Merge branch 'main' into timing

chore(nixops): bump go to 1.25.3 and nixpkgs due to CVEs (#3652 )
asd
2025-10-30 16:42:08 +01:00 · 2025-10-30 16:37:52 +01:00 · 2025-10-30 09:19:40 +01:00 · 2025-10-30 09:16:50 +01:00 · 2025-10-29 12:50:22 +01:00 · 2025-10-28 15:58:25 +01:00
504 changed files with 12738 additions and 57244 deletions
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -7,6 +7,8 @@ assignees: ''

 ---

+> **Note:** Bug reports that are clearly AI-generated will not be accepted and will be closed immediately. Please write your bug report in your own words.
+
 **Describe the bug**
 A clear and concise description of what the bug is.

--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -7,6 +7,8 @@ assignees: ''

 ---

+> **Note:** Feature requests that are clearly AI-generated will not be accepted and will be closed immediately. Please write your feature request in your own words.
+
 **Is your feature request related to a problem? Please describe.**
 A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -8,6 +8,8 @@

 --- Delete everything below this line before submitting your PR ---

+> **Note on AI-assisted contributions:** Contributions with the help of AI are permitted, but you are ultimately responsible for the quality of your submission and for ensuring it follows our contributing guidelines. **The PR description must be written in your own words and be clear and concise**. Please ensure you remove any superfluous code comments introduced by AI tools before submitting. PRs that clearly violate this rule will be closed without further review.
+
 ### PR title format

 The PR title must follow the following pattern:
--- a/.github/workflows/auth_checks.yaml
+++ b/.github/workflows/auth_checks.yaml
@@ -1,8 +1,7 @@
 ---
 name: "auth: check and build"
 on:
-  # pull_request_target:
-  pull_request:
+  pull_request_target:
    paths:
      - '.github/workflows/auth_checks.yaml'
      - '.github/workflows/wf_check.yaml'
@@ -49,7 +48,7 @@ jobs:
    with:
      NAME: auth
      PATH: services/auth
-      GIT_REF: ${{ github.sha }}
+      GIT_REF: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || github.sha }}

    secrets:
      AWS_ACCOUNT_ID: ${{ secrets.AWS_PRODUCTION_CORE_ACCOUNT_ID }}
@@ -64,7 +63,7 @@ jobs:
    with:
      NAME: auth
      PATH: services/auth
-      GIT_REF: ${{ github.sha }}
+      GIT_REF: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || github.sha }}
      VERSION: 0.0.0-dev # we use a fixed version here to avoid unnecessary rebuilds
      DOCKER: true
    secrets:
--- a/.github/workflows/cli_checks.yaml
+++ b/.github/workflows/cli_checks.yaml
@@ -1,8 +1,7 @@
 ---
 name: "cli: check and build"
 on:
-  # pull_request_target:
-  pull_request:
+  pull_request_target:
    paths:
      - '.github/workflows/cli_checks.yaml'
      - '.github/workflows/wf_check.yaml'
@@ -50,7 +49,7 @@ jobs:
    with:
      NAME: cli
      PATH: cli
-      GIT_REF: ${{ github.sha }}
+      GIT_REF: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || github.sha }}

    secrets:
      AWS_ACCOUNT_ID: ${{ secrets.AWS_PRODUCTION_CORE_ACCOUNT_ID }}
@@ -65,7 +64,7 @@ jobs:
    with:
      NAME: cli
      PATH: cli
-      GIT_REF: ${{ github.sha }}
+      GIT_REF: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || github.sha }}
      VERSION: 0.0.0-dev # we use a fixed version here to avoid unnecessary rebuilds
      DOCKER: true
    secrets:
@@ -81,7 +80,7 @@ jobs:
    with:
      NAME: cli
      PATH: cli
-      GIT_REF: ${{ github.sha }}
+      GIT_REF: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || github.sha }}

    secrets:
      AWS_ACCOUNT_ID: ${{ secrets.AWS_PRODUCTION_CORE_ACCOUNT_ID }}
--- a/.github/workflows/cli_wf_test_new_project.yaml
+++ b/.github/workflows/cli_wf_test_new_project.yaml
@@ -63,7 +63,7 @@ jobs:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

    - name: "Get artifacts"
-      uses: actions/download-artifact@v5
+      uses: actions/download-artifact@v6
      with:
        path: ~/artifacts

--- a/.github/workflows/codegen_checks.yaml
+++ b/.github/workflows/codegen_checks.yaml
@@ -1,8 +1,7 @@
 ---
 name: "codegen: check and build"
 on:
-  # pull_request_target:
-  pull_request:
+  pull_request_target:
    paths:
      - '.github/workflows/wf_check.yaml'
      - '.github/workflows/codegen_checks.yaml'
@@ -48,7 +47,7 @@ jobs:
    with:
      NAME: codegen
      PATH: tools/codegen
-      GIT_REF: ${{ github.sha }}
+      GIT_REF: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || github.sha }}

    secrets:
      AWS_ACCOUNT_ID: ${{ secrets.AWS_PRODUCTION_CORE_ACCOUNT_ID }}
@@ -62,7 +61,7 @@ jobs:
    with:
      NAME: codegen
      PATH: tools/codegen
-      GIT_REF: ${{ github.sha }}
+      GIT_REF: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || github.sha }}
      VERSION: 0.0.0-dev # we use a fixed version here to avoid unnecessary rebuilds
      DOCKER: false
    secrets:
--- a/.github/workflows/dashboard_checks.yaml
+++ b/.github/workflows/dashboard_checks.yaml
@@ -1,7 +1,7 @@
 ---
 name: "dashboard: check and build"
 on:
-  pull_request:
+  pull_request_target:
    paths:
      - '.github/workflows/wf_build_artifacts.yaml'
      - '.github/workflows/wf_check.yaml'
@@ -54,7 +54,7 @@ jobs:
      - check-permissions
    with:
      NAME: dashboard
-      GIT_REF: ${{ github.sha }}
+      GIT_REF: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || github.sha }}
      ENVIRONMENT: preview
    secrets:
      AWS_ACCOUNT_ID: ${{ secrets.AWS_PRODUCTION_CORE_ACCOUNT_ID }}
@@ -73,7 +73,7 @@ jobs:
    with:
      NAME: dashboard
      PATH: dashboard
-      GIT_REF: ${{ github.sha }}
+      GIT_REF: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || github.sha }}
      VERSION: 0.0.0-dev # we use a fixed version here to avoid unnecessary rebuilds
      DOCKER: true
      OS_MATRIX: '["blacksmith-2vcpu-ubuntu-2404"]'
@@ -91,7 +91,7 @@ jobs:
    with:
      NAME: dashboard
      PATH: dashboard
-      GIT_REF: ${{ github.sha }}
+      GIT_REF: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || github.sha }}
    secrets:
      AWS_ACCOUNT_ID: ${{ secrets.AWS_PRODUCTION_CORE_ACCOUNT_ID }}
      NIX_CACHE_PUB_KEY: ${{ secrets.NIX_CACHE_PUB_KEY }}
@@ -107,7 +107,7 @@ jobs:
    with:
      NAME: dashboard
      PATH: dashboard
-      GIT_REF: ${{ github.sha }}
+      GIT_REF: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || github.sha }}
      NHOST_TEST_DASHBOARD_URL: ${{ needs.deploy-vercel.outputs.preview-url }}
      NHOST_TEST_PROJECT_NAME: ${{ vars.NHOST_TEST_PROJECT_NAME }}
      NHOST_TEST_ORGANIZATION_NAME: ${{ vars.NHOST_TEST_ORGANIZATION_NAME }}
--- a/.github/workflows/dashboard_wf_e2e_staging.yaml
+++ b/.github/workflows/dashboard_wf_e2e_staging.yaml
@@ -148,7 +148,7 @@ jobs:
        rm playwright-report.tar.gz

    - name: Upload encrypted Playwright report
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v5
      if: failure()
      with:
        name: encrypted-playwright-report-${{ github.run_id }}
--- a/.github/workflows/docs_checks.yaml
+++ b/.github/workflows/docs_checks.yaml
@@ -1,7 +1,7 @@
 ---
 name: "docs: check and build"
 on:
-  pull_request:
+  pull_request_target:
    paths:
      - '.github/workflows/wf_check.yaml'
      - '.github/workflows/dashboard_checks.yaml'
@@ -62,7 +62,7 @@ jobs:
    with:
      NAME: docs
      PATH: docs
-      GIT_REF: ${{ github.sha }}
+      GIT_REF: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || github.sha }}
    secrets:
      AWS_ACCOUNT_ID: ${{ secrets.AWS_PRODUCTION_CORE_ACCOUNT_ID }}
      NIX_CACHE_PUB_KEY: ${{ secrets.NIX_CACHE_PUB_KEY }}
--- a/.github/workflows/examples_demos_checks.yaml
+++ b/.github/workflows/examples_demos_checks.yaml
@@ -1,8 +1,7 @@
 ---
 name: "examples/demos: check and build"
 on:
-  # pull_request_target:
-  pull_request:
+  pull_request_target:
    paths:
      - '.github/workflows/wf_check.yaml'
      - '.github/workflows/examples_demos_checks.yaml'
@@ -64,7 +63,7 @@ jobs:
    with:
      NAME: demos
      PATH: examples/demos
-      GIT_REF: ${{ github.sha }}
+      GIT_REF: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || github.sha }}

    secrets:
      AWS_ACCOUNT_ID: ${{ secrets.AWS_PRODUCTION_CORE_ACCOUNT_ID }}
@@ -78,7 +77,7 @@ jobs:
    with:
      NAME: demos
      PATH: examples/demos
-      GIT_REF: ${{ github.sha }}
+      GIT_REF: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || github.sha }}
      VERSION: 0.0.0-dev # we use a fixed version here to avoid unnecessary rebuilds
      DOCKER: false
      OS_MATRIX: '["blacksmith-2vcpu-ubuntu-2404"]'
--- a/.github/workflows/examples_guides_checks.yaml
+++ b/.github/workflows/examples_guides_checks.yaml
@@ -1,8 +1,7 @@
 ---
 name: "examples/guides: check and build"
 on:
-  # pull_request_target:
-  pull_request:
+  pull_request_target:
    paths:
      - '.github/workflows/wf_check.yaml'
      - '.github/workflows/examples_guides_checks.yaml'
@@ -64,7 +63,7 @@ jobs:
    with:
      NAME: guides
      PATH: examples/guides
-      GIT_REF: ${{ github.sha }}
+      GIT_REF: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || github.sha }}

    secrets:
      AWS_ACCOUNT_ID: ${{ secrets.AWS_PRODUCTION_CORE_ACCOUNT_ID }}
@@ -78,7 +77,7 @@ jobs:
    with:
      NAME: guides
      PATH: examples/guides
-      GIT_REF: ${{ github.sha }}
+      GIT_REF: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || github.sha }}
      VERSION: 0.0.0-dev # we use a fixed version here to avoid unnecessary rebuilds
      DOCKER: false
      OS_MATRIX: '["blacksmith-2vcpu-ubuntu-2404"]'
--- a/.github/workflows/examples_tutorials_checks.yaml
+++ b/.github/workflows/examples_tutorials_checks.yaml
@@ -1,8 +1,7 @@
 ---
 name: "examples/tutorials: check and build"
 on:
-  # pull_request_target:
-  pull_request:
+  pull_request_target:
    paths:
      - '.github/workflows/wf_check.yaml'
      - '.github/workflows/examples_tutorials_checks.yaml'
@@ -64,7 +63,7 @@ jobs:
    with:
      NAME: tutorials
      PATH: examples/tutorials
-      GIT_REF: ${{ github.sha }}
+      GIT_REF: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || github.sha }}

    secrets:
      AWS_ACCOUNT_ID: ${{ secrets.AWS_PRODUCTION_CORE_ACCOUNT_ID }}
@@ -78,7 +77,7 @@ jobs:
    with:
      NAME: tutorials
      PATH: examples/tutorials
-      GIT_REF: ${{ github.sha }}
+      GIT_REF: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || github.sha }}
      VERSION: 0.0.0-dev # we use a fixed version here to avoid unnecessary rebuilds
      DOCKER: false
      OS_MATRIX: '["blacksmith-2vcpu-ubuntu-2404"]'
--- a/.github/workflows/gen_ai_review.yaml
+++ b/.github/workflows/gen_ai_review.yaml
@@ -1,7 +1,7 @@
 ---
 name: "gen: AI review"
 on:
-  pull_request:
+  pull_request_target:
    types: [opened, reopened, ready_for_review]
  issue_comment:
 jobs:
@@ -24,4 +24,5 @@ jobs:
          config.model: ${{ vars.GEN_AI_MODEL }}
          config.model_turbo: $${{ vars.GEN_AI_MODEL_TURBO }}
          config.max_model_tokens: 200000
+          config.custom_model_max_tokens: 200000
          ignore.glob: "['pnpm-lock.yaml','**/pnpm-lock.yaml', 'vendor/**','**/client_gen.go','**/models_gen.go','**/generated.go','**/*.gen.go']"
--- a/.github/workflows/nhost-js_checks.yaml
+++ b/.github/workflows/nhost-js_checks.yaml
@@ -1,8 +1,7 @@
 ---
 name: "nhost-js: check and build"
 on:
-  # pull_request_target:
-  pull_request:
+  pull_request_target:
    paths:
      - '.github/workflows/wf_check.yaml'
      - '.github/workflows/nhost-js_checks.yaml'
@@ -65,7 +64,7 @@ jobs:
    with:
      NAME: nhost-js
      PATH: packages/nhost-js
-      GIT_REF: ${{ github.sha }}
+      GIT_REF: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || github.sha }}

    secrets:
      AWS_ACCOUNT_ID: ${{ secrets.AWS_PRODUCTION_CORE_ACCOUNT_ID }}
@@ -79,7 +78,7 @@ jobs:
    with:
      NAME: nhost-js
      PATH: packages/nhost-js
-      GIT_REF: ${{ github.sha }}
+      GIT_REF: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || github.sha }}
      VERSION: 0.0.0-dev # we use a fixed version here to avoid unnecessary rebuilds
      DOCKER: false
    secrets:
--- a/.github/workflows/nixops_checks.yaml
+++ b/.github/workflows/nixops_checks.yaml
@@ -1,8 +1,7 @@
 ---
 name: "nixops: check and build"
 on:
-  # pull_request_target:
-  pull_request:
+  pull_request_target:
    paths:
      - '.github/workflows/wf_check.yaml'
      - '.github/workflows/nixops_checks.yaml'
@@ -40,7 +39,7 @@ jobs:
    with:
      NAME: nixops
      PATH: nixops
-      GIT_REF: ${{ github.sha }}
+      GIT_REF: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || github.sha }}

    secrets:
      AWS_ACCOUNT_ID: ${{ secrets.AWS_PRODUCTION_CORE_ACCOUNT_ID }}
@@ -54,7 +53,7 @@ jobs:
    with:
      NAME: nixops
      PATH: nixops
-      GIT_REF: ${{ github.sha }}
+      GIT_REF: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || github.sha }}
      VERSION: 0.0.0-dev # we use a fixed version here to avoid unnecessary rebuilds
      DOCKER: true
    secrets:
--- a/.github/workflows/storage_checks.yaml
+++ b/.github/workflows/storage_checks.yaml
@@ -1,8 +1,7 @@
 ---
 name: "storage: check and build"
 on:
-  # pull_request_target:
-  pull_request:
+  pull_request_target:
    paths:
      - '.github/workflows/storage_checks.yaml'
      - '.github/workflows/wf_check.yaml'
@@ -49,7 +48,7 @@ jobs:
    with:
      NAME: storage
      PATH: services/storage
-      GIT_REF: ${{ github.sha }}
+      GIT_REF: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || github.sha }}

    secrets:
      AWS_ACCOUNT_ID: ${{ secrets.AWS_PRODUCTION_CORE_ACCOUNT_ID }}
@@ -64,7 +63,7 @@ jobs:
    with:
      NAME: storage
      PATH: services/storage
-      GIT_REF: ${{ github.sha }}
+      GIT_REF: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || github.sha }}
      VERSION: 0.0.0-dev # we use a fixed version here to avoid unnecessary rebuilds
      DOCKER: true
    secrets:
--- a/.github/workflows/wf_build_artifacts.yaml
+++ b/.github/workflows/wf_build_artifacts.yaml
@@ -85,7 +85,7 @@ jobs:
        zip -r result.zip result

    - name: "Push artifact to artifact repository"
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v5
      with:
        name: ${{ inputs.NAME }}-artifact-${{ steps.vars.outputs.ARCH }}-${{ steps.vars.outputs.VERSION }}
        path: ${{ inputs.PATH }}/result.zip
@@ -100,7 +100,7 @@ jobs:
      if: ${{ ( inputs.DOCKER ) }}

    - name: "Push docker image to artifact repository"
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v5
      with:
        name: ${{ inputs.NAME }}-docker-image-${{ steps.vars.outputs.ARCH }}-${{ steps.vars.outputs.VERSION }}
        path: ${{ inputs.PATH }}/result
--- a/.github/workflows/wf_docker_push_image.yaml
+++ b/.github/workflows/wf_docker_push_image.yaml
@@ -44,7 +44,7 @@ jobs:
          echo "VERSION=$(make get-version VER=${{ inputs.VERSION }})" >> $GITHUB_OUTPUT

      - name: "Get artifacts"
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
        with:
          path: ~/artifacts

--- a/.github/workflows/wf_docker_push_image_ecr.yaml
+++ b/.github/workflows/wf_docker_push_image_ecr.yaml
@@ -55,7 +55,7 @@ jobs:
          echo "VERSION=$(make get-version VER=${{ inputs.VERSION }})" >> $GITHUB_OUTPUT

      - name: "Get artifacts"
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
        with:
          path: ~/artifacts

--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -16,6 +16,15 @@ Contributions are made to Nhost repos via Issues and Pull Requests (PRs). A few
 - We work hard to make sure issues are handled on time, but it could take a while to investigate the root cause depending on the impact. A friendly ping in the comment thread to the submitter or a contributor can help draw attention if your issue is blocking.
 - If you've never contributed before, see [the first-timer's guide](https://github.com/firstcontributions/first-contributions) for resources and tips on getting started.

+### AI-Assisted Contributions
+
+We have specific policies regarding AI-assisted contributions:
+
+- **Issues**: Bug reports and feature requests that are clearly AI-generated will not be accepted and will be closed immediately. Please write your issues in your own words to ensure they are clear, specific, and contain the necessary context.
+- **Pull Requests**: Contributions with the help of AI are permitted, but you are ultimately responsible for the quality of your submission and for ensuring it follows our contributing guidelines. The PR description must be written in your own words. Additionally, please remove any superfluous code comments introduced by AI tools before submitting. PRs that clearly violate this rule will be closed without further review.
+
+In all cases, contributors must ensure their submissions are thoughtful, well-tested, and meet the project's quality standards.
+
 ### Issues

 Issues should be used to report problems with Nhost, request a new feature, or discuss potential changes before a PR is created.
--- a/audit-ci.jsonc
+++ b/audit-ci.jsonc
@@ -2,5 +2,8 @@
  // $schema provides code completion hints to IDEs.
  "$schema": "https://github.com/IBM/audit-ci/raw/main/docs/schema.json",
  "moderate": true,
-  "allowlist": ["vue-template-compiler", { "id": "CVE-2025-48068", "path": "next" }]
+  "allowlist": [
+    "GHSA-9965-vmph-33xx", // https://github.com/advisories/GHSA-9965-vmph-33xx Update package once have a fix
+    "GHSA-7mvr-c777-76hp" // https://github.com/advisories/GHSA-7mvr-c777-76hp Update package once Nix side is also updated
+  ]
 }
--- a/cli/CHANGELOG.md
+++ b/cli/CHANGELOG.md
@@ -2,6 +2,26 @@

 All notable changes to this project will be documented in this file.

+## [cli@1.34.4] - 2025-10-28
+
+### 🐛 Bug Fixes
+
+- *(cli)* Update NEXT_PUBLIC_NHOST_HASURA_MIGRATIONS_API_URL correctly (#3643)
+
+## [cli@1.34.3] - 2025-10-27
+
+### ⚙️ Miscellaneous Tasks
+
+- *(cli)* Update schema (#3622)
+- *(cli)* Bump nhost/dashboard to 2.40.0 (#3629)
+
+## [cli@1.34.2] - 2025-10-20
+
+### ⚙️ Miscellaneous Tasks
+
+- *(cli)* Minor fix to download script when specifying version (#3602)
+- *(cli)* Update schema (#3613)
+
 ## [cli@1.34.1] - 2025-10-13

 ### 🐛 Bug Fixes
--- a/cli/cmd/dev/cloud.go
+++ b/cli/cmd/dev/cloud.go
@@ -56,7 +56,7 @@ func CommandCloud() *cli.Command {
 			&cli.StringFlag{ //nolint:exhaustruct
 				Name:    flagDashboardVersion,
 				Usage:   "Dashboard version to use",
-				Value:   "nhost/dashboard:2.38.4",
+				Value:   "nhost/dashboard:2.40.0",
 				Sources: cli.EnvVars("NHOST_DASHBOARD_VERSION"),
 			},
 			&cli.StringFlag{ //nolint:exhaustruct
--- a/cli/cmd/dev/up.go
+++ b/cli/cmd/dev/up.go
@@ -111,7 +111,7 @@ func CommandUp() *cli.Command { //nolint:funlen
 			&cli.StringFlag{ //nolint:exhaustruct
 				Name:    flagDashboardVersion,
 				Usage:   "Dashboard version to use",
-				Value:   "nhost/dashboard:2.38.4",
+				Value:   "nhost/dashboard:2.40.0",
 				Sources: cli.EnvVars("NHOST_DASHBOARD_VERSION"),
 			},
 			&cli.StringFlag{ //nolint:exhaustruct
--- a/cli/dockercompose/auth.go
+++ b/cli/dockercompose/auth.go
@@ -56,6 +56,7 @@ func auth( //nolint:funlen
 		false,
 		false,
 		"00000000-0000-0000-0000-000000000000",
+		"5181f67e2844e4b60d571fa346cac9c37fc00d1ff519212eae6cead138e639ba",
 	)
 	if err != nil {
 		return nil, fmt.Errorf("failed to get hasura env vars: %w", err)
--- a/cli/dockercompose/auth_test.go
+++ b/cli/dockercompose/auth_test.go
@@ -33,6 +33,7 @@ func expectedAuth() *Service {
 			"AUTH_DISABLE_SIGNUP":                       "false",
 			"AUTH_EMAIL_PASSWORDLESS_ENABLED":           "true",
 			"AUTH_EMAIL_SIGNIN_EMAIL_VERIFIED_REQUIRED": "true",
+			"AUTH_ENCRYPTION_KEY":                       "5181f67e2844e4b60d571fa346cac9c37fc00d1ff519212eae6cead138e639ba",
 			"AUTH_GRAVATAR_DEFAULT":                     "gravatarDefault",
 			"AUTH_GRAVATAR_ENABLED":                     "true",
 			"AUTH_GRAVATAR_RATING":                      "gravatarRating",
--- a/cli/dockercompose/compose.go
+++ b/cli/dockercompose/compose.go
@@ -344,7 +344,7 @@ func dashboard(
 				subdomain, "hasura", httpPort, useTLS,
 			) + "/console",
 			"NEXT_PUBLIC_NHOST_HASURA_MIGRATIONS_API_URL": URL(
-				subdomain, "hasura", httpPort, useTLS),
+				subdomain, "hasura", httpPort, useTLS) + "/apis/migrate",
 			"NEXT_PUBLIC_NHOST_STORAGE_URL": URL(
 				subdomain, "storage", httpPort, useTLS) + "/v1",
 		},
--- a/cli/dockercompose/graphql.go
+++ b/cli/dockercompose/graphql.go
@@ -38,6 +38,8 @@ func graphql( //nolint:funlen
 		env[v.Name] = v.Value
 	}

