved": "https://registry.npmjs.org/leac/-/leac-0.6.0.tgz",
+      "integrity": "sha512-y+SqErxb8h7nE/fiEX07jsbuhrpO9lL8eca7/Y1nuWV2moNlXhyd59iDGcRf6moVyDMbmTNzL40SUyrFU/yDpg==",
+      "license": "MIT",
+      "funding": {
+        "url": "https://ko-fi.com/killymxi"
+      }
+    },
+    "node_modules/math-intrinsics": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/math-intrinsics/-/math-intrinsics-1.1.0.tgz",
+      "integrity": "sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/media-typer": {
+      "version": "0.3.0",
+      "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz",
+      "integrity": "sha512-dq+qelQ9akHpcOl/gUVRTxVIOkAJ1wR3QAvb4RsVjS8oVoFjDGTc679wJYmUmknUF5HwMLOgb5O+a3KxfWapPQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/merge-descriptors": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.3.tgz",
+      "integrity": "sha512-gaNvAS7TZ897/rVaZ0nMtAyxNyi/pdbjbAwUpFQpN70GqnVfOiXpeUUMKRBmzXaSQ8DdTX4/0ms62r2K+hE6mQ==",
+      "license": "MIT",
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/methods": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz",
+      "integrity": "sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/mime": {
+      "version": "1.6.0",
+      "resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz",
+      "integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==",
+      "license": "MIT",
+      "bin": {
+        "mime": "cli.js"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/mime-db": {
+      "version": "1.52.0",
+      "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz",
+      "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/mime-types": {
+      "version": "2.1.35",
+      "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz",
+      "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==",
+      "license": "MIT",
+      "dependencies": {
+        "mime-db": "1.52.0"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/ms": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
+      "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==",
+      "license": "MIT"
+    },
+    "node_modules/msw": {
+      "version": "2.13.4",
+      "resolved": "https://registry.npmjs.org/msw/-/msw-2.13.4.tgz",
+      "integrity": "sha512-fPlKBeFe+8rpcyR3umUmmHuNwu6gc6T3STvkgEa9WDX/HEgal9wDeflpCUAIRtmvaLZM2igfI5y1bZ9G5J26KA==",
+      "hasInstallScript": true,
+      "license": "MIT",
+      "dependencies": {
+        "@inquirer/confirm": "^6.0.11",
+        "@mswjs/interceptors": "^0.41.3",
+        "@open-draft/deferred-promise": "^3.0.0",
+        "@types/statuses": "^2.0.6",
+        "cookie": "^1.1.1",
+        "graphql": "^16.13.2",
+        "headers-polyfill": "^5.0.1",
+        "is-node-process": "^1.2.0",
+        "outvariant": "^1.4.3",
+        "path-to-regexp": "^6.3.0",
+        "picocolors": "^1.1.1",
+        "rettime": "^0.11.7",
+        "statuses": "^2.0.2",
+        "strict-event-emitter": "^0.5.1",
+        "tough-cookie": "^6.0.1",
+        "type-fest": "^5.5.0",
+        "until-async": "^3.0.2",
+        "yargs": "^17.7.2"
+      },
+      "bin": {
+        "msw": "cli/index.js"
+      },
+      "engines": {
+        "node": ">=18"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/mswjs"
+      },
+      "peerDependencies": {
+        "typescript": ">= 4.8.x"
+      },
+      "peerDependenciesMeta": {
+        "typescript": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/msw/node_modules/cookie": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/cookie/-/cookie-1.1.1.tgz",
+      "integrity": "sha512-ei8Aos7ja0weRpFzJnEA9UHJ/7XQmqglbRwnf2ATjcB9Wq874VKH9kfjjirM6UhU2/E5fFYadylyhFldcqSidQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=18"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/express"
+      }
+    },
+    "node_modules/msw/node_modules/path-to-regexp": {
+      "version": "6.3.0",
+      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-6.3.0.tgz",
+      "integrity": "sha512-Yhpw4T9C6hPpgPeA28us07OJeqZ5EzQTkbfwuhsUg0c237RomFoETJgmp2sa3F/41gfLE6G5cqcYwznmeEeOlQ==",
+      "license": "MIT"
+    },
+    "node_modules/mute-stream": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/mute-stream/-/mute-stream-3.0.0.tgz",
+      "integrity": "sha512-dkEJPVvun4FryqBmZ5KhDo0K9iDXAwn08tMLDinNdRBNPcYEDiWYysLcc6k3mjTMlbP9KyylvRpd4wFtwrT9rw==",
+      "license": "ISC",
+      "engines": {
+        "node": "^20.17.0 || >=22.9.0"
+      }
+    },
+    "node_modules/negotiator": {
+      "version": "0.6.3",
+      "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz",
+      "integrity": "sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/node-domexception": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/node-domexception/-/node-domexception-1.0.0.tgz",
+      "integrity": "sha512-/jKZoMpw0F8GRwl4/eLROPA3cfcXtLApP0QzLmUT/HuPCZWyB7IY9ZrMeKw2O/nFIqPQB3PVM9aYm0F312AXDQ==",
+      "deprecated": "Use your platform's native DOMException instead",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/jimmywarting"
+        },
+        {
+          "type": "github",
+          "url": "https://paypal.me/jimmywarting"
+        }
+      ],
+      "license": "MIT",
+      "engines": {
+        "node": ">=10.5.0"
+      }
+    },
+    "node_modules/node-fetch": {
+      "version": "3.3.2",
+      "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-3.3.2.tgz",
+      "integrity": "sha512-dRB78srN/l6gqWulah9SrxeYnxeddIG30+GOqK/9OlLVyLg3HPnr6SqOWTWOXKRwC2eGYCkZ59NNuSgvSrpgOA==",
+      "license": "MIT",
+      "dependencies": {
+        "data-uri-to-buffer": "^4.0.0",
+        "fetch-blob": "^3.1.4",
+        "formdata-polyfill": "^4.0.10"
+      },
+      "engines": {
+        "node": "^12.20.0 || ^14.13.1 || >=16.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/node-fetch"
+      }
+    },
+    "node_modules/node-gyp-build": {
+      "version": "4.8.4",
+      "resolved": "https://registry.npmjs.org/node-gyp-build/-/node-gyp-build-4.8.4.tgz",
+      "integrity": "sha512-LA4ZjwlnUblHVgq0oBF3Jl/6h/Nvs5fzBLwdEF4nuxnFdsfajde4WfxtJr3CaiH+F6ewcIB/q4jQ4UzPyid+CQ==",
+      "license": "MIT",
+      "bin": {
+        "node-gyp-build": "bin.js",
+        "node-gyp-build-optional": "optional.js",
+        "node-gyp-build-test": "build-test.js"
+      }
+    },
+    "node_modules/object-inspect": {
+      "version": "1.13.4",
+      "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.4.tgz",
+      "integrity": "sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/on-finished": {
+      "version": "2.4.1",
+      "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz",
+      "integrity": "sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg==",
+      "license": "MIT",
+      "dependencies": {
+        "ee-first": "1.1.1"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/openai": {
+      "version": "6.34.0",
+      "resolved": "https://registry.npmjs.org/openai/-/openai-6.34.0.tgz",
+      "integrity": "sha512-yEr2jdGf4tVFYG6ohmr3pF6VJuveP0EA/sS8TBx+4Eq5NT10alu5zg2dmxMXMgqpihRDQlFGpRt2XwsGj+Fyxw==",
+      "license": "Apache-2.0",
+      "bin": {
+        "openai": "bin/cli"
+      },
+      "peerDependencies": {
+        "ws": "^8.18.0",
+        "zod": "^3.25 || ^4.0"
+      },
+      "peerDependenciesMeta": {
+        "ws": {
+          "optional": true
+        },
+        "zod": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/outvariant": {
+      "version": "1.4.3",
+      "resolved": "https://registry.npmjs.org/outvariant/-/outvariant-1.4.3.tgz",
+      "integrity": "sha512-+Sl2UErvtsoajRDKCE5/dBz4DIvHXQQnAxtQTF04OJxY0+DyZXSo5P5Bb7XYWOh81syohlYL24hbDwxedPUJCA==",
+      "license": "MIT"
+    },
+    "node_modules/parseley": {
+      "version": "0.12.1",
+      "resolved": "https://registry.npmjs.org/parseley/-/parseley-0.12.1.tgz",
+      "integrity": "sha512-e6qHKe3a9HWr0oMRVDTRhKce+bRO8VGQR3NyVwcjwrbhMmFCX9KszEV35+rn4AdilFAq9VPxP/Fe1wC9Qjd2lw==",
+      "license": "MIT",
+      "dependencies": {
+        "leac": "^0.6.0",
+        "peberminta": "^0.9.0"
+      },
+      "funding": {
+        "url": "https://ko-fi.com/killymxi"
+      }
+    },
+    "node_modules/parseurl": {
+      "version": "1.3.3",
+      "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz",
+      "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/path-to-regexp": {
+      "version": "0.1.13",
+      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.13.tgz",
+      "integrity": "sha512-A/AGNMFN3c8bOlvV9RreMdrv7jsmF9XIfDeCd87+I8RNg6s78BhJxMu69NEMHBSJFxKidViTEdruRwEk/WIKqA==",
+      "license": "MIT"
+    },
+    "node_modules/peberminta": {
+      "version": "0.9.0",
+      "resolved": "https://registry.npmjs.org/peberminta/-/peberminta-0.9.0.tgz",
+      "integrity": "sha512-XIxfHpEuSJbITd1H3EeQwpcZbTLHc+VVr8ANI9t5sit565tsI4/xK3KWTUFE2e6QiangUkh3B0jihzmGnNrRsQ==",
+      "license": "MIT",
+      "funding": {
+        "url": "https://ko-fi.com/killymxi"
+      }
+    },
+    "node_modules/pg": {
+      "version": "8.20.0",
+      "resolved": "https://registry.npmjs.org/pg/-/pg-8.20.0.tgz",
+      "integrity": "sha512-ldhMxz2r8fl/6QkXnBD3CR9/xg694oT6DZQ2s6c/RI28OjtSOpxnPrUCGOBJ46RCUxcWdx3p6kw/xnDHjKvaRA==",
+      "license": "MIT",
+      "dependencies": {
+        "pg-connection-string": "^2.12.0",
+        "pg-pool": "^3.13.0",
+        "pg-protocol": "^1.13.0",
+        "pg-types": "2.2.0",
+        "pgpass": "1.0.5"
+      },
+      "engines": {
+        "node": ">= 16.0.0"
+      },
+      "optionalDependencies": {
+        "pg-cloudflare": "^1.3.0"
+      },
+      "peerDependencies": {
+        "pg-native": ">=3.0.1"
+      },
+      "peerDependenciesMeta": {
+        "pg-native": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/pg-cloudflare": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/pg-cloudflare/-/pg-cloudflare-1.3.0.tgz",
+      "integrity": "sha512-6lswVVSztmHiRtD6I8hw4qP/nDm1EJbKMRhf3HCYaqud7frGysPv7FYJ5noZQdhQtN2xJnimfMtvQq21pdbzyQ==",
+      "license": "MIT",
+      "optional": true
+    },
+    "node_modules/pg-connection-string": {
+      "version": "2.12.0",
+      "resolved": "https://registry.npmjs.org/pg-connection-string/-/pg-connection-string-2.12.0.tgz",
+      "integrity": "sha512-U7qg+bpswf3Cs5xLzRqbXbQl85ng0mfSV/J0nnA31MCLgvEaAo7CIhmeyrmJpOr7o+zm0rXK+hNnT5l9RHkCkQ==",
+      "license": "MIT"
+    },
+    "node_modules/pg-int8": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/pg-int8/-/pg-int8-1.0.1.tgz",
+      "integrity": "sha512-WCtabS6t3c8SkpDBUlb1kjOs7l66xsGdKpIPZsg4wR+B3+u9UAum2odSsF9tnvxg80h4ZxLWMy4pRjOsFIqQpw==",
+      "license": "ISC",
+      "engines": {
+        "node": ">=4.0.0"
+      }
+    },
+    "node_modules/pg-pool": {
+      "version": "3.13.0",
+      "resolved": "https://registry.npmjs.org/pg-pool/-/pg-pool-3.13.0.tgz",
+      "integrity": "sha512-gB+R+Xud1gLFuRD/QgOIgGOBE2KCQPaPwkzBBGC9oG69pHTkhQeIuejVIk3/cnDyX39av2AxomQiyPT13WKHQA==",
+      "license": "MIT",
+      "peerDependencies": {
+        "pg": ">=8.0"
+      }
+    },
+    "node_modules/pg-protocol": {
+      "version": "1.13.0",
+      "resolved": "https://registry.npmjs.org/pg-protocol/-/pg-protocol-1.13.0.tgz",
+      "integrity": "sha512-zzdvXfS6v89r6v7OcFCHfHlyG/wvry1ALxZo4LqgUoy7W9xhBDMaqOuMiF3qEV45VqsN6rdlcehHrfDtlCPc8w==",
+      "license": "MIT"
+    },
+    "node_modules/pg-types": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/pg-types/-/pg-types-2.2.0.tgz",
+      "integrity": "sha512-qTAAlrEsl8s4OiEQY69wDvcMIdQN6wdz5ojQiOy6YRMuynxenON0O5oCpJI6lshc6scgAY8qvJ2On/p+CXY0GA==",
+      "license": "MIT",
+      "dependencies": {
+        "pg-int8": "1.0.1",
+        "postgres-array": "~2.0.0",
+        "postgres-bytea": "~1.0.0",
+        "postgres-date": "~1.0.4",
+        "postgres-interval": "^1.1.0"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/pgpass": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/pgpass/-/pgpass-1.0.5.tgz",
+      "integrity": "sha512-FdW9r/jQZhSeohs1Z3sI1yxFQNFvMcnmfuj4WBMUTxOrAyLMaTcE1aAMBiTlbMNaXvBCQuVi0R7hd8udDSP7ug==",
+      "license": "MIT",
+      "dependencies": {
+        "split2": "^4.1.0"
+      }
+    },
+    "node_modules/picocolors": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.1.1.tgz",
+      "integrity": "sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA==",
+      "license": "ISC"
+    },
+    "node_modules/postgres-array": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/postgres-array/-/postgres-array-2.0.0.tgz",
+      "integrity": "sha512-VpZrUqU5A69eQyW2c5CA1jtLecCsN2U/bD6VilrFDWq5+5UIEVO7nazS3TEcHf1zuPYO/sqGvUvW62g86RXZuA==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/postgres-bytea": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/postgres-bytea/-/postgres-bytea-1.0.1.tgz",
+      "integrity": "sha512-5+5HqXnsZPE65IJZSMkZtURARZelel2oXUEO8rH83VS/hxH5vv1uHquPg5wZs8yMAfdv971IU+kcPUczi7NVBQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/postgres-date": {
+      "version": "1.0.7",
+      "resolved": "https://registry.npmjs.org/postgres-date/-/postgres-date-1.0.7.tgz",
+      "integrity": "sha512-suDmjLVQg78nMK2UZ454hAG+OAW+HQPZ6n++TNDUX+L0+uUlLywnoxJKDou51Zm+zTCjrCl0Nq6J9C5hP9vK/Q==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/postgres-interval": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/postgres-interval/-/postgres-interval-1.2.0.tgz",
+      "integrity": "sha512-9ZhXKM/rw350N1ovuWHbGxnGh/SNJ4cnxHiM0rxE4VN41wsg8P8zWn9hv/buK00RP4WvlOyr/RBDiptyxVbkZQ==",
+      "license": "MIT",
+      "dependencies": {
+        "xtend": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/proxy-addr": {
+      "version": "2.0.7",
+      "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz",
+      "integrity": "sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==",
+      "license": "MIT",
+      "dependencies": {
+        "forwarded": "0.2.0",
+        "ipaddr.js": "1.9.1"
+      },
+      "engines": {
+        "node": ">= 0.10"
+      }
+    },
+    "node_modules/qs": {
+      "version": "6.14.2",
+      "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.2.tgz",
+      "integrity": "sha512-V/yCWTTF7VJ9hIh18Ugr2zhJMP01MY7c5kh4J870L7imm6/DIzBsNLTXzMwUA3yZ5b/KBqLx8Kp3uRvd7xSe3Q==",
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "side-channel": "^1.1.0"
+      },
+      "engines": {
+        "node": ">=0.6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/range-parser": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",
+      "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/raw-body": {
+      "version": "2.5.3",
+      "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.3.tgz",
+      "integrity": "sha512-s4VSOf6yN0rvbRZGxs8Om5CWj6seneMwK3oDb4lWDH0UPhWcxwOWw5+qk24bxq87szX1ydrwylIOp2uG1ojUpA==",
+      "license": "MIT",
+      "dependencies": {
+        "bytes": "~3.1.2",
+        "http-errors": "~2.0.1",
+        "iconv-lite": "~0.4.24",