+	env["HASURA_GRAPHQL_MIGRATIONS_SERVER_TIMEOUT"] = "600"
+
 	return &Service{
 		Image: "nhost/graphql-engine:" + *cfg.GetHasura().GetVersion(),
 		DependsOn: map[string]DependsOn{
@@ -54,7 +56,7 @@ func graphql( //nolint:funlen
 				"CMD-SHELL",
 				"curl http://localhost:8080/healthz > /dev/null 2>&1",
 			},
-			Timeout:     "60s",
+			Timeout:     "600s",
 			Interval:    "5s",
 			StartPeriod: "60s",
 		},
@@ -135,6 +137,8 @@ func console( //nolint:funlen
 		env[v.Name] = v.Value
 	}

+	env["HASURA_GRAPHQL_MIGRATIONS_SERVER_TIMEOUT"] = "600"
+
 	return &Service{
 		Image: fmt.Sprintf(
 			"nhost/graphql-engine:%s.cli-migrations-v3",
@@ -165,7 +169,7 @@ func console( //nolint:funlen
 				"CMD-SHELL",
 				"timeout 1s bash -c ':> /dev/tcp/127.0.0.1/9695' || exit 1",
 			},
-			Timeout:     "60s",
+			Timeout:     "600s",
 			Interval:    "5s",
 			StartPeriod: "60s",
 		},
--- a/cli/dockercompose/graphql_test.go
+++ b/cli/dockercompose/graphql_test.go
@@ -39,6 +39,7 @@ func expectedGraphql() *Service {
 			"HASURA_GRAPHQL_LIVE_QUERIES_MULTIPLEXED_BATCH_SIZE":       "100",
 			"HASURA_GRAPHQL_LIVE_QUERIES_MULTIPLEXED_REFETCH_INTERVAL": "1000",
 			"HASURA_GRAPHQL_LOG_LEVEL":                                 "info",
+			"HASURA_GRAPHQL_MIGRATIONS_SERVER_TIMEOUT":                 "600",
 			"HASURA_GRAPHQL_PG_CONNECTIONS":                            "50",
 			"HASURA_GRAPHQL_PG_TIMEOUT":                                "180",
 			"HASURA_GRAPHQL_STRINGIFY_NUMERIC_TYPES":                   "false",
@@ -77,7 +78,7 @@ func expectedGraphql() *Service {
 				"CMD-SHELL",
 				"curl http://localhost:8080/healthz > /dev/null 2>&1",
 			},
-			Timeout:     "60s",
+			Timeout:     "600s",
 			Interval:    "5s",
 			StartPeriod: "60s",
 		},
@@ -178,6 +179,7 @@ func expectedConsole() *Service {
 			"HASURA_GRAPHQL_LIVE_QUERIES_MULTIPLEXED_BATCH_SIZE":       "100",
 			"HASURA_GRAPHQL_LIVE_QUERIES_MULTIPLEXED_REFETCH_INTERVAL": "1000",
 			"HASURA_GRAPHQL_LOG_LEVEL":                                 "info",
+			"HASURA_GRAPHQL_MIGRATIONS_SERVER_TIMEOUT":                 "600",
 			"HASURA_GRAPHQL_PG_CONNECTIONS":                            "50",
 			"HASURA_GRAPHQL_PG_TIMEOUT":                                "180",
 			"HASURA_GRAPHQL_STRINGIFY_NUMERIC_TYPES":                   "false",
@@ -216,7 +218,7 @@ func expectedConsole() *Service {
 				"CMD-SHELL",
 				"timeout 1s bash -c ':> /dev/tcp/127.0.0.1/9695' || exit 1",
 			},
-			Timeout:     "60s",
+			Timeout:     "600s",
 			Interval:    "5s",
 			StartPeriod: "60s",
 		},
--- a/cli/get.sh
+++ b/cli/get.sh
@@ -44,7 +44,7 @@ if [[ "$version" == "latest" ]]; then
    release=$(curl --silent https://api.github.com/repos/nhost/nhost/releases\?per_page=100 | grep tag_name | grep \"cli\@ | head -n 1 | sed 's/.*"tag_name": "\([^"]*\)".*/\1/')
    version=$( echo $release | sed 's/.*@//')
 else
-    release="cli@$release"
+    release="cli@$version"
 fi

 # check version exists
--- a/cli/mcp/nhost/auth/auth.gen.go
+++ b/cli/mcp/nhost/auth/auth.gen.go
@@ -1,6 +1,6 @@
 // Package auth provides primitives to interact with the openapi HTTP API.
 //
-// Code generated by github.com/oapi-codegen/oapi-codegen/v2 version 2.4.1 DO NOT EDIT.
+// Code generated by github.com/oapi-codegen/oapi-codegen/v2 version 2.5.0 DO NOT EDIT.
 package auth

 import (
--- a/cli/mcp/nhost/graphql/graphql.gen.go
+++ b/cli/mcp/nhost/graphql/graphql.gen.go
@@ -1,6 +1,6 @@
 // Package graphql provides primitives to interact with the openapi HTTP API.
 //
-// Code generated by github.com/oapi-codegen/oapi-codegen/v2 version 2.4.1 DO NOT EDIT.
+// Code generated by github.com/oapi-codegen/oapi-codegen/v2 version 2.5.0 DO NOT EDIT.
 package graphql

 import (
--- a/cli/mcp/resources/nhost_toml_schema.cue
+++ b/cli/mcp/resources/nhost_toml_schema.cue
@@ -148,7 +148,7 @@ import (
 #Hasura: {
 	// Version of hasura, you can see available versions in the URL below:
 	// https://hub.docker.com/r/hasura/graphql-engine/tags
-	version: string | *"v2.46.0-ce"
+	version: string | *"v2.48.5-ce"

 	// JWT Secrets configuration
 	jwtSecrets: [#JWTSecret]
@@ -223,7 +223,7 @@ import (
 	// Releases:
 	//
 	// https://github.com/nhost/hasura-storage/releases
-	version: string | *"0.7.2"
+	version: string | *"0.8.2"

 	// Networking (custom domains at the moment) are not allowed as we need to do further
 	// configurations in the CDN. We will enable it again in the future.
@@ -311,7 +311,7 @@ import (
 	// Releases:
 	//
 	// https://github.com/nhost/hasura-auth/releases
-	version: string | *"0.38.1"
+	version: string | *"0.42.4"

 	// Resources for the service
 	resources?: #Resources
@@ -651,6 +651,9 @@ import (
 			iops: uint32 | *3000
 			tput: uint32 | *125
 		}
+
+        encryptColumnKey?: string & =~"^[0-9a-fA-F]{64}$"    // 32 bytes hex-encoded key
+        oldEncryptColumnKey?: string & =~"^[0-9a-fA-F]{64}$" // for key rotation
 	}

 	persistentVolumesEncrypted: bool | *false
--- a/cli/nhostclient/graphql/models_gen.go
+++ b/cli/nhostclient/graphql/models_gen.go
@@ -70,18 +70,28 @@ type ConfigAIUpdateInput struct {
 	WebhookSecret  *string                            `json:"webhookSecret,omitempty"`
 }

+// Configuration for auth service
+// You can find more information about the configuration here:
+// https://github.com/nhost/hasura-auth/blob/main/docs/environment-variables.md
 type ConfigAuth struct {
 	ElevatedPrivileges *ConfigAuthElevatedPrivileges `json:"elevatedPrivileges,omitempty"`
 	Method             *ConfigAuthMethod             `json:"method,omitempty"`
 	Misc               *ConfigAuthMisc               `json:"misc,omitempty"`
 	RateLimit          *ConfigAuthRateLimit          `json:"rateLimit,omitempty"`
 	Redirections       *ConfigAuthRedirections       `json:"redirections,omitempty"`
-	Resources          *ConfigResources              `json:"resources,omitempty"`
-	Session            *ConfigAuthSession            `json:"session,omitempty"`
-	SignUp             *ConfigAuthSignUp             `json:"signUp,omitempty"`
-	Totp               *ConfigAuthTotp               `json:"totp,omitempty"`
-	User               *ConfigAuthUser               `json:"user,omitempty"`
-	Version            *string                       `json:"version,omitempty"`
+	// Resources for the service
+	Resources *ConfigResources   `json:"resources,omitempty"`
+	Session   *ConfigAuthSession `json:"session,omitempty"`
+	SignUp    *ConfigAuthSignUp  `json:"signUp,omitempty"`
+	Totp      *ConfigAuthTotp    `json:"totp,omitempty"`
+	User      *ConfigAuthUser    `json:"user,omitempty"`
+	// Version of auth, you can see available versions in the URL below:
+	// https://hub.docker.com/r/nhost/hasura-auth/tags
+	//
+	// Releases:
+	//
+	// https://github.com/nhost/hasura-auth/releases
+	Version *string `json:"version,omitempty"`
 }

 type ConfigAuthElevatedPrivileges struct {
@@ -111,9 +121,11 @@ type ConfigAuthMethodAnonymousUpdateInput struct {
 }

 type ConfigAuthMethodEmailPassword struct {
-	EmailVerificationRequired *bool   `json:"emailVerificationRequired,omitempty"`
-	HibpEnabled               *bool   `json:"hibpEnabled,omitempty"`
-	PasswordMinLength         *uint32 `json:"passwordMinLength,omitempty"`
+	EmailVerificationRequired *bool `json:"emailVerificationRequired,omitempty"`
+	// Disabling email+password sign in is not implmented yet
+	// enabled: bool | *true
+	HibpEnabled       *bool   `json:"hibpEnabled,omitempty"`
+	PasswordMinLength *uint32 `json:"passwordMinLength,omitempty"`
 }

 type ConfigAuthMethodEmailPasswordUpdateInput struct {
@@ -335,8 +347,10 @@ type ConfigAuthRateLimitUpdateInput struct {
 }

 type ConfigAuthRedirections struct {
+	// AUTH_ACCESS_CONTROL_ALLOWED_REDIRECT_URLS
 	AllowedUrls []string `json:"allowedUrls,omitempty"`
-	ClientURL   *string  `json:"clientUrl,omitempty"`
+	// AUTH_CLIENT_URL
+	ClientURL *string `json:"clientUrl,omitempty"`
 }

 type ConfigAuthRedirectionsUpdateInput struct {
@@ -350,8 +364,10 @@ type ConfigAuthSession struct {
 }

 type ConfigAuthSessionAccessToken struct {
+	// AUTH_JWT_CUSTOM_CLAIMS
 	CustomClaims []*ConfigAuthsessionaccessTokenCustomClaims `json:"customClaims,omitempty"`
-	ExpiresIn    *uint32                                     `json:"expiresIn,omitempty"`
+	// AUTH_ACCESS_TOKEN_EXPIRES_IN
+	ExpiresIn *uint32 `json:"expiresIn,omitempty"`
 }

 type ConfigAuthSessionAccessTokenUpdateInput struct {
@@ -360,6 +376,7 @@ type ConfigAuthSessionAccessTokenUpdateInput struct {
 }

 type ConfigAuthSessionRefreshToken struct {
+	// AUTH_REFRESH_TOKEN_EXPIRES_IN
 	ExpiresIn *uint32 `json:"expiresIn,omitempty"`
 }

@@ -373,9 +390,11 @@ type ConfigAuthSessionUpdateInput struct {
 }

 type ConfigAuthSignUp struct {
-	DisableNewUsers *bool                      `json:"disableNewUsers,omitempty"`
-	Enabled         *bool                      `json:"enabled,omitempty"`
-	Turnstile       *ConfigAuthSignUpTurnstile `json:"turnstile,omitempty"`
+	// AUTH_DISABLE_NEW_USERS
+	DisableNewUsers *bool `json:"disableNewUsers,omitempty"`
+	// Inverse of AUTH_DISABLE_SIGNUP
+	Enabled   *bool                      `json:"enabled,omitempty"`
+	Turnstile *ConfigAuthSignUpTurnstile `json:"turnstile,omitempty"`
 }

 type ConfigAuthSignUpTurnstile struct {
@@ -425,12 +444,16 @@ type ConfigAuthUser struct {
 }

 type ConfigAuthUserEmail struct {
+	// AUTH_ACCESS_CONTROL_ALLOWED_EMAILS
 	Allowed []string `json:"allowed,omitempty"`
+	// AUTH_ACCESS_CONTROL_BLOCKED_EMAILS
 	Blocked []string `json:"blocked,omitempty"`
 }

 type ConfigAuthUserEmailDomains struct {
+	// AUTH_ACCESS_CONTROL_ALLOWED_EMAIL_DOMAINS
 	Allowed []string `json:"allowed,omitempty"`
+	// AUTH_ACCESS_CONTROL_BLOCKED_EMAIL_DOMAINS
 	Blocked []string `json:"blocked,omitempty"`
 }

@@ -446,6 +469,7 @@ type ConfigAuthUserEmailUpdateInput struct {

 type ConfigAuthUserGravatar struct {
 	Default *string `json:"default,omitempty"`
+	// AUTH_GRAVATAR_ENABLED
 	Enabled *bool   `json:"enabled,omitempty"`
 	Rating  *string `json:"rating,omitempty"`
 }
@@ -457,8 +481,10 @@ type ConfigAuthUserGravatarUpdateInput struct {
 }

 type ConfigAuthUserLocale struct {
+	// AUTH_LOCALE_ALLOWED_LOCALES
 	Allowed []string `json:"allowed,omitempty"`
-	Default *string  `json:"default,omitempty"`
+	// AUTH_LOCALE_DEFAULT
+	Default *string `json:"default,omitempty"`
 }

 type ConfigAuthUserLocaleUpdateInput struct {
@@ -467,8 +493,10 @@ type ConfigAuthUserLocaleUpdateInput struct {
 }

 type ConfigAuthUserRoles struct {
+	// AUTH_USER_DEFAULT_ALLOWED_ROLES
 	Allowed []string `json:"allowed,omitempty"`
-	Default *string  `json:"default,omitempty"`
+	// AUTH_USER_DEFAULT_ROLE
+	Default *string `json:"default,omitempty"`
 }

 type ConfigAuthUserRolesUpdateInput struct {
@@ -484,6 +512,7 @@ type ConfigAuthUserUpdateInput struct {
 	Roles        *ConfigAuthUserRolesUpdateInput        `json:"roles,omitempty"`
 }

+// AUTH_JWT_CUSTOM_CLAIMS
 type ConfigAuthsessionaccessTokenCustomClaims struct {
 	Default *string `json:"default,omitempty"`
 	Key     string  `json:"key"`
@@ -522,8 +551,11 @@ type ConfigClaimMapUpdateInput struct {
 	Value   *string `json:"value,omitempty"`
 }

+// Resource configuration for a service
 type ConfigComputeResources struct {
-	CPU    uint32 `json:"cpu"`
+	// milicpus, 1000 milicpus = 1 cpu
+	CPU uint32 `json:"cpu"`
+	// MiB: 128MiB to 30GiB
 	Memory uint32 `json:"memory"`
 }

@@ -537,17 +569,28 @@ type ConfigComputeResourcesUpdateInput struct {
 	Memory *uint32 `json:"memory,omitempty"`
 }

+// main entrypoint to the configuration
 type ConfigConfig struct {
-	Ai            *ConfigAi            `json:"ai,omitempty"`
-	Auth          *ConfigAuth          `json:"auth,omitempty"`
-	Functions     *ConfigFunctions     `json:"functions,omitempty"`
-	Global        *ConfigGlobal        `json:"global,omitempty"`
-	Graphql       *ConfigGraphql       `json:"graphql,omitempty"`
-	Hasura        *ConfigHasura        `json:"hasura"`
+	// Configuration for graphite service
+	Ai *ConfigAi `json:"ai,omitempty"`
+	// Configuration for auth service
+	Auth *ConfigAuth `json:"auth,omitempty"`
+	// Configuration for functions service
+	Functions *ConfigFunctions `json:"functions,omitempty"`
+	// Global configuration that applies to all services
+	Global *ConfigGlobal `json:"global,omitempty"`
+	// Advanced configuration for GraphQL
+	Graphql *ConfigGraphql `json:"graphql,omitempty"`
+	// Configuration for hasura
+	Hasura *ConfigHasura `json:"hasura"`
+	// Configuration for observability service
 	Observability *ConfigObservability `json:"observability"`
-	Postgres      *ConfigPostgres      `json:"postgres"`
-	Provider      *ConfigProvider      `json:"provider,omitempty"`
-	Storage       *ConfigStorage       `json:"storage,omitempty"`
+	// Configuration for postgres service
+	Postgres *ConfigPostgres `json:"postgres"`
+	// Configuration for third party providers like SMTP, SMS, etc.
+	Provider *ConfigProvider `json:"provider,omitempty"`
+	// Configuration for storage service
+	Storage *ConfigStorage `json:"storage,omitempty"`
 }

 type ConfigConfigUpdateInput struct {
@@ -564,7 +607,8 @@ type ConfigConfigUpdateInput struct {
 }

 type ConfigEnvironmentVariable struct {
-	Name  string `json:"name"`
+	Name string `json:"name"`
+	// Value of the environment variable
 	Value string `json:"value"`
 }

@@ -578,6 +622,7 @@ type ConfigEnvironmentVariableUpdateInput struct {
 	Value *string `json:"value,omitempty"`
 }

+// Configuration for functions service
 type ConfigFunctions struct {
 	Node      *ConfigFunctionsNode      `json:"node,omitempty"`
 	RateLimit *ConfigRateLimit          `json:"rateLimit,omitempty"`
@@ -606,12 +651,15 @@ type ConfigFunctionsUpdateInput struct {
 	Resources *ConfigFunctionsResourcesUpdateInput `json:"resources,omitempty"`
 }

+// Global configuration that applies to all services
 type ConfigGlobal struct {
+	// User-defined environment variables that are spread over all services
 	Environment []*ConfigGlobalEnvironmentVariable `json:"environment,omitempty"`
 }

 type ConfigGlobalEnvironmentVariable struct {
-	Name  string `json:"name"`
+	Name string `json:"name"`
+	// Value of the environment variable
 	Value string `json:"value"`
 }

@@ -768,23 +816,34 @@ type ConfigGraphqlUpdateInput struct {
 	Security *ConfigGraphqlSecurityUpdateInput `json:"security,omitempty"`
 }

+// Configuration for hasura service
 type ConfigHasura struct {
-	AdminSecret   string                `json:"adminSecret"`
-	AuthHook      *ConfigHasuraAuthHook `json:"authHook,omitempty"`
-	Events        *ConfigHasuraEvents   `json:"events,omitempty"`
-	JwtSecrets    []*ConfigJWTSecret    `json:"jwtSecrets,omitempty"`
-	Logs          *ConfigHasuraLogs     `json:"logs,omitempty"`
-	RateLimit     *ConfigRateLimit      `json:"rateLimit,omitempty"`
-	Resources     *ConfigResources      `json:"resources,omitempty"`
-	Settings      *ConfigHasuraSettings `json:"settings,omitempty"`
-	Version       *string               `json:"version,omitempty"`
-	WebhookSecret string                `json:"webhookSecret"`
+	// Admin secret
+	AdminSecret string                `json:"adminSecret"`
+	AuthHook    *ConfigHasuraAuthHook `json:"authHook,omitempty"`
+	Events      *ConfigHasuraEvents   `json:"events,omitempty"`
+	// JWT Secrets configuration
+	JwtSecrets []*ConfigJWTSecret `json:"jwtSecrets,omitempty"`
+	Logs       *ConfigHasuraLogs  `json:"logs,omitempty"`
+	RateLimit  *ConfigRateLimit   `json:"rateLimit,omitempty"`
+	// Resources for the service
+	Resources *ConfigResources `json:"resources,omitempty"`
+	// Configuration for hasura services
+	// Reference: https://hasura.io/docs/latest/deployment/graphql-engine-flags/reference/
+	Settings *ConfigHasuraSettings `json:"settings,omitempty"`
+	// Version of hasura, you can see available versions in the URL below:
+	// https://hub.docker.com/r/hasura/graphql-engine/tags
+	Version *string `json:"version,omitempty"`
+	// Webhook secret
+	WebhookSecret string `json:"webhookSecret"`
 }

 type ConfigHasuraAuthHook struct {
-	Mode            *string `json:"mode,omitempty"`
-	SendRequestBody *bool   `json:"sendRequestBody,omitempty"`
-	URL             string  `json:"url"`
+	Mode *string `json:"mode,omitempty"`
+	// HASURA_GRAPHQL_AUTH_HOOK_SEND_REQUEST_BODY
+	SendRequestBody *bool `json:"sendRequestBody,omitempty"`
+	// HASURA_GRAPHQL_AUTH_HOOK
+	URL string `json:"url"`
 }

 type ConfigHasuraAuthHookUpdateInput struct {
@@ -794,6 +853,7 @@ type ConfigHasuraAuthHookUpdateInput struct {
 }

 type ConfigHasuraEvents struct {
+	// HASURA_GRAPHQL_EVENTS_HTTP_POOL_SIZE
 	HTTPPoolSize *uint32 `json:"httpPoolSize,omitempty"`
 }

@@ -809,16 +869,27 @@ type ConfigHasuraLogsUpdateInput struct {
 	Level *string `json:"level,omitempty"`
 }

+// Configuration for hasura services
+// Reference: https://hasura.io/docs/latest/deployment/graphql-engine-flags/reference/
 type ConfigHasuraSettings struct {
-	CorsDomain                            []string `json:"corsDomain,omitempty"`
-	DevMode                               *bool    `json:"devMode,omitempty"`
-	EnableAllowList                       *bool    `json:"enableAllowList,omitempty"`
-	EnableConsole                         *bool    `json:"enableConsole,omitempty"`
-	EnableRemoteSchemaPermissions         *bool    `json:"enableRemoteSchemaPermissions,omitempty"`
-	EnabledAPIs                           []string `json:"enabledAPIs,omitempty"`
-	InferFunctionPermissions              *bool    `json:"inferFunctionPermissions,omitempty"`
-	LiveQueriesMultiplexedRefetchInterval *uint32  `json:"liveQueriesMultiplexedRefetchInterval,omitempty"`
-	StringifyNumericTypes                 *bool    `json:"stringifyNumericTypes,omitempty"`
+	// HASURA_GRAPHQL_CORS_DOMAIN
+	CorsDomain []string `json:"corsDomain,omitempty"`
+	// HASURA_GRAPHQL_DEV_MODE
+	DevMode *bool `json:"devMode,omitempty"`
+	// HASURA_GRAPHQL_ENABLE_ALLOWLIST
+	EnableAllowList *bool `json:"enableAllowList,omitempty"`
+	// HASURA_GRAPHQL_ENABLE_CONSOLE
+	EnableConsole *bool `json:"enableConsole,omitempty"`
+	// HASURA_GRAPHQL_ENABLE_REMOTE_SCHEMA_PERMISSIONS
+	EnableRemoteSchemaPermissions *bool `json:"enableRemoteSchemaPermissions,omitempty"`
+	// HASURA_GRAPHQL_ENABLED_APIS
+	EnabledAPIs []string `json:"enabledAPIs,omitempty"`
+	// HASURA_GRAPHQL_INFER_FUNCTION_PERMISSIONS
+	InferFunctionPermissions *bool `json:"inferFunctionPermissions,omitempty"`
+	// HASURA_GRAPHQL_LIVE_QUERIES_MULTIPLEXED_REFETCH_INTERVAL
+	LiveQueriesMultiplexedRefetchInterval *uint32 `json:"liveQueriesMultiplexedRefetchInterval,omitempty"`
+	// HASURA_GRAPHQL_STRINGIFY_NUMERIC_TYPES
+	StringifyNumericTypes *bool `json:"stringifyNumericTypes,omitempty"`
 }

 type ConfigHasuraSettingsUpdateInput struct {
@@ -891,6 +962,7 @@ type ConfigIngressUpdateInput struct {
 	TLS  *ConfigIngressTLSUpdateInput `json:"tls,omitempty"`
 }

+// See https://hasura.io/docs/latest/auth/authentication/jwt/
 type ConfigJWTSecret struct {
 	AllowedSkew         *uint32           `json:"allowed_skew,omitempty"`
 	Audience            *string           `json:"audience,omitempty"`
@@ -939,11 +1011,15 @@ type ConfigObservabilityUpdateInput struct {
 	Grafana *ConfigGrafanaUpdateInput `json:"grafana,omitempty"`
 }

+// Configuration for postgres service
 type ConfigPostgres struct {
-	Pitr      *ConfigPostgresPitr      `json:"pitr,omitempty"`
+	Pitr *ConfigPostgresPitr `json:"pitr,omitempty"`
+	// Resources for the service
 	Resources *ConfigPostgresResources `json:"resources"`
 	Settings  *ConfigPostgresSettings  `json:"settings,omitempty"`
-	Version   *string                  `json:"version,omitempty"`
+	// Version of postgres, you can see available versions in the URL below:
+	// https://hub.docker.com/r/nhost/postgres/tags
+	Version *string `json:"version,omitempty"`
 }

 type ConfigPostgresPitr struct {
@@ -954,6 +1030,7 @@ type ConfigPostgresPitrUpdateInput struct {
 	Retention *uint32 `json:"retention,omitempty"`
 }

+// Resources for the service
 type ConfigPostgresResources struct {
 	Compute            *ConfigResourcesCompute         `json:"compute,omitempty"`
 	EnablePublicAccess *bool                           `json:"enablePublicAccess,omitempty"`
@@ -1060,15 +1137,19 @@ type ConfigRateLimitUpdateInput struct {
 	Limit    *uint32 `json:"limit,omitempty"`
 }

+// Resource configuration for a service
 type ConfigResources struct {
 	Autoscaler *ConfigAutoscaler       `json:"autoscaler,omitempty"`
 	Compute    *ConfigResourcesCompute `json:"compute,omitempty"`
 	Networking *ConfigNetworking       `json:"networking,omitempty"`
-	Replicas   *uint32                 `json:"replicas,omitempty"`
+	// Number of replicas for a service
+	Replicas *uint32 `json:"replicas,omitempty"`
 }

 type ConfigResourcesCompute struct {
-	CPU    uint32 `json:"cpu"`
+	// milicpus, 1000 milicpus = 1 cpu
+	CPU uint32 `json:"cpu"`
+	// MiB: 128MiB to 30GiB
 	Memory uint32 `json:"memory"`
 }

@@ -1120,7 +1201,8 @@ type ConfigRunServiceConfigWithID struct {
 }

 type ConfigRunServiceImage struct {
-	Image           string  `json:"image"`
+	Image string `json:"image"`
+	// content of "auths", i.e., { "auths": $THIS }
 	PullCredentials *string `json:"pullCredentials,omitempty"`
 }

@@ -1158,11 +1240,13 @@ type ConfigRunServicePortUpdateInput struct {
 	Type      *string                     `json:"type,omitempty"`
 }

+// Resource configuration for a service
 type ConfigRunServiceResources struct {
-	Autoscaler *ConfigAutoscaler                   `json:"autoscaler,omitempty"`
-	Compute    *ConfigComputeResources             `json:"compute"`
-	Replicas   uint32                              `json:"replicas"`
-	Storage    []*ConfigRunServiceResourcesStorage `json:"storage,omitempty"`
+	Autoscaler *ConfigAutoscaler       `json:"autoscaler,omitempty"`
+	Compute    *ConfigComputeResources `json:"compute"`
+	// Number of replicas for a service
+	Replicas uint32                              `json:"replicas"`
+	Storage  []*ConfigRunServiceResourcesStorage `json:"storage,omitempty"`
 }

 type ConfigRunServiceResourcesInsertInput struct {
@@ -1173,9 +1257,11 @@ type ConfigRunServiceResourcesInsertInput struct {
 }

 type ConfigRunServiceResourcesStorage struct {
+	// GiB
 	Capacity uint32 `json:"capacity"`
-	Name     string `json:"name"`
-	Path     string `json:"path"`
+	// name of the volume, changing it will cause data loss
+	Name string `json:"name"`
+	Path string `json:"path"`
 }

 type ConfigRunServiceResourcesStorageInsertInput struct {
@@ -1259,11 +1345,20 @@ type ConfigStandardOauthProviderWithScopeUpdateInput struct {
 	Scope        []string `json:"scope,omitempty"`
 }

+// Configuration for storage service
 type ConfigStorage struct {
 	Antivirus *ConfigStorageAntivirus `json:"antivirus,omitempty"`
 	RateLimit *ConfigRateLimit        `json:"rateLimit,omitempty"`
-	Resources *ConfigResources        `json:"resources,omitempty"`
-	Version   *string                 `json:"version,omitempty"`
+	// Networking (custom domains at the moment) are not allowed as we need to do further
+	// configurations in the CDN. We will enable it again in the future.
+	Resources *ConfigResources `json:"resources,omitempty"`
+	// Version of storage service, you can see available versions in the URL below:
+	// https://hub.docker.com/r/nhost/hasura-storage/tags
+	//
+	// Releases:
+	//
+	// https://github.com/nhost/hasura-storage/releases
+	Version *string `json:"version,omitempty"`
 }

 type ConfigStorageAntivirus struct {
@@ -1301,6 +1396,8 @@ type ConfigSystemConfigAuthEmailTemplates struct {
 }

 type ConfigSystemConfigGraphql struct {
+	// manually enable graphi on a per-service basis
+	// by default it follows the plan
 	FeatureAdvancedGraphql *bool `json:"featureAdvancedGraphql,omitempty"`
 }

@@ -1718,7 +1815,8 @@ type Apps struct {
 	AppStates        []*AppStateHistory `json:"appStates"`
 	AutomaticDeploys bool               `json:"automaticDeploys"`
 	// An array relationship
-	Backups   []*Backups    `json:"backups"`
+	Backups []*Backups `json:"backups"`
+	// main entrypoint to the configuration
 	Config    *ConfigConfig `json:"config,omitempty"`
 	CreatedAt time.Time     `json:"createdAt"`
 	// An object relationship
@@ -2725,6 +2823,7 @@ type Deployments struct {
 	CommitSha           string     `json:"commitSHA"`
 	CommitUserAvatarURL *string    `json:"commitUserAvatarUrl,omitempty"`
 	CommitUserName      *string    `json:"commitUserName,omitempty"`
+	CreatedAt           time.Time  `json:"createdAt"`
 	DeploymentEndedAt   *time.Time `json:"deploymentEndedAt,omitempty"`
 	// An array relationship
 	DeploymentLogs      []*DeploymentLogs `json:"deploymentLogs"`
@@ -2767,6 +2866,7 @@ type DeploymentsBoolExp struct {
 	CommitSha           *StringComparisonExp      `json:"commitSHA,omitempty"`
 	CommitUserAvatarURL *StringComparisonExp      `json:"commitUserAvatarUrl,omitempty"`
 	CommitUserName      *StringComparisonExp      `json:"commitUserName,omitempty"`
+	CreatedAt           *TimestamptzComparisonExp `json:"createdAt,omitempty"`
 	DeploymentEndedAt   *TimestamptzComparisonExp `json:"deploymentEndedAt,omitempty"`
 	DeploymentLogs      *DeploymentLogsBoolExp    `json:"deploymentLogs,omitempty"`
 	DeploymentStartedAt *TimestamptzComparisonExp `json:"deploymentStartedAt,omitempty"`
@@ -2801,6 +2901,7 @@ type DeploymentsMaxOrderBy struct {
 	CommitSha           *OrderBy `json:"commitSHA,omitempty"`
 	CommitUserAvatarURL *OrderBy `json:"commitUserAvatarUrl,omitempty"`
 	CommitUserName      *OrderBy `json:"commitUserName,omitempty"`
+	CreatedAt           *OrderBy `json:"createdAt,omitempty"`
 	DeploymentEndedAt   *OrderBy `json:"deploymentEndedAt,omitempty"`
 	DeploymentStartedAt *OrderBy `json:"deploymentStartedAt,omitempty"`
 	DeploymentStatus    *OrderBy `json:"deploymentStatus,omitempty"`
@@ -2823,6 +2924,7 @@ type DeploymentsMinOrderBy struct {
 	CommitSha           *OrderBy `json:"commitSHA,omitempty"`
 	CommitUserAvatarURL *OrderBy `json:"commitUserAvatarUrl,omitempty"`
 	CommitUserName      *OrderBy `json:"commitUserName,omitempty"`
+	CreatedAt           *OrderBy `json:"createdAt,omitempty"`
 	DeploymentEndedAt   *OrderBy `json:"deploymentEndedAt,omitempty"`
 	DeploymentStartedAt *OrderBy `json:"deploymentStartedAt,omitempty"`
 	DeploymentStatus    *OrderBy `json:"deploymentStatus,omitempty"`
@@ -2861,6 +2963,7 @@ type DeploymentsOrderBy struct {
 	CommitSha               *OrderBy                        `json:"commitSHA,omitempty"`
 	CommitUserAvatarURL     *OrderBy                        `json:"commitUserAvatarUrl,omitempty"`
 	CommitUserName          *OrderBy                        `json:"commitUserName,omitempty"`
+	CreatedAt               *OrderBy                        `json:"createdAt,omitempty"`
 	DeploymentEndedAt       *OrderBy                        `json:"deploymentEndedAt,omitempty"`
 	DeploymentLogsAggregate *DeploymentLogsAggregateOrderBy `json:"deploymentLogs_aggregate,omitempty"`
 	DeploymentStartedAt     *OrderBy                        `json:"deploymentStartedAt,omitempty"`
@@ -2892,6 +2995,7 @@ type DeploymentsStreamCursorValueInput struct {
 	CommitSha           *string    `json:"commitSHA,omitempty"`
 	CommitUserAvatarURL *string    `json:"commitUserAvatarUrl,omitempty"`
 	CommitUserName      *string    `json:"commitUserName,omitempty"`
+	CreatedAt           *time.Time `json:"createdAt,omitempty"`
 	DeploymentEndedAt   *time.Time `json:"deploymentEndedAt,omitempty"`
 	DeploymentStartedAt *time.Time `json:"deploymentStartedAt,omitempty"`
 	DeploymentStatus    *string    `json:"deploymentStatus,omitempty"`
@@ -6885,6 +6989,8 @@ const (
 	// column name
 	DeploymentsSelectColumnCommitUserName DeploymentsSelectColumn = "commitUserName"
 	// column name
+	DeploymentsSelectColumnCreatedAt DeploymentsSelectColumn = "createdAt"
+	// column name
 	DeploymentsSelectColumnDeploymentEndedAt DeploymentsSelectColumn = "deploymentEndedAt"
 	// column name
 	DeploymentsSelectColumnDeploymentStartedAt DeploymentsSelectColumn = "deploymentStartedAt"
@@ -6918,6 +7024,7 @@ var AllDeploymentsSelectColumn = []DeploymentsSelectColumn{
 	DeploymentsSelectColumnCommitSha,
 	DeploymentsSelectColumnCommitUserAvatarURL,
 	DeploymentsSelectColumnCommitUserName,
+	DeploymentsSelectColumnCreatedAt,
 	DeploymentsSelectColumnDeploymentEndedAt,
 	DeploymentsSelectColumnDeploymentStartedAt,
 	DeploymentsSelectColumnDeploymentStatus,
@@ -6935,7 +7042,7 @@ var AllDeploymentsSelectColumn = []DeploymentsSelectColumn{

 func (e DeploymentsSelectColumn) IsValid() bool {
 	switch e {
-	case DeploymentsSelectColumnAppID, DeploymentsSelectColumnCommitMessage, DeploymentsSelectColumnCommitSha, DeploymentsSelectColumnCommitUserAvatarURL, DeploymentsSelectColumnCommitUserName, DeploymentsSelectColumnDeploymentEndedAt, DeploymentsSelectColumnDeploymentStartedAt, DeploymentsSelectColumnDeploymentStatus, DeploymentsSelectColumnFunctionsEndedAt, DeploymentsSelectColumnFunctionsStartedAt, DeploymentsSelectColumnFunctionsStatus, DeploymentsSelectColumnID, DeploymentsSelectColumnMetadataEndedAt, DeploymentsSelectColumnMetadataStartedAt, DeploymentsSelectColumnMetadataStatus, DeploymentsSelectColumnMigrationsEndedAt, DeploymentsSelectColumnMigrationsStartedAt, DeploymentsSelectColumnMigrationsStatus:
+	case DeploymentsSelectColumnAppID, DeploymentsSelectColumnCommitMessage, DeploymentsSelectColumnCommitSha, DeploymentsSelectColumnCommitUserAvatarURL, DeploymentsSelectColumnCommitUserName, DeploymentsSelectColumnCreatedAt, DeploymentsSelectColumnDeploymentEndedAt, DeploymentsSelectColumnDeploymentStartedAt, DeploymentsSelectColumnDeploymentStatus, DeploymentsSelectColumnFunctionsEndedAt, DeploymentsSelectColumnFunctionsStartedAt, DeploymentsSelectColumnFunctionsStatus, DeploymentsSelectColumnID, DeploymentsSelectColumnMetadataEndedAt, DeploymentsSelectColumnMetadataStartedAt, DeploymentsSelectColumnMetadataStatus, DeploymentsSelectColumnMigrationsEndedAt, DeploymentsSelectColumnMigrationsStartedAt, DeploymentsSelectColumnMigrationsStatus:
 		return true
 	}
 	return false
--- a/dashboard/.env.example
+++ b/dashboard/.env.example
@@ -3,12 +3,13 @@ NEXT_PUBLIC_ENV=dev
 NEXT_PUBLIC_NHOST_PLATFORM=false

 # Environment Variables for Self Hosting and Local Development
-NEXT_PUBLIC_NHOST_AUTH_URL=https://local.auth.nhost.local.run/v1
+NEXT_PUBLIC_NHOST_AUTH_URL=https://local.auth.local.nhost.run/v1
+NEXT_PUBLIC_NHOST_CONFIGSERVER_URL=https://local.dashboard.local.nhost.run/v1/configserver/graphql
 NEXT_PUBLIC_NHOST_FUNCTIONS_URL=https://local.functions.local.nhost.run/v1
 NEXT_PUBLIC_NHOST_GRAPHQL_URL=https://local.graphql.local.nhost.run/v1
 NEXT_PUBLIC_NHOST_STORAGE_URL=https://local.storage.local.nhost.run/v1
-NEXT_PUBLIC_NHOST_HASURA_CONSOLE_URL=https://local.hasura.local.nhost.run
-NEXT_PUBLIC_NHOST_HASURA_MIGRATIONS_API_URL=https://local.hasura.local.nhost.run/v1/migrations
+NEXT_PUBLIC_NHOST_HASURA_CONSOLE_URL=https://local.hasura.local.nhost.run/console
+NEXT_PUBLIC_NHOST_HASURA_MIGRATIONS_API_URL=https://local.hasura.local.nhost.run/apis/migrate
 NEXT_PUBLIC_NHOST_HASURA_API_URL=https://local.hasura.local.nhost.run

 # Environment Variables when running the Nhost Dashboard against the Nhost Backend
@@ -18,13 +19,13 @@ NEXT_PUBLIC_ANALYTICS_WRITE_KEY=<analytics_write_key>
 NEXT_PUBLIC_SEGMENT_CDN_URL=<segment_cdn_url>
 NEXT_PUBLIC_NHOST_BRAGI_WEBSOCKET=<nhost_bragi_websocket>

-NEXT_PUBLIC_ZENDESK_URL=
-NEXT_PUBLIC_ZENDESK_API_KEY=
-NEXT_PUBLIC_ZENDESK_USER_EMAIL=
+NEXT_ZENDESK_URL=
+NEXT_ZENDESK_API_KEY=
+NEXT_ZENDESK_USER_EMAIL=


 CODEGEN_GRAPHQL_URL=https://local.graphql.local.nhost.run/v1
 CODEGEN_HASURA_ADMIN_SECRET=nhost-admin-secret
 NEXT_PUBLIC_TURNSTILE_SITE_KEY=FIXME

-NEXT_PUBLIC_SOC2_REPORT_FILE_ID=
+NEXT_PUBLIC_SOC2_REPORT_FILE_ID=
--- a/dashboard/.storybook/main.js
+++ b/dashboard/.storybook/main.js
@@ -1,47 +0,0 @@
-const TsconfigPathsPlugin = require('tsconfig-paths-webpack-plugin');
-
-module.exports = {
-  stories: ['../src/**/*.stories.mdx', '../src/**/*.stories.@(js|jsx|ts|tsx)'],
-  addons: [
-    '@storybook/addon-links',
-    '@storybook/addon-essentials',
-    '@storybook/addon-interactions',
-    'storybook-addon-next-router',
-    {
-      /**
-       * Fix Storybook issue with PostCSS@8
-       * @see https://github.com/storybookjs/storybook/issues/12668#issuecomment-773958085
-       */
-      name: '@storybook/addon-postcss',
-      options: {
-        postcssLoaderOptions: {
-          implementation: require('postcss'),
-        },
-      },
-    },
-  ],
-  framework: '@storybook/react',
-  core: {
-    builder: '@storybook/builder-webpack5',
-  },
-  features: {
-    emotionAlias: true,
-  },
-  webpackFinal: async (config) => {
-    return {
-      ...config,
-      resolve: {
-        ...config?.resolve,
-        plugins: [
-          ...(config?.resolve?.plugins || []),
-          new TsconfigPathsPlugin(),
-        ],
-      },
-    };
-  },
-  env: (config) => ({
-    ...config,
-    NEXT_PUBLIC_ENV: 'dev',
-    NEXT_PUBLIC_NHOST_PLATFORM: 'false',
-  }),
-};
--- a/dashboard/.storybook/preview.js
+++ b/dashboard/.storybook/preview.js
@@ -1,69 +0,0 @@
-import { NhostProvider } from '@/providers/nhost';
-import '@fontsource/inter';
-import '@fontsource/inter/500.css';
-import '@fontsource/inter/700.css';
-import { CssBaseline, ThemeProvider } from '@mui/material';
-import { createClient } from '@nhost/nhost-js-beta';
-import { NhostApolloProvider } from '@nhost/react-apollo';
-import { QueryClient, QueryClientProvider } from '@tanstack/react-query';
-import { Buffer } from 'buffer';
-import { initialize, mswDecorator } from 'msw-storybook-addon';
-import { RouterContext } from 'next/dist/shared/lib/router-context';
-import { createTheme } from '../src/components/ui/v2/createTheme';
-import '../src/styles/globals.css';
-
-global.Buffer = Buffer;
-
-initialize({ onUnhandledRequest: 'bypass' });
-
-const queryClient = new QueryClient();
-
-export const parameters = {
-  nextRouter: {
-    Provider: RouterContext.Provider,
-    isReady: true,
-  },
-  actions: { argTypesRegex: '^on[A-Z].*' },
-  controls: {
-    matchers: {
-      color: /(background|color)$/i,
-      date: /Date$/,
-    },
-  },
-};
-
-export const decorators = [
-  (Story, context) => {
-    const isDarkMode = !context.globals?.backgrounds?.value
-      ?.toLowerCase()
-      ?.startsWith('#f');
-
-    return (
-      <ThemeProvider theme={createTheme(isDarkMode ? 'dark' : 'light')}>
-        <CssBaseline />
-        <Story />
-      </ThemeProvider>
-    );
-  },
-  (Story) => (
-    <QueryClientProvider client={queryClient}>
-      <Story />
-    </QueryClientProvider>
-  ),
-  (Story) => (
-    <NhostApolloProvider
-      fetchPolicy="cache-first"
-      graphqlUrl="https://local.graphql.nhost.run/v1"
-    >
-      <Story />
-    </NhostApolloProvider>
-  ),
-  (Story) => (
-    <NhostProvider
-      nhost={createClient({ subdomain: 'local', region: 'local' })}
-    >
-      <Story />
-    </NhostProvider>
-  ),
-  mswDecorator,
-];
--- a/dashboard/CHANGELOG.md
+++ b/dashboard/CHANGELOG.md
@@ -2,6 +2,34 @@

 All notable changes to this project will be documented in this file.

+## [@nhost/dashboard@2.40.0] - 2025-10-27
+
+### 🚀 Features
+
+- *(dashboard)* Allow configuring CSP header (#3627)
+
+
+### ⚙️ Miscellaneous Tasks
+
+- *(dashboard)* Various improvements to support ticket page (#3630)
+
+## [@nhost/dashboard@2.39.0] - 2025-10-22
+
+### 🚀 Features
+
+- *(dashboard)* Move zendesk request to API route (#3628)
+
+
+### 🐛 Bug Fixes
+
+- *(dashboard)* Fix flaky e2e tests (#3536)
+- *(dashboard)* Run audit and lint in dashboard (#3578)
+
+
+### ⚙️ Miscellaneous Tasks
+
+- *(dashboard)* Cleanup e2e remote schemas test before run (#3581)
+
 ## [@nhost/dashboard@2.38.4] - 2025-10-09

 ### 🐛 Bug Fixes
--- a/dashboard/README.md
+++ b/dashboard/README.md
@@ -62,20 +62,6 @@ NEXT_PUBLIC_NHOST_HASURA_API_URL=https://local.hasura.local.nhost.run

 This will connect the Nhost Dashboard to your locally running Nhost backend.

-### Storybook
-
-Components are documented using [Storybook](https://storybook.js.org/). To run Storybook, run the following command:
-
-```bash
-pnpm storybook
-```
-
-By default, Storybook will run on port `6006`. You can change this by passing the `--port` flag:
-
-```bash
-pnpm storybook --port 6007
-```
-
 ### General Environment Variables

 | Name                             | Description                                                                                                                                                                                                          |
@@ -96,6 +82,15 @@ pnpm storybook --port 6007
 | `NEXT_PUBLIC_NHOST_HASURA_MIGRATIONS_API_URL` | The URL of Hasura's Migrations service. When working locally, point it to the Migrations service started by the CLI.                                                                                   |
 | `NEXT_PUBLIC_NHOST_HASURA_API_URL`            | The URL of Hasura's Schema and Metadata API. When working locally, point it to the Schema and Metadata API started by the CLI. When self-hosting, point it to the self-hosted Schema and Metadata API. |

+### Content Security Policy (CSP) Configuration
+
+The dashboard supports build-time CSP configuration to enable self-hosted deployments on custom domains.
+
+| Name         | Description                                                                                                                                                                                                                              |
+| ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `CSP_MODE`   | Controls CSP behavior. Options: `nhost` (default, uses Nhost Cloud CSP), `disabled` (no CSP headers), `custom` (use custom CSP via `CSP_HEADER`). For self-hosted deployments on custom domains, set to `disabled` or `custom`.          |
+| `CSP_HEADER` | Custom Content Security Policy header value. Only used when `CSP_MODE=custom`. Should be a complete CSP string (e.g., `default-src 'self'; script-src 'self' 'unsafe-eval'; ...`).                                                       |
+
 ### Other Environment Variables

 | Name                                    | Description                                                                                 |
--- a/dashboard/next.config.js
+++ b/dashboard/next.config.js
@@ -4,21 +4,31 @@ const withBundleAnalyzer = require('@next/bundle-analyzer')({
 });
 const { version } = require('./package.json');