+        "unpipe": "~1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/require-directory": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz",
+      "integrity": "sha512-fGxEI7+wsG9xrvdjsrlmL22OMTTiHRwAMroiEeMgq8gzoLC/PQr7RsRDSTLUg/bZAZtF+TVIkHc6/4RIKrui+Q==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/rettime": {
+      "version": "0.11.8",
+      "resolved": "https://registry.npmjs.org/rettime/-/rettime-0.11.8.tgz",
+      "integrity": "sha512-0fERGXktJTyJ+h8fBEiPxHPEFOu0h15JY7JtwrOVqR5K+vb99ho6IyOo7ekLS3h4sJCzIDy4VWKIbZUfe9njmg==",
+      "license": "MIT"
+    },
+    "node_modules/safe-buffer": {
+      "version": "5.2.1",
+      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz",
+      "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/feross"
+        },
+        {
+          "type": "patreon",
+          "url": "https://www.patreon.com/feross"
+        },
+        {
+          "type": "consulting",
+          "url": "https://feross.org/support"
+        }
+      ],
+      "license": "MIT"
+    },
+    "node_modules/safer-buffer": {
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz",
+      "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==",
+      "license": "MIT"
+    },
+    "node_modules/selderee": {
+      "version": "0.11.0",
+      "resolved": "https://registry.npmjs.org/selderee/-/selderee-0.11.0.tgz",
+      "integrity": "sha512-5TF+l7p4+OsnP8BCCvSyZiSPc4x4//p5uPwK8TCnVPJYRmU2aYKMpOXvw8zM5a5JvuuCGN1jmsMwuU2W02ukfA==",
+      "license": "MIT",
+      "dependencies": {
+        "parseley": "^0.12.0"
+      },
+      "funding": {
+        "url": "https://ko-fi.com/killymxi"
+      }
+    },
+    "node_modules/semiver": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/semiver/-/semiver-1.1.0.tgz",
+      "integrity": "sha512-QNI2ChmuioGC1/xjyYwyZYADILWyW6AmS1UH6gDj/SFUUUS4MBAWs/7mxnkRPc/F4iHezDP+O8t0dO8WHiEOdg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/send": {
+      "version": "0.19.2",
+      "resolved": "https://registry.npmjs.org/send/-/send-0.19.2.tgz",
+      "integrity": "sha512-VMbMxbDeehAxpOtWJXlcUS5E8iXh6QmN+BkRX1GARS3wRaXEEgzCcB10gTQazO42tpNIya8xIyNx8fll1OFPrg==",
+      "license": "MIT",
+      "dependencies": {
+        "debug": "2.6.9",
+        "depd": "2.0.0",
+        "destroy": "1.2.0",
+        "encodeurl": "~2.0.0",
+        "escape-html": "~1.0.3",
+        "etag": "~1.8.1",
+        "fresh": "~0.5.2",
+        "http-errors": "~2.0.1",
+        "mime": "1.6.0",
+        "ms": "2.1.3",
+        "on-finished": "~2.4.1",
+        "range-parser": "~1.2.1",
+        "statuses": "~2.0.2"
+      },
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
+    "node_modules/send/node_modules/ms": {
+      "version": "2.1.3",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
+      "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==",
+      "license": "MIT"
+    },
+    "node_modules/serve-static": {
+      "version": "1.16.3",
+      "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.16.3.tgz",
+      "integrity": "sha512-x0RTqQel6g5SY7Lg6ZreMmsOzncHFU7nhnRWkKgWuMTu5NN0DR5oruckMqRvacAN9d5w6ARnRBXl9xhDCgfMeA==",
+      "license": "MIT",
+      "dependencies": {
+        "encodeurl": "~2.0.0",
+        "escape-html": "~1.0.3",
+        "parseurl": "~1.3.3",
+        "send": "~0.19.1"
+      },
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
+    "node_modules/set-cookie-parser": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/set-cookie-parser/-/set-cookie-parser-3.1.0.tgz",
+      "integrity": "sha512-kjnC1DXBHcxaOaOXBHBeRtltsDG2nUiUni+jP92M9gYdW12rsmx92UsfpH7o5tDRs7I1ZZPSQJQGv3UaRfCiuw==",
+      "license": "MIT"
+    },
+    "node_modules/setprototypeof": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz",
+      "integrity": "sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw==",
+      "license": "ISC"
+    },
+    "node_modules/side-channel": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.1.0.tgz",
+      "integrity": "sha512-ZX99e6tRweoUXqR+VBrslhda51Nh5MTQwou5tnUDgbtyM0dBgmhEDtWGP/xbKn6hqfPRHujUNwz5fy/wbbhnpw==",
+      "license": "MIT",
+      "dependencies": {
+        "es-errors": "^1.3.0",
+        "object-inspect": "^1.13.3",
+        "side-channel-list": "^1.0.0",
+        "side-channel-map": "^1.0.1",
+        "side-channel-weakmap": "^1.0.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/side-channel-list": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/side-channel-list/-/side-channel-list-1.0.1.tgz",
+      "integrity": "sha512-mjn/0bi/oUURjc5Xl7IaWi/OJJJumuoJFQJfDDyO46+hBWsfaVM65TBHq2eoZBhzl9EchxOijpkbRC8SVBQU0w==",
+      "license": "MIT",
+      "dependencies": {
+        "es-errors": "^1.3.0",
+        "object-inspect": "^1.13.4"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/side-channel-map": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/side-channel-map/-/side-channel-map-1.0.1.tgz",
+      "integrity": "sha512-VCjCNfgMsby3tTdo02nbjtM/ewra6jPHmpThenkTYh8pG9ucZ/1P8So4u4FGBek/BjpOVsDCMoLA/iuBKIFXRA==",
+      "license": "MIT",
+      "dependencies": {
+        "call-bound": "^1.0.2",
+        "es-errors": "^1.3.0",
+        "get-intrinsic": "^1.2.5",
+        "object-inspect": "^1.13.3"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/side-channel-weakmap": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/side-channel-weakmap/-/side-channel-weakmap-1.0.2.tgz",
+      "integrity": "sha512-WPS/HvHQTYnHisLo9McqBHOJk2FkHO/tlpvldyrnem4aeQp4hai3gythswg6p01oSoTl58rcpiFAjF2br2Ak2A==",
+      "license": "MIT",
+      "dependencies": {
+        "call-bound": "^1.0.2",
+        "es-errors": "^1.3.0",
+        "get-intrinsic": "^1.2.5",
+        "object-inspect": "^1.13.3",
+        "side-channel-map": "^1.0.1"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/signal-exit": {
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz",
+      "integrity": "sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw==",
+      "license": "ISC",
+      "engines": {
+        "node": ">=14"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
+    },
+    "node_modules/split2": {
+      "version": "4.2.0",
+      "resolved": "https://registry.npmjs.org/split2/-/split2-4.2.0.tgz",
+      "integrity": "sha512-UcjcJOWknrNkF6PLX83qcHM6KHgVKNkV62Y8a5uYDVv9ydGQVwAHMKqHdJje1VTWpljG0WYpCDhrCdAOYH4TWg==",
+      "license": "ISC",
+      "engines": {
+        "node": ">= 10.x"
+      }
+    },
+    "node_modules/statuses": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.2.tgz",
+      "integrity": "sha512-DvEy55V3DB7uknRo+4iOGT5fP1slR8wQohVdknigZPMpMstaKJQWhwiYBACJE3Ul2pTnATihhBYnRhZQHGBiRw==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/strict-event-emitter": {
+      "version": "0.5.1",
+      "resolved": "https://registry.npmjs.org/strict-event-emitter/-/strict-event-emitter-0.5.1.tgz",
+      "integrity": "sha512-vMgjE/GGEPEFnhFub6pa4FmJBRBVOLpIII2hvCZ8Kzb7K0hlHo7mQv6xYrBvCL2LtAIBwFUK8wvuJgTVSQ5MFQ==",
+      "license": "MIT"
+    },
+    "node_modules/string-width": {
+      "version": "4.2.3",
+      "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz",
+      "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==",
+      "license": "MIT",
+      "dependencies": {
+        "emoji-regex": "^8.0.0",
+        "is-fullwidth-code-point": "^3.0.0",
+        "strip-ansi": "^6.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/strip-ansi": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz",
+      "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==",
+      "license": "MIT",
+      "dependencies": {
+        "ansi-regex": "^5.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/tagged-tag": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/tagged-tag/-/tagged-tag-1.0.0.tgz",
+      "integrity": "sha512-yEFYrVhod+hdNyx7g5Bnkkb0G6si8HJurOoOEgC8B/O0uXLHlaey/65KRv6cuWBNhBgHKAROVpc7QyYqE5gFng==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=20"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/tiktoken": {
+      "version": "1.0.22",
+      "resolved": "https://registry.npmjs.org/tiktoken/-/tiktoken-1.0.22.tgz",
+      "integrity": "sha512-PKvy1rVF1RibfF3JlXBSP0Jrcw2uq3yXdgcEXtKTYn3QJ/cBRBHDnrJ5jHky+MENZ6DIPwNUGWpkVx+7joCpNA==",
+      "license": "MIT"
+    },
+    "node_modules/tldts": {
+      "version": "7.0.28",
+      "resolved": "https://registry.npmjs.org/tldts/-/tldts-7.0.28.tgz",
+      "integrity": "sha512-+Zg3vWhRUv8B1maGSTFdev9mjoo8Etn2Ayfs4cnjlD3CsGkxXX4QyW3j2WJ0wdjYcYmy7Lx2RDsZMhgCWafKIw==",
+      "license": "MIT",
+      "dependencies": {
+        "tldts-core": "^7.0.28"
+      },
+      "bin": {
+        "tldts": "bin/cli.js"
+      }
+    },
+    "node_modules/tldts-core": {
+      "version": "7.0.28",
+      "resolved": "https://registry.npmjs.org/tldts-core/-/tldts-core-7.0.28.tgz",
+      "integrity": "sha512-7W5Efjhsc3chVdFhqtaU0KtK32J37Zcr9RKtID54nG+tIpcY79CQK/veYPODxtD/LJ4Lue66jvrQzIX2Z2/pUQ==",
+      "license": "MIT"
+    },
+    "node_modules/toidentifier": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz",
+      "integrity": "sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.6"
+      }
+    },
+    "node_modules/tough-cookie": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-6.0.1.tgz",
+      "integrity": "sha512-LktZQb3IeoUWB9lqR5EWTHgW/VTITCXg4D21M+lvybRVdylLrRMnqaIONLVb5mav8vM19m44HIcGq4qASeu2Qw==",
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "tldts": "^7.0.5"
+      },
+      "engines": {
+        "node": ">=16"
+      }
+    },
+    "node_modules/tslib": {
+      "version": "2.8.1",
+      "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.8.1.tgz",
+      "integrity": "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w==",
+      "license": "0BSD"
+    },
+    "node_modules/type-fest": {
+      "version": "5.6.0",
+      "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-5.6.0.tgz",
+      "integrity": "sha512-8ZiHFm91orbSAe2PSAiSVBVko18pbhbiB3U9GglSzF/zCGkR+rxpHx6sEMCUm4kxY4LjDIUGgCfUMtwfZfjfUA==",
+      "license": "(MIT OR CC0-1.0)",
+      "dependencies": {
+        "tagged-tag": "^1.0.0"
+      },
+      "engines": {
+        "node": ">=20"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/type-is": {
+      "version": "1.6.18",
+      "resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz",
+      "integrity": "sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==",
+      "license": "MIT",
+      "dependencies": {
+        "media-typer": "0.3.0",
+        "mime-types": "~2.1.24"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/typescript": {
+      "version": "5.9.3",
+      "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.9.3.tgz",
+      "integrity": "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw==",
+      "license": "Apache-2.0",
+      "bin": {
+        "tsc": "bin/tsc",
+        "tsserver": "bin/tsserver"
+      },
+      "engines": {
+        "node": ">=14.17"
+      }
+    },
+    "node_modules/undici-types": {
+      "version": "7.19.2",
+      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.19.2.tgz",
+      "integrity": "sha512-qYVnV5OEm2AW8cJMCpdV20CDyaN3g0AjDlOGf1OW4iaDEx8MwdtChUp4zu4H0VP3nDRF/8RKWH+IPp9uW0YGZg==",
+      "license": "MIT"
+    },
+    "node_modules/unpipe": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz",
+      "integrity": "sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/until-async": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/until-async/-/until-async-3.0.2.tgz",
+      "integrity": "sha512-IiSk4HlzAMqTUseHHe3VhIGyuFmN90zMTpD3Z3y8jeQbzLIq500MVM7Jq2vUAnTKAFPJrqwkzr6PoTcPhGcOiw==",
+      "license": "MIT",
+      "funding": {
+        "url": "https://github.com/sponsors/kettanaito"
+      }
+    },
+    "node_modules/utils-merge": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz",
+      "integrity": "sha512-pMZTvIkT1d+TFGvDOqodOclx0QWkkgi6Tdoa8gC8ffGAAqz9pzPTZWAybbsHHoED/ztMtkv/VoYTYyShUn81hA==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4.0"
+      }
+    },
+    "node_modules/vary": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz",
+      "integrity": "sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/web-streams-polyfill": {
+      "version": "3.3.3",
+      "resolved": "https://registry.npmjs.org/web-streams-polyfill/-/web-streams-polyfill-3.3.3.tgz",
+      "integrity": "sha512-d2JWLCivmZYTSIoge9MsgFCZrt571BikcWGYkjC1khllbTeDlGqZ2D8vD8E/lJa8WGWbb7Plm8/XJYV7IJHZZw==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "node_modules/wrap-ansi": {
+      "version": "7.0.0",
+      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz",
+      "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==",
+      "license": "MIT",
+      "dependencies": {
+        "ansi-styles": "^4.0.0",
+        "string-width": "^4.1.0",
+        "strip-ansi": "^6.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/wrap-ansi?sponsor=1"
+      }
+    },
+    "node_modules/ws": {
+      "version": "8.20.0",
+      "resolved": "https://registry.npmjs.org/ws/-/ws-8.20.0.tgz",
+      "integrity": "sha512-sAt8BhgNbzCtgGbt2OxmpuryO63ZoDk/sqaB/znQm94T4fCEsy/yV+7CdC1kJhOU9lboAEU7R3kquuycDoibVA==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=10.0.0"
+      },
+      "peerDependencies": {
+        "bufferutil": "^4.0.1",
+        "utf-8-validate": ">=5.0.2"
+      },
+      "peerDependenciesMeta": {
+        "bufferutil": {
+          "optional": true
+        },
+        "utf-8-validate": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/xtend": {
+      "version": "4.0.2",
+      "resolved": "https://registry.npmjs.org/xtend/-/xtend-4.0.2.tgz",
+      "integrity": "sha512-LKYU1iAXJXUgAXn9URjiu+MWhyUXHsvfp7mcuYm9dSUKK0/CjtrUwFAxD82/mCWbtLsGjFIad0wIsod4zrTAEQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.4"
+      }
+    },
+    "node_modules/y18n": {
+      "version": "5.0.8",
+      "resolved": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz",
+      "integrity": "sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==",
+      "license": "ISC",
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/yargs": {
+      "version": "17.7.2",
+      "resolved": "https://registry.npmjs.org/yargs/-/yargs-17.7.2.tgz",
+      "integrity": "sha512-7dSzzRQ++CKnNI/krKnYRV7JKKPUXMEh61soaHKg9mrWEhzFWhFnxPxGl+69cD1Ou63C13NUPCnmIcrvqCuM6w==",
+      "license": "MIT",
+      "dependencies": {
+        "cliui": "^8.0.1",
+        "escalade": "^3.1.1",
+        "get-caller-file": "^2.0.5",
+        "require-directory": "^2.1.1",
+        "string-width": "^4.2.3",
+        "y18n": "^5.0.5",
+        "yargs-parser": "^21.1.1"
+      },
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/yargs-parser": {
+      "version": "21.1.1",
+      "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz",
+      "integrity": "sha512-tVpsJW7DdjecAiFpbIB1e3qxIQsE6NoPc5/eTdrbbIC4h0LVsWhnoa3g+m2HclBIujHzsxZ4VJVA+GUuc2/LBw==",
+      "license": "ISC",
+      "engines": {
+        "node": ">=12"
+      }
+    }
+  }
+}