-const cspHeader = `
-    default-src 'self' *.nhost.run wss://*.nhost.run nhost.run wss://nhost.run;
-    script-src 'self' 'unsafe-eval' cdn.segment.com js.stripe.com challenges.cloudflare.com googletagmanager.com;
-    connect-src 'self' *.nhost.run wss://*.nhost.run nhost.run wss://nhost.run discord.com api.segment.io api.segment.com cdn.segment.com nhost.zendesk.com;
-    style-src 'self' 'unsafe-inline';
-    img-src 'self' blob: data: github.com avatars.githubusercontent.com s.gravatar.com *.nhost.run nhost.run;
-    font-src 'self' data:;
-    object-src 'none';
-    base-uri 'self';
-    form-action 'self';
-    frame-ancestors 'none';
-    frame-src 'self' js.stripe.com challenges.cloudflare.com;
-    block-all-mixed-content;
-    upgrade-insecure-requests;
-`;
+function getCspHeader() {
+  switch (process.env.CSP_MODE) {
+    case 'disabled':
+      return null;
+    case 'custom':
+      return process.env.CSP_HEADER || null;
+    case 'nhost':
+    default:
+      return [
+        "default-src 'self' *.nhost.run wss://*.nhost.run nhost.run wss://nhost.run",
+        "script-src 'self' 'unsafe-eval' cdn.segment.com js.stripe.com challenges.cloudflare.com googletagmanager.com",
+        "connect-src 'self' *.nhost.run wss://*.nhost.run nhost.run wss://nhost.run discord.com api.segment.io api.segment.com cdn.segment.com nhost.zendesk.com",
+        "style-src 'self' 'unsafe-inline'",
+        "img-src 'self' blob: data: github.com avatars.githubusercontent.com s.gravatar.com *.nhost.run nhost.run",
+        "font-src 'self' data:",
+        "object-src 'none'",
+        "base-uri 'self'",
+        "form-action 'self'",
+        "frame-ancestors 'none'",
+        "frame-src 'self' js.stripe.com challenges.cloudflare.com",
+        "block-all-mixed-content",
+        "upgrade-insecure-requests",
+      ].join('; ') + ';';
+  }
+}

 module.exports = withBundleAnalyzer({
  reactStrictMode: false,
@@ -34,13 +44,19 @@ module.exports = withBundleAnalyzer({
    dirs: ['src'],
  },
  async headers() {
+    const cspHeader = getCspHeader();
+
+    if (!cspHeader) {
+      return []; // No CSP headers
+    }
+
    return [
      {
-        source: '/(.*)',
+        source: '/:path*',
        headers: [
          {
            key: 'Content-Security-Policy',
-            value: cspHeader.replace(/\s+/g, ' ').trim(),
+            value: cspHeader,
          },
          {
            key: 'X-Frame-Options',
--- a/dashboard/package.json
+++ b/dashboard/package.json
@@ -9,15 +9,14 @@
    "analyze": "ANALYZE=true pnpm build --no-lint",
    "start": "next start",
    "lint": "next lint --max-warnings 0",
-    "test": "vitest --run",
+    "test": "pnpm lint && pnpm test:vitest",
+    "test:vitest": "vitest --run",
    "test:watch": "vitest",
    "generate": "echo 'This needs to be fixed.'",
    "codegen": "DOTENV_CONFIG_PATH=./.env.local graphql-codegen -r dotenv/config --config graphql.config.yaml --errors-only",
    "codegen-graphite": "graphql-codegen --config graphite.graphql.config.yaml --errors-only",
    "codegen-hasura-api": "orval --config src/utils/hasura-api/orval.config.ts",
    "format": "prettier --write \"src/**/*.{js,ts,tsx,jsx,json,md}\" --plugin-search-dir=.",
-    "storybook": "start-storybook -p 6006 -s public",
-    "build-storybook": "build-storybook",
    "install-browsers": "pnpm playwright install && pnpm playwright install-deps",
    "e2e:tests": "pnpm playwright test --config=playwright.config.ts -x",
    "e2e": "pnpm e2e:tests --project=main",
@@ -111,7 +110,6 @@
    "react-hot-toast": "^2.4.1",
    "react-intersection-observer": "^9.8.1",
    "react-is": "18.2.0",
-    "react-loading-skeleton": "^2.2.0",
    "react-markdown": "^9.0.1",
    "react-merge-refs": "^3.0.2",
    "react-resizable-layout": "^0.7.2",
@@ -136,21 +134,12 @@
    "@babel/core": "^7.24.3",
    "@eslint/js": "9.26.0",
    "@faker-js/faker": "^7.6.0",
-    "@graphql-codegen/cli": "^5.0.2",
+    "@graphql-codegen/cli": "^6.0.0",
    "@graphql-codegen/typescript": "^3.0.4",
    "@graphql-codegen/typescript-operations": "^3.0.4",
    "@graphql-codegen/typescript-react-apollo": "^3.3.7",
    "@next/bundle-analyzer": "^12.3.4",
    "@playwright/test": "1.54.1",
-    "@storybook/addon-actions": "^6.5.16",
-    "@storybook/addon-essentials": "^6.5.16",
-    "@storybook/addon-interactions": "^6.5.16",
-    "@storybook/addon-links": "^6.5.16",
-    "@storybook/addon-postcss": "^2.0.0",
-    "@storybook/builder-webpack5": "^6.5.16",
-    "@storybook/manager-webpack5": "^6.5.16",
-    "@storybook/react": "^7.6.17",
-    "@storybook/testing-library": "^0.2.2",
    "@tailwindcss/typography": "^0.5.12",
    "@testing-library/dom": "^9.3.4",
    "@testing-library/jest-dom": "^5.17.0",
@@ -160,7 +149,7 @@
    "@types/bcryptjs": "^2.4.6",
    "@types/jest": "^29.5.12",
    "@types/lodash.debounce": "^4.0.9",
-    "@types/node": "^16.18.93",
+    "@types/node": "^20.14.8",
    "@types/pluralize": "^0.0.30",
    "@types/react": "18.2.73",
    "@types/react-dom": "^18.2.23",
@@ -170,8 +159,8 @@
    "@types/validator": "^13.11.9",
    "@typescript-eslint/eslint-plugin": "^6.21.0",
    "@typescript-eslint/parser": "^6.21.0",
-    "@vitejs/plugin-react": "^4.2.1",
-    "@vitest/coverage-v8": "^0.32.4",
+    "@vitejs/plugin-react": "^4.7.0",
+    "@vitest/coverage-v8": "^3.2.4",
    "audit-ci": "^6.6.1",
    "autoprefixer": "^10.4.19",
    "babel-loader": "^8.3.0",
@@ -195,24 +184,21 @@
    "eslint-plugin-vue": "^9.26.0",
    "jsdom": "^22.1.0",
    "lint-staged": "^15.2.2",
-    "msw": "^1.3.5",
-    "msw-storybook-addon": "^1.10.0",
+    "msw": "^2.11.4",
    "node-fetch": "^3.3.2",
    "orval": "^7.11.2",
    "postcss": "^8.4.38",
    "prettier": "^3.4.2",
    "prettier-plugin-organize-imports": "^4.1.0",
    "prettier-plugin-tailwindcss": "^0.6.11",
-    "react-date-fns-hooks": "^0.9.4",
    "require-from-string": "^2.0.2",
    "snake-case": "^3.0.4",
-    "storybook-addon-next-router": "^4.0.2",
    "tailwindcss": "^3.4.12",
    "ts-node": "^10.9.2",
    "tsconfig-paths-webpack-plugin": "^4.1.0",
-    "vite": "^5.4.20",
+    "vite": "^5.4.21",
    "vite-tsconfig-paths": "^4.3.2",
-    "vitest": "^0.32.4"
+    "vitest": "^3.2.4"
  },
  "browserslist": {
    "production": [
@@ -243,6 +229,9 @@
          "@lezer/highlight": "^1.0.0"
        }
      }
+    },
+    "overrides": {
+      "esbuild@<=0.24.2": ">=0.25.0"
    }
  }
 }
--- a/dashboard/pnpm-lock.yaml
+++ b/dashboard/pnpm-lock.yaml
--- a/dashboard/project.nix
+++ b/dashboard/project.nix
@@ -66,7 +66,6 @@ let
      "${submodule}/tsconfig.test.json"
      "${submodule}/vitest.config.ts"
      "${submodule}/vitest.global-setup.ts"
-      (inDirectory "${submodule}/.storybook")
      (inDirectory "${submodule}/e2e")
      (inDirectory "${submodule}/public")
      (inDirectory "${submodule}/src")
@@ -167,6 +166,12 @@ rec {
    '';
  };

+  packageWithDisabledCSP = package.overrideAttrs (oldAttrs: {
+    configurePhase = oldAttrs.configurePhase + ''
+      export CSP_MODE=disabled
+    '';
+  });
+
  dockerImage = pkgs.runCommand "image-as-dir" { } ''
    ${(nix2containerPkgs.nix2container.buildImage {
      inherit name created;
@@ -176,7 +181,7 @@ rec {
      copyToRoot = pkgs.buildEnv {
        name = "image";
        paths = [
-          package
+          packageWithDisabledCSP
          (pkgs.writeTextFile {
            name = "tmp-file";
            text = ''
@@ -213,5 +218,3 @@ rec {
    }).copyTo}/bin/copy-to dir:$out
  '';
 }
-
-
--- a/dashboard/src/components/layout/AuthenticatedLayout/AuthenticatedLayout.tsx
+++ b/dashboard/src/components/layout/AuthenticatedLayout/AuthenticatedLayout.tsx
@@ -127,14 +127,14 @@ export default function AuthenticatedLayout({
        className="relative flex h-full flex-row overflow-hidden"
        ref={setMainNavContainer}
      >
-        {mainNavPinned && isMdOrLarger && <PinnedMainNav />}
+        {withMainNav && mainNavPinned && isMdOrLarger && <PinnedMainNav />}

        <div
          className={cn('relative flex h-full w-full flex-row bg-accent', {
            'overflow-x-auto': mainNavPinned && isMdOrLarger && withMainNav,
          })}
        >
-          {(!mainNavPinned || !isMdOrLarger) && (
+          {withMainNav && (!mainNavPinned || !isMdOrLarger) && (
            <div className="flex h-full w-6 justify-center">
              <MainNav container={mainNavContainer} />
            </div>
--- a/dashboard/src/components/presentational/ReadOnlyToggle/ReadOnlyToggle.stories.tsx
+++ b/dashboard/src/components/presentational/ReadOnlyToggle/ReadOnlyToggle.stories.tsx
@@ -1,48 +0,0 @@
-import type { ComponentMeta, ComponentStory } from '@storybook/react';
-import type { PropsWithoutRef } from 'react';
-
-import type { ReadOnlyToggleProps } from './ReadOnlyToggle';
-import ReadOnlyToggle from './ReadOnlyToggle';
-
-export default {
-  title: 'Common Components / ReadOnlyToggle',
-  component: ReadOnlyToggle,
-  argTypes: {
-    checked: {
-      options: [null, true, false],
-      control: { type: 'radio' },
-    },
-  },
-} as ComponentMeta<typeof ReadOnlyToggle>;
-
-const Template: ComponentStory<typeof ReadOnlyToggle> = function Template(
-  args: PropsWithoutRef<ReadOnlyToggleProps>,
-) {
-  return <ReadOnlyToggle {...args} />;
-};
-
-export const Null = Template.bind({});
-Null.args = {
-  checked: null,
-};
-
-export const True = Template.bind({});
-True.args = {
-  checked: true,
-};
-
-export const False = Template.bind({});
-False.args = {
-  checked: false,
-};
-
-export const CustomClasses = Template.bind({});
-CustomClasses.args = {
-  checked: true,
-  className: '!bg-red-500',
-  slotProps: {
-    label: {
-      className: '!text-sm !text-white',
-    },
-  },
-};
--- a/dashboard/src/components/ui/v2/Button/Button.stories.tsx
+++ b/dashboard/src/components/ui/v2/Button/Button.stories.tsx
@@ -1,125 +0,0 @@
-import { PlusCircleIcon } from '@/components/ui/v2/icons/PlusCircleIcon';
-import { PlusIcon } from '@/components/ui/v2/icons/PlusIcon';
-import type { Meta, StoryFn } from '@storybook/react';
-import type { ButtonProps } from './Button';
-import Button from './Button';
-
-export default {
-  title: 'UI Library / Button',
-  component: Button,
-  argTypes: {
-    variant: {
-      options: ['contained', 'outlined', 'borderless'],
-      control: { type: 'radio' },
-    },
-    color: {
-      options: ['primary', 'secondary', 'error'],
-      control: { type: 'radio' },
-    },
-    disabled: {
-      control: { type: 'boolean' },
-    },
-    size: {
-      options: ['small', 'medium', 'large'],
-      control: { type: 'radio' },
-    },
-  },
-} as Meta<typeof Button>;
-
-const Template: StoryFn<ButtonProps> = function TemplateFunction(
-  args: ButtonProps,
-) {
-  return <Button {...args} />;
-};
-
-export const Primary = Template.bind({});
-Primary.args = {
-  children: 'Button',
-  color: 'primary',
-};
-
-export const PrimaryOutlined = Template.bind({});
-PrimaryOutlined.args = {
-  children: 'Button',
-  variant: 'outlined',
-  color: 'primary',
-};
-
-export const PrimaryBorderless = Template.bind({});
-PrimaryBorderless.args = {
-  children: 'Button',
-  variant: 'borderless',
-  color: 'primary',
-};
-
-export const Secondary = Template.bind({});
-Secondary.args = {
-  children: 'Button',
-  color: 'secondary',
-};
-
-export const SecondaryOutlined = Template.bind({});
-SecondaryOutlined.args = {
-  children: 'Button',
-  variant: 'outlined',
-  color: 'secondary',
-};
-
-export const SecondaryBorderless = Template.bind({});
-SecondaryBorderless.args = {
-  children: 'Button',
-  variant: 'borderless',
-  color: 'secondary',
-};
-
-export const Danger = Template.bind({});
-Danger.args = {
-  children: 'Button',
-  color: 'error',
-};
-
-export const DangerOutlined = Template.bind({});
-DangerOutlined.args = {
-  children: 'Button',
-  variant: 'outlined',
-  color: 'error',
-};
-
-export const DangerBorderless = Template.bind({});
-DangerBorderless.args = {
-  children: 'Button',
-  variant: 'borderless',
-  color: 'error',
-};
-
-export const Small = Template.bind({});
-Small.args = {
-  children: 'Button',
-  variant: 'contained',
-  color: 'primary',
-  size: 'small',
-};
-
-export const Large = Template.bind({});
-Large.args = {
-  children: 'Button',
-  variant: 'contained',
-  color: 'primary',
-  size: 'large',
-};
-
-export const WithStartIcon = Template.bind({});
-WithStartIcon.args = {
-  children: 'Button',
-  variant: 'contained',
-  color: 'primary',
-  startIcon: <PlusIcon />,
-};
-
-export const WithEndIcon = Template.bind({});
-WithEndIcon.args = {
-  children: 'Button',
-  variant: 'contained',
-  color: 'primary',
-  endIcon: <PlusCircleIcon />,
-};
--- a/dashboard/src/components/ui/v2/Chip/Chip.stories.tsx
+++ b/dashboard/src/components/ui/v2/Chip/Chip.stories.tsx
@@ -1,86 +0,0 @@
-import { XIcon } from '@/components/ui/v2/icons/XIcon';
-import type { ComponentMeta, ComponentStory } from '@storybook/react';
-import type { ChipProps } from './Chip';
-import Chip from './Chip';
-
-export default {
-  title: 'UI Library / Chip',
-  component: Chip,
-  argTypes: {
-    variant: {
-      options: ['contained', 'outlined'],
-      control: { type: 'radio' },
-    },
-    color: {
-      options: ['primary', 'secondary', 'error', 'info'],
-      control: { type: 'radio' },
-    },
-    disabled: {
-      control: { type: 'boolean' },
-    },
-    size: {
-      options: ['small', 'medium'],
-      control: { type: 'radio' },
-    },
-  },
-} as ComponentMeta<typeof Chip>;
-
-const Template: ComponentStory<typeof Chip> = function Template(
-  args: ChipProps,
-) {
-  return <Chip {...args} />;
-};
-
-export const Primary = Template.bind({});
-Primary.args = {
-  label: 'Chip',
-  color: 'primary',
-};
-
-export const PrimaryOutlined = Template.bind({});
-PrimaryOutlined.args = {
-  label: 'Chip',
-  variant: 'outlined',
-  color: 'primary',
-};
-
-export const Secondary = Template.bind({});
-Secondary.args = {
-  label: 'Chip',
-  color: 'secondary',
-};
-
-export const SecondaryOutlined = Template.bind({});
-SecondaryOutlined.args = {
-  label: 'Chip',
-  variant: 'outlined',
-  color: 'secondary',
-};
-
-export const Danger = Template.bind({});
-Danger.args = {
-  label: 'Chip',
-  color: 'error',
-};
-
-export const DangerOutlined = Template.bind({});
-DangerOutlined.args = {
-  label: 'Chip',
-  variant: 'outlined',
-  color: 'error',
-};
-
-export const Small = Template.bind({});
-Small.args = {
-  label: 'Chip',
-  color: 'primary',
-  size: 'small',
-};
-
-export const WithDeleteIcon = Template.bind({});
-WithDeleteIcon.args = {
-  label: 'Chip',
-  color: 'primary',
-  deleteIcon: <XIcon />,
-  onDelete: () => {},
-};
--- a/dashboard/src/components/ui/v2/Select/Select.stories.tsx
+++ b/dashboard/src/components/ui/v2/Select/Select.stories.tsx
@@ -1,38 +0,0 @@
-import { Option } from '@/components/ui/v2/Option';
-import type { Meta, StoryFn } from '@storybook/react';
-import type { SelectProps } from './Select';
-import Select from './Select';
-
-export default {
-  title: 'UI Library / Select',
-  component: Select,
-  argTypes: {},
-} as Meta<typeof Select>;
-
-const Template: StoryFn<SelectProps<any>> = function TemplateFunction(args) {
-  return (
-    <Select className="w-64" {...args}>
-      <Option value="value1">Value 1</Option>
-      <Option value="value2">Value 2</Option>
-      <Option value="value3">Value 3</Option>
-      <Option value="value4">Value 4</Option>
-    </Select>
-  );
-};
-
-export const Default = Template.bind({});
-Default.args = {
-  defaultValue: 'value1',
-};
-
-export const WithLabel = Template.bind({});
-WithLabel.args = {
-  label: 'Label',
-};
-
-export const Disabled = Template.bind({});
-Disabled.args = {
-  label: 'Label',
-  disabled: true,
-  defaultValue: 'value1',
-};
--- a/dashboard/src/components/ui/v2/Switch/Switch.stories.tsx
+++ b/dashboard/src/components/ui/v2/Switch/Switch.stories.tsx
@@ -1,28 +0,0 @@
-import type { Meta, StoryFn } from '@storybook/react';
-import type { SwitchProps } from './Switch';
-import Switch from './Switch';
-
-export default {
-  title: 'UI Library / Switch',
-  component: Switch,
-  argTypes: {},
-} as Meta<typeof Switch>;
-
-const Template: StoryFn<SwitchProps> = function TemplateFunction(
-  args: SwitchProps,
-) {
-  return <Switch label="Accept Rules" {...args} />;
-};
-
-export const Default = Template.bind({});
-Default.args = {};
-
-export const Checked = Template.bind({});
-Checked.args = {
-  checked: true,
-};
-
-export const Disabled = Template.bind({});
-Disabled.args = {
-  disabled: true,
-};
--- a/dashboard/src/features/orgs/projects/authentication/settings/components/AppleProviderSettings/AppleProviderSettings.tsx
+++ b/dashboard/src/features/orgs/projects/authentication/settings/components/AppleProviderSettings/AppleProviderSettings.tsx
@@ -176,7 +176,7 @@ export default function AppleProviderSettings() {
              loading: formState.isSubmitting,
            },
          }}
-          docsLink="https://docs.nhost.io/products/auth/social/sign-in-apple"
+          docsLink="https://docs.nhost.io/products/auth/providers/sign-in-apple"
          docsTitle="how to sign in users with Apple"
          icon={
            theme.palette.mode === 'dark'
--- a/dashboard/src/features/orgs/projects/authentication/settings/components/DiscordProviderSettings/DiscordProviderSettings.tsx
+++ b/dashboard/src/features/orgs/projects/authentication/settings/components/DiscordProviderSettings/DiscordProviderSettings.tsx
@@ -141,7 +141,7 @@ export default function DiscordProviderSettings() {
              loading: formState.isSubmitting,
            },
          }}
-          docsLink="https://docs.nhost.io/products/auth/social/sign-in-discord"
+          docsLink="https://docs.nhost.io/products/auth/providers/sign-in-discord"
          docsTitle="how to sign in users with Discord"
          icon="/assets/brands/discord.svg"
          switchId="enabled"
--- a/dashboard/src/features/orgs/projects/authentication/settings/components/FacebookProviderSettings/FacebookProviderSettings.tsx
+++ b/dashboard/src/features/orgs/projects/authentication/settings/components/FacebookProviderSettings/FacebookProviderSettings.tsx
@@ -142,7 +142,7 @@ export default function FacebookProviderSettings() {
              loading: formState.isSubmitting,
            },
          }}
-          docsLink="https://docs.nhost.io/products/auth/social/sign-in-facebook"
+          docsLink="https://docs.nhost.io/products/auth/providers/sign-in-facebook"
          docsTitle="how to sign in users with Facebook"
          icon="/assets/brands/facebook.svg"
          switchId="enabled"
--- a/dashboard/src/features/orgs/projects/authentication/settings/components/GitHubProviderSettings/GitHubProviderSettings.tsx
+++ b/dashboard/src/features/orgs/projects/authentication/settings/components/GitHubProviderSettings/GitHubProviderSettings.tsx
@@ -144,7 +144,7 @@ export default function GitHubProviderSettings() {
              loading: formState.isSubmitting,
            },
          }}
-          docsLink="https://docs.nhost.io/products/auth/social/sign-in-github"
+          docsLink="https://docs.nhost.io/products/auth/providers/sign-in-github"
          docsTitle="how to sign in users with GitHub"
          icon={
            theme.palette.mode === 'dark'
--- a/dashboard/src/features/orgs/projects/authentication/settings/components/GoogleProviderSettings/GoogleProviderSettings.tsx
+++ b/dashboard/src/features/orgs/projects/authentication/settings/components/GoogleProviderSettings/GoogleProviderSettings.tsx
@@ -162,7 +162,7 @@ export default function GoogleProviderSettings() {
              loading: formState.isSubmitting,
            },
          }}
-          docsLink="https://docs.nhost.io/products/auth/social/sign-in-google"
+          docsLink="https://docs.nhost.io/products/auth/providers/sign-in-google"
          docsTitle="how to sign in users with Google"
          icon="/assets/brands/google.svg"
          switchId="enabled"
--- a/dashboard/src/features/orgs/projects/authentication/settings/components/LinkedInProviderSettings/LinkedInProviderSettings.tsx
+++ b/dashboard/src/features/orgs/projects/authentication/settings/components/LinkedInProviderSettings/LinkedInProviderSettings.tsx
@@ -142,7 +142,7 @@ export default function LinkedInProviderSettings() {
              loading: formState.isSubmitting,
            },
          }}
-          docsLink="https://docs.nhost.io/products/auth/social/sign-in-linkedin"
+          docsLink="https://docs.nhost.io/products/auth/providers/sign-in-linkedin"
          docsTitle="how to sign in users with LinkedIn"
          icon="/assets/brands/linkedin.svg"
          switchId="enabled"
--- a/dashboard/src/features/orgs/projects/authentication/settings/components/SpotifyProviderSettings/SpotifyProviderSettings.tsx
+++ b/dashboard/src/features/orgs/projects/authentication/settings/components/SpotifyProviderSettings/SpotifyProviderSettings.tsx
@@ -142,7 +142,7 @@ export default function SpotifyProviderSettings() {
              loading: formState.isSubmitting,
            },
          }}
-          docsLink="https://docs.nhost.io/products/auth/social/sign-in-spotify"
+          docsLink="https://docs.nhost.io/products/auth/providers/sign-in-spotify"
          docsTitle="how to sign in users with Spotify"
          icon="/assets/brands/spotify.svg"
          switchId="enabled"
--- a/dashboard/src/features/orgs/projects/authentication/settings/components/TwitchProviderSettings/TwitchProviderSettings.tsx
+++ b/dashboard/src/features/orgs/projects/authentication/settings/components/TwitchProviderSettings/TwitchProviderSettings.tsx
@@ -144,7 +144,7 @@ export default function TwitchProviderSettings() {
              loading: formState.isSubmitting,
            },
          }}
-          docsLink="https://docs.nhost.io/products/auth/social/sign-in-twitch"
+          docsLink="https://docs.nhost.io/products/auth/providers/sign-in-twitch"
          docsTitle="how to sign in users with Twitch"
          icon={
            theme.palette.mode === 'dark'
--- a/dashboard/src/features/orgs/projects/authentication/settings/components/WorkOsProviderSettings/WorkOsProviderSettings.tsx
+++ b/dashboard/src/features/orgs/projects/authentication/settings/components/WorkOsProviderSettings/WorkOsProviderSettings.tsx
@@ -177,7 +177,7 @@ export default function WorkOsProviderSettings() {
              loading: formState.isSubmitting,
            },
          }}
-          docsLink="https://docs.nhost.io/products/auth/social/sign-in-workos"
+          docsLink="https://docs.nhost.io/products/auth/providers/sign-in-workos"
          docsTitle="how to sign in users with WorkOS"
          icon="/assets/brands/workos.svg"
          switchId="enabled"
--- a/dashboard/src/features/orgs/projects/database/dataGrid/components/ColumnAutocomplete/ColumnAutocomplete.stories.tsx
+++ b/dashboard/src/features/orgs/projects/database/dataGrid/components/ColumnAutocomplete/ColumnAutocomplete.stories.tsx
@@ -1,126 +0,0 @@
-import { Form } from '@/components/form/Form';
-import { Button } from '@/components/ui/v2/Button';
-import { Text } from '@/components/ui/v2/Text';
-import hasuraMetadataQuery from '@/tests/msw/mocks/rest/hasuraMetadataQuery';
-import tableQuery from '@/tests/msw/mocks/rest/tableQuery';
-import tokenQuery from '@/tests/msw/mocks/rest/tokenQuery';
-import type { ComponentMeta, ComponentStory } from '@storybook/react';
-import { useState } from 'react';
-import { FormProvider, useForm } from 'react-hook-form';
-import type { ColumnAutocompleteProps } from './ColumnAutocomplete';
-import ColumnAutocomplete from './ColumnAutocomplete';
-
-export default {
-  title: 'Data Browser / ColumnAutocomplete',
-  component: ColumnAutocomplete,
-  parameters: {
-    docs: {
-      source: {
-        type: 'code',
-      },
-    },
-  },
-} as ComponentMeta<typeof ColumnAutocomplete>;
-
-const defaultParameters = {
-  nextRouter: {
-    path: '/[workspaceSlug]/[appSlug]/database/browser/[dataSourceSlug]/[schemaSlug]/[tableSlug]',
-    asPath: '/workspace/app/database/browser/default/public/users',
-    query: {
-      workspaceSlug: 'workspace',
-      appSlug: 'app',
-      dataSourceSlug: 'default',
-      schemaSlug: 'public',
-      tableSlug: 'books',
-    },
-  },
-  msw: {
-    handlers: [tokenQuery, tableQuery, hasuraMetadataQuery],
-  },
-};
-
-const Template: ComponentStory<typeof ColumnAutocomplete> = function Template(
-  args: ColumnAutocompleteProps,
-) {
-  const [submittedValues, setSubmittedValues] = useState<string>('');
-
-  const form = useForm<{ firstReference: string; secondReference: string }>({
-    defaultValues: {
-      firstReference: null as any,
-      secondReference: null as any,
-    },
-  });
-
-  function handleSubmit(values: {
-    firstReference: string;
-    secondReference: string;
-  }) {
-    setSubmittedValues(JSON.stringify(values, null, 2));
-  }
-
-  return (
-    <div className="grid grid-flow-row gap-2">
-      <FormProvider {...form}>
-        <Form onSubmit={handleSubmit} className="grid grid-flow-row gap-2">
-          <ColumnAutocomplete
-            {...args}
-            onChange={(newValue) =>
-              form.setValue('firstReference', newValue.value, {
-                shouldDirty: true,
-              })
-            }
-            onInitialized={(newValue) => {
-              form.setValue('firstReference', newValue.value, {
-                shouldDirty: true,
-              });
-            }}
-          />
-          <ColumnAutocomplete
-            {...args}
-            onChange={(newValue) =>
-              form.setValue('secondReference', newValue.value, {
-                shouldDirty: true,
-              })
-            }
-            onInitialized={(newValue) => {
-              form.setValue('secondReference', newValue.value, {
-                shouldDirty: true,
-              });
-            }}
-          />
-
-          <Button type="submit" className="justify-self-start">
-            Submit
-          </Button>
-        </Form>
-      </FormProvider>
-
-      <Text component="pre" className="!font-mono !text-gray-700">
-        {submittedValues || 'The form has not been submitted yet.'}
-      </Text>
-    </div>
-  );
-};
-
-export const Basic = Template.bind({});
-Basic.args = {
-  schema: 'public',
-  table: 'books',
-};
-Basic.parameters = defaultParameters;
-
-export const DefaultValue = Template.bind({});
-DefaultValue.args = {
-  schema: 'public',
-  table: 'books',
-  value: 'author.id',
-};
-DefaultValue.parameters = defaultParameters;
-
-export const DisabledRelationships = Template.bind({});
-DisabledRelationships.args = {
-  schema: 'public',
-  table: 'books',
-  disableRelationships: true,
-};
-DisabledRelationships.parameters = defaultParameters;
--- a/dashboard/src/features/orgs/projects/database/dataGrid/components/EditPermissionsForm/sections/RowPermissionSection.test.tsx
+++ b/dashboard/src/features/orgs/projects/database/dataGrid/components/EditPermissionsForm/sections/RowPermissionSection.test.tsx
@@ -127,6 +127,10 @@ describe('RowPermissionsSection', () => {
    process.env.NEXT_PUBLIC_ENV = 'dev';
    server.listen();
  });
+  beforeEach(() => {
+    server.restoreHandlers();
+    server.resetHandlers();
+  });

  afterAll(() => {
    server.close();
--- a/dashboard/src/features/orgs/projects/database/dataGrid/components/RuleGroupEditor/RuleGroupEditor.stories.tsx
+++ b/dashboard/src/features/orgs/projects/database/dataGrid/components/RuleGroupEditor/RuleGroupEditor.stories.tsx
@@ -1,90 +0,0 @@
-import { Form } from '@/components/form/Form';
-import { Button } from '@/components/ui/v2/Button';
-import { Text } from '@/components/ui/v2/Text';
-import type { RuleGroup } from '@/features/orgs/projects/database/dataGrid/types/dataBrowser';
-import permissionVariablesQuery from '@/tests/msw/mocks/graphql/permissionVariablesQuery';
-import hasuraMetadataQuery from '@/tests/msw/mocks/rest/hasuraMetadataQuery';
-import tableQuery from '@/tests/msw/mocks/rest/tableQuery';
-import type { ComponentMeta, ComponentStory } from '@storybook/react';
-import { useState } from 'react';
-import { FormProvider, useForm } from 'react-hook-form';
-import type { RuleGroupEditorProps } from './RuleGroupEditor';
-import RuleGroupEditor from './RuleGroupEditor';
-
-export default {
-  title: 'Data Browser / RuleGroupEditor',
-  component: RuleGroupEditor,
-  parameters: {
-    docs: {
-      source: {
-        type: 'code',
-      },
-    },
-  },
-} as ComponentMeta<typeof RuleGroupEditor>;
-
-const defaultParameters = {
-  nextRouter: {
-    path: '/[workspaceSlug]/[appSlug]/database/browser/[dataSourceSlug]/[schemaSlug]/[tableSlug]',
-    asPath: '/workspace/app/database/browser/default/public/users',
-    query: {
-      workspaceSlug: 'workspace',
-      appSlug: 'app',
-      dataSourceSlug: 'default',
-      schemaSlug: 'public',
-      tableSlug: 'books',
-    },
-  },
-  msw: {
-    handlers: [tableQuery, hasuraMetadataQuery, permissionVariablesQuery],
-  },
-};
-
-const Template: ComponentStory<typeof RuleGroupEditor> = function Template(
-  args: RuleGroupEditorProps,
-) {
-  const [submittedValues, setSubmittedValues] = useState<string>();
-
-  const form = useForm<{ ruleGroupEditor: RuleGroup }>({
-    defaultValues: {
-      ruleGroupEditor: {
-        operator: '_and',
-        rules: [{ column: '', operator: '_eq', value: '' }],
-        groups: [],
-      },
-    },
-    reValidateMode: 'onSubmit',
-  });
-
-  function handleSubmit(values: { ruleGroupEditor: RuleGroup }) {
-    setSubmittedValues(JSON.stringify(values, null, 2));
-  }
-
-  // note: Storybook passes `onRemove` as a prop, but we don't want to use it
-  return (
-    <div className="grid grid-flow-row gap-2">
-      <FormProvider {...form}>
-        <Form onSubmit={handleSubmit} className="grid grid-flow-row gap-2">
-          <RuleGroupEditor
-            {...args}
-            schema="public"
-            table="books"
-            name="ruleGroupEditor"
-          />
-
-          <Button type="submit" className="justify-self-start">
-            Submit
-          </Button>
-        </Form>
-      </FormProvider>
-
-      <Text component="pre" className="!font-mono !text-gray-700">
-        {submittedValues || 'The form has not been submitted yet.'}
-      </Text>
-    </div>
-  );
-};
-
-export const Default = Template.bind({});
-Default.args = {};
-Default.parameters = defaultParameters;
--- a/dashboard/src/features/orgs/projects/database/dataGrid/hooks/useManagePermissionMutation/managePermission.test.ts
+++ b/dashboard/src/features/orgs/projects/database/dataGrid/hooks/useManagePermissionMutation/managePermission.test.ts
@@ -1,4 +1,4 @@
-import { rest } from 'msw';
+import { http, HttpResponse } from 'msw';
 import { setupServer } from 'msw/node';
 import type { ManagePermissionOptions } from './managePermission';
 import managePermission from './managePermission';
@@ -12,9 +12,7 @@ const defaultParameters: ManagePermissionOptions = {
 };

 const server = setupServer(
-  rest.post('http://localhost:1337/v1/metadata', (_req, res, ctx) =>
-    res(ctx.json({})),
-  ),
+  http.post('http://localhost:1337/v1/metadata', () => HttpResponse.json({})),
 );

 beforeAll(() => server.listen());
--- a/dashboard/src/features/orgs/projects/database/dataGrid/hooks/useRunSQL/useRunSQL.ts
+++ b/dashboard/src/features/orgs/projects/database/dataGrid/hooks/useRunSQL/useRunSQL.ts
@@ -3,7 +3,7 @@ import { generateAppServiceUrl } from '@/features/orgs/projects/common/utils/gen
 import { useDatabaseQuery } from '@/features/orgs/projects/database/dataGrid/hooks/useDatabaseQuery';
 import { useProject } from '@/features/orgs/projects/hooks/useProject';
 import { getToastStyleProps } from '@/utils/constants/settings';
-import { getHasuraAdminSecret } from '@/utils/env';
+import { getHasuraAdminSecret, getHasuraMigrationsApiUrl } from '@/utils/env';
 import { parseIdentifiersFromSQL } from '@/utils/sql';
 import { useRouter } from 'next/router';
 import { useState } from 'react';
@@ -53,7 +53,10 @@ export default function useRunSQL(
    isCascade: boolean,
  ) => {
    try {
-      const migrationApiResponse = await fetch(`${appUrl}/apis/migrate`, {
+      const url = isPlatform
+        ? `${appUrl}/apis/migrate`
+        : getHasuraMigrationsApiUrl();
+      const migrationApiResponse = await fetch(url, {
        method: 'POST',
        headers: { 'x-hasura-admin-secret': adminSecret },
        body: JSON.stringify({
--- a/dashboard/src/features/orgs/projects/database/dataGrid/hooks/useTrackForeignKeyRelationsMutation/prepareTrackForeignKeyRelationsMetadata.test.ts
+++ b/dashboard/src/features/orgs/projects/database/dataGrid/hooks/useTrackForeignKeyRelationsMutation/prepareTrackForeignKeyRelationsMetadata.test.ts
@@ -1,5 +1,5 @@
 import type { HasuraMetadata } from '@/features/orgs/projects/database/dataGrid/types/dataBrowser';
-import { rest } from 'msw';
+import { http, HttpResponse } from 'msw';
 import { setupServer } from 'msw/node';
 import prepareTrackForeignKeyRelationsMetadata from './prepareTrackForeignKeyRelationsMetadata';

@@ -28,11 +28,8 @@ const testMetadataResponse: { metadata: HasuraMetadata } = {
 };

 const metadataHandlers = [
-  rest.post(`${APP_URL}/v1/metadata`, (_req, res, ctx) =>
-    res(
-      ctx.status(200),
-      ctx.json<{ metadata: HasuraMetadata }>(testMetadataResponse),
-    ),
+  http.post(`${APP_URL}/v1/metadata`, () =>
+    HttpResponse.json(testMetadataResponse),
  ),
 ];

@@ -131,56 +128,53 @@ test('should only prepare a one-to-one relationship if the table does not have a

 test('should drop existing relationships and prepare a new one-to-many relationship', async () => {
  server.use(
-    rest.post(`${APP_URL}/v1/metadata`, (_req, res, ctx) =>
-      res(
-        ctx.status(200),
-        ctx.json<{ metadata: HasuraMetadata }>({
-          ...testMetadataResponse,
-          metadata: {
-            ...testMetadataResponse.metadata,
-            sources: [
-              {
-                ...testMetadataResponse.metadata.sources[0],
-                tables: [
-                  {
-                    ...testMetadataResponse.metadata.sources[0].tables[0],
-                    object_relationships: [
-                      {
-                        name: 'author',
-                        using: {
-                          foreign_key_constraint_on: 'author_id',
-                        },
+    http.post(`${APP_URL}/v1/metadata`, () =>
+      HttpResponse.json({
+        ...testMetadataResponse,
+        metadata: {
+          ...testMetadataResponse.metadata,
+          sources: [
+            {
+              ...testMetadataResponse.metadata.sources[0],
+              tables: [
+                {
+                  ...testMetadataResponse.metadata.sources[0].tables[0],
+                  object_relationships: [
+                    {
+                      name: 'author',
+                      using: {
+                        foreign_key_constraint_on: 'author_id',
                      },
-                    ],
-                  },
-                  {
-                    table: {
-                      name: 'authors',
-                      schema: 'public',
                    },
-                    configuration: {},
-                    array_relationships: [
-                      {
-                        name: 'books',
-                        using: {
-                          foreign_key_constraint_on: {
-                            column: 'author_id',
-                            table: {
-                              name: 'books',
-                              schema: 'public',
-                            },
+                  ],
+                },
+                {
+                  table: {
+                    name: 'authors',
+                    schema: 'public',
+                  },
+                  configuration: {},
+                  array_relationships: [
+                    {
+                      name: 'books',
+                      using: {
+                        foreign_key_constraint_on: {
+                          column: 'author_id',
+                          table: {
+                            name: 'books',
+                            schema: 'public',
                          },
                        },
                      },
-                    ],
-                    object_relationships: [],
-                  },
-                ],
-              },
-            ],
-          },
-        }),
-      ),
+                    },
+                  ],
+                  object_relationships: [],
+                },
+              ],
+            },
+          ],
+        },
+      }),
    ),
  );

--- a/dashboard/src/features/orgs/projects/database/settings/components/DatabasePiTRSettings/DatabasePiTRSettings.test.tsx
+++ b/dashboard/src/features/orgs/projects/database/settings/components/DatabasePiTRSettings/DatabasePiTRSettings.test.tsx
@@ -3,6 +3,7 @@ import { render, screen, TestUserEvent } from '@/tests/testUtils';
 import { vi } from 'vitest';
 import DatabasePiTRSettings from './DatabasePiTRSettings';

+import { getOrganizations } from '@/tests/msw/mocks/graphql/getOrganizationQuery';
 import { getProjectQuery } from '@/tests/msw/mocks/graphql/getProjectQuery';
 import tokenQuery from '@/tests/msw/mocks/rest/tokenQuery';
 import { setupServer } from 'msw/node';
@@ -75,7 +76,7 @@ vi.mock('@/features/orgs/components/common/TransferProjectDialog', async () => {
  };
 });

-const server = setupServer(tokenQuery);
+const server = setupServer(tokenQuery, getOrganizations);

 describe('DatabasePiTRSettings', () => {
  beforeAll(() => {
--- a/dashboard/src/features/orgs/projects/database/settings/components/UpgradeNotification/UpgradeNotification.tsx
+++ b/dashboard/src/features/orgs/projects/database/settings/components/UpgradeNotification/UpgradeNotification.tsx
@@ -52,11 +52,11 @@ function UpgradeNotification({ description }: Props) {
          <ArrowSquareOutIcon className="ml-1 h-4 w-4" />
        </Link>
        <OpenTransferDialogButton onClick={handleTransferDialogOpen} />
-        <TransferProjectDialog
-          open={transferProjectDialogOpen}
-          setOpen={setTransferProjectDialogOpen}
-        />
      </Text>
+      <TransferProjectDialog
+        open={transferProjectDialogOpen}
+        setOpen={setTransferProjectDialogOpen}
+      />
    </Alert>
  );
 }
--- a/dashboard/src/features/orgs/projects/deployments/components/DeploymentServiceLogs/DeploymentServiceLogsHeader.test.tsx
+++ b/dashboard/src/features/orgs/projects/deployments/components/DeploymentServiceLogs/DeploymentServiceLogsHeader.test.tsx
@@ -20,6 +20,17 @@ const mockServices = [
  'job-backup',
 ];

+Object.defineProperty(HTMLElement.prototype, 'getBoundingClientRect', {
+  value: vi.fn(() => ({
+    width: 100,
+    height: 40,
+    top: 0,
+    left: 0,
+    bottom: 40,
+    right: 100,
+  })),
+});
+
 vi.mock('@/features/orgs/projects/hooks/useProject', async () => ({
  useProject: () => ({ project: mockApplication }),
 }));
--- a/dashboard/src/features/orgs/projects/hasura/settings/components/HasuraCorsDomainSettings/HasuraCorsDomainSettings.test.tsx
+++ b/dashboard/src/features/orgs/projects/hasura/settings/components/HasuraCorsDomainSettings/HasuraCorsDomainSettings.test.tsx
@@ -1,15 +1,15 @@
 import tokenQuery from '@/tests/msw/mocks/rest/tokenQuery';
 import { render, screen, waitFor } from '@/tests/testUtils';
-import { graphql } from 'msw';
+import { HttpResponse, graphql } from 'msw';
 import { setupServer } from 'msw/node';
 import { beforeAll, expect, test, vi } from 'vitest';
 import HasuraCorsDomainSettings from './HasuraCorsDomainSettings';

 const server = setupServer(
  tokenQuery,
-  graphql.query('GetHasuraSettings', (_req, res, ctx) =>
-    res(
-      ctx.data({
+  graphql.query('GetHasuraSettings', () =>
+    HttpResponse.json({
+      data: {
        config: {
          id: 'HasuraSettings',
          __typename: 'HasuraSettings',
@@ -29,8 +29,8 @@ const server = setupServer(
            resources: [],
          },
        },
-      }),
-    ),
+      },
+    }),
  ),
 );

@@ -62,9 +62,9 @@ describe('HasuraCorsDomainSettings', () => {

  test('should enable switch by default when CORS domain is set to one or more domains', async () => {
    server.use(
-      graphql.query('GetHasuraSettings', (_req, res, ctx) =>
-        res(
-          ctx.data({
+      graphql.query('GetHasuraSettings', () =>
+        HttpResponse.json({
+          data: {
            config: {
              id: 'HasuraSettings',
              __typename: 'HasuraSettings',
@@ -84,8 +84,8 @@ describe('HasuraCorsDomainSettings', () => {
                resources: [],
              },
            },
-          }),
-        ),
+          },
+        }),
      ),
    );

--- a/dashboard/src/features/orgs/projects/hooks/useProjectLogs/useProjectLogs.test.ts
+++ b/dashboard/src/features/orgs/projects/hooks/useProjectLogs/useProjectLogs.test.ts
@@ -82,6 +82,7 @@ describe('useProjectLogs - Subscription Creation & Cleanup', () => {
      loading: false,
      error: undefined,
      refetch: vi.fn(),
+      projectNotFound: false,
    });

    // Mock subscribeToMore to return an unsubscribe function
@@ -133,6 +134,7 @@ describe('useProjectLogs - Subscription Creation & Cleanup', () => {
        loading: true,
        error: undefined,
        refetch: vi.fn(),
+        projectNotFound: false,
      });

      renderHook(() => useProjectLogs(defaultProps));
@@ -146,6 +148,7 @@ describe('useProjectLogs - Subscription Creation & Cleanup', () => {
        loading: false,
        error: undefined,
        refetch: vi.fn(),
+        projectNotFound: false,
      });

      renderHook(() => useProjectLogs(defaultProps));
--- a/dashboard/src/features/orgs/projects/logs/components/LogsHeader/LogsHeader.test.tsx
+++ b/dashboard/src/features/orgs/projects/logs/components/LogsHeader/LogsHeader.test.tsx
@@ -20,6 +20,17 @@ const mockServices = [
  'job-backup',
 ];

+Object.defineProperty(HTMLElement.prototype, 'getBoundingClientRect', {
+  value: vi.fn(() => ({
+    width: 100,
+    height: 40,
+    top: 0,
+    left: 0,
+    bottom: 40,
+    right: 100,
+  })),
+});
+
 vi.mock('@/features/orgs/projects/hooks/useProject', async () => ({
  useProject: () => ({ project: mockApplication }),
 }));
--- a/dashboard/src/features/orgs/projects/overview/components/OverviewDeployments/OverviewDeployments.test.tsx
+++ b/dashboard/src/features/orgs/projects/overview/components/OverviewDeployments/OverviewDeployments.test.tsx
@@ -1,7 +1,7 @@
 import { mockApplication, mockOrganization } from '@/tests/mocks';
 import tokenQuery from '@/tests/msw/mocks/rest/tokenQuery';
 import { queryClient, render, screen } from '@/tests/testUtils';
-import { rest } from 'msw';
+import { http, HttpResponse } from 'msw';
 import { setupServer } from 'msw/node';
 import { afterAll, beforeAll, vi } from 'vitest';
 import OverviewDeployments from './OverviewDeployments';
@@ -36,8 +36,9 @@ vi.mock('next/router', () => ({

 const server = setupServer(
  tokenQuery,
-  rest.get('https://local.graphql.local.nhost.run/v1', (_req, res, ctx) =>
-    res(ctx.status(200)),
+  http.get(
+    'https://local.graphql.local.nhost.run/v1',
+    () => new HttpResponse(null, { status: 200 }),
  ),
 );

@@ -49,8 +50,9 @@ beforeAll(() => {

 afterEach(() => {
  server.resetHandlers(
-    rest.get('https://local.graphql.local.nhost.run/v1', (_req, res, ctx) =>
-      res(ctx.status(200)),
+    http.get(
+      'https://local.graphql.local.nhost.run/v1',
+      () => new HttpResponse(null, { status: 200 }),
    ),
  );
  queryClient.clear();
@@ -63,37 +65,31 @@ afterAll(() => {

 test('should render an empty state when GitHub is not connected', async () => {
  server.use(
-    rest.post(
+    http.post(
      'https://local.graphql.local.nhost.run/v1',
-      async (req, res, ctx) => {
-        const { operationName } = await req.json();
+      async ({ request }) => {
+        const { operationName } = (await request.json()) as any;
        if (operationName === 'getProject') {
-          return res(
-            ctx.json({
-              data: {
-                apps: [{ ...mockApplication, githubRepository: null }],
-              },
-            }),
-          );
+          return HttpResponse.json({
+            data: {
+              apps: [{ ...mockApplication, githubRepository: null }],
+            },
+          });
        }

        if (operationName === 'getOrganization') {
-          return res(
-            ctx.json({
-              data: {
-                organizations: [{ ...mockOrganization }],
-              },
-            }),
-          );
+          return HttpResponse.json({
+            data: {
+              organizations: [{ ...mockOrganization }],
+            },
+          });
        }

-        return res(
-          ctx.json({
-            data: {
-              deployments: [],
-            },
-          }),
-        );
+        return HttpResponse.json({
+          data: {
+            deployments: [],
+          },
+        });
      },
    ),
  );
@@ -107,32 +103,28 @@ test('should render an empty state when GitHub is not connected', async () => {
 });
 test('should render an empty state when GitHub is connected, but there are no deployments', async () => {
  server.use(
-    rest.post(
+    http.post(
      'https://local.graphql.local.nhost.run/v1',
-      async (_req, res, ctx) => {
-        const { operationName } = await _req.json();
+      async ({ request }) => {
+        const { operationName } = (await request.json()) as any;

        if (operationName === 'getProject') {
-          return res(
-            ctx.json({
-              data: {
-                apps: [{ ...mockApplication }],
-              },
-            }),
-          );
+          return HttpResponse.json({
+            data: {
+              apps: [{ ...mockApplication }],
+            },
+          });
        }

        if (operationName === 'getOrganization') {
-          return res(
-            ctx.json({
-              data: {
-                organizations: [{ ...mockOrganization }],
-              },
-            }),
-          );
+          return HttpResponse.json({
+            data: {
+              organizations: [{ ...mockOrganization }],
+            },
+          });
        }