package.json

@@ -5,17 +5,19 @@
   "main": "server/index.js",
   "scripts": {
     "start": "node server/index.js",
-    "dev": "node --watch server/index.js"
+    "dev": "node --watch server/index.js",
+    "migrate:postgres": "node scripts/migrate-to-postgres.js"
   },
   "dependencies": {
     "@gradio/client": "^0.20.1",
     "@supabase/supabase-js": "^2.39.7",
     "express": "^4.18.2",
     "html-to-text": "^9.0.5",
-    "ws": "^8.16.0",
     "openai": "^6.29.0",
     "node-fetch": "^3.3.2",
     "express-rate-limit": "8.3.2",
+    "pg": "^8.16.3",
+    "ws": "^8.16.0",
     "tiktoken": "^1.0.0"
   }
 }

scripts/migrate-to-postgres.js

@@ -0,0 +1,573 @@
+import fs from 'fs/promises';
+import path from 'path';
+import { createClient } from '@supabase/supabase-js';
+import { loadEncryptedJson } from '../server/cryptoUtils.js';
+import {
+  POSTGRES_STORAGE_DIR,
+  POSTGRES_STORAGE_MANIFEST,
+  DATA_ROOT,
+} from '../server/dataPaths.js';
+import {
+  createStandalonePostgresPool,
+  encryptJsonPayload,
+  makeLookupToken,
+  makeOwnerLookup,
+} from '../server/postgres.js';
+import { POSTGRES_SCHEMA_SQL } from '../server/postgresSchema.js';
+import { SUPABASE_URL } from '../server/config.js';
+
+const TEMP_TTL_MS = 24 * 60 * 60 * 1000;
+const TEMP_INACTIVITY = 12 * 60 * 60 * 1000;
+const FEEDBACK_AAD = 'feedback_tickets_v1';
+const VERSION_FILE = path.join(DATA_ROOT, 'version.json');
+const WEB_SEARCH_USAGE_FILE = path.join(DATA_ROOT, 'web-search-usage.json');
+const MEDIA_INDEX_FILE = path.join(DATA_ROOT, 'media', 'index.json');
+const MEDIA_BLOBS_DIR = path.join(DATA_ROOT, 'media', 'blobs');
+const TEMP_STORE_FILE = path.join(DATA_ROOT, 'temp_sessions.json');
+const MEMORIES_FILE = path.join(DATA_ROOT, 'memories', 'index.json');
+const DELETED_CHATS_FILE = path.join(DATA_ROOT, 'deleted_chats', 'index.json');
+const SYSTEM_PROMPTS_FILE = path.join(DATA_ROOT, 'system-prompts', 'index.json');
+const FEEDBACK_FILE = path.join(DATA_ROOT, 'feedback_tickets.json');
+const GUEST_REQUEST_FILE = path.join(DATA_ROOT, 'guest_request_counts.json');
+
+function nowIso() {
+  return new Date().toISOString();
+}
+
+function sessionAad(scopeType, sessionId) {
+  return `chat-session:${scopeType}:${sessionId}`;
+}
+
+function guestStateLookup(tempId) {
+  return makeLookupToken('guest-state', tempId);
+}
+
+function guestStateAad(tempId) {
+  return `guest-state:${tempId}`;
+}
+
+function guestExpiryRecord(tempData) {
+  const createdExpires = (tempData.created || Date.now()) + TEMP_TTL_MS;
+  const inactiveExpires = (tempData.lastActive || Date.now()) + TEMP_INACTIVITY;
+  return new Date(Math.min(createdExpires, inactiveExpires)).toISOString();
+}
+
+function shareTokenLookup(token) {
+  return makeLookupToken('session-share-token', token);
+}
+
+function shareAad(recordId) {
+  return `session-share:${recordId}`;
+}
+
+function promptLookup(userId) {
+  return makeLookupToken('system-prompt', userId);
+}
+
+function promptAad(userId) {
+  return `system-prompt:${userId}`;
+}
+
+function mediaEntryAad(id) {
+  return `media-entry:${id}`;
+}
+
+function feedbackAad(id) {
+  return `feedback:${id}`;
+}
+
+function usernameLookup(username) {
+  return makeLookupToken('username', username);
+}
+
+function versionLookup(publicUrl) {
+  return makeLookupToken('app-version', publicUrl);
+}
+
+function versionAad(publicUrl) {
+  return `app-version:${publicUrl}`;
+}
+
+function requestLookup(ip) {
+  return makeLookupToken('guest-request', ip);
+}
+
+function webUsageLookup(key) {
+  return makeLookupToken('web-search-usage', key);
+}
+
+function webUsageAad(key, day) {
+  return `web-search-usage:${key}:${day}`;
+}
+
+async function fileExists(filePath) {
+  try {
+    await fs.access(filePath);
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+async function readJsonIfExists(filePath) {
+  try {
+    return JSON.parse(await fs.readFile(filePath, 'utf8'));
+  } catch {
+    return null;
+  }
+}
+
+async function fetchAllSupabaseRows(client, tableName) {
+  const pageSize = 1000;
+  const rows = [];
+  let from = 0;
+  while (true) {
+    const { data, error } = await client
+      .from(tableName)
+      .select('*')
+      .range(from, from + pageSize - 1);
+    if (error) throw error;
+    rows.push(...(data || []));
+    if (!data || data.length < pageSize) break;
+    from += pageSize;
+  }
+  return rows;
+}
+
+async function truncateTargetTables(pool) {
+  await pool.query(`
+    TRUNCATE TABLE
+      media_blobs,
+      media_entries,
+      deleted_chats,
+      memories,
+      system_prompts,
+      feedback_tickets,
+      guest_request_counters,
+      web_search_usage,
+      user_settings,
+      user_profiles,
+      device_sessions,
+      session_shares,
+      chat_sessions,
+      guest_state,
+      app_versions
+    RESTART IDENTITY
+    CASCADE
+  `);
+}
+
+async function migrateVersions(pool, report) {
+  const data = await readJsonIfExists(VERSION_FILE);
+  const entries = Array.isArray(data) ? data : [];
+  let count = 0;
+  for (const entry of entries) {
+    for (const [publicUrl, sha] of Object.entries(entry || {})) {
+      await pool.query(
+        `INSERT INTO app_versions (public_url_lookup, updated_at, payload)
+         VALUES ($1, $2, $3::jsonb)`,
+        [
+          versionLookup(publicUrl),
+          nowIso(),
+          JSON.stringify(encryptJsonPayload({ publicUrl, sha }, versionAad(publicUrl))),
+        ]
+      );
+      count += 1;
+    }
+  }
+  report.migrated.versionEntries = count;
+}
+
+async function migrateTempSessions(pool, report) {
+  const data = await loadEncryptedJson(TEMP_STORE_FILE);
+  const records = data || {};
+  let ownerCount = 0;
+  let sessionCount = 0;
+
+  for (const [tempId, tempData] of Object.entries(records)) {
+    ownerCount += 1;
+    const owner = { type: 'guest', id: tempId };
+    await pool.query(
+      `INSERT INTO guest_state (owner_lookup, expires_at, updated_at, payload)
+       VALUES ($1, $2, $3, $4::jsonb)`,
+      [
+        guestStateLookup(tempId),
+        guestExpiryRecord(tempData),
+        nowIso(),
+        JSON.stringify(encryptJsonPayload({
+          tempId,
+          msgCount: tempData.msgCount || 0,
+          created: tempData.created || Date.now(),
+          lastActive: tempData.lastActive || Date.now(),
+        }, guestStateAad(tempId))),
+      ]
+    );
+
+    for (const session of Object.values(tempData.sessions || {})) {
+      await pool.query(
+        `INSERT INTO chat_sessions (id, scope_type, owner_lookup, created_at, updated_at, expires_at, payload)
+         VALUES ($1, $2, $3, $4, $5, $6, $7::jsonb)`,
+        [
+          session.id,
+          'guest',
+          makeOwnerLookup(owner),
+          new Date(session.created || Date.now()).toISOString(),
+          nowIso(),
+          guestExpiryRecord(tempData),
+          JSON.stringify(encryptJsonPayload(session, sessionAad('guest', session.id))),
+        ]
+      );
+      sessionCount += 1;
+    }
+  }
+
+  report.migrated.tempOwners = ownerCount;
+  report.migrated.tempSessions = sessionCount;
+}
+
+async function migrateMemories(pool, report) {
+  const data = await loadEncryptedJson(MEMORIES_FILE);
+  const memories = Object.values(data?.memories || {});
+  for (const memory of memories) {
+    await pool.query(
+      `INSERT INTO memories (id, owner_lookup, created_at, updated_at, payload)
+       VALUES ($1, $2, $3, $4, $5::jsonb)`,
+      [
+        memory.id,
+        makeOwnerLookup({ type: memory.ownerType, id: memory.ownerId }),
+        memory.createdAt,
+        memory.updatedAt,
+        JSON.stringify(encryptJsonPayload(memory, `memory:${memory.id}`)),
+      ]
+    );
+  }
+  report.migrated.memories = memories.length;
+}
+
+async function migrateDeletedChats(pool, report) {
+  const data = await loadEncryptedJson(DELETED_CHATS_FILE);
+  const deletedChats = Object.values(data?.deletedChats || {});
+  for (const record of deletedChats) {
+    await pool.query(
+      `INSERT INTO deleted_chats (id, owner_lookup, purge_at, deleted_at, payload)
+       VALUES ($1, $2, $3, $4, $5::jsonb)`,
+      [
+        record.id,
+        makeOwnerLookup({ type: record.ownerType, id: record.ownerId }),
+        record.purgeAt || null,
+        record.deletedAt,
+        JSON.stringify(encryptJsonPayload(record, `deleted-chat:${record.id}`)),
+      ]
+    );
+  }
+  report.migrated.deletedChats = deletedChats.length;
+}
+
+async function migrateSystemPrompts(pool, report) {
+  const data = await loadEncryptedJson(SYSTEM_PROMPTS_FILE, 'system-prompts');
+  const prompts = Object.entries(data?.prompts || {});
+  for (const [userId, prompt] of prompts) {
+    const record = {
+      userId,
+      markdown: prompt.markdown,
+      updatedAt: prompt.updatedAt || nowIso(),
+    };
+    await pool.query(
+      `INSERT INTO system_prompts (owner_lookup, updated_at, payload)
+       VALUES ($1, $2, $3::jsonb)`,
+      [
+        promptLookup(userId),
+        record.updatedAt,
+        JSON.stringify(encryptJsonPayload(record, promptAad(userId))),
+      ]
+    );
+  }
+  report.migrated.systemPrompts = prompts.length;
+}
+
+async function migrateFeedback(pool, report) {
+  const data = await loadEncryptedJson(FEEDBACK_FILE, FEEDBACK_AAD);
+  const tickets = Array.isArray(data?.tickets) ? data.tickets : [];
+  for (const ticket of tickets) {
+    await pool.query(
+      `INSERT INTO feedback_tickets (id, status, submitted_at, payload)
+       VALUES ($1, $2, $3, $4::jsonb)`,
+      [
+        ticket.id,
+        ticket.status || 'open',
+        ticket.submittedAt,
+        JSON.stringify(encryptJsonPayload(ticket, feedbackAad(ticket.id))),
+      ]
+    );
+  }
+  report.migrated.feedbackTickets = tickets.length;
+}
+
+async function migrateGuestRequestCounters(pool, report) {
+  const data = await loadEncryptedJson(GUEST_REQUEST_FILE);
+  const entries = Object.entries(data || {});
+  for (const [ip, entry] of entries) {
+    await pool.query(
+      `INSERT INTO guest_request_counters (key_lookup, expires_at, updated_at, payload)
+       VALUES ($1, $2, $3, $4::jsonb)`,
+      [
+        requestLookup(ip),
+        new Date(entry.resetAt || Date.now()).toISOString(),
+        nowIso(),
+        JSON.stringify(encryptJsonPayload({
+          ip,
+          count: entry.count || 0,
+          resetAt: entry.resetAt || Date.now(),
+        }, 'guest-request-row')),
+      ]
+    );
+  }
+  report.migrated.guestRequestCounters = entries.length;
+}
+
+async function migrateWebSearchUsage(pool, report) {
+  const data = await readJsonIfExists(WEB_SEARCH_USAGE_FILE);
+  const days = data?.days && typeof data.days === 'object' ? data.days : {};
+  let count = 0;
+  for (const [dayKey, keys] of Object.entries(days)) {
+    for (const [key, used] of Object.entries(keys || {})) {
+      await pool.query(
+        `INSERT INTO web_search_usage (key_lookup, day_key, updated_at, payload)
+         VALUES ($1, $2, $3, $4::jsonb)`,
+        [
+          webUsageLookup(key),
+          dayKey,
+          nowIso(),
+          JSON.stringify(encryptJsonPayload({ used }, webUsageAad(key, dayKey))),
+        ]
+      );
+      count += 1;
+    }
+  }
+  report.migrated.webSearchUsageRows = count;
+}
+
+async function migrateMedia(pool, report) {
+  const data = await loadEncryptedJson(MEDIA_INDEX_FILE);
+  const entries = Object.values(data?.entries || {});
+  let blobCount = 0;
+  for (const entry of entries) {
+    await pool.query(
+      `INSERT INTO media_entries (
+         id, owner_lookup, parent_id, entry_type, updated_at, created_at,
+         trashed_at, purge_at, expires_at, size_bytes, payload
+       )
+       VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11::jsonb)`,
+      [
+        entry.id,
+        makeOwnerLookup({ type: entry.ownerType, id: entry.ownerId }),
+        entry.parentId || null,
+        entry.type,
+        entry.updatedAt || entry.createdAt,
+        entry.createdAt,
+        entry.trashedAt || null,
+        entry.purgeAt || null,
+        entry.expiresAt || null,
+        entry.size || 0,
+        JSON.stringify(encryptJsonPayload(entry, mediaEntryAad(entry.id))),
+      ]
+    );
+
+    if (entry.type === 'file') {
+      const blobPath = path.join(MEDIA_BLOBS_DIR, `${entry.id}.bin`);
+      if (await fileExists(blobPath)) {
+        const blob = await fs.readFile(blobPath);
+        await pool.query(
+          `INSERT INTO media_blobs (entry_id, updated_at, payload)
+           VALUES ($1, $2, $3)`,
+          [entry.id, entry.updatedAt || entry.createdAt, blob]
+        );
+        blobCount += 1;
+      }
+    }
+  }
+  report.migrated.mediaEntries = entries.length;
+  report.migrated.mediaBlobs = blobCount;
+}
+
+async function migrateSupabaseData(pool, report) {
+  const serviceRoleKey = process.env.SUPABASE_SERVICE_ROLE_KEY || '';
+  if (!serviceRoleKey) {
+    if (process.env.ALLOW_PARTIAL_SQL_MIGRATION === '1') {
+      report.pending.push(
+        'Supabase-backed user tables were not exported because SUPABASE_SERVICE_ROLE_KEY is not set.'
+      );
+      return;
+    }
+    throw new Error(
+      'SUPABASE_SERVICE_ROLE_KEY is required to migrate existing Supabase-backed sessions, shares, settings, and profiles before enabling PostgreSQL-only mode. Set ALLOW_PARTIAL_SQL_MIGRATION=1 only if you intentionally want to skip those records.'
+    );
+  }
+
+  const supabase = createClient(SUPABASE_URL, serviceRoleKey, {
+    auth: { persistSession: false },
+  });
+
+  const [webSessions, sharedSessions, userSettings, profiles] = await Promise.all([
+    fetchAllSupabaseRows(supabase, 'web_sessions'),
+    fetchAllSupabaseRows(supabase, 'shared_sessions'),
+    fetchAllSupabaseRows(supabase, 'user_settings'),
+    fetchAllSupabaseRows(supabase, 'profiles'),
+  ]);
+
+  for (const row of webSessions) {
+    const session = {
+      id: row.id,
+      name: row.name,
+      created: new Date(row.created_at).getTime(),
+      history: row.history || [],
+      model: row.model || null,
+    };
+    await pool.query(
+      `INSERT INTO chat_sessions (id, scope_type, owner_lookup, created_at, updated_at, expires_at, payload)
+       VALUES ($1, $2, $3, $4, $5, $6, $7::jsonb)`,
+      [
+        row.id,
+        'user',
+        makeOwnerLookup({ type: 'user', id: row.user_id }),
+        row.created_at,
+        row.updated_at || nowIso(),
+        null,
+        JSON.stringify(encryptJsonPayload(session, sessionAad('user', row.id))),
+      ]
+    );
+  }
+
+  for (const row of sharedSessions) {
+    const lookup = shareTokenLookup(row.token);
+    const id = row.id || `share_${lookup.slice(0, 24)}`;
+    await pool.query(
+      `INSERT INTO session_shares (id, token_lookup, owner_lookup, created_at, payload)
+       VALUES ($1, $2, $3, $4, $5::jsonb)`,
+      [
+        id,
+        lookup,
+        makeOwnerLookup({ type: 'user', id: row.owner_id }),
+        row.created_at || nowIso(),
+        JSON.stringify(encryptJsonPayload({
+          id,
+          ownerId: row.owner_id,
+          sessionSnapshot: row.session_snapshot,
+          createdAt: row.created_at || nowIso(),
+        }, shareAad(id))),
+      ]
+    );
+  }
+
+  for (const row of userSettings) {
+    await pool.query(
+      `INSERT INTO user_settings (owner_lookup, updated_at, payload)
+       VALUES ($1, $2, $3::jsonb)`,
+      [
+        makeOwnerLookup({ type: 'user', id: row.user_id }),
+        row.updated_at || nowIso(),
+        JSON.stringify(encryptJsonPayload({
+          userId: row.user_id,
+          settings: row.settings || {},
+          updatedAt: row.updated_at || nowIso(),
+        }, `user-settings:${row.user_id}`)),
+      ]
+    );
+  }
+
+  for (const row of profiles) {
+    if (!row.id || !row.username) continue;
+    await pool.query(
+      `INSERT INTO user_profiles (owner_lookup, username_lookup, updated_at, payload)
+       VALUES ($1, $2, $3, $4::jsonb)`,
+      [
+        makeOwnerLookup({ type: 'user', id: row.id }),
+        usernameLookup(row.username),
+        row.updated_at || nowIso(),
+        JSON.stringify(encryptJsonPayload({
+          userId: row.id,
+          username: row.username,
+          updatedAt: row.updated_at || nowIso(),
+        }, `user-profile:${row.id}`)),
+      ]
+    );
+  }
+
+  report.migrated.supabaseWebSessions = webSessions.length;
+  report.migrated.supabaseSharedSessions = sharedSessions.length;
+  report.migrated.supabaseUserSettings = userSettings.length;
+  report.migrated.supabaseProfiles = profiles.length;
+}
+
+async function writeStorageFolder(report) {
+  const tempDir = `${POSTGRES_STORAGE_DIR}.tmp`;
+  await fs.rm(tempDir, { recursive: true, force: true });
+  await fs.mkdir(tempDir, { recursive: true });
+  await fs.writeFile(
+    path.join(tempDir, path.basename(POSTGRES_STORAGE_MANIFEST)),
+    JSON.stringify({
+      createdAt: report.completedAt,
+      storageMode: 'postgres',
+      status: report.status,
+      pending: report.pending,
+    }, null, 2),
+    'utf8'
+  );
+  await fs.writeFile(path.join(tempDir, 'schema.sql'), POSTGRES_SCHEMA_SQL, 'utf8');
+  await fs.writeFile(path.join(tempDir, 'migration-report.json'), JSON.stringify(report, null, 2), 'utf8');
+  await fs.writeFile(
+    path.join(tempDir, 'README.txt'),
+    [
+      'This folder marks PostgreSQL storage as active for the backend.',
+      'The server checks for this folder on startup and uses PostgreSQL-only mode when it exists.',
+      'schema.sql contains the schema used for the migrated encrypted SQL backend.',
+    ].join('\n'),
+    'utf8'
+  );
+  await fs.rename(tempDir, POSTGRES_STORAGE_DIR);
+}
+
+async function main() {
+  if (await fileExists(POSTGRES_STORAGE_DIR)) {
+    throw new Error(`SQL storage folder already exists at ${POSTGRES_STORAGE_DIR}. Remove it before running the migration again.`);
+  }
+
+  await fs.mkdir(DATA_ROOT, { recursive: true });
+
+  const pool = await createStandalonePostgresPool();
+  const report = {
+    startedAt: nowIso(),
+    targetFolder: POSTGRES_STORAGE_DIR,
+    migrated: {},
+    pending: [],
+  };
+
+  try {
+    await truncateTargetTables(pool);
+    await migrateVersions(pool, report);
+    await migrateTempSessions(pool, report);
+    await migrateMemories(pool, report);
+    await migrateDeletedChats(pool, report);
+    await migrateSystemPrompts(pool, report);
+    await migrateFeedback(pool, report);
+    await migrateGuestRequestCounters(pool, report);
+    await migrateWebSearchUsage(pool, report);
+    await migrateMedia(pool, report);
+    await migrateSupabaseData(pool, report);
+
+    report.completedAt = nowIso();
+    report.status = report.pending.length ? 'completed_with_pending_items' : 'completed';
+
+    await writeStorageFolder(report);
+
+    console.log('PostgreSQL migration complete.');
+    console.log(JSON.stringify(report, null, 2));
+  } finally {
+    await pool.end();
+  }
+}
+
+main().catch((err) => {
+  console.error('PostgreSQL migration failed:', err);
+  process.exitCode = 1;
+});

server/auth.js

@@ -1,5 +1,13 @@
 import { createClient } from '@supabase/supabase-js';
 import { SUPABASE_URL, SUPABASE_ANON_KEY } from './config.js';
+import { isPostgresStorageMode } from './dataPaths.js';
+import {
+  decryptJsonPayload,
+  encryptJsonPayload,
+  makeLookupToken,
+  makeOwnerLookup,
+  pgQuery,
+} from './postgres.js';
 
 const supabaseAnon = createClient(SUPABASE_URL, SUPABASE_ANON_KEY);
 
@@ -20,6 +28,16 @@ export async function verifySupabaseToken(accessToken) {
 }
 
 export async function getUserSettings(userId, accessToken) {
+  if (isPostgresStorageMode()) {
+    const { rows } = await pgQuery(
+      'SELECT payload FROM user_settings WHERE owner_lookup = $1',
+      [makeOwnerLookup({ type: 'user', id: userId })]
+    );
+    const payload = rows[0]
+      ? decryptJsonPayload(rows[0].payload, `user-settings:${userId}`)
+      : null;
+    return { ...defaultSettings(), ...(payload?.settings || {}) };
+  }
   try {
     const uc = userClient(accessToken);
     const { data } = await uc.from('user_settings').select('settings')
@@ -29,6 +47,30 @@ export async function getUserSettings(userId, accessToken) {
 }
 
 export async function saveUserSettings(userId, accessToken, settings) {
+  if (isPostgresStorageMode()) {
+    try {
+      const payload = {
+        userId,
+        settings,
+        updatedAt: new Date().toISOString(),
+      };
+      await pgQuery(
+        `INSERT INTO user_settings (owner_lookup, updated_at, payload)
+         VALUES ($1, $2, $3::jsonb)
+         ON CONFLICT (owner_lookup)
+         DO UPDATE SET updated_at = EXCLUDED.updated_at, payload = EXCLUDED.payload`,
+        [
+          makeOwnerLookup({ type: 'user', id: userId }),
+          payload.updatedAt,
+          JSON.stringify(encryptJsonPayload(payload, `user-settings:${userId}`)),
+        ]
+      );
+      return;
+    } catch (e) {
+      console.error('saveUserSettings', e.message);
+      return;
+    }
+  }
   try {
     const uc = userClient(accessToken);
     await uc.from('user_settings').upsert({
@@ -38,6 +80,18 @@ export async function saveUserSettings(userId, accessToken, settings) {
 }
 
 export async function getUserProfile(userId, accessToken) {
+  if (isPostgresStorageMode()) {
+    try {
+      const { rows } = await pgQuery(
+        'SELECT payload FROM user_profiles WHERE owner_lookup = $1',
+        [makeOwnerLookup({ type: 'user', id: userId })]
+      );
+      const payload = rows[0]
+        ? decryptJsonPayload(rows[0].payload, `user-profile:${userId}`)
+        : null;
+      return payload?.username ? { username: payload.username } : null;
+    } catch { return null; }
+  }
   try {
     const uc = userClient(accessToken);
     const { data } = await uc.from('profiles').select('username')
@@ -50,6 +104,37 @@ export async function setUsername(userId, accessToken, username) {
   if (!username?.trim()) return { error: 'Invalid username' };
   const trimmed = username.trim().toLowerCase().replace(/[^a-z0-9_]/g, '');
   if (trimmed.length < 3) return { error: 'Username must be at least 3 characters' };
+  if (isPostgresStorageMode()) {
+    try {
+      const usernameLookup = makeLookupToken('username', trimmed);
+      const ownerLookup = makeOwnerLookup({ type: 'user', id: userId });
+      const { rows: existingRows } = await pgQuery(
+        'SELECT owner_lookup FROM user_profiles WHERE username_lookup = $1',
+        [usernameLookup]
+      );
+      if (existingRows[0] && existingRows[0].owner_lookup !== ownerLookup) {
+        return { error: 'Username already taken' };
+      }
+      const payload = {
+        userId,
+        username: trimmed,
+        updatedAt: new Date().toISOString(),
+      };
+      await pgQuery(
+        `INSERT INTO user_profiles (owner_lookup, username_lookup, updated_at, payload)
+         VALUES ($1, $2, $3, $4::jsonb)
+         ON CONFLICT (owner_lookup)
+         DO UPDATE SET username_lookup = EXCLUDED.username_lookup, updated_at = EXCLUDED.updated_at, payload = EXCLUDED.payload`,
+        [
+          ownerLookup,
+          usernameLookup,
+          payload.updatedAt,
+          JSON.stringify(encryptJsonPayload(payload, `user-profile:${userId}`)),
+        ]
+      );
+      return { success: true, username: trimmed };
+    } catch (e) { return { error: e.message }; }
+  }
   try {
     const uc = userClient(accessToken);
     const { data: existing } = await uc.from('profiles')

server/chatTrashStore.js

@@ -1,6 +1,13 @@
 import crypto from 'crypto';
 import path from 'path';
 import { loadEncryptedJson, saveEncryptedJson } from './cryptoUtils.js';
+import { isPostgresStorageMode } from './dataPaths.js';
+import {
+  decryptJsonPayload,
+  encryptJsonPayload,
+  makeOwnerLookup,
+  pgQuery,
+} from './postgres.js';
 
 const DATA_ROOT = '/data/deleted_chats';
 const INDEX_FILE = path.join(DATA_ROOT, 'index.json');
@@ -22,8 +29,12 @@ function ensureOwner(owner) {
   return owner;
 }
 
+function deletedChatAad(id) {
+  return `deleted-chat:${id}`;
+}
+
 async function ensureLoaded() {
-  if (state.loaded) return;
+  if (state.loaded || isPostgresStorageMode()) return;
   const stored = await loadEncryptedJson(INDEX_FILE);
   state.index = {
     deletedChats: stored?.deletedChats || {},
@@ -51,14 +62,59 @@ function sanitize(record) {
   };
 }
 