-        return res(ctx.json({ data: { deployments: [] } }));
+        return HttpResponse.json({ data: { deployments: [] } });
      },
    ),
  );
@@ -155,52 +147,46 @@ test('should render an empty state when GitHub is connected, but there are no de
 test('should render a list of deployments', async () => {
  server.use(
    tokenQuery,
-    rest.post(
+    http.post(
      'https://local.graphql.local.nhost.run/v1',
-      async (_req, res, ctx) => {
-        const { operationName } = await _req.json();
+      async ({ request }) => {
+        const { operationName } = (await request.json()) as any;

        if (operationName === 'ScheduledOrPendingDeploymentsSub') {
-          return res(ctx.json({ data: { deployments: [] } }));
+          return HttpResponse.json({ data: { deployments: [] } });
        }

        if (operationName === 'getProject') {
-          return res(
-            ctx.json({
-              data: {
-                apps: [{ ...mockApplication }],
-              },
-            }),
-          );
+          return HttpResponse.json({
+            data: {
+              apps: [{ ...mockApplication }],
+            },
+          });
        }
        if (operationName === 'getOrganization') {
-          return res(
-            ctx.json({
-              data: {
-                organizations: [{ ...mockOrganization }],
-              },
-            }),
-          );
+          return HttpResponse.json({
+            data: {
+              organizations: [{ ...mockOrganization }],
+            },
+          });
        }

-        return res(
-          ctx.json({
-            data: {
-              deployments: [
-                {
-                  id: '1',
-                  commitSHA: 'abc123',
-                  deploymentStartedAt: '2021-08-01T00:00:00.000Z',
-                  deploymentEndedAt: '2021-08-01T00:05:00.000Z',
-                  deploymentStatus: 'DEPLOYED',
-                  commitUserName: 'test.user',
-                  commitUserAvatarUrl: 'http://images.example.com/avatar.png',
-                  commitMessage: 'Test commit message',
-                },
-              ],
-            },
-          }),
-        );
+        return HttpResponse.json({
+          data: {
+            deployments: [
+              {
+                id: '1',
+                commitSHA: 'abc123',
+                deploymentStartedAt: '2021-08-01T00:00:00.000Z',
+                deploymentEndedAt: '2021-08-01T00:05:00.000Z',
+                deploymentStatus: 'DEPLOYED',
+                commitUserName: 'test.user',
+                commitUserAvatarUrl: 'http://images.example.com/avatar.png',
+                commitMessage: 'Test commit message',
+              },
+            ],
+          },
+        });
      },
    ),
  );
@@ -227,69 +213,61 @@ test('should render a list of deployments', async () => {
 test('should disable redeployments if a deployment is already in progress', async () => {
  server.use(
    tokenQuery,
-    rest.post(
+    http.post(
      'https://local.graphql.local.nhost.run/v1',
-      async (req, res, ctx) => {
-        const { operationName } = await req.json();
+      async ({ request }) => {
+        const { operationName } = (await request.json()) as any;

        if (operationName === 'ScheduledOrPendingDeploymentsSub') {
-          return res(
-            ctx.json({
-              data: {
-                deployments: [
-                  {
-                    id: '2',
-                    commitSHA: 'abc234',
-                    deploymentStartedAt: '2021-08-02T00:00:00.000Z',
-                    deploymentEndedAt: null,
-                    deploymentStatus: 'PENDING',
-                    commitUserName: 'test.user',
-                    commitUserAvatarUrl: 'http://images.example.com/avatar.png',
-                    commitMessage: 'Test commit message',
-                  },
-                ],
-              },
-            }),
-          );
-        }
-
-        if (operationName === 'getProject') {
-          return res(
-            ctx.json({
-              data: {
-                apps: [{ ...mockApplication }],
-              },
-            }),
-          );
-        }
-        if (operationName === 'getOrganization') {
-          return res(
-            ctx.json({
-              data: {
-                organizations: [{ ...mockOrganization }],
-              },
-            }),
-          );
-        }
-
-        return res(
-          ctx.json({
+          return HttpResponse.json({
            data: {
              deployments: [
                {
-                  id: '1',
-                  commitSHA: 'abc123',
-                  deploymentStartedAt: '2021-08-01T00:00:00.000Z',
-                  deploymentEndedAt: '2021-08-01T00:05:00.000Z',
-                  deploymentStatus: 'DEPLOYED',
+                  id: '2',
+                  commitSHA: 'abc234',
+                  deploymentStartedAt: '2021-08-02T00:00:00.000Z',
+                  deploymentEndedAt: null,
+                  deploymentStatus: 'PENDING',
                  commitUserName: 'test.user',
                  commitUserAvatarUrl: 'http://images.example.com/avatar.png',
                  commitMessage: 'Test commit message',
                },
              ],
            },
-          }),
-        );
+          });
+        }
+
+        if (operationName === 'getProject') {
+          return HttpResponse.json({
+            data: {
+              apps: [{ ...mockApplication }],
+            },
+          });
+        }
+        if (operationName === 'getOrganization') {
+          return HttpResponse.json({
+            data: {
+              organizations: [{ ...mockOrganization }],
+            },
+          });
+        }
+
+        return HttpResponse.json({
+          data: {
+            deployments: [
+              {
+                id: '1',
+                commitSHA: 'abc123',
+                deploymentStartedAt: '2021-08-01T00:00:00.000Z',
+                deploymentEndedAt: '2021-08-01T00:05:00.000Z',
+                deploymentStatus: 'DEPLOYED',
+                commitUserName: 'test.user',
+                commitUserAvatarUrl: 'http://images.example.com/avatar.png',
+                commitMessage: 'Test commit message',
+              },
+            ],
+          },
+        });
      },
    ),
  );
--- a/dashboard/src/pages/api/support/create-ticket.ts
+++ b/dashboard/src/pages/api/support/create-ticket.ts
@@ -0,0 +1,165 @@
+import { nhostRoutesClient } from '@/utils/nhost';
+import type { NextApiRequest, NextApiResponse } from 'next';
+
+export type CreateTicketRequest = {
+  project: string;
+  services: Array<{ label: string; value: string }>;
+  priority: string;
+  subject: string;
+  description: string;
+  userName: string;
+  userEmail: string;
+};
+
+export type CreateTicketResponse = {
+  success: boolean;
+  error?: string;
+};
+
+type GetProjectResponse = {
+  apps: Array<{
+    id: string;
+  }>;
+};
+
+export default async function handler(
+  req: NextApiRequest,
+  res: NextApiResponse<CreateTicketResponse>,
+) {
+  if (req.method !== 'POST') {
+    return res
+      .status(405)
+      .json({ success: false, error: 'Method not allowed' });
+  }
+
+  try {
+    const {
+      project,
+      services,
+      priority,
+      subject,
+      description,
+      userName,
+      userEmail,
+    } = req.body as CreateTicketRequest;
+
+    // Validate required environment variables
+    if (
+      !process.env.NEXT_ZENDESK_USER_EMAIL ||
+      !process.env.NEXT_ZENDESK_API_KEY ||
+      !process.env.NEXT_ZENDESK_URL
+    ) {
+      return res.status(500).json({
+        success: false,
+        error: 'Zendesk configuration is missing',
+      });
+    }
+
+    // Validate required fields
+    if (
+      !project ||
+      !services ||
+      !priority ||
+      !subject ||
+      !description ||
+      !userName ||
+      !userEmail
+    ) {
+      return res.status(400).json({
+        success: false,
+        error: 'Missing required fields',
+      });
+    }
+
+    const token = req.headers.authorization?.split(' ')[1];
+
+    try {
+      // we use this to verify the owner of the JWT token has access to the project
+      const resp = await nhostRoutesClient.graphql.request<GetProjectResponse>(
+        {
+          query: `query GetProject($subdomain: String!){
+            apps(where: {subdomain: {_eq: $subdomain}}) {
+              id
+            }
+          }`,
+          variables: {
+            subdomain: project,
+          },
+        },
+        {
+          headers: {
+            Authorization: `Bearer ${token}`,
+          },
+        },
+      );
+
+      if (resp.body.data?.apps.length !== 1) {
+        return res.status(400).json({
+          success: false,
+          error: 'Invalid project subdomain',
+        });
+      }
+    } catch (error) {
+      return res.status(400).json({
+        success: false,
+        error: 'Invalid project subdomain',
+      });
+    }
+
+    const auth = btoa(
+      `${process.env.NEXT_ZENDESK_USER_EMAIL}/token:${process.env.NEXT_ZENDESK_API_KEY}`,
+    );
+
+    const response = await fetch(
+      `${process.env.NEXT_ZENDESK_URL}/api/v2/requests.json`,
+      {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+          Authorization: `Basic ${auth}`,
+        },
+        body: JSON.stringify({
+          request: {
+            subject,
+            comment: {
+              body: description,
+            },
+            priority,
+            requester: {
+              name: userName,
+              email: userEmail,
+            },
+            custom_fields: [
+              // these custom field IDs come from zendesk
+              {
+                id: 19502784542098,
+                value: project,
+              },
+              {
+                id: 19922709880978,
+                value: services.map((service) => service.value?.toLowerCase()),
+              },
+            ],
+          },
+        }),
+      },
+    );
+
+    if (!response.ok) {
+      const errorText = await response.text();
+      console.error('Zendesk API error:', errorText);
+      return res.status(response.status).json({
+        success: false,
+        error: `Failed to create ticket: ${response.statusText}`,
+      });
+    }
+
+    return res.status(200).json({ success: true });
+  } catch (error) {
+    console.error('Error creating ticket:', error);
+    return res.status(500).json({
+      success: false,
+      error: 'An unexpected error occurred',
+    });
+  }
+}
--- a/dashboard/src/pages/support/index.tsx
+++ b/dashboard/src/pages/support/index.tsx
@@ -12,7 +12,9 @@ function SupportPage() {
  return (
    <Box className="h-full overflow-auto pb-4">
      <Box className="flex w-full justify-start border-b-1 px-4 py-3">
-        <Logo className="w-6 cursor-pointer" />
+        <Link href="https://app.nhost.io" rel="noopener noreferrer">
+          <Logo className="w-6" />
+        </Link>
      </Box>

      <div className="flex flex-col items-center justify-center">
--- a/dashboard/src/pages/support/ticket.tsx
+++ b/dashboard/src/pages/support/ticket.tsx
@@ -5,11 +5,11 @@ import { AuthenticatedLayout } from '@/components/layout/AuthenticatedLayout';
 import { Box } from '@/components/ui/v2/Box';
 import { Button } from '@/components/ui/v2/Button';
 import { Divider } from '@/components/ui/v2/Divider';
-import { EnvelopeIcon } from '@/components/ui/v2/icons/EnvelopeIcon';
 import { Input, inputClasses } from '@/components/ui/v2/Input';
 import { Option } from '@/components/ui/v2/Option';
 import { Text } from '@/components/ui/v2/Text';
 import { execPromiseWithErrorToast } from '@/features/orgs/utils/execPromiseWithErrorToast';
+import { useAccessToken } from '@/hooks/useAccessToken';
 import { useUserData } from '@/hooks/useUserData';
 import {
  useGetOrganizationsQuery,
@@ -17,6 +17,7 @@ import {
 } from '@/utils/__generated__/graphql';
 import { yupResolver } from '@hookform/resolvers/yup';
 import { styled } from '@mui/material';
+import { Mail } from 'lucide-react';
 import { type ReactElement } from 'react';
 import { FormProvider, useForm } from 'react-hook-form';
 import * as Yup from 'yup';
@@ -27,7 +28,7 @@ type Organization = Omit<
 >;

 const validationSchema = Yup.object({
-  organization: Yup.string().label('Organization'),
+  organization: Yup.string().label('Organization').required(),
  project: Yup.string().label('Project').required(),
  services: Yup.array()
    .of(Yup.object({ label: Yup.string(), value: Yup.string() }))
@@ -36,7 +37,6 @@ const validationSchema = Yup.object({
  priority: Yup.string().label('Priority').required(),
  subject: Yup.string().label('Subject').required(),
  description: Yup.string().label('Description').required(),
-  ccs: Yup.string().label('CCs').optional(),
 });

 export type CreateTicketFormValues = Yup.InferType<typeof validationSchema>;
@@ -58,7 +58,6 @@ function TicketPage() {
      priority: '',
      subject: '',
      description: '',
-      ccs: '',
    },
    resolver: yupResolver(validationSchema),
  });
@@ -71,6 +70,7 @@ function TicketPage() {

  const selectedOrganization = watch('organization');
  const user = useUserData();
+  const token = useAccessToken();

  const { data: organizationsData } = useGetOrganizationsQuery({
    variables: {
@@ -91,56 +91,32 @@ function TicketPage() {
  };

  const handleSubmit = async (formValues: CreateTicketFormValues) => {
-    const { project, services, priority, subject, description, ccs } =
-      formValues;
-
-    const auth = btoa(
-      `${process.env.NEXT_PUBLIC_ZENDESK_USER_EMAIL}/token:${process.env.NEXT_PUBLIC_ZENDESK_API_KEY}`,
-    );
-    const emails = ccs
-      ?.replace(/ /g, '')
-      .split(',')
-      .map((email) => ({ user_email: email }));
+    const { project, services, priority, subject, description } = formValues;

    await execPromiseWithErrorToast(
      async () => {
-        await fetch(
-          `${process.env.NEXT_PUBLIC_ZENDESK_URL}/api/v2/requests.json`,
-          {
-            method: 'POST',
-            headers: {
-              'Content-Type': 'application/json',
-              Authorization: `Basic ${auth}`,
-            },
-            body: JSON.stringify({
-              request: {
-                subject,
-                comment: {
-                  body: description,
-                },
-                priority,
-                requester: {
-                  name: user?.displayName,
-                  email: user?.email,
-                },
-                email_ccs: emails,
-                custom_fields: [
-                  // these custom field IDs come from zendesk
-                  {
-                    id: 19502784542098,
-                    value: project,
-                  },
-                  {
-                    id: 19922709880978,
-                    value: services.map((service) =>
-                      service.value?.toLowerCase(),
-                    ),
-                  },
-                ],
-              },
-            }),
+        const response = await fetch('/api/support/create-ticket', {
+          method: 'POST',
+          headers: {
+            'Content-Type': 'application/json',
+            Authorization: `Bearer ${token}`,
          },
-        );
+          body: JSON.stringify({
+            project,
+            services,
+            priority,
+            subject,
+            description,
+            userName: user?.displayName,
+            userEmail: user?.email,
+          }),
+        });
+
+        if (!response.ok) {
+          const error = await response.json();
+          throw new Error(error.error || 'Failed to create ticket');
+        }
+
        form.reset();
      },
      {
@@ -191,7 +167,7 @@ function TicketPage() {
                  >
                    {organizations.map((organization) => (
                      <Option
-                        key={organization.name}
+                        key={organization.id}
                        value={organization.id}
                        label={organization.name}
                      >
@@ -261,6 +237,8 @@ function TicketPage() {
                    slotProps={{
                      root: { className: 'grid grid-flow-col gap-1 mb-4' },
                    }}
+                    error={!!errors.priority}
+                    helperText={errors.priority?.message}
                    renderValue={(option) => (
                      <span className="inline-grid grid-flow-col items-center gap-2">
                        {option?.label}
@@ -310,7 +288,6 @@ function TicketPage() {
                    label="Subject"
                    placeholder="Summary of the problem you are experiencing"
                    fullWidth
-                    autoFocus
                    inputProps={{ min: 2, max: 128 }}
                    error={!!errors.subject}
                    helperText={errors.subject?.message}
@@ -330,31 +307,16 @@ function TicketPage() {
                    helperText={errors.description?.message}
                  />

-                  <Divider />
-
-                  <Text className="mt-4 font-bold">Notifications</Text>
-
-                  <StyledInput
-                    {...register('ccs')}
-                    id="ccs"
-                    label="CCs"
-                    placeholder="Comma separated list of emails you want to share this ticket with."
-                    fullWidth
-                    inputProps={{ min: 2, max: 128 }}
-                    error={!!errors.ccs}
-                    helperText={errors.ccs?.message}
-                  />
-
-                  <Box className="ml-auto flex w-80 flex-col gap-4">
+                  <Box className="ml-auto flex flex-col gap-4 lg:w-80">
                    <Text color="secondary" className="text-right text-sm">
                      We will contact you at <strong>{user?.email}</strong>
                    </Text>
                    <Button
                      variant="outlined"
-                      className="hover:!bg-white hover:!bg-opacity-10 focus:ring-0"
+                      className="text-base hover:!bg-white hover:!bg-opacity-10 focus:ring-0"
                      size="large"
                      type="submit"
-                      startIcon={<EnvelopeIcon />}
+                      startIcon={<Mail className="size-4" />}
                      disabled={isSubmitting}
                      loading={isSubmitting}
                    >
@@ -373,7 +335,7 @@ function TicketPage() {

 TicketPage.getLayout = function getLayout(page: ReactElement) {
  return (
-    <AuthenticatedLayout title="Help & Support | Nhost">
+    <AuthenticatedLayout title="Help & Support | Nhost" withMainNav={false}>
      {page}
    </AuthenticatedLayout>
  );
--- a/dashboard/src/tests/msw/mocks/graphql/getOrganizationQuery.ts
+++ b/dashboard/src/tests/msw/mocks/graphql/getOrganizationQuery.ts
@@ -1,22 +1,15 @@
 import { mockOrganization, mockOrganizations } from '@/tests/mocks';
+import { HttpResponse } from 'msw';
 import nhostGraphQLLink from './nhostGraphQLLink';

-export const getOrganizations = nhostGraphQLLink.query(
-  'getOrganizations',
-  (_req, res, ctx) =>
-    res(
-      ctx.data({
-        organizations: mockOrganizations,
-      }),
-    ),
+export const getOrganizations = nhostGraphQLLink.query('getOrganizations', () =>
+  HttpResponse.json({
+    data: { organizations: mockOrganizations },
+  }),
 );

-export const getOrganization = nhostGraphQLLink.query(
-  'getOrganization',
-  (_req, res, ctx) =>
-    res(
-      ctx.data({
-        organizations: [{ ...mockOrganization }],
-      }),
-    ),
+export const getOrganization = nhostGraphQLLink.query('getOrganization', () =>
+  HttpResponse.json({
+    data: { organizations: [{ ...mockOrganization }] },
+  }),
 );
--- a/dashboard/src/tests/msw/mocks/graphql/getPostgresSettings.ts
+++ b/dashboard/src/tests/msw/mocks/graphql/getPostgresSettings.ts
@@ -1,10 +1,11 @@
+import { HttpResponse } from 'msw';
 import nhostGraphQLLink from './nhostGraphQLLink';

 export const getPostgresSettings = nhostGraphQLLink.query(
  'GetPostgresSettings',
-  (_req, res, ctx) =>
-    res(
-      ctx.data({
+  () =>
+    HttpResponse.json({
+      data: {
        systemConfig: {
          postgres: {
            database: 'gnlivtcgjxctuujxpslj',
@@ -29,15 +30,15 @@ export const getPostgresSettings = nhostGraphQLLink.query(
            __typename: 'ConfigPostgres',
          },
        },
-      }),
-    ),
+      },
+    }),
 );

 export const getPiTRNotEnabledPostgresSettings = nhostGraphQLLink.query(
  'GetPostgresSettings',
-  (_req, res, ctx) =>
-    res(
-      ctx.data({
+  () =>
+    HttpResponse.json({
+      data: {
        systemConfig: {
          postgres: {
            database: 'gnlivtcgjxctuujxpslj',
@@ -62,8 +63,6 @@ export const getPiTRNotEnabledPostgresSettings = nhostGraphQLLink.query(
            __typename: 'ConfigPostgres',
          },
        },
-      }),
-    ),
+      },
+    }),
 );
-
-// {"data":}
--- a/dashboard/src/tests/msw/mocks/graphql/getProjectQuery.ts
+++ b/dashboard/src/tests/msw/mocks/graphql/getProjectQuery.ts
@@ -1,36 +1,35 @@
 import { mockApplication } from '@/tests/mocks';
+import { HttpResponse } from 'msw';
 import nhostGraphQLLink from './nhostGraphQLLink';

-export const getProjectQuery = nhostGraphQLLink.query(
-  'getProject',
-  (_req, res, ctx) =>
-    res(
-      ctx.data({
-        apps: [{ ...mockApplication, githubRepository: null }],
-      }),
-    ),
+export const getProjectQuery = nhostGraphQLLink.query('getProject', () =>
+  HttpResponse.json({
+    data: {
+      apps: [{ ...mockApplication, githubRepository: null }],
+    },
+  }),
 );

 export const getProjectStateQuery = (appStates?: any) =>
-  nhostGraphQLLink.query('getProjectState', (_req, res, ctx) =>
-    res(
-      ctx.data({
+  nhostGraphQLLink.query('getProjectState', () =>
+    HttpResponse.json({
+      data: {
        apps: [
          {
            ...mockApplication,
            appStates: appStates || mockApplication.appStates,
          },
        ],
-      }),
-    ),
+      },
+    }),
  );

 export const getNotFoundProjectStateQuery = nhostGraphQLLink.query(
  'getProjectState',
-  (_req, res, ctx) =>
-    res(
-      ctx.data({
+  () =>
+    HttpResponse.json({
+      data: {
        apps: [],
-      }),
-    ),
+      },
+    }),
 );
--- a/dashboard/src/tests/msw/mocks/graphql/getProjectsQuery.ts
+++ b/dashboard/src/tests/msw/mocks/graphql/getProjectsQuery.ts
@@ -1,144 +1,141 @@
+import { HttpResponse } from 'msw';
 import nhostGraphQLLink from './nhostGraphQLLink';