+async function listSqlRecords(owner) {
+  const { rows } = await pgQuery(
+    'SELECT id, payload FROM deleted_chats WHERE owner_lookup = $1 ORDER BY deleted_at DESC',
+    [makeOwnerLookup(owner)]
+  );
+  return rows
+    .map((row) => decryptJsonPayload(row.payload, deletedChatAad(row.id)))
+    .filter(Boolean);
+}
+
+async function upsertSqlRecord(record) {
+  await pgQuery(
+    `INSERT INTO deleted_chats (id, owner_lookup, purge_at, deleted_at, payload)
+     VALUES ($1, $2, $3, $4, $5::jsonb)
+     ON CONFLICT (id)
+     DO UPDATE SET purge_at = EXCLUDED.purge_at, deleted_at = EXCLUDED.deleted_at, payload = EXCLUDED.payload`,
+    [
+      record.id,
+      makeOwnerLookup({ type: record.ownerType, id: record.ownerId }),
+      record.purgeAt,
+      record.deletedAt,
+      JSON.stringify(encryptJsonPayload(record, deletedChatAad(record.id))),
+    ]
+  );
+}
+
 const thisStore = {
   async add(owner, sessionSnapshot) {
     ensureOwner(owner);
-    await ensureLoaded();
-
     const sessionId = sessionSnapshot?.id;
     if (!sessionId) return null;
 
+    if (isPostgresStorageMode()) {
+      const existing = (await listSqlRecords(owner)).find((record) => record.originalSessionId === sessionId);
+      const deleted = existing || {
+        id: crypto.randomUUID(),
+        originalSessionId: sessionId,
+        ownerType: owner.type,
+        ownerId: owner.id,
+        sessionSnapshot,
+        created: sessionSnapshot.created || Date.now(),
+      };
+      deleted.sessionSnapshot = sessionSnapshot;
+      deleted.name = sessionSnapshot.name || 'Deleted Chat';
+      deleted.created = sessionSnapshot.created || deleted.created || Date.now();
+      deleted.deletedAt = nowIso();
+      deleted.purgeAt = new Date(Date.now() + RETENTION_MS).toISOString();
+      await upsertSqlRecord(deleted);
+      return sanitize(deleted);
+    }
+
+    await ensureLoaded();
+
     for (const record of Object.values(state.index.deletedChats)) {
       if (
         record.originalSessionId === sessionId &&
@@ -93,6 +149,12 @@ const thisStore = {
 
   async list(owner) {
     ensureOwner(owner);
+    if (isPostgresStorageMode()) {
+      return (await listSqlRecords(owner))
+        .sort((a, b) => new Date(b.deletedAt).getTime() - new Date(a.deletedAt).getTime())
+        .map(sanitize);
+    }
+
     await ensureLoaded();
     return Object.values(state.index.deletedChats)
       .filter((record) => matchesOwner(record, owner))
@@ -102,6 +164,21 @@ const thisStore = {
 
   async restore(owner, ids) {
     ensureOwner(owner);
+    if (isPostgresStorageMode()) {
+      const restored = [];
+      for (const id of ids || []) {
+        const { rows } = await pgQuery(
+          'SELECT payload FROM deleted_chats WHERE id = $1 AND owner_lookup = $2',
+          [id, makeOwnerLookup(owner)]
+        );
+        const record = rows[0] ? decryptJsonPayload(rows[0].payload, deletedChatAad(id)) : null;
+        if (!record || !matchesOwner(record, owner)) continue;
+        restored.push(record.sessionSnapshot);
+        await pgQuery('DELETE FROM deleted_chats WHERE id = $1', [id]);
+      }
+      return restored;
+    }
+
     await ensureLoaded();
     const restored = [];
     for (const id of ids || []) {
@@ -116,6 +193,18 @@ const thisStore = {
 
   async deleteForever(owner, ids) {
     ensureOwner(owner);
+    if (isPostgresStorageMode()) {
+      const removed = [];
+      for (const id of ids || []) {
+        const result = await pgQuery(
+          'DELETE FROM deleted_chats WHERE id = $1 AND owner_lookup = $2',
+          [id, makeOwnerLookup(owner)]
+        );
+        if (result.rowCount > 0) removed.push(id);
+      }
+      return removed;
+    }
+
     await ensureLoaded();
     const removed = [];
     for (const id of ids || []) {
@@ -129,6 +218,11 @@ const thisStore = {
   },
 
   async purgeExpired() {
+    if (isPostgresStorageMode()) {
+      await pgQuery('DELETE FROM deleted_chats WHERE purge_at IS NOT NULL AND purge_at <= $1', [new Date().toISOString()]);
+      return;
+    }
+
     if (!state.loaded) return;
     const now = Date.now();
     let changed = false;

server/cryptoUtils.js

@@ -15,6 +15,13 @@ function getKey() {
   return crypto.createHash('sha256').update(keyEnv).digest().subarray(0, KEY_LENGTH);
 }
 
+export function createLookupHash(value, namespace = 'lookup') {
+  return crypto
+    .createHmac('sha256', getKey())
+    .update(`${namespace}:${String(value ?? '')}`)
+    .digest('hex');
+}
+
 function normalizeAad(aad = '') {
   if (Buffer.isBuffer(aad)) return aad;
   return Buffer.from(String(aad || ''), 'utf8');

server/dataPaths.js

@@ -0,0 +1,13 @@
+import fs from 'fs';
+import path from 'path';
+
+export const DATA_ROOT = process.env.DATA_ROOT || '/data';
+export const POSTGRES_STORAGE_DIR_NAME = 'postgresql-store';
+export const POSTGRES_STORAGE_DIR = path.join(DATA_ROOT, POSTGRES_STORAGE_DIR_NAME);
+export const POSTGRES_STORAGE_MANIFEST = path.join(POSTGRES_STORAGE_DIR, 'manifest.json');
+
+export const STORAGE_MODE = fs.existsSync(POSTGRES_STORAGE_DIR) ? 'postgres' : 'legacy';
+
+export function isPostgresStorageMode() {
+  return STORAGE_MODE === 'postgres';
+}

server/guestRequestLimiter.js

@@ -1,4 +1,12 @@
 import { loadEncryptedJson, saveEncryptedJson } from './cryptoUtils.js';
+import { isPostgresStorageMode } from './dataPaths.js';
+import {
+  decryptJsonPayload,
+  encryptJsonPayload,
+  makeLookupToken,
+  pgQuery,
+  withPgTransaction,
+} from './postgres.js';
 
 const REQUESTS_FILE = '/data/guest_request_counts.json';
 const WINDOW_MS = 24 * 60 * 60 * 1000;
@@ -7,8 +15,16 @@ const MAX_LOGGED_OUT_REQUESTS = 50;
 const ipCounters = new Map();
 let loaded = false;
 
+function requestLookup(ip) {
+  return makeLookupToken('guest-request', ip);
+}
+
+function requestAad(ip) {
+  return `guest-request:${requestLookup(ip)}`;
+}
+
 async function loadGuestCounters() {
-  if (loaded) return;
+  if (loaded || isPostgresStorageMode()) return;
   loaded = true;
   const data = await loadEncryptedJson(REQUESTS_FILE);
   if (!data) return;
@@ -20,6 +36,24 @@ async function loadGuestCounters() {
   }
 }
 
+async function loadSqlGuestCounters() {
+  if (loaded || !isPostgresStorageMode()) return;
+  loaded = true;
+  const now = new Date().toISOString();
+  const { rows } = await pgQuery(
+    'SELECT payload FROM guest_request_counters WHERE expires_at > $1',
+    [now]
+  );
+  for (const row of rows) {
+    const payload = decryptJsonPayload(row.payload, `guest-request-row`);
+    if (!payload?.ip) continue;
+    ipCounters.set(payload.ip, {
+      count: typeof payload.count === 'number' ? payload.count : 0,
+      resetAt: typeof payload.resetAt === 'number' ? payload.resetAt : Date.now() + WINDOW_MS,
+    });
+  }
+}
+
 async function saveGuestCounters() {
   const data = {};
   for (const [ip, entry] of ipCounters) {
@@ -37,8 +71,23 @@ function cleanupExpired() {
   }
 }
 
+async function pruneSqlGuestCounters() {
+  await pgQuery('DELETE FROM guest_request_counters WHERE expires_at <= $1', [new Date().toISOString()]);
+}
+
 export async function initGuestRequestLimiter() {
-  await loadGuestCounters().catch(err => console.error('Failed to load guest request counters:', err));
+  if (isPostgresStorageMode()) {
+    await loadSqlGuestCounters().catch((err) => console.error('Failed to load SQL guest request counters:', err));
+    await pruneSqlGuestCounters().catch((err) => console.error('Failed to prune SQL guest request counters:', err));
+    cleanupExpired();
+    setInterval(() => {
+      cleanupExpired();
+      pruneSqlGuestCounters().catch((err) => console.error('Failed to prune SQL guest request counters:', err));
+    }, 60 * 60 * 1000);
+    return;
+  }
+
+  await loadGuestCounters().catch((err) => console.error('Failed to load guest request counters:', err));
   cleanupExpired();
   setInterval(() => {
     cleanupExpired();
@@ -46,6 +95,48 @@ export async function initGuestRequestLimiter() {
 }
 
 export async function consumeGuestRequest(ip) {
+  if (isPostgresStorageMode()) {
+    return withPgTransaction(async (client) => {
+      const now = Date.now();
+      const lookup = requestLookup(ip);
+      const { rows } = await client.query(
+        'SELECT payload FROM guest_request_counters WHERE key_lookup = $1 FOR UPDATE',
+        [lookup]
+      );
+
+      const payload = rows[0]
+        ? decryptJsonPayload(rows[0].payload, 'guest-request-row')
+        : null;
+
+      let entry = payload && payload.resetAt > now
+        ? { count: payload.count || 0, resetAt: payload.resetAt }
+        : { count: 0, resetAt: now + WINDOW_MS };
+
+      if (entry.count >= MAX_LOGGED_OUT_REQUESTS) {
+        ipCounters.set(ip, entry);
+        return false;
+      }
+
+      entry = { ...entry, count: entry.count + 1 };
+      ipCounters.set(ip, entry);
+
+      await client.query(
+        `INSERT INTO guest_request_counters (key_lookup, expires_at, updated_at, payload)
+         VALUES ($1, $2, $3, $4::jsonb)
+         ON CONFLICT (key_lookup)
+         DO UPDATE SET expires_at = EXCLUDED.expires_at, updated_at = EXCLUDED.updated_at, payload = EXCLUDED.payload`,
+        [
+          lookup,
+          new Date(entry.resetAt).toISOString(),
+          new Date().toISOString(),
+          JSON.stringify(encryptJsonPayload({ ip, ...entry }, 'guest-request-row')),
+        ]
+      );
+
+      return true;
+    });
+  }
+
   await loadGuestCounters();
   const now = Date.now();
   let entry = ipCounters.get(ip);
@@ -57,7 +148,7 @@ export async function consumeGuestRequest(ip) {
     return false;
   }
   entry.count += 1;
-  await saveGuestCounters().catch(err => console.error('Failed to save guest request counters:', err));
+  await saveGuestCounters().catch((err) => console.error('Failed to save guest request counters:', err));
   return true;
 }
 

server/handleFeedback.js

@@ -1,6 +1,8 @@
 import path from 'path';
 import crypto from 'crypto';
 import { saveEncryptedJson, loadEncryptedJson } from './cryptoUtils.js';
+import { isPostgresStorageMode } from './dataPaths.js';
+import { decryptJsonPayload, encryptJsonPayload, pgQuery } from './postgres.js';
 
 const DATA_DIR = '/data';
 const TICKETS_FILE = path.join(DATA_DIR, 'feedback_tickets.json');
@@ -19,12 +21,47 @@ function sanitizeString(value, maxLength) {
 }
 
 async function loadTickets() {
+  if (isPostgresStorageMode()) {
+    const { rows } = await pgQuery(
+      'SELECT id, payload FROM feedback_tickets ORDER BY submitted_at DESC'
+    );
+    return {
+      tickets: rows
+        .map((row) => decryptJsonPayload(row.payload, `feedback:${row.id}`))
+        .filter(Boolean),
+    };
+  }
   const data = await loadEncryptedJson(TICKETS_FILE, FEEDBACK_AAD);
   if (!data || !Array.isArray(data.tickets)) return { tickets: [] };
   return data;
 }
 
 async function saveTickets(data) {
+  if (isPostgresStorageMode()) {
+    const tickets = Array.isArray(data?.tickets) ? data.tickets : [];
+    const seenIds = tickets.map((ticket) => ticket.id);
+    if (!seenIds.length) {
+      await pgQuery('DELETE FROM feedback_tickets');
+      return;
+    }
+
+    await pgQuery('DELETE FROM feedback_tickets WHERE id <> ALL($1::text[])', [seenIds]);
+    for (const ticket of tickets) {
+      await pgQuery(
+        `INSERT INTO feedback_tickets (id, status, submitted_at, payload)
+         VALUES ($1, $2, $3, $4::jsonb)
+         ON CONFLICT (id)
+         DO UPDATE SET status = EXCLUDED.status, submitted_at = EXCLUDED.submitted_at, payload = EXCLUDED.payload`,
+        [
+          ticket.id,
+          ticket.status || 'open',
+          ticket.submittedAt,
+          JSON.stringify(encryptJsonPayload(ticket, `feedback:${ticket.id}`)),
+        ]
+      );
+    }
+    return;
+  }
   await saveEncryptedJson(TICKETS_FILE, data, FEEDBACK_AAD);
 }
 
@@ -159,4 +196,4 @@ export function registerFeedbackRoutes(app, { requireAdminTurnstile, verifyLimit
       return res.status(500).json({ error: 'feedback:server_error' });
     }
   });
-}
+}

server/index.js

@@ -15,6 +15,9 @@ import { SUPABASE_URL, SUPABASE_ANON_KEY } from './config.js';
 import { safeSend } from './helpers.js';
 import { verifySupabaseToken } from './auth.js';
 import { mediaStore } from './mediaStore.js';
+import { initializePostgresStorage } from './postgres.js';
+import { POSTGRES_STORAGE_DIR, STORAGE_MODE } from './dataPaths.js';
+import { loadStoredSHA, saveStoredSHA } from './versionStore.js';
 
 export { SUPABASE_URL, SUPABASE_ANON_KEY };
 export { LIGHTNING_BASE, PUBLIC_URL } from './config.js';
@@ -58,10 +61,13 @@ const verifyLimiter = rateLimit({
   },
 });
 
-const DATA_DIR = "/data";
-const VERSION_FILE = path.join(DATA_DIR, 'version.json');
 const PUBLIC_URL = process.env.PUBLIC_URL || 'default';
 
+if (STORAGE_MODE === 'postgres') {
+  await initializePostgresStorage();
+}
+console.log(`[storage] mode=${STORAGE_MODE} target=${STORAGE_MODE === 'postgres' ? POSTGRES_STORAGE_DIR : '/data'}`);
+
 function getRequestIp(req) {
   return (req.headers['x-forwarded-for'] || '').split(',')[0].trim()
     || req.socket?.remoteAddress
@@ -157,64 +163,6 @@ async function verifyTurnstileToken(token, remoteIp) {
 }
 
 
-function loadStoredSHA() {
-  try {
-    if (!fs.existsSync(DATA_DIR)) fs.mkdirSync(DATA_DIR, { recursive: true });
-    if (!fs.existsSync(VERSION_FILE)) return null;
-    const data = JSON.parse(fs.readFileSync(VERSION_FILE, 'utf-8'));
-
-    // Find SHA for this PUBLIC_URL
-    const obj = data.find(item => item[PUBLIC_URL]);
-    return obj ? obj[PUBLIC_URL] : null;
-  } catch (e) {
-    console.error('Failed to load stored SHA:', e);
-    return null;
-  }
-}
-
-
-function saveStoredSHA(sha) {
-  try {
-    if (!fs.existsSync(DATA_DIR)) {
-      fs.mkdirSync(DATA_DIR, { recursive: true });
-    }
-
-    let data = [];
-
-    if (fs.existsSync(VERSION_FILE)) {
-      try {
-        data = JSON.parse(fs.readFileSync(VERSION_FILE, 'utf-8'));
-        if (!Array.isArray(data)) data = [];
-      } catch {
-        data = [];
-      }
-    }
-
-    let found = false;
-
-    for (const entry of data) {
-      if (entry[PUBLIC_URL]) {
-        entry[PUBLIC_URL] = sha;
-        found = true;
-        break;
-      }
-    }
-
-    if (!found) {
-      data.push({ [PUBLIC_URL]: sha });
-    }
-
-    fs.writeFileSync(
-      VERSION_FILE,
-      JSON.stringify(data, null, 2),
-      'utf-8'
-    );
-
-  } catch (e) {
-    console.error('Failed to save SHA:', e);
-  }
-}
-
 app.use(express.json({ limit: '10mb' }));
 
 // --- API Turnstile Protection ---
@@ -527,17 +475,17 @@ async function fetchLatestSHA() {
     const data = await res.json();
     latestSHA = data.sha;
     console.log(`[${PUBLIC_URL}] Updated latest SHA: ${latestSHA}`);
-    saveStoredSHA(latestSHA);
+    await saveStoredSHA(PUBLIC_URL, latestSHA);
   } catch (e) {
     console.error('Failed to fetch latest commit SHA', e);
   }
 }
 
-latestSHA = loadStoredSHA();
+latestSHA = await loadStoredSHA(PUBLIC_URL);
 if (!latestSHA) {
   console.log(`[${PUBLIC_URL}] No stored SHA found.`);
   latestSHA = "latest";
-  saveStoredSHA(latestSHA);
+  await saveStoredSHA(PUBLIC_URL, latestSHA);
 } else {
   console.log(`[${PUBLIC_URL}] Using stored SHA: ${latestSHA}`);
 }
@@ -615,7 +563,7 @@ app.get('/admin/refresh', requireAdminTurnstile, verifyLimiter, async (req, res)
       return res.status(400).send('Invalid SHA');
     }
     latestSHA = sha;
-    saveStoredSHA(latestSHA);
+    await saveStoredSHA(PUBLIC_URL, latestSHA);
     logAdminEvent(req, 'set_sha', { requestedSha: latestSHA });
     console.log(`[${PUBLIC_URL}] Manual SHA set by admin: ${latestSHA}`);
     return res.send(`Version set to commit ${latestSHA}`);

server/mediaStore.js

@@ -2,6 +2,16 @@ import crypto from 'crypto';
 import fs from 'fs/promises';
 import path from 'path';
 import { loadEncryptedJson, saveEncryptedJson, readEncryptedFile, writeEncryptedFile } from './cryptoUtils.js';
+import { isPostgresStorageMode } from './dataPaths.js';
+import {
+  decryptBinaryPayload,
+  decryptJsonPayload,
+  encryptBinaryPayload,
+  encryptJsonPayload,
+  makeOwnerLookup,
+  pgQuery,
+  withPgTransaction,
+} from './postgres.js';
 
 const DATA_ROOT = '/data/media';
 const INDEX_FILE = path.join(DATA_ROOT, 'index.json');
@@ -81,8 +91,29 @@ function guessMimeType(name, fallbackKind = 'file') {
   }
 }
 
+function mediaEntryAad(id) {
+  return `media-entry:${id}`;
+}
+
+async function loadSqlEntries() {
+  const { rows } = await pgQuery('SELECT id, payload FROM media_entries');
+  const entries = {};
+  for (const row of rows) {
+    const entry = decryptJsonPayload(row.payload, mediaEntryAad(row.id));
+    if (entry?.id) entries[entry.id] = entry;
+  }
+  return entries;
+}
+
 async function ensureLoaded() {
   if (state.loaded) return;
+  if (isPostgresStorageMode()) {
+    state.index = { entries: await loadSqlEntries() };
+    state.loaded = true;
+    await purgeExpiredInternal();
+    return;
+  }
+
   const stored = await loadEncryptedJson(INDEX_FILE);
   state.index = {
     entries: stored?.entries || {},
@@ -91,7 +122,59 @@ async function ensureLoaded() {
   await purgeExpiredInternal();
 }
 
-async function saveIndex() {
+async function saveIndex(changedIds = null, deletedIds = [], client = null) {
+  if (isPostgresStorageMode()) {
+    const idsToPersist = changedIds ? [...new Set(changedIds)] : Object.keys(state.index.entries);
+    const idsToDelete = [...new Set(deletedIds || [])];
+    const run = async (runner) => {
+      for (const id of idsToDelete) {
+        await runner.query('DELETE FROM media_entries WHERE id = $1', [id]);
+      }
+      for (const id of idsToPersist) {
+        const entry = state.index.entries[id];
+        if (!entry) continue;
+        await runner.query(
+          `INSERT INTO media_entries (
+             id, owner_lookup, parent_id, entry_type, updated_at, created_at,
+             trashed_at, purge_at, expires_at, size_bytes, payload
+           )
+           VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11::jsonb)
+           ON CONFLICT (id)
+           DO UPDATE SET
+             owner_lookup = EXCLUDED.owner_lookup,
+             parent_id = EXCLUDED.parent_id,
+             entry_type = EXCLUDED.entry_type,
+             updated_at = EXCLUDED.updated_at,
+             created_at = EXCLUDED.created_at,
+             trashed_at = EXCLUDED.trashed_at,
+             purge_at = EXCLUDED.purge_at,
+             expires_at = EXCLUDED.expires_at,
+             size_bytes = EXCLUDED.size_bytes,
+             payload = EXCLUDED.payload`,
+          [
+            entry.id,
+            makeOwnerLookup({ type: entry.ownerType, id: entry.ownerId }),
+            entry.parentId || null,
+            entry.type,
+            entry.updatedAt || entry.createdAt,
+            entry.createdAt,
+            entry.trashedAt || null,
+            entry.purgeAt || null,
+            entry.expiresAt || null,
+            entry.size || 0,
+            JSON.stringify(encryptJsonPayload(entry, mediaEntryAad(entry.id))),
+          ]
+        );
+      }
+    };
+    if (client) {
+      await run(client);
+    } else {
+      await withPgTransaction(run);
+    }
+    return;
+  }
+
   await saveEncryptedJson(INDEX_FILE, state.index);
 }
 
@@ -132,6 +215,38 @@ function buildAad(entry) {
   return `media:${entry.id}:${entry.ownerType}:${entry.ownerId}`;
 }
 
+async function saveBlob(entry, buffer, client = null) {
+  if (isPostgresStorageMode()) {
+    const runner = client || { query: pgQuery };
+    await runner.query(
+      `INSERT INTO media_blobs (entry_id, updated_at, payload)
+       VALUES ($1, $2, $3)
+       ON CONFLICT (entry_id)
+       DO UPDATE SET updated_at = EXCLUDED.updated_at, payload = EXCLUDED.payload`,
+      [entry.id, entry.updatedAt || nowIso(), encryptBinaryPayload(buffer, buildAad(entry))]
+    );
+    return;
+  }
+  await writeEncryptedFile(blobPathFor(entry.id), Buffer.from(buffer), buildAad(entry));
+}
+
+async function loadBlob(entry) {
+  if (isPostgresStorageMode()) {
+    const { rows } = await pgQuery('SELECT payload FROM media_blobs WHERE entry_id = $1', [entry.id]);
+    if (!rows[0]) throw new Error(`Missing blob for media entry ${entry.id}`);
+    return decryptBinaryPayload(rows[0].payload, buildAad(entry));
+  }
+  return readEncryptedFile(blobPathFor(entry.id), buildAad(entry));
+}
+
+async function deleteBlob(id) {
+  if (isPostgresStorageMode()) {
+    await pgQuery('DELETE FROM media_blobs WHERE entry_id = $1', [id]);
+    return;
+  }
+  await fs.rm(blobPathFor(id), { force: true }).catch(() => {});
+}
+
 function isOwnedFile(entry, owner) {
   return entry?.type === 'file' && entry.ownerType === owner.type && entry.ownerId === owner.id;
 }
@@ -210,10 +325,15 @@ function assertQuotaAvailable(owner, additionalBytes = 0) {
 async function purgeEntry(id) {
   const entry = getEntry(id);
   if (!entry) return;
-  if (entry.type === 'file') {
-    await fs.rm(blobPathFor(id), { force: true }).catch(() => {});
+  if (entry.type === 'file' && !isPostgresStorageMode()) {
+    await deleteBlob(id);
   }
   delete state.index.entries[id];
+  if (isPostgresStorageMode()) {
+    await saveIndex([], [id]);
+    return;
+  }
+  if (entry.type === 'file') await deleteBlob(id);
 }
 
 async function purgeExpiredInternal() {
@@ -229,7 +349,7 @@ async function purgeExpiredInternal() {
     }
     changed = true;
   }
-  if (changed) await saveIndex();
+  if (changed && !isPostgresStorageMode()) await saveIndex();
 }
 
 setInterval(() => {
@@ -308,9 +428,16 @@ export const mediaStore = {
       deletedByAssistant,
     };
 
-    await writeEncryptedFile(blobPathFor(entry.id), Buffer.from(buffer), buildAad(entry));
     state.index.entries[entry.id] = entry;
-    await saveIndex();
+    if (isPostgresStorageMode()) {
+      await withPgTransaction(async (client) => {
+        await saveBlob(entry, Buffer.from(buffer), client);
+        await saveIndex([entry.id], [], client);
+      });
+    } else {
+      await saveBlob(entry, Buffer.from(buffer));
+      await saveIndex([entry.id]);
+    }
     return sanitizeEntry(entry);
   },
 
@@ -335,7 +462,7 @@ export const mediaStore = {
     };
 
     state.index.entries[folder.id] = folder;
-    await saveIndex();
+    await saveIndex([folder.id]);
     return sanitizeEntry(folder);
   },
 
@@ -369,7 +496,7 @@ export const mediaStore = {
     if (!entry || entry.type !== 'file' || !canAccess(entry, owner)) return null;
     return {
       entry: sanitizeEntry(entry),
-      buffer: await readEncryptedFile(blobPathFor(id), buildAad(entry)),
+      buffer: await loadBlob(entry),
     };
   },
 
@@ -397,8 +524,15 @@ export const mediaStore = {
     entry.size = nextSize;
     entry.updatedAt = nowIso();
 
-    await writeEncryptedFile(blobPathFor(entry.id), Buffer.from(buffer), buildAad(entry));
-    await saveIndex();
+    if (isPostgresStorageMode()) {
+      await withPgTransaction(async (client) => {
+        await saveBlob(entry, Buffer.from(buffer), client);
+        await saveIndex([entry.id], [], client);
+      });
+    } else {
+      await saveBlob(entry, Buffer.from(buffer));
+      await saveIndex([entry.id]);
+    }
     return sanitizeEntry(entry);
   },
 
@@ -409,7 +543,7 @@ export const mediaStore = {
     if (!entry || !canAccess(entry, owner)) return null;
     entry.name = normalizeName(name, entry.name || 'Untitled');
     entry.updatedAt = nowIso();
-    await saveIndex();
+    await saveIndex([entry.id]);
     return sanitizeEntry(entry);
   },
 
@@ -419,6 +553,7 @@ export const mediaStore = {
     const destinationId = parentId ? resolveParentFolder(owner, parentId) : null;
     if (parentId && !destinationId) throw new Error('Invalid destination folder');
     const updated = [];
+    const changedIds = new Set();
     for (const id of ids || []) {
       const entry = getEntry(id);
       if (!entry || !canAccess(entry, owner)) continue;
@@ -427,8 +562,9 @@ export const mediaStore = {
       entry.parentId = destinationId;
       entry.updatedAt = nowIso();
       updated.push(sanitizeEntry(entry));
+      changedIds.add(entry.id);
     }
-    if (updated.length) await saveIndex();
+    if (changedIds.size) await saveIndex([...changedIds]);
     return updated;
   },
 
@@ -436,6 +572,7 @@ export const mediaStore = {
     ensureOwner(owner);
     await ensureLoaded();
     const trashed = [];
+    const changedIds = new Set();
     const now = nowIso();
     const purgeAt = new Date(Date.now() + TRASH_RETENTION_MS).toISOString();
 
@@ -449,9 +586,10 @@ export const mediaStore = {
         target.purgeAt = purgeAt;
         target.updatedAt = now;
         trashed.push(sanitizeEntry(target));
+        changedIds.add(target.id);
       }
     }
-    if (trashed.length) await saveIndex();
+    if (changedIds.size) await saveIndex([...changedIds]);
     return trashed;
   },
 
@@ -459,6 +597,7 @@ export const mediaStore = {
     ensureOwner(owner);
     await ensureLoaded();
     const restored = [];
+    const changedIds = new Set();
     for (const id of ids || []) {
       const entry = getEntry(id);
       if (!entry || !canAccess(entry, owner)) continue;
@@ -469,9 +608,10 @@ export const mediaStore = {
         target.purgeAt = null;
         target.updatedAt = nowIso();
         restored.push(sanitizeEntry(target));
+        changedIds.add(target.id);
       }
     }
-    if (restored.length) await saveIndex();
+    if (changedIds.size) await saveIndex([...changedIds]);
     return restored;
   },
 
@@ -489,7 +629,7 @@ export const mediaStore = {
     for (const targetId of removedIds) {
       await purgeEntry(targetId);
     }
-    if (removedIds.size) await saveIndex();
+    if (removedIds.size && !isPostgresStorageMode()) await saveIndex();
     return [...removedIds];
   },
 
@@ -498,14 +638,16 @@ export const mediaStore = {
     if (!sessionId) return [];
     await ensureLoaded();
     const updated = [];
+    const changedIds = new Set();
     for (const id of ids || []) {
       const entry = getEntry(id);
       if (!entry || !canAccess(entry, owner)) continue;
       entry.sessionIds = [...new Set([...(entry.sessionIds || []), sessionId])];
       entry.updatedAt = nowIso();
       updated.push(sanitizeEntry(entry));
+      changedIds.add(entry.id);
     }
-    if (updated.length) await saveIndex();
+    if (changedIds.size) await saveIndex([...changedIds]);
     return updated;
   },
 

server/memoryStore.js

@@ -1,6 +1,13 @@
 import crypto from 'crypto';
 import path from 'path';
 import { loadEncryptedJson, saveEncryptedJson } from './cryptoUtils.js';
+import { isPostgresStorageMode } from './dataPaths.js';
+import {
+  decryptJsonPayload,
+  encryptJsonPayload,
+  makeOwnerLookup,
+  pgQuery,
+} from './postgres.js';
 
 const DATA_ROOT = '/data/memories';
 const INDEX_FILE = path.join(DATA_ROOT, 'index.json');
@@ -26,8 +33,12 @@ function sanitizeText(text) {
   return String(text || '').replace(/\s+/g, ' ').trim().slice(0, MAX_MEMORY_LENGTH);
 }
 
+function memoryAad(memoryId) {
+  return `memory:${memoryId}`;
+}
+
 async function ensureLoaded() {
-  if (state.loaded) return;
+  if (state.loaded || isPostgresStorageMode()) return;
   const stored = await loadEncryptedJson(INDEX_FILE);
   state.index = {
     memories: stored?.memories || {},
@@ -54,9 +65,39 @@ function sanitize(memory) {
   };
 }
 
+async function listSql(owner) {
+  const { rows } = await pgQuery(
+    'SELECT id, payload, updated_at FROM memories WHERE owner_lookup = $1 ORDER BY updated_at DESC',
+    [makeOwnerLookup(owner)]
+  );
+  return rows
+    .map((row) => decryptJsonPayload(row.payload, memoryAad(row.id)))
+    .filter(Boolean)
+    .sort((a, b) => new Date(b.updatedAt).getTime() - new Date(a.updatedAt).getTime())
+    .map(sanitize);
+}
+
+async function upsertSql(memory) {
+  await pgQuery(
+    `INSERT INTO memories (id, owner_lookup, created_at, updated_at, payload)
+     VALUES ($1, $2, $3, $4, $5::jsonb)
+     ON CONFLICT (id)
+     DO UPDATE SET updated_at = EXCLUDED.updated_at, payload = EXCLUDED.payload`,
+    [
+      memory.id,
+      makeOwnerLookup({ type: memory.ownerType, id: memory.ownerId }),
+      memory.createdAt,
+      memory.updatedAt,
+      JSON.stringify(encryptJsonPayload(memory, memoryAad(memory.id))),
+    ]
+  );
+}
+
 export const memoryStore = {
   async list(owner) {
     ensureOwner(owner);
+    if (isPostgresStorageMode()) return listSql(owner);
+
     await ensureLoaded();
     return Object.values(state.index.memories)
       .filter((memory) => matchesOwner(memory, owner))
@@ -66,7 +107,6 @@ export const memoryStore = {
 
   async create(owner, { content, sessionId = null, source = 'assistant' }) {
     ensureOwner(owner);
-    await ensureLoaded();
     const normalized = sanitizeText(content);
     if (!normalized) return null;
 
@@ -80,6 +120,13 @@ export const memoryStore = {
       createdAt: nowIso(),
       updatedAt: nowIso(),
     };
+
+    if (isPostgresStorageMode()) {
+      await upsertSql(memory);
+      return sanitize(memory);
+    }
+
+    await ensureLoaded();
     state.index.memories[memory.id] = memory;
     await saveIndex();
     return sanitize(memory);
@@ -87,11 +134,25 @@ export const memoryStore = {
 
   async update(owner, id, content) {
     ensureOwner(owner);
+    const normalized = sanitizeText(content);
+    if (!normalized) return null;
+
+    if (isPostgresStorageMode()) {
+      const { rows } = await pgQuery(
+        'SELECT payload FROM memories WHERE id = $1 AND owner_lookup = $2',
+        [id, makeOwnerLookup(owner)]
+      );
+      const memory = rows[0] ? decryptJsonPayload(rows[0].payload, memoryAad(id)) : null;
+      if (!memory || !matchesOwner(memory, owner)) return null;
+      memory.content = normalized;
+      memory.updatedAt = nowIso();
+      await upsertSql(memory);
+      return sanitize(memory);
+    }
+
     await ensureLoaded();
     const memory = state.index.memories[id];
     if (!memory || !matchesOwner(memory, owner)) return null;
-    const normalized = sanitizeText(content);
-    if (!normalized) return null;
     memory.content = normalized;
     memory.updatedAt = nowIso();
     await saveIndex();
@@ -100,6 +161,14 @@ export const memoryStore = {
 
   async delete(owner, id) {
     ensureOwner(owner);
+    if (isPostgresStorageMode()) {
+      const result = await pgQuery(
+        'DELETE FROM memories WHERE id = $1 AND owner_lookup = $2',
+        [id, makeOwnerLookup(owner)]
+      );
+      return result.rowCount > 0;
+    }
+
     await ensureLoaded();
     const memory = state.index.memories[id];
     if (!memory || !matchesOwner(memory, owner)) return false;

server/postgres.js

@@ -0,0 +1,132 @@
+import { Pool } from 'pg';
+import {
+  createLookupHash,
+  decryptBuffer,
+  decryptJson,
+  encryptBuffer,
+  encryptJson,
+  packEncryptedBuffer,
+  unpackEncryptedBuffer,
+} from './cryptoUtils.js';
+import { isPostgresStorageMode, POSTGRES_STORAGE_DIR, STORAGE_MODE } from './dataPaths.js';
+import { POSTGRES_SCHEMA_SQL } from './postgresSchema.js';
+
+let poolInstance = null;
+let initPromise = null;
+
+function resolveSslConfig() {
+  const raw = String(process.env.PGSSL || process.env.PGSSLMODE || '').trim().toLowerCase();
+  if (!raw || ['false', '0', 'off', 'disable'].includes(raw)) return false;
+  return { rejectUnauthorized: false };
+}
+
+export function buildPoolConfig() {
+  const connectionString = process.env.DATABASE_URL || process.env.POSTGRES_URL || '';
+  const ssl = resolveSslConfig();
+  if (connectionString) {
+    return { connectionString, ssl };
+  }
+
+  const { PGHOST, PGPORT, PGUSER, PGPASSWORD, PGDATABASE } = process.env;
+  if (!PGHOST || !PGUSER || !PGDATABASE) {
+    throw new Error(
+      `PostgreSQL storage is enabled by ${POSTGRES_STORAGE_DIR}, but no database connection is configured. Set DATABASE_URL or PGHOST/PGUSER/PGDATABASE.`
+    );
+  }
+
+  return {
+    host: PGHOST,
+    port: PGPORT ? Number(PGPORT) : 5432,
+    user: PGUSER,
+    password: PGPASSWORD || '',
+    database: PGDATABASE,
+    ssl,
+  };
+}
+
+async function createPool() {
+  return createStandalonePostgresPool();
+}
+
+export async function createStandalonePostgresPool() {
+  const pool = new Pool(buildPoolConfig());
+  await pool.query(POSTGRES_SCHEMA_SQL);
+  pool.on('error', (err) => {
+    console.error('PostgreSQL pool error:', err);
+  });
+  return pool;
+}
+
+export async function initializePostgresStorage() {
+  if (!isPostgresStorageMode()) return false;
+  if (!initPromise) {
+    initPromise = createPool().then((pool) => {
+      poolInstance = pool;
+      return pool;
+    });
+  }
+  await initPromise;
+  return true;
+}
+
+export async function getPostgresPool() {
+  if (!isPostgresStorageMode()) {
+    throw new Error(`PostgreSQL storage is not active (mode=${STORAGE_MODE})`);
+  }
+  await initializePostgresStorage();
+  return poolInstance;
+}
+
+export async function pgQuery(text, params = []) {
+  const pool = await getPostgresPool();
+  return pool.query(text, params);
+}
+
+export async function withPgClient(fn) {
+  const pool = await getPostgresPool();
+  const client = await pool.connect();
+  try {
+    return await fn(client);
+  } finally {
+    client.release();
+  }
+}
+
+export async function withPgTransaction(fn) {
+  return withPgClient(async (client) => {
+    await client.query('BEGIN');
+    try {
+      const result = await fn(client);
+      await client.query('COMMIT');
+      return result;
+    } catch (err) {
+      await client.query('ROLLBACK');
+      throw err;
+    }
+  });
+}
+
+export function encryptJsonPayload(data, aad = '') {
+  return encryptJson(data, aad);
+}
+
+export function decryptJsonPayload(payload, aad = '') {
+  return decryptJson(payload, aad);
+}
+
+export function encryptBinaryPayload(buffer, aad = '') {
+  return packEncryptedBuffer(encryptBuffer(Buffer.from(buffer), aad));
+}
+
+export function decryptBinaryPayload(payload, aad = '') {
+  const packed = Buffer.isBuffer(payload) ? payload : Buffer.from(payload);
+  return decryptBuffer(unpackEncryptedBuffer(packed), aad);
+}
+
+export function makeOwnerLookup(owner) {
+  return createLookupHash(`${owner?.type || 'unknown'}:${owner?.id || ''}`, 'owner');
+}
+
+export function makeLookupToken(namespace, value) {
+  return createLookupHash(String(value ?? ''), namespace);
+}