-export const getProjectsQuery = nhostGraphQLLink.query(
-  'getProjects',
-  (_req, res, ctx) =>
-    res(
-      ctx.data({
-        apps: [
-          {
-            id: 'pitr-usa-id',
-            name: 'pitr-not-enabled-usa',
-            slug: 'pitr-not-enabled-usa',
-            createdAt: '2025-03-10T12:35:23.193578+00:00',
-            subdomain: 'ocrnpctsphttfxkuefyx',
-            region: {
-              id: '1',
-              name: 'us-east-1',
-              __typename: 'regions',
-            },
-            deployments: [],
-            creator: {
-              id: 'creator-r-elek-id',
-              email: 'robert@elek.com',
-              displayName: 'Robert',
-              __typename: 'users',
-            },
-            appStates: [
-              {
-                id: 'cd2b77ac-3ef1-4a76-819b-ff1caca09213',
-                appId: 'pitr-usa-id',
-                message:
-                  'failed to get dns manager: unknown region: 55985cd4-af14-4d2a-90a5-2a1253ebc1db',
-                stateId: 8,
-                createdAt: '2025-03-10T12:39:23.734345+00:00',
-                __typename: 'appStateHistory',
-              },
-            ],
-            __typename: 'apps',
+export const getProjectsQuery = nhostGraphQLLink.query('getProjects', () =>
+  HttpResponse.json({
+    data: {
+      apps: [
+        {
+          id: 'pitr-usa-id',
+          name: 'pitr-not-enabled-usa',
+          slug: 'pitr-not-enabled-usa',
+          createdAt: '2025-03-10T12:35:23.193578+00:00',
+          subdomain: 'ocrnpctsphttfxkuefyx',
+          region: {
+            id: '1',
+            name: 'us-east-1',
+            __typename: 'regions',
          },
-          {
-            id: 'pitr-region-TEST-eu-id',
-            name: 'pitr-region-test-eu',
-            slug: 'pitr-region-test-eu',
-            createdAt: '2025-03-10T12:45:40.813234+00:00',
-            subdomain: 'doszbxwibtopsbfgbjpg',
-            region: {
-              id: 'dd6f8e01-35a9-4ba6-8dc6-ed972f2db93c',
-              name: 'eu-central-1',
-              __typename: 'regions',
-            },
-            deployments: [],
-            creator: {
-              id: 'creator-r-elek-id',
-              email: 'robert@elek.com',
-              displayName: 'Robert',
-              __typename: 'users',
-            },
-            appStates: [
-              {
-                id: 'c7fbf7ad-b60c-432b-86c2-5a9509054c47',
-                appId: 'pitr-region-TEST-eu-id',
-                message: '',
-                stateId: 5,
-                createdAt: '2025-03-12T11:08:59.926611+00:00',
-                __typename: 'appStateHistory',
-              },
-            ],
-            __typename: 'apps',
+          deployments: [],
+          creator: {
+            id: 'creator-r-elek-id',
+            email: 'robert@elek.com',
+            displayName: 'Robert',
+            __typename: 'users',
          },
-          {
-            id: 'pitr-test-id',
-            name: 'pitr-test',
-            slug: 'pitr-test',
-            createdAt: '2025-03-04T13:48:59.76498+00:00',
-            subdomain: 'gnlivtcgjxctuujxpslj',
-            region: {
-              id: '1',
-              name: 'us-east-1',
-              __typename: 'regions',
+          appStates: [
+            {
+              id: 'cd2b77ac-3ef1-4a76-819b-ff1caca09213',
+              appId: 'pitr-usa-id',
+              message:
+                'failed to get dns manager: unknown region: 55985cd4-af14-4d2a-90a5-2a1253ebc1db',
+              stateId: 8,
+              createdAt: '2025-03-10T12:39:23.734345+00:00',
+              __typename: 'appStateHistory',
            },
-            deployments: [],
-            creator: {
-              id: 'creator-d-elek-id',
-              email: 'dbarrosop@dravetech.com',
-              displayName: 'David Elek',
-              __typename: 'users',
-            },
-            appStates: [
-              {
-                id: 'fc344bc6-1c59-447a-813f-e0f65754b0e0',
-                appId: 'pitr-test-id',
-                message:
-                  'failed to deploy application to kubernetes: failed to deploy application: failed to check rollout status: error running kubectl: exit status 1',
-                stateId: 8,
-                createdAt: '2025-03-11T15:34:41.25304+00:00',
-                __typename: 'appStateHistory',
-              },
-            ],
-            __typename: 'apps',
+          ],
+          __typename: 'apps',
+        },
+        {
+          id: 'pitr-region-TEST-eu-id',
+          name: 'pitr-region-test-eu',
+          slug: 'pitr-region-test-eu',
+          createdAt: '2025-03-10T12:45:40.813234+00:00',
+          subdomain: 'doszbxwibtopsbfgbjpg',
+          region: {
+            id: 'dd6f8e01-35a9-4ba6-8dc6-ed972f2db93c',
+            name: 'eu-central-1',
+            __typename: 'regions',
          },
-          {
-            id: 'pitr14-id',
-            name: 'pitr14',
-            slug: 'pitr14',
-            createdAt: '2025-02-25T08:55:22.82937+00:00',
-            subdomain: 'jqumebxpocjytrhevonb',
-            region: {
-              id: '1',
-              name: 'us-east-1',
-              __typename: 'regions',
-            },
-            deployments: [],
-            creator: {
-              id: 'creator-d-elek-id',
-              email: 'david@elek.com',
-              displayName: 'David Elek',
-              __typename: 'users',
-            },
-            appStates: [
-              {
-                id: '04bc2db3-a948-48fb-b674-7a8a0133dd2b',
-                appId: 'pitr14-id',
-                message: '',
-                stateId: 5,
-                createdAt: '2025-03-11T20:47:03.102948+00:00',
-                __typename: 'appStateHistory',
-              },
-            ],
-            __typename: 'apps',
+          deployments: [],
+          creator: {
+            id: 'creator-r-elek-id',
+            email: 'robert@elek.com',
+            displayName: 'Robert',
+            __typename: 'users',
          },
-        ],
-      }),
-    ),
+          appStates: [
+            {
+              id: 'c7fbf7ad-b60c-432b-86c2-5a9509054c47',
+              appId: 'pitr-region-TEST-eu-id',
+              message: '',
+              stateId: 5,
+              createdAt: '2025-03-12T11:08:59.926611+00:00',
+              __typename: 'appStateHistory',
+            },
+          ],
+          __typename: 'apps',
+        },
+        {
+          id: 'pitr-test-id',
+          name: 'pitr-test',
+          slug: 'pitr-test',
+          createdAt: '2025-03-04T13:48:59.76498+00:00',
+          subdomain: 'gnlivtcgjxctuujxpslj',
+          region: {
+            id: '1',
+            name: 'us-east-1',
+            __typename: 'regions',
+          },
+          deployments: [],
+          creator: {
+            id: 'creator-d-elek-id',
+            email: 'dbarrosop@dravetech.com',
+            displayName: 'David Elek',
+            __typename: 'users',
+          },
+          appStates: [
+            {
+              id: 'fc344bc6-1c59-447a-813f-e0f65754b0e0',
+              appId: 'pitr-test-id',
+              message:
+                'failed to deploy application to kubernetes: failed to deploy application: failed to check rollout status: error running kubectl: exit status 1',
+              stateId: 8,
+              createdAt: '2025-03-11T15:34:41.25304+00:00',
+              __typename: 'appStateHistory',
+            },
+          ],
+          __typename: 'apps',
+        },
+        {
+          id: 'pitr14-id',
+          name: 'pitr14',
+          slug: 'pitr14',
+          createdAt: '2025-02-25T08:55:22.82937+00:00',
+          subdomain: 'jqumebxpocjytrhevonb',
+          region: {
+            id: '1',
+            name: 'us-east-1',
+            __typename: 'regions',
+          },
+          deployments: [],
+          creator: {
+            id: 'creator-d-elek-id',
+            email: 'david@elek.com',
+            displayName: 'David Elek',
+            __typename: 'users',
+          },
+          appStates: [
+            {
+              id: '04bc2db3-a948-48fb-b674-7a8a0133dd2b',
+              appId: 'pitr14-id',
+              message: '',
+              stateId: 5,
+              createdAt: '2025-03-11T20:47:03.102948+00:00',
+              __typename: 'appStateHistory',
+            },
+          ],
+          __typename: 'apps',
+        },
+      ],
+    },
+  }),
 );

-export const getEmptyProjectsQuery = nhostGraphQLLink.query(
-  'getProjects',
-  (_req, res, ctx) =>
-    res(
-      ctx.data({
-        apps: [],
-      }),
-    ),
+export const getEmptyProjectsQuery = nhostGraphQLLink.query('getProjects', () =>
+  HttpResponse.json({
+    data: {
+      apps: [],
+    },
+  }),
 );
--- a/dashboard/src/tests/msw/mocks/graphql/organizationRequests.ts
+++ b/dashboard/src/tests/msw/mocks/graphql/organizationRequests.ts
@@ -1,15 +1,16 @@
+import { HttpResponse } from 'msw';
 import nhostGraphQLLink from './nhostGraphQLLink';

 export const organizationMemberInvites = nhostGraphQLLink.query(
  'organizationMemberInvites',
-  (_req, res, ctx) => res(ctx.data({ organizationMemberInvites: [] })),
+  () => HttpResponse.json({ data: { organizationMemberInvites: [] } }),
 );

 export const organizationNewRequests = nhostGraphQLLink.query(
  'organizationNewRequests',
-  (_req, res, ctx) =>
-    res(
-      ctx.data({
+  () =>
+    HttpResponse.json({
+      data: {
        organizationNewRequests: [
          {
            id: 'org-request-id-1',
@@ -17,6 +18,6 @@ export const organizationNewRequests = nhostGraphQLLink.query(
            __typename: 'organization_new_request',
          },
        ],
-      }),
-    ),
+      },
+    }),
 );
--- a/dashboard/src/tests/msw/mocks/graphql/permissionVariablesQuery.ts
+++ b/dashboard/src/tests/msw/mocks/graphql/permissionVariablesQuery.ts
@@ -1,11 +1,11 @@
+import { HttpResponse } from 'msw';
 import nhostGraphQLLink from './nhostGraphQLLink';

 const permissionVariablesQuery = nhostGraphQLLink.query(
  'GetRolesPermissions',
-  (_req, res, ctx) =>
-    res(
-      ctx.delay(250),
-      ctx.data({
+  async () =>
+    HttpResponse.json({
+      data: {
        config: {
          auth: {
            user: {
@@ -32,8 +32,8 @@ const permissionVariablesQuery = nhostGraphQLLink.query(
            },
          },
        },
-      }),
-    ),
+      },
+    }),
 );

 export default permissionVariablesQuery;
--- a/dashboard/src/tests/msw/mocks/graphql/plansQuery.ts
+++ b/dashboard/src/tests/msw/mocks/graphql/plansQuery.ts
@@ -1,50 +1,46 @@
+import { HttpResponse } from 'msw';
 import nhostGraphQLLink from './nhostGraphQLLink';
-
 /**
 * Use this handler to simulate a query that returns only the Pro plan.
 */
-export const getProPlanOnlyQuery = nhostGraphQLLink.query(
-  'GetPlans',
-  (_req, res, ctx) =>
-    res(
-      ctx.data({
-        plans: [
-          {
-            __typename: 'plans',
-            id: 'dc5e805e-1bef-4d43-809e-9fdf865e211a',
-            name: 'Pro',
-            price: 25,
-            isFree: false,
-          },
-        ],
-      }),
-    ),
+export const getProPlanOnlyQuery = nhostGraphQLLink.query('GetPlans', () =>
+  HttpResponse.json({
+    data: {
+      plans: [
+        {
+          __typename: 'plans',
+          id: 'dc5e805e-1bef-4d43-809e-9fdf865e211a',
+          name: 'Pro',
+          price: 25,
+          isFree: false,
+        },
+      ],
+    },
+  }),
 );

 /**
 * Use this handler to simulate a query that returns all the available plans.
 */
-export const getAllPlansQuery = nhostGraphQLLink.query(
-  'GetPlans',
-  (_req, res, ctx) =>
-    res(
-      ctx.data({
-        plans: [
-          {
-            __typename: 'plans',
-            id: '00000000-0000-0000-0000-000000000000',
-            name: 'Starter',
-            price: 0,
-            isFree: true,
-          },
-          {
-            __typename: 'plans',
-            id: '00000000-0000-0000-0000-000000000001',
-            name: 'Pro',
-            price: 25,
-            isFree: false,
-          },
-        ],
-      }),
-    ),
+export const getAllPlansQuery = nhostGraphQLLink.query('GetPlans', () =>
+  HttpResponse.json({
+    data: {
+      plans: [
+        {
+          __typename: 'plans',
+          id: '00000000-0000-0000-0000-000000000000',
+          name: 'Starter',
+          price: 0,
+          isFree: true,
+        },
+        {
+          __typename: 'plans',
+          id: '00000000-0000-0000-0000-000000000001',
+          name: 'Pro',
+          price: 25,
+          isFree: false,
+        },
+      ],
+    },
+  }),
 );
--- a/dashboard/src/tests/msw/mocks/graphql/prefetchNewAppQuery.ts
+++ b/dashboard/src/tests/msw/mocks/graphql/prefetchNewAppQuery.ts
@@ -1,10 +1,11 @@
+import { HttpResponse } from 'msw';
 import nhostGraphQLLink from './nhostGraphQLLink';

 export const prefetchNewAppQuery = nhostGraphQLLink.query(
  'PrefetchNewApp',
-  (_req, res, ctx) =>
-    res(
-      ctx.data({
+  () =>
+    HttpResponse.json({
+      data: {
        regions: [
          {
            id: 'dd6f8e01-35a9-4ba6-8dc6-ed972f2db93c',
@@ -67,6 +68,6 @@ export const prefetchNewAppQuery = nhostGraphQLLink.query(
            __typename: 'plans',
          },
        ],
-      }),
-    ),
+      },
+    }),
 );
--- a/dashboard/src/tests/msw/mocks/graphql/resourceSettingsQuery.ts
+++ b/dashboard/src/tests/msw/mocks/graphql/resourceSettingsQuery.ts
@@ -1,13 +1,13 @@
+import { HttpResponse } from 'msw';
 import nhostGraphQLLink from './nhostGraphQLLink';
-
 /**
 * Use this handler to simulate the initial state of the allocated resources.
 */
 export const resourcesUnavailableQuery = nhostGraphQLLink.query(
  'GetResources',
-  (_req, res, ctx) =>
-    res(
-      ctx.data({
+  () =>
+    HttpResponse.json({
+      data: {
        config: {
          __typename: 'ConfigConfig',
          postgres: {
@@ -23,8 +23,8 @@ export const resourcesUnavailableQuery = nhostGraphQLLink.query(
            resources: null,
          },
        },
-      }),
-    ),
+      },
+    }),
 );

 /**
@@ -32,9 +32,9 @@ export const resourcesUnavailableQuery = nhostGraphQLLink.query(
 */
 export const resourcesAvailableQuery = nhostGraphQLLink.query(
  'GetResources',
-  (_req, res, ctx) =>
-    res(
-      ctx.data({
+  () =>
+    HttpResponse.json({
+      data: {
        config: {
          __typename: 'ConfigConfig',
          postgres: {
@@ -86,8 +86,8 @@ export const resourcesAvailableQuery = nhostGraphQLLink.query(
            },
          },
        },
-      }),
-    ),
+      },
+    }),
 );

 /**
@@ -95,9 +95,9 @@ export const resourcesAvailableQuery = nhostGraphQLLink.query(
 */
 export const resourcesUpdatedQuery = nhostGraphQLLink.query(
  'GetResources',
-  (_req, res, ctx) =>
-    res(
-      ctx.data({
+  () =>
+    HttpResponse.json({
+      data: {
        config: {
          __typename: 'ConfigConfig',
          postgres: {
@@ -137,6 +137,6 @@ export const resourcesUpdatedQuery = nhostGraphQLLink.query(
            },
          },
        },
-      }),
-    ),
+      },
+    }),
 );
--- a/dashboard/src/tests/msw/mocks/graphql/updateConfigMutation.ts
+++ b/dashboard/src/tests/msw/mocks/graphql/updateConfigMutation.ts
@@ -1,11 +1,12 @@
+import { HttpResponse } from 'msw';
 import nhostGraphQLLink from './nhostGraphQLLink';

-export default nhostGraphQLLink.mutation('UpdateConfig', (req, res, ctx) =>
-  res(
-    ctx.data({
+export default nhostGraphQLLink.mutation('UpdateConfig', () =>
+  HttpResponse.json({
+    data: {
      updateConfig: {
        id: 'ConfigConfig',
      },
-    }),
-  ),
+    },
+  }),
 );
--- a/dashboard/src/tests/msw/mocks/rest/hasuraMetadataQuery.ts
+++ b/dashboard/src/tests/msw/mocks/rest/hasuraMetadataQuery.ts
@@ -1,419 +1,415 @@
-import { rest } from 'msw';
+import { delay, http, HttpResponse } from 'msw';

-const hasuraMetadataQuery = rest.post(
+const hasuraMetadataQuery = http.post(
  'https://local.hasura.local.nhost.run/v1/metadata',
-  (_req, res, ctx) =>
-    res(
-      ctx.delay(250),
-      ctx.json({
-        metadata: {
-          version: 3,
-          sources: [
-            {
-              name: 'default',
-              kind: 'postgres',
-              tables: [
-                {
-                  table: { name: 'authors', schema: 'public' },
-                  array_relationships: [
-                    {
-                      name: 'books',
-                      using: {
-                        foreign_key_constraint_on: {
-                          column: 'author_id',
-                          table: { name: 'books', schema: 'public' },
-                        },
+  async () => {
+    await delay(250);
+
+    return HttpResponse.json({
+      metadata: {
+        version: 3,
+        sources: [
+          {
+            name: 'default',
+            kind: 'postgres',
+            tables: [
+              {
+                table: { name: 'authors', schema: 'public' },
+                array_relationships: [
+                  {
+                    name: 'books',
+                    using: {
+                      foreign_key_constraint_on: {
+                        column: 'author_id',
+                        table: { name: 'books', schema: 'public' },
                      },
                    },
-                  ],
-                },
-                {
-                  table: { name: 'books', schema: 'public' },
-                  object_relationships: [
-                    {
-                      name: 'author',
-                      using: { foreign_key_constraint_on: 'author_id' },
-                    },
-                  ],
-                },
-              ],
-              configuration: {
-                connection_info: {
-                  database_url: { from_env: 'HASURA_GRAPHQL_DATABASE_URL' },
-                  isolation_level: 'read-committed',
-                  pool_settings: {
-                    connection_lifetime: 600,
-                    idle_timeout: 180,
-                    max_connections: 50,
-                    retries: 1,
                  },
-                  use_prepared_statements: true,
+                ],
+              },
+              {
+                table: { name: 'books', schema: 'public' },
+                object_relationships: [
+                  {
+                    name: 'author',
+                    using: { foreign_key_constraint_on: 'author_id' },
+                  },
+                ],
+              },
+            ],
+            configuration: {
+              connection_info: {
+                database_url: { from_env: 'HASURA_GRAPHQL_DATABASE_URL' },
+                isolation_level: 'read-committed',
+                pool_settings: {
+                  connection_lifetime: 600,
+                  idle_timeout: 180,
+                  max_connections: 50,
+                  retries: 1,
                },
+                use_prepared_statements: true,
              },
            },
-          ],
-        },
-        resource_version: 10,
-      }),
-    ),
+          },
+        ],
+      },
+      resource_version: 10,
+    });
+  },
 );

-export const hasuraRelationShipsMetadataQuery = rest.post(
+export const hasuraRelationShipsMetadataQuery = http.post(
  'https://local.hasura.local.nhost.run/v1/metadata',
-  (_req, res, ctx) =>
-    res(
-      ctx.json({
-        resource_version: 26,
-        metadata: {
-          version: 3,
-          sources: [
-            {
-              name: 'default',
-              kind: 'postgres',
-              tables: [
-                {
-                  table: {
-                    name: 'country',
-                    schema: 'public',
-                  },
-                  array_relationships: [
-                    {
-                      name: 'county',
-                      using: {
-                        foreign_key_constraint_on: {
-                          column: 'countryId',
-                          table: {
-                            name: 'county',
-                            schema: 'public',
-                          },
-                        },
-                      },
-                    },
-                  ],
+  () =>
+    HttpResponse.json({
+      resource_version: 26,
+      metadata: {
+        version: 3,
+        sources: [
+          {
+            name: 'default',
+            kind: 'postgres',
+            tables: [
+              {
+                table: {
+                  name: 'country',
+                  schema: 'public',
                },
-                {
-                  table: {
+                array_relationships: [
+                  {
                    name: 'county',
-                    schema: 'public',
-                  },
-                  object_relationships: [
-                    {
-                      name: 'country',
-                      using: {
-                        foreign_key_constraint_on: 'countryId',
-                      },
-                    },
-                  ],
-                  array_relationships: [
-                    {
-                      name: 'town',
-                      using: {
-                        foreign_key_constraint_on: {
-                          column: 'countyId',
-                          table: {
-                            name: 'town',
-                            schema: 'public',
-                          },
+                    using: {
+                      foreign_key_constraint_on: {
+                        column: 'countryId',
+                        table: {
+                          name: 'county',
+                          schema: 'public',
                        },
                      },
                    },
-                  ],
-                },
-                {
-                  table: {
-                    name: 'town',
-                    schema: 'public',
                  },
-                  object_relationships: [
-                    {
-                      name: 'county',
-                      using: {
-                        foreign_key_constraint_on: 'countyId',
+                ],
+              },
+              {
+                table: {
+                  name: 'county',
+                  schema: 'public',
+                },
+                object_relationships: [
+                  {
+                    name: 'country',
+                    using: {
+                      foreign_key_constraint_on: 'countryId',
+                    },
+                  },
+                ],
+                array_relationships: [
+                  {
+                    name: 'town',
+                    using: {
+                      foreign_key_constraint_on: {
+                        column: 'countyId',
+                        table: {
+                          name: 'town',
+                          schema: 'public',
+                        },
                      },
                    },
-                  ],
-                },
-              ],
-              configuration: {
-                connection_info: {
-                  database_url: {
-                    from_env: 'HASURA_GRAPHQL_DATABASE_URL',
                  },
-                  isolation_level: 'read-committed',
-                  pool_settings: {
-                    connection_lifetime: 600,
-                    idle_timeout: 180,
-                    max_connections: 50,
-                    retries: 1,
-                  },
-                  use_prepared_statements: true,
+                ],
+              },
+              {
+                table: {
+                  name: 'town',
+                  schema: 'public',
                },
+                object_relationships: [
+                  {
+                    name: 'county',
+                    using: {
+                      foreign_key_constraint_on: 'countyId',
+                    },
+                  },
+                ],
+              },
+            ],
+            configuration: {
+              connection_info: {
+                database_url: {
+                  from_env: 'HASURA_GRAPHQL_DATABASE_URL',
+                },
+                isolation_level: 'read-committed',
+                pool_settings: {
+                  connection_lifetime: 600,
+                  idle_timeout: 180,
+                  max_connections: 50,
+                  retries: 1,
+                },
+                use_prepared_statements: true,
              },
            },
-          ],
-        },
-      }),
-    ),
+          },
+        ],
+      },
+    }),
 );