server/postgresSchema.js

@@ -0,0 +1,148 @@
+export const POSTGRES_SCHEMA_SQL = `
+CREATE TABLE IF NOT EXISTS app_versions (
+  public_url_lookup text PRIMARY KEY,
+  updated_at timestamptz NOT NULL,
+  payload jsonb NOT NULL
+);
+
+CREATE TABLE IF NOT EXISTS guest_state (
+  owner_lookup text PRIMARY KEY,
+  expires_at timestamptz,
+  updated_at timestamptz NOT NULL,
+  payload jsonb NOT NULL
+);
+
+CREATE TABLE IF NOT EXISTS chat_sessions (
+  id text PRIMARY KEY,
+  scope_type text NOT NULL,
+  owner_lookup text NOT NULL,
+  created_at timestamptz NOT NULL,
+  updated_at timestamptz NOT NULL,
+  expires_at timestamptz,
+  payload jsonb NOT NULL
+);
+CREATE INDEX IF NOT EXISTS chat_sessions_owner_idx
+  ON chat_sessions (owner_lookup, updated_at DESC);
+CREATE INDEX IF NOT EXISTS chat_sessions_expires_idx
+  ON chat_sessions (expires_at)
+  WHERE expires_at IS NOT NULL;
+
+CREATE TABLE IF NOT EXISTS session_shares (
+  id text PRIMARY KEY,
+  token_lookup text NOT NULL UNIQUE,
+  owner_lookup text NOT NULL,
+  created_at timestamptz NOT NULL,
+  payload jsonb NOT NULL
+);
+CREATE INDEX IF NOT EXISTS session_shares_owner_idx
+  ON session_shares (owner_lookup, created_at DESC);
+
+CREATE TABLE IF NOT EXISTS deleted_chats (
+  id text PRIMARY KEY,
+  owner_lookup text NOT NULL,
+  purge_at timestamptz,
+  deleted_at timestamptz NOT NULL,
+  payload jsonb NOT NULL
+);
+CREATE INDEX IF NOT EXISTS deleted_chats_owner_idx
+  ON deleted_chats (owner_lookup, deleted_at DESC);
+CREATE INDEX IF NOT EXISTS deleted_chats_purge_idx
+  ON deleted_chats (purge_at)
+  WHERE purge_at IS NOT NULL;
+
+CREATE TABLE IF NOT EXISTS memories (
+  id text PRIMARY KEY,
+  owner_lookup text NOT NULL,
+  created_at timestamptz NOT NULL,
+  updated_at timestamptz NOT NULL,
+  payload jsonb NOT NULL
+);
+CREATE INDEX IF NOT EXISTS memories_owner_idx
+  ON memories (owner_lookup, updated_at DESC);
+
+CREATE TABLE IF NOT EXISTS media_entries (
+  id text PRIMARY KEY,
+  owner_lookup text NOT NULL,
+  parent_id text,
+  entry_type text NOT NULL,
+  updated_at timestamptz NOT NULL,
+  created_at timestamptz NOT NULL,
+  trashed_at timestamptz,
+  purge_at timestamptz,
+  expires_at timestamptz,
+  size_bytes bigint NOT NULL DEFAULT 0,
+  payload jsonb NOT NULL
+);
+CREATE INDEX IF NOT EXISTS media_entries_owner_idx
+  ON media_entries (owner_lookup, updated_at DESC);
+CREATE INDEX IF NOT EXISTS media_entries_parent_idx
+  ON media_entries (owner_lookup, parent_id);
+CREATE INDEX IF NOT EXISTS media_entries_purge_idx
+  ON media_entries (purge_at)
+  WHERE purge_at IS NOT NULL;
+CREATE INDEX IF NOT EXISTS media_entries_expires_idx
+  ON media_entries (expires_at)
+  WHERE expires_at IS NOT NULL;
+
+CREATE TABLE IF NOT EXISTS media_blobs (
+  entry_id text PRIMARY KEY REFERENCES media_entries(id) ON DELETE CASCADE,
+  updated_at timestamptz NOT NULL,
+  payload bytea NOT NULL
+);
+
+CREATE TABLE IF NOT EXISTS system_prompts (
+  owner_lookup text PRIMARY KEY,
+  updated_at timestamptz NOT NULL,
+  payload jsonb NOT NULL
+);
+
+CREATE TABLE IF NOT EXISTS feedback_tickets (
+  id text PRIMARY KEY,
+  status text NOT NULL,
+  submitted_at timestamptz NOT NULL,
+  payload jsonb NOT NULL
+);
+CREATE INDEX IF NOT EXISTS feedback_tickets_status_idx
+  ON feedback_tickets (status, submitted_at DESC);
+
+CREATE TABLE IF NOT EXISTS guest_request_counters (
+  key_lookup text PRIMARY KEY,
+  expires_at timestamptz NOT NULL,
+  updated_at timestamptz NOT NULL,
+  payload jsonb NOT NULL
+);
+CREATE INDEX IF NOT EXISTS guest_request_counters_expires_idx
+  ON guest_request_counters (expires_at);
+
+CREATE TABLE IF NOT EXISTS web_search_usage (
+  key_lookup text NOT NULL,
+  day_key text NOT NULL,
+  updated_at timestamptz NOT NULL,
+  payload jsonb NOT NULL,
+  PRIMARY KEY (key_lookup, day_key)
+);
+
+CREATE TABLE IF NOT EXISTS user_settings (
+  owner_lookup text PRIMARY KEY,
+  updated_at timestamptz NOT NULL,
+  payload jsonb NOT NULL
+);
+
+CREATE TABLE IF NOT EXISTS user_profiles (
+  owner_lookup text PRIMARY KEY,
+  username_lookup text UNIQUE,
+  updated_at timestamptz NOT NULL,
+  payload jsonb NOT NULL
+);
+
+CREATE TABLE IF NOT EXISTS device_sessions (
+  token_lookup text PRIMARY KEY,
+  user_lookup text NOT NULL,
+  active boolean NOT NULL,
+  created_at timestamptz NOT NULL,
+  last_seen_at timestamptz NOT NULL,
+  payload jsonb NOT NULL
+);
+CREATE INDEX IF NOT EXISTS device_sessions_user_idx
+  ON device_sessions (user_lookup, active, last_seen_at DESC);
+`;

server/sessionStore.js

@@ -1,24 +1,91 @@
-// sessionStore.js — access_token + Supabase RLS, no service role key needed.
-// Device sessions live in memory only (restart clears them).
 import { createClient } from '@supabase/supabase-js';
 import crypto from 'crypto';
 import { saveEncryptedJson, loadEncryptedJson } from './cryptoUtils.js';
 import path from 'path';
+import { isPostgresStorageMode } from './dataPaths.js';
+import {
+  decryptJsonPayload,
+  encryptJsonPayload,
+  makeLookupToken,
+  makeOwnerLookup,
+  pgQuery,
+} from './postgres.js';
 
 let _SUPABASE_URL, _SUPABASE_ANON_KEY;
 export function initStoreConfig(url, key) { _SUPABASE_URL = url; _SUPABASE_ANON_KEY = key; }
 
-const TEMP_TTL_MS     = 24 * 60 * 60 * 1000;
+const TEMP_TTL_MS = 24 * 60 * 60 * 1000;
 const TEMP_INACTIVITY = 12 * 60 * 60 * 1000;
-const TEMP_MSG_LIMIT  = 10;
+const TEMP_MSG_LIMIT = 10;
 
-const userCache   = new Map(); // userId -> { sessions: Map, online: Set }
-const tempStore   = new Map(); // tempId -> TempData
-const devSessions = new Map(); // token  -> DeviceSession
+const userCache = new Map();
+const tempStore = new Map();
+const devSessions = new Map();
+const loadedTempIds = new Set();
+const loadedUserIds = new Set();
 
 const TEMP_STORE_FILE = '/data/temp_sessions.json';
 
+function nowIso() {
+  return new Date().toISOString();
+}
+
+function tempOwner(tempId) {
+  return { type: 'guest', id: tempId };
+}
+
+function userOwner(userId) {
+  return { type: 'user', id: userId };
+}
+
+function guestStateLookup(tempId) {
+  return makeLookupToken('guest-state', tempId);
+}
+
+function guestStateAad(tempId) {
+  return `guest-state:${tempId}`;
+}
+
+function sessionAad(scopeType, sessionId) {
+  return `chat-session:${scopeType}:${sessionId}`;
+}
+
+function shareTokenLookup(token) {
+  return makeLookupToken('session-share-token', token);
+}
+
+function shareAad(recordId) {
+  return `session-share:${recordId}`;
+}
+
+function deviceTokenLookup(token) {
+  return makeLookupToken('device-session-token', token);
+}
+
+function deviceSessionAad(tokenLookup) {
+  return `device-session:${tokenLookup}`;
+}
+
+function guestExpiryRecord(tempData) {
+  const createdExpires = (tempData.created || Date.now()) + TEMP_TTL_MS;
+  const inactiveExpires = (tempData.lastActive || Date.now()) + TEMP_INACTIVITY;
+  return new Date(Math.min(createdExpires, inactiveExpires)).toISOString();
+}
+
+function ensureTempRecord(tempId) {
+  if (!tempStore.has(tempId)) {
+    tempStore.set(tempId, {
+      sessions: new Map(),
+      msgCount: 0,
+      created: Date.now(),
+      lastActive: Date.now(),
+    });
+  }
+  return tempStore.get(tempId);
+}
+
 async function loadTempStore() {
+  if (isPostgresStorageMode()) return;
   const data = await loadEncryptedJson(TEMP_STORE_FILE);
   if (data) {
     for (const [id, d] of Object.entries(data)) {
@@ -28,11 +95,13 @@ async function loadTempStore() {
         created: d.created || Date.now(),
         lastActive: d.lastActive || Date.now(),
       });
+      loadedTempIds.add(id);
     }
   }
 }
 
 async function saveTempStore() {
+  if (isPostgresStorageMode()) return;
   const data = {};
   for (const [id, d] of tempStore) {
     data[id] = {
@@ -45,17 +114,100 @@ async function saveTempStore() {
   await saveEncryptedJson(TEMP_STORE_FILE, data);
 }
 
-// Load temp store on init
-loadTempStore().catch(err => console.error('Failed to load temp store:', err));
+async function ensureSqlTempLoaded(tempId) {
+  if (!isPostgresStorageMode() || loadedTempIds.has(tempId)) return;
+  const owner = tempOwner(tempId);
+  const lookup = makeOwnerLookup(owner);
+  const [guestStateResult, sessionResult] = await Promise.all([
+    pgQuery('SELECT payload FROM guest_state WHERE owner_lookup = $1', [guestStateLookup(tempId)]),
+    pgQuery(
+      'SELECT id, payload FROM chat_sessions WHERE owner_lookup = $1 AND scope_type = $2 ORDER BY updated_at DESC',
+      [lookup, 'guest']
+    ),
+  ]);
 
-setInterval(async () => {
-  const now = Date.now();
-  for (const [id, d] of tempStore)
-    if (now - d.created > TEMP_TTL_MS || now - d.lastActive > TEMP_INACTIVITY)
-      tempStore.delete(id);
-  // Save after cleanup
-  await saveTempStore().catch(err => console.error('Failed to save temp store:', err));
-}, 30 * 60 * 1000);
+  const base = ensureTempRecord(tempId);
+  const guestState = guestStateResult.rows[0]
+    ? decryptJsonPayload(guestStateResult.rows[0].payload, guestStateAad(tempId))
+    : null;
+
+  base.msgCount = Number(guestState?.msgCount) || base.msgCount || 0;
+  base.created = Number(guestState?.created) || base.created || Date.now();
+  base.lastActive = Number(guestState?.lastActive) || base.lastActive || Date.now();
+  base.sessions = new Map(
+    sessionResult.rows
+      .map((row) => decryptJsonPayload(row.payload, sessionAad('guest', row.id)))
+      .filter((session) => session?.id)
+      .map((session) => [session.id, session])
+  );
+  loadedTempIds.add(tempId);
+}
+
+async function persistSqlTempState(tempId) {
+  const data = tempStore.get(tempId);
+  if (!data) return;
+  await pgQuery(
+    `INSERT INTO guest_state (owner_lookup, expires_at, updated_at, payload)
+     VALUES ($1, $2, $3, $4::jsonb)
+     ON CONFLICT (owner_lookup)
+     DO UPDATE SET expires_at = EXCLUDED.expires_at, updated_at = EXCLUDED.updated_at, payload = EXCLUDED.payload`,
+    [
+      guestStateLookup(tempId),
+      guestExpiryRecord(data),
+      nowIso(),
+      JSON.stringify(encryptJsonPayload({
+        tempId,
+        msgCount: data.msgCount,
+        created: data.created,
+        lastActive: data.lastActive,
+      }, guestStateAad(tempId))),
+    ]
+  );
+}
+
+async function persistSqlSession(owner, scopeType, session, expiresAt = null) {
+  await pgQuery(
+    `INSERT INTO chat_sessions (id, scope_type, owner_lookup, created_at, updated_at, expires_at, payload)
+     VALUES ($1, $2, $3, $4, $5, $6, $7::jsonb)
+     ON CONFLICT (id)
+     DO UPDATE SET
+       scope_type = EXCLUDED.scope_type,
+       owner_lookup = EXCLUDED.owner_lookup,
+       created_at = EXCLUDED.created_at,
+       updated_at = EXCLUDED.updated_at,
+       expires_at = EXCLUDED.expires_at,
+       payload = EXCLUDED.payload`,
+    [
+      session.id,
+      scopeType,
+      makeOwnerLookup(owner),
+      new Date(session.created).toISOString(),
+      nowIso(),
+      expiresAt,
+      JSON.stringify(encryptJsonPayload(session, sessionAad(scopeType, session.id))),
+    ]
+  );
+}
+
+async function loadUserSessionsSql(userId) {
+  const user = sessionStore._ensureUser(userId);
+  const { rows } = await pgQuery(
+    'SELECT id, payload FROM chat_sessions WHERE owner_lookup = $1 AND scope_type = $2 ORDER BY updated_at DESC',
+    [makeOwnerLookup(userOwner(userId)), 'user']
+  );
+  user.sessions.clear();
+  for (const row of rows) {
+    const session = decryptJsonPayload(row.payload, sessionAad('user', row.id));
+    if (session?.id) user.sessions.set(session.id, session);
+  }
+  loadedUserIds.add(userId);
+  return [...user.sessions.values()];
+}
+
+async function ensureUserLoaded(userId) {
+  if (!isPostgresStorageMode() || loadedUserIds.has(userId)) return;
+  await loadUserSessionsSql(userId);
+}
 
 function userClient(accessToken) {
   return createClient(_SUPABASE_URL, _SUPABASE_ANON_KEY, {
@@ -64,120 +216,287 @@ function userClient(accessToken) {
   });
 }
 
+loadTempStore().catch((err) => console.error('Failed to load temp store:', err));
+
+setInterval(async () => {
+  const now = Date.now();
+  const expiredTempIds = [];
+
+  for (const [id, d] of tempStore) {
+    if (now - d.created > TEMP_TTL_MS || now - d.lastActive > TEMP_INACTIVITY) {
+      tempStore.delete(id);
+      expiredTempIds.push(id);
+    }
+  }
+
+  if (isPostgresStorageMode()) {
+    try {
+      for (const tempId of expiredTempIds) {
+        loadedTempIds.delete(tempId);
+        await pgQuery('DELETE FROM guest_state WHERE owner_lookup = $1', [guestStateLookup(tempId)]);
+      }
+      await pgQuery(
+        `DELETE FROM chat_sessions
+         WHERE scope_type = 'guest' AND expires_at IS NOT NULL AND expires_at <= $1`,
+        [nowIso()]
+      );
+      await pgQuery(
+        `DELETE FROM guest_state
+         WHERE expires_at IS NOT NULL AND expires_at <= $1`,
+        [nowIso()]
+      );
+    } catch (err) {
+      console.error('Failed to prune SQL temp store:', err);
+    }
+    return;
+  }
+
+  await saveTempStore().catch((err) => console.error('Failed to save temp store:', err));
+}, 30 * 60 * 1000);
+
 export const sessionStore = {
-  // ── TEMP ────────────────────────────────────────────────────────────────
   initTemp(t) {
-    if (!tempStore.has(t))
-      tempStore.set(t, { sessions: new Map(), msgCount: 0, created: Date.now(), lastActive: Date.now() });
-    return tempStore.get(t);
-  },
-  tempCanSend(t)  { const d = tempStore.get(t); return d ? d.msgCount < TEMP_MSG_LIMIT : false; },
-  tempBump(t)     { const d = tempStore.get(t); if (d) { d.msgCount++; d.lastActive = Date.now(); } },
-  getTempSessions(t) { return [...(tempStore.get(t)?.sessions.values() || [])]; },
-  getTempSession(t, id) { return tempStore.get(t)?.sessions.get(id) || null; },
-  createTempSession(t) {
-    const d = this.initTemp(t);
+    return ensureTempRecord(t);
+  },
+
+  async tempCanSend(t) {
+    if (isPostgresStorageMode()) await ensureSqlTempLoaded(t);
+    const d = tempStore.get(t);
+    return d ? d.msgCount < TEMP_MSG_LIMIT : false;
+  },
+
+  async tempBump(t) {
+    if (isPostgresStorageMode()) await ensureSqlTempLoaded(t);
+    const d = ensureTempRecord(t);
+    d.msgCount += 1;
+    d.lastActive = Date.now();
+    if (isPostgresStorageMode()) {
+      await persistSqlTempState(t);
+    } else {
+      saveTempStore().catch((err) => console.error('Failed to save temp store:', err));
+    }
+  },
+
+  async getTempSessions(t) {
+    if (isPostgresStorageMode()) await ensureSqlTempLoaded(t);
+    return [...(tempStore.get(t)?.sessions.values() || [])];
+  },
+
+  async getTempSession(t, id) {
+    if (isPostgresStorageMode()) await ensureSqlTempLoaded(t);
+    return tempStore.get(t)?.sessions.get(id) || null;
+  },
+
+  async createTempSession(t) {
+    if (isPostgresStorageMode()) await ensureSqlTempLoaded(t);
+    const d = ensureTempRecord(t);
     const s = { id: crypto.randomUUID(), name: 'New Chat', created: Date.now(), history: [] };
-    d.sessions.set(s.id, s); d.lastActive = Date.now();
-    saveTempStore().catch(err => console.error('Failed to save temp store:', err));
+    d.sessions.set(s.id, s);
+    d.lastActive = Date.now();
+
+    if (isPostgresStorageMode()) {
+      await persistSqlSession(tempOwner(t), 'guest', s, guestExpiryRecord(d));
+      await persistSqlTempState(t);
+    } else {
+      saveTempStore().catch((err) => console.error('Failed to save temp store:', err));
+    }
     return s;
   },
-  updateTempSession(t, id, patch) {
-    const d = tempStore.get(t); if (!d) return null;
-    const s = d.sessions.get(id); if (!s) return null;
-    Object.assign(s, patch); d.lastActive = Date.now();
-    saveTempStore().catch(err => console.error('Failed to save temp store:', err));
+
+  async updateTempSession(t, id, patch) {
+    if (isPostgresStorageMode()) await ensureSqlTempLoaded(t);
+    const d = tempStore.get(t);
+    if (!d) return null;
+    const s = d.sessions.get(id);
+    if (!s) return null;
+    Object.assign(s, patch);
+    d.lastActive = Date.now();
+
+    if (isPostgresStorageMode()) {
+      await persistSqlSession(tempOwner(t), 'guest', s, guestExpiryRecord(d));
+      await persistSqlTempState(t);
+    } else {
+      saveTempStore().catch((err) => console.error('Failed to save temp store:', err));
+    }
     return s;
   },
-  restoreTempSession(t, session) {
-    const d = this.initTemp(t);
+
+  async restoreTempSession(t, session) {
+    if (isPostgresStorageMode()) await ensureSqlTempLoaded(t);
+    const d = ensureTempRecord(t);
     const restored = JSON.parse(JSON.stringify(session));
     d.sessions.set(restored.id, restored);
     d.lastActive = Date.now();
-    saveTempStore().catch(err => console.error('Failed to save temp store:', err));
+
+    if (isPostgresStorageMode()) {
+      await persistSqlSession(tempOwner(t), 'guest', restored, guestExpiryRecord(d));
+      await persistSqlTempState(t);
+    } else {
+      saveTempStore().catch((err) => console.error('Failed to save temp store:', err));
+    }
     return restored;
   },
-  deleteTempSession(t, id) { tempStore.get(t)?.sessions.delete(id); saveTempStore().catch(err => console.error('Failed to save temp store:', err)); },
-  deleteTempAll(t)         { tempStore.get(t)?.sessions.clear(); saveTempStore().catch(err => console.error('Failed to save temp store:', err)); },
-  deleteTempSessionEverywhere(id) {
+
+  async deleteTempSession(t, id) {
+    if (isPostgresStorageMode()) await ensureSqlTempLoaded(t);
+    tempStore.get(t)?.sessions.delete(id);
+
+    if (isPostgresStorageMode()) {
+      await pgQuery(
+        'DELETE FROM chat_sessions WHERE id = $1 AND scope_type = $2 AND owner_lookup = $3',
+        [id, 'guest', makeOwnerLookup(tempOwner(t))]
+      );
+      await persistSqlTempState(t);
+    } else {
+      saveTempStore().catch((err) => console.error('Failed to save temp store:', err));
+    }
+  },
+
+  async deleteTempAll(t) {
+    if (isPostgresStorageMode()) await ensureSqlTempLoaded(t);
+    tempStore.get(t)?.sessions.clear();
+
+    if (isPostgresStorageMode()) {
+      await pgQuery(
+        'DELETE FROM chat_sessions WHERE scope_type = $1 AND owner_lookup = $2',
+        ['guest', makeOwnerLookup(tempOwner(t))]
+      );
+      await persistSqlTempState(t);
+    } else {
+      saveTempStore().catch((err) => console.error('Failed to save temp store:', err));
+    }
+  },
+
+  async deleteTempSessionEverywhere(id) {
     let changed = false;
     for (const temp of tempStore.values()) {
       if (temp.sessions.delete(id)) changed = true;
     }
-    if (changed) saveTempStore().catch(err => console.error('Failed to save temp store:', err));
+
+    if (isPostgresStorageMode()) {
+      const result = await pgQuery(
+        'DELETE FROM chat_sessions WHERE id = $1 AND scope_type = $2',
+        [id, 'guest']
+      );
+      return changed || result.rowCount > 0;
+    }
+
+    if (changed) saveTempStore().catch((err) => console.error('Failed to save temp store:', err));
     return changed;
   },
 
-  /**
-   * Copy temp sessions into the user's account on login.
-   * We intentionally do NOT delete from tempStore so the guest session
-   * remains usable if the user logs out again (and so the WS client's
-   * tempId still resolves while the tab is open).
-   * Sessions that already exist in the user account (same id) are skipped
-   * to avoid overwriting newer server data.
-   */
   async transferTempToUser(tempId, userId, accessToken) {
+    if (isPostgresStorageMode()) await ensureSqlTempLoaded(tempId);
     const d = tempStore.get(tempId);
     if (!d || !d.sessions.size) return;
 
-    const uc   = userClient(accessToken);
     const user = this._ensureUser(userId);
+    if (isPostgresStorageMode()) await ensureUserLoaded(userId);
+
+    const uc = isPostgresStorageMode() ? null : userClient(accessToken);
 
     for (const s of d.sessions.values()) {
-      // Skip sessions that are empty (never actually used)
       if (!s.history || s.history.length === 0) continue;
-
-      // Skip if the user already has a session with the same id
       if (user.sessions.has(s.id)) continue;
 
-      // Deep-clone so mutations to the user copy don't affect temp copy
       const copy = JSON.parse(JSON.stringify(s));
       user.sessions.set(copy.id, copy);
-      await this._persist(uc, userId, copy).catch(err =>
-        console.error('transferTempToUser persist error:', err.message));
+
+      if (isPostgresStorageMode()) {
+        await persistSqlSession(userOwner(userId), 'user', copy, null);
+      } else {
+        await this._persist(uc, userId, copy).catch((err) =>
+          console.error('transferTempToUser persist error:', err.message));
+      }
     }
   },
 
-  // ── USERS ────────────────────────────────────────────────────────────────
   _ensureUser(uid) {
     if (!userCache.has(uid)) userCache.set(uid, { sessions: new Map(), online: new Set() });
     return userCache.get(uid);
   },
+
   async loadUserSessions(userId, accessToken) {
+    if (isPostgresStorageMode()) return loadUserSessionsSql(userId);
+
     const uc = userClient(accessToken);
     const { data, error } = await uc.from('web_sessions').select('*')
       .eq('user_id', userId).order('updated_at', { ascending: false });
     if (error) { console.error('loadUserSessions', error.message); return []; }
     const user = this._ensureUser(userId);
-    for (const row of data || [])
-      user.sessions.set(row.id, { id: row.id, name: row.name,
-        created: new Date(row.created_at).getTime(), history: row.history || [], model: row.model });
+    for (const row of data || []) {
+      user.sessions.set(row.id, {
+        id: row.id,
+        name: row.name,
+        created: new Date(row.created_at).getTime(),
+        history: row.history || [],
+        model: row.model,
+      });
+    }
     return [...user.sessions.values()];
   },
-  getUserSessions(uid)    { return [...(userCache.get(uid)?.sessions.values() || [])]; },
-  getUserSession(uid, id) { return userCache.get(uid)?.sessions.get(id) || null; },
+
+  getUserSessions(uid) {
+    return [...(userCache.get(uid)?.sessions.values() || [])];
+  },
+
+  getUserSession(uid, id) {
+    return userCache.get(uid)?.sessions.get(id) || null;
+  },
+
   async createUserSession(userId, accessToken) {
+    if (isPostgresStorageMode()) await ensureUserLoaded(userId);
     const s = { id: crypto.randomUUID(), name: 'New Chat', created: Date.now(), history: [] };
     this._ensureUser(userId).sessions.set(s.id, s);
-    await this._persist(userClient(accessToken), userId, s).catch(() => {});
+
+    if (isPostgresStorageMode()) {
+      await persistSqlSession(userOwner(userId), 'user', s, null);
+    } else {
+      await this._persist(userClient(accessToken), userId, s).catch(() => {});
+    }
     return s;
   },
+
   async restoreUserSession(userId, accessToken, session) {
+    if (isPostgresStorageMode()) await ensureUserLoaded(userId);
     const restored = JSON.parse(JSON.stringify(session));
     this._ensureUser(userId).sessions.set(restored.id, restored);
-    await this._persist(userClient(accessToken), userId, restored).catch(() => {});
+
+    if (isPostgresStorageMode()) {
+      await persistSqlSession(userOwner(userId), 'user', restored, null);
+    } else {
+      await this._persist(userClient(accessToken), userId, restored).catch(() => {});
+    }
     return restored;
   },
+
   async updateUserSession(userId, accessToken, sessionId, patch) {
-    const user = userCache.get(userId); if (!user) { console.error("No user for " + userId); return null; }
-    const s = user.sessions.get(sessionId); if (!s) { console.error ("No session found for " + sessionId); return null; }
+    if (isPostgresStorageMode()) await ensureUserLoaded(userId);
+    const user = userCache.get(userId);
+    if (!user) { console.error('No user for ' + userId); return null; }
+    const s = user.sessions.get(sessionId);
+    if (!s) { console.error('No session found for ' + sessionId); return null; }
     Object.assign(s, patch);
-    await this._persist(userClient(accessToken), userId, s).catch(() => {});
+
+    if (isPostgresStorageMode()) {
+      await persistSqlSession(userOwner(userId), 'user', s, null);
+    } else {
+      await this._persist(userClient(accessToken), userId, s).catch(() => {});
+    }
     return s;
   },
+
   async deleteUserSession(userId, accessToken, id) {
     try {
       userCache.get(userId)?.sessions.delete(id);
+      if (isPostgresStorageMode()) {
+        await pgQuery(
+          'DELETE FROM chat_sessions WHERE id = $1 AND scope_type = $2 AND owner_lookup = $3',
+          [id, 'user', makeOwnerLookup(userOwner(userId))]
+        );
+        return;
+      }
+
       const { error } = await userClient(accessToken)
         .from('web_sessions')
         .delete()
@@ -188,6 +507,7 @@ export const sessionStore = {
       console.error('Unexpected deleteUserSession error:', ex);
     }
   },
+
   async deleteAllUserSessions(userId, accessToken) {
     const u = userCache.get(userId);
     if (u) {
@@ -196,7 +516,16 @@ export const sessionStore = {
       console.error('No user for ' + userId);
       return null;
     }
+
     try {
+      if (isPostgresStorageMode()) {
+        await pgQuery(
+          'DELETE FROM chat_sessions WHERE scope_type = $1 AND owner_lookup = $2',
+          ['user', makeOwnerLookup(userOwner(userId))]
+        );
+        return;
+      }
+
       const { error } = await userClient(accessToken)
         .from('web_sessions')
         .delete()
@@ -206,57 +535,214 @@ export const sessionStore = {
       console.error('Unexpected deleteAllUserSessions error:', ex);
     }
   },
+
   async _persist(uc, userId, s) {
     await uc.from('web_sessions').upsert({
-      id: s.id, user_id: userId, name: s.name, history: s.history || [],
-      model: s.model || null, updated_at: new Date().toISOString(),
+      id: s.id,
+      user_id: userId,
+      name: s.name,
+      history: s.history || [],
+      model: s.model || null,
+      updated_at: new Date().toISOString(),
       created_at: new Date(s.created).toISOString(),
     });
   },
-  markOnline(uid, ws)  { this._ensureUser(uid).online.add(ws); },
-  markOffline(uid, ws) { userCache.get(uid)?.online.delete(ws); },
-  // ── SHARE ────────────────────────────────────────────────────────────────
+
+  markOnline(uid, ws) {
+    this._ensureUser(uid).online.add(ws);
+  },
+
+  markOffline(uid, ws) {
+    userCache.get(uid)?.online.delete(ws);
+  },
+
   async createShareToken(userId, accessToken, sessionId) {
-    const s = this.getUserSession(userId, sessionId); if (!s) return null;
+    const s = this.getUserSession(userId, sessionId);
+    if (!s) return null;
     const token = crypto.randomBytes(24).toString('base64url');
+
+    if (isPostgresStorageMode()) {
+      const record = {
+        id: crypto.randomUUID(),
+        ownerId: userId,
+        sessionSnapshot: s,
+        createdAt: nowIso(),
+      };
+      await pgQuery(
+        `INSERT INTO session_shares (id, token_lookup, owner_lookup, created_at, payload)
+         VALUES ($1, $2, $3, $4, $5::jsonb)`,
+        [
+          record.id,
+          shareTokenLookup(token),
+          makeOwnerLookup(userOwner(userId)),
+          record.createdAt,
+          JSON.stringify(encryptJsonPayload(record, shareAad(record.id))),
+        ]
+      );
+      return token;
+    }
+
     const uc = userClient(accessToken);
     const { error } = await uc.from('shared_sessions').insert({
-      token, owner_id: userId, session_snapshot: s, created_at: new Date().toISOString(),
+      token,
+      owner_id: userId,
+      session_snapshot: s,
+      created_at: new Date().toISOString(),
     });
     return error ? null : token;
   },
+
   async resolveShareToken(token) {
-    // shared_sessions SELECT is public via RLS
+    if (isPostgresStorageMode()) {
+      const { rows } = await pgQuery(
+        'SELECT id, payload FROM session_shares WHERE token_lookup = $1',
+        [shareTokenLookup(token)]
+      );
+      const record = rows[0] ? decryptJsonPayload(rows[0].payload, shareAad(rows[0].id)) : null;
+      return record ? {
+        token,
+        owner_id: record.ownerId,
+        session_snapshot: record.sessionSnapshot,
+        created_at: record.createdAt,
+      } : null;
+    }
+
     const uc = createClient(_SUPABASE_URL, _SUPABASE_ANON_KEY, { auth: { persistSession: false } });
     const { data } = await uc.from('shared_sessions').select('*').eq('token', token).single();
     return data || null;
   },
+
   async importSharedSession(userId, accessToken, token) {
-    const shared = await this.resolveShareToken(token); if (!shared) return null;
+    const shared = await this.resolveShareToken(token);
+    if (!shared) return null;
     const snap = shared.session_snapshot;
-    const newSession = { ...snap, id: crypto.randomUUID(),
-      name: `${snap.name} (shared)`, created: Date.now() };
-    const uc = userClient(accessToken);
+    const newSession = {
+      ...snap,
+      id: crypto.randomUUID(),
+      name: `${snap.name} (shared)`,
+      created: Date.now(),
+    };
+
+    if (isPostgresStorageMode()) await ensureUserLoaded(userId);
     this._ensureUser(userId).sessions.set(newSession.id, newSession);
-    await this._persist(uc, userId, newSession).catch(() => {});
+
+    if (isPostgresStorageMode()) {
+      await persistSqlSession(userOwner(userId), 'user', newSession, null);
+    } else {
+      const uc = userClient(accessToken);
+      await this._persist(uc, userId, newSession).catch(() => {});
+    }
     return newSession;
   },
 };
 
+async function upsertSqlDeviceSession(session) {
+  const lookup = deviceTokenLookup(session.token);
+  await pgQuery(
+    `INSERT INTO device_sessions (token_lookup, user_lookup, active, created_at, last_seen_at, payload)
+     VALUES ($1, $2, $3, $4, $5, $6::jsonb)
+     ON CONFLICT (token_lookup)
+     DO UPDATE SET
+       user_lookup = EXCLUDED.user_lookup,
+       active = EXCLUDED.active,
+       created_at = EXCLUDED.created_at,
+       last_seen_at = EXCLUDED.last_seen_at,
+       payload = EXCLUDED.payload`,
+    [
+      lookup,
+      makeOwnerLookup(userOwner(session.userId)),
+      !!session.active,
+      session.createdAt,
+      session.lastSeen,
+      JSON.stringify(encryptJsonPayload(session, deviceSessionAad(lookup))),
+    ]
+  );
+}
+
+async function loadSqlDeviceSession(token) {
+  const lookup = deviceTokenLookup(token);
+  const { rows } = await pgQuery(
+    'SELECT payload FROM device_sessions WHERE token_lookup = $1',
+    [lookup]
+  );
+  return rows[0] ? decryptJsonPayload(rows[0].payload, deviceSessionAad(lookup)) : null;
+}
+
 export const deviceSessionStore = {
-  create(userId, ip, userAgent) {
+  async create(userId, ip, userAgent) {
     const token = crypto.randomBytes(32).toString('hex');
-    devSessions.set(token, { token, userId, ip, userAgent,
-      createdAt: new Date().toISOString(), lastSeen: new Date().toISOString(), active: true });
+    const session = {
+      token,
+      userId,
+      ip,
+      userAgent,
+      createdAt: nowIso(),
+      lastSeen: nowIso(),
+      active: true,
+    };
+    devSessions.set(token, session);
+    if (isPostgresStorageMode()) {
+      await upsertSqlDeviceSession(session);
+    }
     return token;
   },
-  getForUser(uid)  { return [...devSessions.values()].filter(s => s.userId === uid && s.active); },
-  revoke(token)    { const s = devSessions.get(token); if (s) { s.active = false; return s; } return null; },
-  revokeAllExcept(uid, except) {
-    for (const [t, s] of devSessions) if (s.userId === uid && t !== except) s.active = false;
+
+  async getForUser(uid) {
+    if (isPostgresStorageMode()) {
+      const { rows } = await pgQuery(
+        'SELECT token_lookup, payload FROM device_sessions WHERE user_lookup = $1 AND active = TRUE ORDER BY last_seen_at DESC',
+        [makeOwnerLookup(userOwner(uid))]
+      );
+      const sessions = rows
+        .map((row) => decryptJsonPayload(row.payload, deviceSessionAad(row.token_lookup)))
+        .filter((session) => session?.userId === uid && session.active);
+      for (const session of sessions) devSessions.set(session.token, session);
+      return sessions;
+    }
+    return [...devSessions.values()].filter((s) => s.userId === uid && s.active);
+  },
+
+  async revoke(token) {
+    let session = devSessions.get(token) || null;
+    if (isPostgresStorageMode() && !session) {
+      session = await loadSqlDeviceSession(token);
+    }
+    if (!session) return null;
+    session.active = false;
+    devSessions.set(token, session);
+    if (isPostgresStorageMode()) {
+      await upsertSqlDeviceSession(session);
+    }
+    return session;
+  },
+
+  async revokeAllExcept(uid, except) {
+    if (isPostgresStorageMode()) {
+      const sessions = await this.getForUser(uid);
+      for (const session of sessions) {
+        if (session.token === except) continue;
+        session.active = false;
+        devSessions.set(session.token, session);
+        await upsertSqlDeviceSession(session);
+      }
+      return;
+    }
+    for (const [t, s] of devSessions) {
+      if (s.userId === uid && t !== except) s.active = false;
+    }
   },
-  validate(token)  {
-    const s = devSessions.get(token); if (!s || !s.active) return null;
-    s.lastSeen = new Date().toISOString(); return s;
+
+  async validate(token) {
+    let session = devSessions.get(token) || null;
+    if (isPostgresStorageMode() && !session) {
+      session = await loadSqlDeviceSession(token);
+    }
+    if (!session || !session.active) return null;
+    session.lastSeen = nowIso();
+    devSessions.set(token, session);
+    if (isPostgresStorageMode()) {
+      await upsertSqlDeviceSession(session);
+    }
+    return session;
   },
 };

server/systemPromptStore.js

@@ -2,6 +2,13 @@ import fs from 'fs/promises';
 import path from 'path';
 import { fileURLToPath } from 'url';
 import { loadEncryptedJson, saveEncryptedJson } from './cryptoUtils.js';
+import { isPostgresStorageMode } from './dataPaths.js';
+import {
+  decryptJsonPayload,
+  encryptJsonPayload,
+  makeLookupToken,
+  pgQuery,
+} from './postgres.js';
 
 const __dirname = path.dirname(fileURLToPath(import.meta.url));
 const SYSTEM_PROMPT_FILE = path.resolve(__dirname, '..', 'system prompt.md');
@@ -92,8 +99,16 @@ function normalizePrompt(markdown) {
     .slice(0, MAX_PROMPT_LENGTH);
 }
 
+function promptLookup(userId) {
+  return makeLookupToken('system-prompt', userId);
+}
+
+function promptAad(userId) {
+  return `system-prompt:${userId}`;
+}
+
 async function ensureLoaded() {
-  if (state.loaded) return;
+  if (state.loaded || isPostgresStorageMode()) return;
   const stored = await loadEncryptedJson(INDEX_FILE, 'system-prompts');
   state.prompts = stored?.prompts || {};
   state.loaded = true;
@@ -120,6 +135,14 @@ function sanitizeRecord(record) {
   };
 }
 
+async function getSqlPrompt(userId) {
+  const { rows } = await pgQuery(
+    'SELECT payload FROM system_prompts WHERE owner_lookup = $1',
+    [promptLookup(userId)]
+  );
+  return rows[0] ? sanitizeRecord(decryptJsonPayload(rows[0].payload, promptAad(userId))) : null;
+}
+
 export const systemPromptStore = {
   async getDefaultPrompt() {
     return loadDefaultPrompt();
@@ -127,6 +150,8 @@ export const systemPromptStore = {
 
   async getUserPrompt(userId) {
     if (!userId) return null;
+    if (isPostgresStorageMode()) return getSqlPrompt(userId);
+
     await ensureLoaded();
     return sanitizeRecord(state.prompts[userId]);
   },
@@ -155,6 +180,27 @@ export const systemPromptStore = {
     if (!userId) throw new Error('Missing user id');
     const normalized = normalizePrompt(markdown);
     if (!normalized) throw new Error('System prompt cannot be empty');
+
+    if (isPostgresStorageMode()) {
+      const record = {
+        userId,
+        markdown: normalized,
+        updatedAt: new Date().toISOString(),
+      };
+      await pgQuery(
+        `INSERT INTO system_prompts (owner_lookup, updated_at, payload)
+         VALUES ($1, $2, $3::jsonb)
+         ON CONFLICT (owner_lookup)
+         DO UPDATE SET updated_at = EXCLUDED.updated_at, payload = EXCLUDED.payload`,
+        [
+          promptLookup(userId),
+          record.updatedAt,
+          JSON.stringify(encryptJsonPayload(record, promptAad(userId))),
+        ]
+      );
+      return this.getPersonalization(userId);
+    }
+
     await ensureLoaded();
     state.prompts[userId] = {
       markdown: normalized,
@@ -166,6 +212,12 @@ export const systemPromptStore = {
 
   async resetUserPrompt(userId) {
     if (!userId) throw new Error('Missing user id');
+
+    if (isPostgresStorageMode()) {
+      await pgQuery('DELETE FROM system_prompts WHERE owner_lookup = $1', [promptLookup(userId)]);
+      return this.getPersonalization(userId);
+    }
+
     await ensureLoaded();
     delete state.prompts[userId];
     await saveIndex();

server/versionStore.js

@@ -0,0 +1,85 @@
+import fs from 'fs/promises';
+import path from 'path';
+import { DATA_ROOT, isPostgresStorageMode } from './dataPaths.js';
+import {
+  decryptJsonPayload,
+  encryptJsonPayload,
+  makeLookupToken,
+  pgQuery,
+} from './postgres.js';
+
+const VERSION_FILE = path.join(DATA_ROOT, 'version.json');
+
+function versionLookup(publicUrl) {
+  return makeLookupToken('app-version', publicUrl);
+}
+
+function versionAad(publicUrl) {
+  return `app-version:${publicUrl}`;
+}
+
+export async function loadStoredSHA(publicUrl) {
+  if (isPostgresStorageMode()) {
+    const { rows } = await pgQuery(
+      'SELECT payload FROM app_versions WHERE public_url_lookup = $1',
+      [versionLookup(publicUrl)]
+    );
+    const payload = rows[0]
+      ? decryptJsonPayload(rows[0].payload, versionAad(publicUrl))
+      : null;
+    return payload?.sha || null;
+  }
+
+  try {
+    await fs.mkdir(DATA_ROOT, { recursive: true });
+    const raw = await fs.readFile(VERSION_FILE, 'utf8');
+    const data = JSON.parse(raw);
+    const obj = Array.isArray(data) ? data.find((item) => item[publicUrl]) : null;
+    return obj ? obj[publicUrl] : null;
+  } catch {
+    return null;
+  }
+}
+
+export async function saveStoredSHA(publicUrl, sha) {
+  if (isPostgresStorageMode()) {
+    await pgQuery(
+      `INSERT INTO app_versions (public_url_lookup, updated_at, payload)
+       VALUES ($1, $2, $3::jsonb)
+       ON CONFLICT (public_url_lookup)
+       DO UPDATE SET updated_at = EXCLUDED.updated_at, payload = EXCLUDED.payload`,
+      [
+        versionLookup(publicUrl),
+        new Date().toISOString(),
+        JSON.stringify(encryptJsonPayload({ publicUrl, sha }, versionAad(publicUrl))),
+      ]
+    );
+    return;
+  }
+
+  await fs.mkdir(DATA_ROOT, { recursive: true });
+
+  let data = [];
+  try {
+    const raw = await fs.readFile(VERSION_FILE, 'utf8');
+    const parsed = JSON.parse(raw);
+    data = Array.isArray(parsed) ? parsed : [];
+  } catch {
+    data = [];
+  }
+
+  let found = false;
+  for (const entry of data) {
+    if (entry[publicUrl]) {
+      entry[publicUrl] = sha;
+      found = true;
+      break;
+    }
+  }
+
+  if (!found) {
+    data.push({ [publicUrl]: sha });
+  }
+
+  await fs.writeFile(VERSION_FILE, JSON.stringify(data, null, 2), 'utf8');
+}

server/webSearchUsageStore.js

@@ -1,8 +1,15 @@
 import fs from 'fs/promises';
 import path from 'path';
+import { DATA_ROOT, isPostgresStorageMode } from './dataPaths.js';
+import {
+  decryptJsonPayload,
+  encryptJsonPayload,
+  makeLookupToken,
+  pgQuery,
+  withPgTransaction,
+} from './postgres.js';
 
-const DATA_DIR = '/data';
-const STORE_FILE = path.join(DATA_DIR, 'web-search-usage.json');
+const STORE_FILE = path.join(DATA_ROOT, 'web-search-usage.json');
 const APP_TIMEZONE = process.env.APP_TIMEZONE || 'America/New_York';
 
 let state = { days: {} };
@@ -18,6 +25,14 @@ function todayKey() {
   }).format(new Date());
 }
 
+function usageLookup(key) {
+  return makeLookupToken('web-search-usage', key);
+}
+
+function usageAad(key, day) {
+  return `web-search-usage:${key}:${day}`;
+}
+
 function pruneDays() {
   const keepKey = todayKey();
   state.days = Object.fromEntries(
@@ -26,10 +41,10 @@ function pruneDays() {
 }
 
 async function ensureLoaded() {
-  if (loaded) return;
+  if (loaded || isPostgresStorageMode()) return;
   loaded = true;
   try {
-    await fs.mkdir(DATA_DIR, { recursive: true });
+    await fs.mkdir(DATA_ROOT, { recursive: true });
     const raw = await fs.readFile(STORE_FILE, 'utf8');
     const parsed = JSON.parse(raw);
     if (parsed && typeof parsed === 'object') state = parsed;
@@ -40,7 +55,7 @@ async function ensureLoaded() {
 function saveState() {
   saveChain = saveChain.then(async () => {
     pruneDays();
-    await fs.mkdir(DATA_DIR, { recursive: true });
+    await fs.mkdir(DATA_ROOT, { recursive: true });
     await fs.writeFile(STORE_FILE, JSON.stringify(state, null, 2), 'utf8');
   }).catch((err) => {
     console.error('Failed to persist web search usage:', err);
@@ -61,7 +76,80 @@ function getCounterRecord(key) {
   };
 }
 
+async function pruneSqlUsage(day, client = null) {
+  const runner = client || { query: pgQuery };
+  await runner.query('DELETE FROM web_search_usage WHERE day_key <> $1', [day]);
+}
+
+async function getSqlUsage(key, limit = 15) {
+  const day = todayKey();
+  await pruneSqlUsage(day);
+  const lookup = usageLookup(key);
+  const { rows } = await pgQuery(
+    'SELECT payload FROM web_search_usage WHERE key_lookup = $1 AND day_key = $2',
+    [lookup, day]
+  );
+  const payload = rows[0]
+    ? decryptJsonPayload(rows[0].payload, usageAad(key, day))
+    : null;
+  const used = Math.max(0, Number(payload?.used) || 0);
+  return {
+    limit,
+    used,
+    remaining: Math.max(0, limit - used),
+    window: day,
+    period: 'daily',
+  };
+}
+
+async function consumeSqlUsage(key, limit = 15) {
+  return withPgTransaction(async (client) => {
+    const day = todayKey();
+    await pruneSqlUsage(day, client);
+    const lookup = usageLookup(key);
+    const { rows } = await client.query(
+      'SELECT payload FROM web_search_usage WHERE key_lookup = $1 AND day_key = $2 FOR UPDATE',
+      [lookup, day]
+    );
+    const current = rows[0]
+      ? decryptJsonPayload(rows[0].payload, usageAad(key, day))
+      : { used: 0 };
+    const used = Math.max(0, Number(current?.used) || 0);
+
+    if (used >= limit) {
+      return {
+        allowed: false,
+        limit,
+        used,
+        remaining: 0,
+        window: day,
+        period: 'daily',
+      };
+    }
+
+    const next = { used: used + 1 };
+    await client.query(
+      `INSERT INTO web_search_usage (key_lookup, day_key, updated_at, payload)
+       VALUES ($1, $2, $3, $4::jsonb)
+       ON CONFLICT (key_lookup, day_key)
+       DO UPDATE SET updated_at = EXCLUDED.updated_at, payload = EXCLUDED.payload`,
+      [lookup, day, new Date().toISOString(), JSON.stringify(encryptJsonPayload(next, usageAad(key, day)))]
+    );
+
+    return {
+      allowed: true,
+      limit,
+      used: next.used,
+      remaining: Math.max(0, limit - next.used),
+      window: day,
+      period: 'daily',
+    };
+  });
+}
+
 export async function getWebSearchUsage(key, limit = 15) {
+  if (isPostgresStorageMode()) return getSqlUsage(key, limit);
+
   await ensureLoaded();
   const record = getCounterRecord(key);
   return {
@@ -74,6 +162,8 @@ export async function getWebSearchUsage(key, limit = 15) {
 }
 
 export async function consumeWebSearchUsage(key, limit = 15) {
+  if (isPostgresStorageMode()) return consumeSqlUsage(key, limit);
+
   await ensureLoaded();
   const record = getCounterRecord(key);
   if (record.used >= limit) {

server/wsHandler.js

@@ -97,7 +97,7 @@ export async function handleWsMessage(ws, msg, wsClients) {
     'auth:logout',
   ]);
   if (client.userId && client.deviceToken && !bypassDeviceValidation.has(msg.type)) {
-    const activeDeviceSession = deviceSessionStore.validate(client.deviceToken);
+    const activeDeviceSession = await deviceSessionStore.validate(client.deviceToken);
     if (!activeDeviceSession) {
       const priorUserId = client.userId;
       Object.assign(client, { userId: null, authenticated: false, accessToken: null, deviceToken: null });
@@ -141,7 +141,7 @@ const handlers = {
     let nextDeviceToken = null;
     let reusedDeviceSession = false;
     if (requestedDeviceToken) {
-      const existingDevice = deviceSessionStore.validate(requestedDeviceToken);
+      const existingDevice = await deviceSessionStore.validate(requestedDeviceToken);
       if (existingDevice?.userId === user.id) {
         existingDevice.ip = client.ip;
         existingDevice.userAgent = client.userAgent;
@@ -150,10 +150,10 @@ const handlers = {
       }
     }
     if (!nextDeviceToken) {
-      nextDeviceToken = deviceSessionStore.create(user.id, client.ip, client.userAgent);
+      nextDeviceToken = await deviceSessionStore.create(user.id, client.ip, client.userAgent);
     }
     if (client.deviceToken && client.deviceToken !== nextDeviceToken) {
-      deviceSessionStore.revoke(client.deviceToken);
+      await deviceSessionStore.revoke(client.deviceToken);
     }
     client.userId = user.id; client.accessToken = accessToken; client.authenticated = true;
     client.deviceToken = nextDeviceToken;
@@ -180,25 +180,26 @@ const handlers = {
     }
   },
 
-  'auth:logout': (ws, msg, client) => {
+  'auth:logout': async (ws, msg, client) => {
     const priorUserId = client.userId;
-    if (client.deviceToken) deviceSessionStore.revoke(client.deviceToken);
+    if (client.deviceToken) await deviceSessionStore.revoke(client.deviceToken);
     Object.assign(client, { userId: null, authenticated: false, accessToken: null, deviceToken: null });
     if (priorUserId) sessionStore.markOffline(priorUserId, ws);
     safeSend(ws, { type: 'auth:loggedOut' });
   },
 
-  'auth:guest': (ws, msg, client) => {
+  'auth:guest': async (ws, msg, client) => {
     const t = msg.tempId || client.tempId;
     client.tempId = t;
     sessionStore.initTemp(t);
-    safeSend(ws, { type: 'auth:guestOk', tempId: t, sessions: sessionStore.getTempSessions(t).map(ser) });
+    const sessions = await sessionStore.getTempSessions(t);
+    safeSend(ws, { type: 'auth:guestOk', tempId: t, sessions: sessions.map(ser) });
   },
 
-  'sessions:list': (ws, msg, client) => {
+  'sessions:list': async (ws, msg, client) => {
     const list = client.userId
       ? sessionStore.getUserSessions(client.userId)
-      : sessionStore.getTempSessions(client.tempId);
+      : await sessionStore.getTempSessions(client.tempId);
     list.sort((a, b) => b.created - a.created);
     safeSend(ws, { type: 'sessions:list', sessions: list.map(ser) });
   },
@@ -206,7 +207,7 @@ const handlers = {
   'sessions:create': async (ws, msg, client) => {
     const s = client.userId
       ? await sessionStore.createUserSession(client.userId, client.accessToken)
-      : sessionStore.createTempSession(client.tempId);
+      : await sessionStore.createTempSession(client.tempId);
     safeSend(ws, { type: 'sessions:created', session: ser(s) });
   },
 
@@ -214,15 +215,15 @@ const handlers = {
     const owner = getClientOwner(client);
     const session = client.userId
       ? sessionStore.getUserSession(client.userId, msg.sessionId)
-      : sessionStore.getTempSession(client.tempId, msg.sessionId);
+      : await sessionStore.getTempSession(client.tempId, msg.sessionId);
     if (!session) return safeSend(ws, { type: 'error', message: 'Session not found' });
 
     await chatTrashStore.add(owner, JSON.parse(JSON.stringify(session)));
     if (client.userId) {
       await sessionStore.deleteUserSession(client.userId, client.accessToken, msg.sessionId);
-      sessionStore.deleteTempSessionEverywhere(msg.sessionId);
+      await sessionStore.deleteTempSessionEverywhere(msg.sessionId);
     } else {
-      sessionStore.deleteTempSession(client.tempId, msg.sessionId);
+      await sessionStore.deleteTempSession(client.tempId, msg.sessionId);
     }
     safeSend(ws, { type: 'sessions:deleted', sessionId: msg.sessionId });
     safeSend(ws, { type: 'trash:chats:changed' });
@@ -232,13 +233,13 @@ const handlers = {
     const owner = getClientOwner(client);
     const sessions = client.userId
       ? sessionStore.getUserSessions(client.userId)
-      : sessionStore.getTempSessions(client.tempId);
+      : await sessionStore.getTempSessions(client.tempId);
     for (const session of sessions) {
       await chatTrashStore.add(owner, JSON.parse(JSON.stringify(session)));
-      if (client.userId) sessionStore.deleteTempSessionEverywhere(session.id);
+      if (client.userId) await sessionStore.deleteTempSessionEverywhere(session.id);
     }
     if (client.userId) await sessionStore.deleteAllUserSessions(client.userId, client.accessToken);
-    else sessionStore.deleteTempAll(client.tempId);
+    else await sessionStore.deleteTempAll(client.tempId);
     safeSend(ws, { type: 'sessions:deletedAll' });
     safeSend(ws, { type: 'trash:chats:changed' });
   },
@@ -247,14 +248,14 @@ const handlers = {
     const name = (msg.name || '').trim(); if (!name) return;
     if (client.userId)
       await sessionStore.updateUserSession(client.userId, client.accessToken, msg.sessionId, { name });
-    else sessionStore.updateTempSession(client.tempId, msg.sessionId, { name });
+    else await sessionStore.updateTempSession(client.tempId, msg.sessionId, { name });
     safeSend(ws, { type: 'sessions:renamed', sessionId: msg.sessionId, name });
   },
 
-  'sessions:get': (ws, msg, client) => {
+  'sessions:get': async (ws, msg, client) => {
     const s = client.userId
       ? sessionStore.getUserSession(client.userId, msg.sessionId)
-      : sessionStore.getTempSession(client.tempId, msg.sessionId);
+      : await sessionStore.getTempSession(client.tempId, msg.sessionId);
     if (!s) return safeSend(ws, { type: 'error', message: 'Session not found' });
     safeSend(ws, { type: 'sessions:data', session: ser(s) });
   },
@@ -304,12 +305,12 @@ const handlers = {
     if (!client.userId) {
       const allowed = await consumeGuestRequest(client.ip || 'unknown');
       if (!allowed) return safeSend(ws, { type: 'guest:rateLimit', message: 'Guest request limit exceeded' });
-      if (!sessionStore.tempCanSend(client.tempId)) return safeSend(ws, { type: 'chat:limitReached' });
-      sessionStore.tempBump(client.tempId);
+      if (!await sessionStore.tempCanSend(client.tempId)) return safeSend(ws, { type: 'chat:limitReached' });
+      await sessionStore.tempBump(client.tempId);
     }
     const session = client.userId
       ? sessionStore.getUserSession(client.userId, sessionId)
-      : sessionStore.getTempSession(client.tempId, sessionId);
+      : await sessionStore.getTempSession(client.tempId, sessionId);
     if (!session) return safeSend(ws, { type: 'error', message: 'Session not found' });
 
     abortActiveStream(ws);
@@ -431,7 +432,7 @@ const handlers = {
 
         if (client.userId)
           await sessionStore.updateUserSession(client.userId, client.accessToken, sessionId, { history: newHistory, name: newName });
-        else sessionStore.updateTempSession(client.tempId, sessionId, { history: newHistory, name: newName });
+        else await sessionStore.updateTempSession(client.tempId, sessionId, { history: newHistory, name: newName });
 
         safeSend(ws, { type: aborted ? 'chat:aborted' : 'chat:done', sessionId, name: newName, history: extractFlatHistory(newRootMessage) });
       },
@@ -450,7 +451,7 @@ const handlers = {
     const { sessionId, messageIndex, newContent } = msg;
     const session = client.userId
       ? sessionStore.getUserSession(client.userId, sessionId)
-      : sessionStore.getTempSession(client.tempId, sessionId);
+      : await sessionStore.getTempSession(client.tempId, sessionId);
     if (!session) return safeSend(ws, { type: 'error', message: 'Session not found' });
     
     const rootMessage = session.history?.[0];
@@ -492,7 +493,7 @@ const handlers = {
     if (client.userId) {
       await sessionStore.updateUserSession(client.userId, client.accessToken, sessionId, { history: newHistory });
     } else {
-      sessionStore.updateTempSession(client.tempId, sessionId, { history: newHistory });
+      await sessionStore.updateTempSession(client.tempId, sessionId, { history: newHistory });
     }
     
     // Send back the updated message with its ID and the full flat history
@@ -511,7 +512,7 @@ const handlers = {
     const { sessionId, messageIndex, versionIdx } = msg;
     const session = client.userId
       ? sessionStore.getUserSession(client.userId, sessionId)
-      : sessionStore.getTempSession(client.tempId, sessionId);
+      : await sessionStore.getTempSession(client.tempId, sessionId);
     if (!session) return;
     
     const rootMessage = session.history?.[0];
@@ -535,7 +536,7 @@ const handlers = {
     if (client.userId) {
       await sessionStore.updateUserSession(client.userId, client.accessToken, sessionId, { history: newHistory });
     } else {
-      sessionStore.updateTempSession(client.tempId, sessionId, { history: newHistory });
+      await sessionStore.updateTempSession(client.tempId, sessionId, { history: newHistory });
     }
     
     // Send back with messageId for clarity
@@ -547,7 +548,7 @@ const handlers = {
     const action = msg.action === 'continue' ? 'continue' : 'regenerate';
     const session = client.userId
       ? sessionStore.getUserSession(client.userId, sessionId)
-      : sessionStore.getTempSession(client.tempId, sessionId);
+      : await sessionStore.getTempSession(client.tempId, sessionId);
     if (!session) return safeSend(ws, { type: 'error', message: 'Session not found' });
 
     const rootMessage = session.history?.[0];
@@ -685,7 +686,7 @@ const handlers = {
         if (client.userId) {
           await sessionStore.updateUserSession(client.userId, client.accessToken, sessionId, { history: newHistory, name: newName });
         } else {
-          sessionStore.updateTempSession(client.tempId, sessionId, { history: newHistory, name: newName });
+          await sessionStore.updateTempSession(client.tempId, sessionId, { history: newHistory, name: newName });
         }
 
         safeSend(ws, { type: 'chat:done', sessionId, name: newName, history: extractFlatHistory(newRoot) });
@@ -787,12 +788,19 @@ const handlers = {
   },
   'account:getUsage':        async (ws, msg, c) => { safeSend(ws, { type: 'account:usage', usage: await buildUsagePayload(c, msg.clientId || '') }); },
   'account:getTierConfig':   async (ws)          => { safeSend(ws, { type: 'account:tierConfig', config: await getTierConfig() }); },
-  'account:getSessions':     (ws, msg, c)         => { if (!c.userId) return; safeSend(ws, { type: 'account:deviceSessions', sessions: deviceSessionStore.getForUser(c.userId), currentToken: c.deviceToken }); },
-  'account:revokeSession':   (ws, msg, c, wsClients) => {
+  'account:getSessions':     async (ws, msg, c)   => {
+    if (!c.userId) return;
+    safeSend(ws, {
+      type: 'account:deviceSessions',
+      sessions: await deviceSessionStore.getForUser(c.userId),
+      currentToken: c.deviceToken,
+    });
+  },
+  'account:revokeSession':   async (ws, msg, c, wsClients) => {
     if (!c.userId || !msg.token) return;
-    const revoked = deviceSessionStore.revoke(msg.token);
+    const revoked = await deviceSessionStore.revoke(msg.token);
     if (revoked) {
-      const activeSessions = deviceSessionStore.getForUser(c.userId);
+      const activeSessions = await deviceSessionStore.getForUser(c.userId);
       for (const [ows, oc] of wsClients) {
         if (oc.userId !== c.userId) continue;
         if (oc.deviceToken === msg.token) {
@@ -810,10 +818,10 @@ const handlers = {
     }
     safeSend(ws, { type: 'account:sessionRevoked', token: msg.token });
   },
-  'account:revokeAllOthers': (ws, msg, c, wsClients) => {
+  'account:revokeAllOthers': async (ws, msg, c, wsClients) => {
     if (!c.userId) return;
-    deviceSessionStore.revokeAllExcept(c.userId, c.deviceToken);
-    const activeSessions = deviceSessionStore.getForUser(c.userId);
+    await deviceSessionStore.revokeAllExcept(c.userId, c.deviceToken);
+    const activeSessions = await deviceSessionStore.getForUser(c.userId);
     for (const [ows, oc] of wsClients) {
       if (oc.userId !== c.userId) continue;
       if (oc.deviceToken && oc.deviceToken !== c.deviceToken) {
@@ -845,7 +853,7 @@ async function restoreDeletedSession(client, snapshot) {
   const restored = JSON.parse(JSON.stringify(snapshot));
   const existing = client.userId
     ? sessionStore.getUserSession(client.userId, restored.id)
-    : sessionStore.getTempSession(client.tempId, restored.id);
+    : await sessionStore.getTempSession(client.tempId, restored.id);
   if (existing) restored.id = crypto.randomUUID();
   restored.created = restored.created || Date.now();
   if (client.userId) {