-export const hasuraColumnMetadataQuery = rest.post(
+export const hasuraColumnMetadataQuery = http.post(
  'https://local.hasura.local.nhost.run/v1/metadata',
-  (_req, res, ctx) =>
-    res(
-      ctx.json({
-        resource_version: 389,
-        metadata: {
-          version: 3,
-          sources: [
-            {
-              name: 'default',
-              kind: 'postgres',
-              tables: [
-                {
-                  table: {
-                    name: 'actor',
-                    schema: 'public',
-                  },
-                  object_relationships: [
-                    {
-                      name: 'actor_movie',
-                      using: {
-                        foreign_key_constraint_on: {
-                          column: 'actor_id',
-                          table: {
-                            name: 'actor_movie',
-                            schema: 'public',
-                          },
-                        },
-                      },
-                    },
-                  ],
+  () =>
+    HttpResponse.json({
+      resource_version: 389,
+      metadata: {
+        version: 3,
+        sources: [
+          {
+            name: 'default',
+            kind: 'postgres',
+            tables: [
+              {
+                table: {
+                  name: 'actor',
+                  schema: 'public',
                },
-                {
-                  table: {
+                object_relationships: [
+                  {
                    name: 'actor_movie',
-                    schema: 'public',
-                  },
-                  object_relationships: [
-                    {
-                      name: 'actor',
-                      using: {
-                        foreign_key_constraint_on: 'actor_id',
-                      },
-                    },
-                    {
-                      name: 'movie',
-                      using: {
-                        foreign_key_constraint_on: 'movie_id',
-                      },
-                    },
-                  ],
-                },
-                {
-                  table: {
-                    name: 'director',
-                    schema: 'public',
-                  },
-                  array_relationships: [
-                    {
-                      name: 'movies',
-                      using: {
-                        foreign_key_constraint_on: {
-                          column: 'director_id',
-                          table: {
-                            name: 'movies',
-                            schema: 'public',
-                          },
+                    using: {
+                      foreign_key_constraint_on: {
+                        column: 'actor_id',
+                        table: {
+                          name: 'actor_movie',
+                          schema: 'public',
                        },
                      },
                    },
-                  ],
+                  },
+                ],
+              },
+              {
+                table: {
+                  name: 'actor_movie',
+                  schema: 'public',
                },
-                {
-                  table: {
+                object_relationships: [
+                  {
+                    name: 'actor',
+                    using: {
+                      foreign_key_constraint_on: 'actor_id',
+                    },
+                  },
+                  {
+                    name: 'movie',
+                    using: {
+                      foreign_key_constraint_on: 'movie_id',
+                    },
+                  },
+                ],
+              },
+              {
+                table: {
+                  name: 'director',
+                  schema: 'public',
+                },
+                array_relationships: [
+                  {
                    name: 'movies',
-                    schema: 'public',
-                  },
-                  object_relationships: [
-                    {
-                      name: 'author',
-                      using: {
-                        foreign_key_constraint_on: 'director_id',
-                      },
-                    },
-                  ],
-                  array_relationships: [
-                    {
-                      name: 'actor_movie',
-                      using: {
-                        foreign_key_constraint_on: {
-                          column: 'movie_id',
-                          table: {
-                            name: 'actor_movie',
-                            schema: 'public',
-                          },
+                    using: {
+                      foreign_key_constraint_on: {
+                        column: 'director_id',
+                        table: {
+                          name: 'movies',
+                          schema: 'public',
                        },
                      },
                    },
-                  ],
+                  },
+                ],
+              },
+              {
+                table: {
+                  name: 'movies',
+                  schema: 'public',
                },
-                {
-                  table: {
-                    name: 'notes',
-                    schema: 'public',
+                object_relationships: [
+                  {
+                    name: 'author',
+                    using: {
+                      foreign_key_constraint_on: 'director_id',
+                    },
                  },
-                  object_relationships: [
-                    {
-                      name: 'user',
-                      using: {
-                        foreign_key_constraint_on: 'owner',
-                      },
-                    },
-                  ],
-                  insert_permissions: [
-                    {
-                      role: 'user',
-                      permission: {
-                        check: {
-                          owner: {
-                            _eq: 'X-Hasura-User-Id',
-                          },
-                        },
-                        columns: ['id', 'note', 'owner'],
-                      },
-                    },
-                  ],
-                  select_permissions: [
-                    {
-                      role: 'user',
-                      permission: {
-                        columns: ['id', 'note'],
-                        filter: {
-                          owner: {
-                            _eq: 'X-Hasura-User-Id',
-                          },
+                ],
+                array_relationships: [
+                  {
+                    name: 'actor_movie',
+                    using: {
+                      foreign_key_constraint_on: {
+                        column: 'movie_id',
+                        table: {
+                          name: 'actor_movie',
+                          schema: 'public',
                        },
                      },
                    },
-                  ],
-                  update_permissions: [
-                    {
-                      role: 'user',
-                      permission: {
-                        columns: ['note'],
-                        filter: {
-                          owner: {
-                            _eq: 'X-Hasura-User-Id',
-                          },
-                        },
-                        check: null,
-                      },
-                    },
-                  ],
-                  delete_permissions: [
-                    {
-                      role: 'user',
-                      permission: {
-                        filter: {
-                          id: {
-                            _eq: 'X-Hasura-User-Id',
-                          },
-                        },
-                      },
-                    },
-                  ],
+                  },
+                ],
+              },
+              {
+                table: {
+                  name: 'notes',
+                  schema: 'public',
                },
-                {
-                  table: {
-                    name: 'buckets',
-                    schema: 'storage',
-                  },
-                  configuration: {
-                    column_config: {
-                      cache_control: {
-                        custom_name: 'cacheControl',
-                      },
-                      created_at: {
-                        custom_name: 'createdAt',
-                      },
-                      download_expiration: {
-                        custom_name: 'downloadExpiration',
-                      },
-                      id: {
-                        custom_name: 'id',
-                      },
-                      max_upload_file_size: {
-                        custom_name: 'maxUploadFileSize',
-                      },
-                      min_upload_file_size: {
-                        custom_name: 'minUploadFileSize',
-                      },
-                      presigned_urls_enabled: {
-                        custom_name: 'presignedUrlsEnabled',
-                      },
-                      updated_at: {
-                        custom_name: 'updatedAt',
-                      },
-                    },
-                    custom_column_names: {
-                      cache_control: 'cacheControl',
-                      created_at: 'createdAt',
-                      download_expiration: 'downloadExpiration',
-                      id: 'id',
-                      max_upload_file_size: 'maxUploadFileSize',
-                      min_upload_file_size: 'minUploadFileSize',
-                      presigned_urls_enabled: 'presignedUrlsEnabled',
-                      updated_at: 'updatedAt',
-                    },
-                    custom_name: 'buckets',
-                    custom_root_fields: {
-                      delete: 'deleteBuckets',
-                      delete_by_pk: 'deleteBucket',
-                      insert: 'insertBuckets',
-                      insert_one: 'insertBucket',
-                      select: 'buckets',
-                      select_aggregate: 'bucketsAggregate',
-                      select_by_pk: 'bucket',
-                      update: 'updateBuckets',
-                      update_by_pk: 'updateBucket',
+                object_relationships: [
+                  {
+                    name: 'user',
+                    using: {
+                      foreign_key_constraint_on: 'owner',
                    },
                  },
-                  array_relationships: [
-                    {
-                      name: 'files',
-                      using: {
-                        foreign_key_constraint_on: {
-                          column: 'bucket_id',
-                          table: {
-                            name: 'files',
-                            schema: 'storage',
-                          },
+                ],
+                insert_permissions: [
+                  {
+                    role: 'user',
+                    permission: {
+                      check: {
+                        owner: {
+                          _eq: 'X-Hasura-User-Id',
+                        },
+                      },
+                      columns: ['id', 'note', 'owner'],
+                    },
+                  },
+                ],
+                select_permissions: [
+                  {
+                    role: 'user',
+                    permission: {
+                      columns: ['id', 'note'],
+                      filter: {
+                        owner: {
+                          _eq: 'X-Hasura-User-Id',
                        },
                      },
                    },
-                  ],
-                },
-              ],
-              configuration: {
-                connection_info: {
-                  database_url: {
-                    from_env: 'HASURA_GRAPHQL_DATABASE_URL',
                  },
-                  isolation_level: 'read-committed',
-                  pool_settings: {
-                    connection_lifetime: 600,
-                    idle_timeout: 180,
-                    max_connections: 50,
-                    retries: 1,
+                ],
+                update_permissions: [
+                  {
+                    role: 'user',
+                    permission: {
+                      columns: ['note'],
+                      filter: {
+                        owner: {
+                          _eq: 'X-Hasura-User-Id',
+                        },
+                      },
+                      check: null,
+                    },
                  },
-                  use_prepared_statements: true,
+                ],
+                delete_permissions: [
+                  {
+                    role: 'user',
+                    permission: {
+                      filter: {
+                        id: {
+                          _eq: 'X-Hasura-User-Id',
+                        },
+                      },
+                    },
+                  },
+                ],
+              },
+              {
+                table: {
+                  name: 'buckets',
+                  schema: 'storage',
                },
+                configuration: {
+                  column_config: {
+                    cache_control: {
+                      custom_name: 'cacheControl',
+                    },
+                    created_at: {
+                      custom_name: 'createdAt',
+                    },
+                    download_expiration: {
+                      custom_name: 'downloadExpiration',
+                    },
+                    id: {
+                      custom_name: 'id',
+                    },
+                    max_upload_file_size: {
+                      custom_name: 'maxUploadFileSize',
+                    },
+                    min_upload_file_size: {
+                      custom_name: 'minUploadFileSize',
+                    },
+                    presigned_urls_enabled: {
+                      custom_name: 'presignedUrlsEnabled',
+                    },
+                    updated_at: {
+                      custom_name: 'updatedAt',
+                    },
+                  },
+                  custom_column_names: {
+                    cache_control: 'cacheControl',
+                    created_at: 'createdAt',
+                    download_expiration: 'downloadExpiration',
+                    id: 'id',
+                    max_upload_file_size: 'maxUploadFileSize',
+                    min_upload_file_size: 'minUploadFileSize',
+                    presigned_urls_enabled: 'presignedUrlsEnabled',
+                    updated_at: 'updatedAt',
+                  },
+                  custom_name: 'buckets',
+                  custom_root_fields: {
+                    delete: 'deleteBuckets',
+                    delete_by_pk: 'deleteBucket',
+                    insert: 'insertBuckets',
+                    insert_one: 'insertBucket',
+                    select: 'buckets',
+                    select_aggregate: 'bucketsAggregate',
+                    select_by_pk: 'bucket',
+                    update: 'updateBuckets',
+                    update_by_pk: 'updateBucket',
+                  },
+                },
+                array_relationships: [
+                  {
+                    name: 'files',
+                    using: {
+                      foreign_key_constraint_on: {
+                        column: 'bucket_id',
+                        table: {
+                          name: 'files',
+                          schema: 'storage',
+                        },
+                      },
+                    },
+                  },
+                ],
+              },
+            ],
+            configuration: {
+              connection_info: {
+                database_url: {
+                  from_env: 'HASURA_GRAPHQL_DATABASE_URL',
+                },
+                isolation_level: 'read-committed',
+                pool_settings: {
+                  connection_lifetime: 600,
+                  idle_timeout: 180,
+                  max_connections: 50,
+                  retries: 1,
+                },
+                use_prepared_statements: true,
              },
            },
-          ],
-        },
-      }),
-    ),
+          },
+        ],
+      },
+    }),
 );

 export default hasuraMetadataQuery;
--- a/dashboard/src/tests/msw/mocks/rest/tableQuery.ts
+++ b/dashboard/src/tests/msw/mocks/rest/tableQuery.ts
@@ -1,143 +1,23 @@
-import { rest } from 'msw';
+import { http, HttpResponse } from 'msw';

-const tableQuery = rest.post(
+const tableQuery = http.post(
  'https://local.hasura.local.nhost.run/v2/query',
-  async (req, res, ctx) => {
-    const body = await req.json();
-    if (/table_name = 'authors'/gim.exec(body.args[0].args.sql) !== null) {
-      return res(
-        ctx.delay(250),
-        ctx.json([
-          {
-            result_type: 'TuplesOk',
-            result: [
-              ['row_to_json'],
-              [
-                '{"table_catalog":"pqfgbylcwyuertjcrmgy","table_schema":"public","table_name":"authors","column_name":"id","ordinal_position":1,"column_default":"gen_random_uuid()","is_nullable":"NO","data_type":"uuid","character_maximum_length":null,"character_octet_length":null,"numeric_precision":null,"numeric_precision_radix":null,"numeric_scale":null,"datetime_precision":null,"interval_type":null,"interval_precision":null,"character_set_catalog":null,"character_set_schema":null,"character_set_name":null,"collation_catalog":null,"collation_schema":null,"collation_name":null,"domain_catalog":null,"domain_schema":null,"domain_name":null,"udt_catalog":"pqfgbylcwyuertjcrmgy","udt_schema":"pg_catalog","udt_name":"uuid","scope_catalog":null,"scope_schema":null,"scope_name":null,"maximum_cardinality":null,"dtd_identifier":"1","is_self_referencing":"NO","is_identity":"NO","identity_generation":null,"identity_start":null,"identity_increment":null,"identity_maximum":null,"identity_minimum":null,"identity_cycle":"NO","is_generated":"NEVER","generation_expression":null,"is_updatable":"YES","is_primary":true,"is_unique":true,"column_comment":null}',
-              ],
-              [
-                '{"table_catalog":"pqfgbylcwyuertjcrmgy","table_schema":"public","table_name":"authors","column_name":"name","ordinal_position":2,"column_default":null,"is_nullable":"NO","data_type":"text","character_maximum_length":null,"character_octet_length":1073741824,"numeric_precision":null,"numeric_precision_radix":null,"numeric_scale":null,"datetime_precision":null,"interval_type":null,"interval_precision":null,"character_set_catalog":null,"character_set_schema":null,"character_set_name":null,"collation_catalog":null,"collation_schema":null,"collation_name":null,"domain_catalog":null,"domain_schema":null,"domain_name":null,"udt_catalog":"pqfgbylcwyuertjcrmgy","udt_schema":"pg_catalog","udt_name":"text","scope_catalog":null,"scope_schema":null,"scope_name":null,"maximum_cardinality":null,"dtd_identifier":"2","is_self_referencing":"NO","is_identity":"NO","identity_generation":null,"identity_start":null,"identity_increment":null,"identity_maximum":null,"identity_minimum":null,"identity_cycle":"NO","is_generated":"NEVER","generation_expression":null,"is_updatable":"YES","is_primary":false,"is_unique":false,"column_comment":null}',
-              ],
-              [
-                '{"table_catalog":"pqfgbylcwyuertjcrmgy","table_schema":"public","table_name":"authors","column_name":"birth_date","ordinal_position":3,"column_default":null,"is_nullable":"NO","data_type":"timestamp without time zone","character_maximum_length":null,"character_octet_length":null,"numeric_precision":null,"numeric_precision_radix":null,"numeric_scale":null,"datetime_precision":6,"interval_type":null,"interval_precision":null,"character_set_catalog":null,"character_set_schema":null,"character_set_name":null,"collation_catalog":null,"collation_schema":null,"collation_name":null,"domain_catalog":null,"domain_schema":null,"domain_name":null,"udt_catalog":"pqfgbylcwyuertjcrmgy","udt_schema":"pg_catalog","udt_name":"timestamp","scope_catalog":null,"scope_schema":null,"scope_name":null,"maximum_cardinality":null,"dtd_identifier":"3","is_self_referencing":"NO","is_identity":"NO","identity_generation":null,"identity_start":null,"identity_increment":null,"identity_maximum":null,"identity_minimum":null,"identity_cycle":"NO","is_generated":"NEVER","generation_expression":null,"is_updatable":"YES","is_primary":false,"is_unique":false,"column_comment":null}',
-              ],
-            ],
-          },
-          { result_type: 'TuplesOk', result: [['row_to_json']] },
-          {
-            result_type: 'TuplesOk',
-            result: [
-              ['row_to_json'],
-              [
-                '{"constraint_name":"authors_pkey","constraint_type":"p","constraint_definition":"PRIMARY KEY (id)","column_name":"id"}',
-              ],
-            ],
-          },
-          { result_type: 'TuplesOk', result: [['count'], ['0']] },
-        ]),
-      );
-    }
-
-    if (/table_name = 'town'/gim.exec(body.args[0].args.sql) !== null) {
-      return res(
-        ctx.json([
-          {
-            result_type: 'TuplesOk',
-            result: [
-              ['row_to_json'],
-              [
-                '{"table_catalog":"local","table_schema":"public","table_name":"town","column_name":"id","ordinal_position":1,"column_default":"gen_random_uuid()","is_nullable":"NO","data_type":"uuid","character_maximum_length":null,"character_octet_length":null,"numeric_precision":null,"numeric_precision_radix":null,"numeric_scale":null,"datetime_precision":null,"interval_type":null,"interval_precision":null,"character_set_catalog":null,"character_set_schema":null,"character_set_name":null,"collation_catalog":null,"collation_schema":null,"collation_name":null,"domain_catalog":null,"domain_schema":null,"domain_name":null,"udt_catalog":"local","udt_schema":"pg_catalog","udt_name":"uuid","scope_catalog":null,"scope_schema":null,"scope_name":null,"maximum_cardinality":null,"dtd_identifier":"1","is_self_referencing":"NO","is_identity":"NO","identity_generation":null,"identity_start":null,"identity_increment":null,"identity_maximum":null,"identity_minimum":null,"identity_cycle":"NO","is_generated":"NEVER","generation_expression":null,"is_updatable":"YES","full_data_type":"uuid","is_primary":true,"is_unique":true,"column_comment":null}',
-              ],
-              [
-                '{"table_catalog":"local","table_schema":"public","table_name":"town","column_name":"name","ordinal_position":2,"column_default":null,"is_nullable":"NO","data_type":"text","character_maximum_length":null,"character_octet_length":1073741824,"numeric_precision":null,"numeric_precision_radix":null,"numeric_scale":null,"datetime_precision":null,"interval_type":null,"interval_precision":null,"character_set_catalog":null,"character_set_schema":null,"character_set_name":null,"collation_catalog":null,"collation_schema":null,"collation_name":null,"domain_catalog":null,"domain_schema":null,"domain_name":null,"udt_catalog":"local","udt_schema":"pg_catalog","udt_name":"text","scope_catalog":null,"scope_schema":null,"scope_name":null,"maximum_cardinality":null,"dtd_identifier":"2","is_self_referencing":"NO","is_identity":"NO","identity_generation":null,"identity_start":null,"identity_increment":null,"identity_maximum":null,"identity_minimum":null,"identity_cycle":"NO","is_generated":"NEVER","generation_expression":null,"is_updatable":"YES","full_data_type":"text","is_primary":false,"is_unique":false,"column_comment":null}',
-              ],
-              [
-                '{"table_catalog":"local","table_schema":"public","table_name":"town","column_name":"countyId","ordinal_position":3,"column_default":null,"is_nullable":"NO","data_type":"uuid","character_maximum_length":null,"character_octet_length":null,"numeric_precision":null,"numeric_precision_radix":null,"numeric_scale":null,"datetime_precision":null,"interval_type":null,"interval_precision":null,"character_set_catalog":null,"character_set_schema":null,"character_set_name":null,"collation_catalog":null,"collation_schema":null,"collation_name":null,"domain_catalog":null,"domain_schema":null,"domain_name":null,"udt_catalog":"local","udt_schema":"pg_catalog","udt_name":"uuid","scope_catalog":null,"scope_schema":null,"scope_name":null,"maximum_cardinality":null,"dtd_identifier":"3","is_self_referencing":"NO","is_identity":"NO","identity_generation":null,"identity_start":null,"identity_increment":null,"identity_maximum":null,"identity_minimum":null,"identity_cycle":"NO","is_generated":"NEVER","generation_expression":null,"is_updatable":"YES","full_data_type":"uuid","is_primary":false,"is_unique":false,"column_comment":null}',
-              ],
-            ],
-          },
-          {
-            result_type: 'TuplesOk',
-            result: [['row_to_json']],
-          },
-          {
-            result_type: 'TuplesOk',
-            result: [
-              ['row_to_json'],
-              [
-                '{"constraint_name":"town_countyId_fkey","constraint_type":"f","constraint_definition":"FOREIGN KEY (\\"countyId\\") REFERENCES county(id) ON UPDATE RESTRICT ON DELETE RESTRICT","column_name":"countyId"}',
-              ],
-              [
-                '{"constraint_name":"town_pkey","constraint_type":"p","constraint_definition":"PRIMARY KEY (id)","column_name":"id"}',
-              ],
-            ],
-          },
-          {
-            result_type: 'TuplesOk',
-            result: [['count'], ['0']],
-          },
-        ]),
-      );
-    }
-
-    if (/table_name = 'actor'/gim.exec(body.args[0].args.sql) !== null) {
-      return res(
-        ctx.json([
-          {
-            result_type: 'TuplesOk',
-            result: [
-              ['row_to_json'],
-              [
-                '{"table_catalog":"klkudrtrpapfrseiidkp","table_schema":"public","table_name":"actor","column_name":"id","ordinal_position":1,"column_default":"gen_random_uuid()","is_nullable":"NO","data_type":"uuid","character_maximum_length":null,"character_octet_length":null,"numeric_precision":null,"numeric_precision_radix":null,"numeric_scale":null,"datetime_precision":null,"interval_type":null,"interval_precision":null,"character_set_catalog":null,"character_set_schema":null,"character_set_name":null,"collation_catalog":null,"collation_schema":null,"collation_name":null,"domain_catalog":null,"domain_schema":null,"domain_name":null,"udt_catalog":"klkudrtrpapfrseiidkp","udt_schema":"pg_catalog","udt_name":"uuid","scope_catalog":null,"scope_schema":null,"scope_name":null,"maximum_cardinality":null,"dtd_identifier":"1","is_self_referencing":"NO","is_identity":"NO","identity_generation":null,"identity_start":null,"identity_increment":null,"identity_maximum":null,"identity_minimum":null,"identity_cycle":"NO","is_generated":"NEVER","generation_expression":null,"is_updatable":"YES","full_data_type":"uuid","is_primary":true,"is_unique":true,"column_comment":null}',
-              ],
-              [
-                '{"table_catalog":"klkudrtrpapfrseiidkp","table_schema":"public","table_name":"actor","column_name":"name","ordinal_position":2,"column_default":null,"is_nullable":"NO","data_type":"text","character_maximum_length":null,"character_octet_length":1073741824,"numeric_precision":null,"numeric_precision_radix":null,"numeric_scale":null,"datetime_precision":null,"interval_type":null,"interval_precision":null,"character_set_catalog":null,"character_set_schema":null,"character_set_name":null,"collation_catalog":null,"collation_schema":null,"collation_name":null,"domain_catalog":null,"domain_schema":null,"domain_name":null,"udt_catalog":"klkudrtrpapfrseiidkp","udt_schema":"pg_catalog","udt_name":"text","scope_catalog":null,"scope_schema":null,"scope_name":null,"maximum_cardinality":null,"dtd_identifier":"2","is_self_referencing":"NO","is_identity":"NO","identity_generation":null,"identity_start":null,"identity_increment":null,"identity_maximum":null,"identity_minimum":null,"identity_cycle":"NO","is_generated":"NEVER","generation_expression":null,"is_updatable":"YES","full_data_type":"text","is_primary":false,"is_unique":false,"column_comment":null}',
-              ],
-            ],
-          },
-          {
-            result_type: 'TuplesOk',
-            result: [
-              ['row_to_json'],
-              ['{"id":"1902e481-b080-4340-abe3-27b0a60973c6","name":"There"}'],
-              ['{"id":"a486b088-50e8-41d0-88b0-5bf9a3e7b5e7","name":"hello"}'],
-            ],
-          },
-          {
-            result_type: 'TuplesOk',
-            result: [
-              ['row_to_json'],
-              [
-                '{"constraint_name":"actor_pkey","constraint_type":"p","constraint_definition":"PRIMARY KEY (id)","column_name":"id"}',
-              ],
-            ],
-          },
-          {
-            result_type: 'TuplesOk',
-            result: [['count'], ['2']],
-          },
-        ]),
-      );
-    }
-
-    return res(
-      ctx.delay(250),
-      ctx.json([
+  async ({ request }) => {
+    const body = (await request.json()) as any;
+    if (/table_name = 'authors'/gim.exec(body?.args?.[0].args.sql) !== null) {
+      return HttpResponse.json([
        {
          result_type: 'TuplesOk',
          result: [
            ['row_to_json'],
            [
-              '{"table_catalog":"pqfgbylcwyuertjcrmgy","table_schema":"public","table_name":"books","column_name":"id","ordinal_position":1,"column_default":"gen_random_uuid()","is_nullable":"NO","data_type":"uuid","character_maximum_length":null,"character_octet_length":null,"numeric_precision":null,"numeric_precision_radix":null,"numeric_scale":null,"datetime_precision":null,"interval_type":null,"interval_precision":null,"character_set_catalog":null,"character_set_schema":null,"character_set_name":null,"collation_catalog":null,"collation_schema":null,"collation_name":null,"domain_catalog":null,"domain_schema":null,"domain_name":null,"udt_catalog":"pqfgbylcwyuertjcrmgy","udt_schema":"pg_catalog","udt_name":"uuid","scope_catalog":null,"scope_schema":null,"scope_name":null,"maximum_cardinality":null,"dtd_identifier":"1","is_self_referencing":"NO","is_identity":"NO","identity_generation":null,"identity_start":null,"identity_increment":null,"identity_maximum":null,"identity_minimum":null,"identity_cycle":"NO","is_generated":"NEVER","generation_expression":null,"is_updatable":"YES","is_primary":true,"is_unique":true,"column_comment":null}',
+              '{"table_catalog":"pqfgbylcwyuertjcrmgy","table_schema":"public","table_name":"authors","column_name":"id","ordinal_position":1,"column_default":"gen_random_uuid()","is_nullable":"NO","data_type":"uuid","character_maximum_length":null,"character_octet_length":null,"numeric_precision":null,"numeric_precision_radix":null,"numeric_scale":null,"datetime_precision":null,"interval_type":null,"interval_precision":null,"character_set_catalog":null,"character_set_schema":null,"character_set_name":null,"collation_catalog":null,"collation_schema":null,"collation_name":null,"domain_catalog":null,"domain_schema":null,"domain_name":null,"udt_catalog":"pqfgbylcwyuertjcrmgy","udt_schema":"pg_catalog","udt_name":"uuid","scope_catalog":null,"scope_schema":null,"scope_name":null,"maximum_cardinality":null,"dtd_identifier":"1","is_self_referencing":"NO","is_identity":"NO","identity_generation":null,"identity_start":null,"identity_increment":null,"identity_maximum":null,"identity_minimum":null,"identity_cycle":"NO","is_generated":"NEVER","generation_expression":null,"is_updatable":"YES","is_primary":true,"is_unique":true,"column_comment":null}',
            ],
            [
-              '{"table_catalog":"pqfgbylcwyuertjcrmgy","table_schema":"public","table_name":"books","column_name":"title","ordinal_position":2,"column_default":null,"is_nullable":"NO","data_type":"text","character_maximum_length":null,"character_octet_length":1073741824,"numeric_precision":null,"numeric_precision_radix":null,"numeric_scale":null,"datetime_precision":null,"interval_type":null,"interval_precision":null,"character_set_catalog":null,"character_set_schema":null,"character_set_name":null,"collation_catalog":null,"collation_schema":null,"collation_name":null,"domain_catalog":null,"domain_schema":null,"domain_name":null,"udt_catalog":"pqfgbylcwyuertjcrmgy","udt_schema":"pg_catalog","udt_name":"text","scope_catalog":null,"scope_schema":null,"scope_name":null,"maximum_cardinality":null,"dtd_identifier":"2","is_self_referencing":"NO","is_identity":"NO","identity_generation":null,"identity_start":null,"identity_increment":null,"identity_maximum":null,"identity_minimum":null,"identity_cycle":"NO","is_generated":"NEVER","generation_expression":null,"is_updatable":"YES","is_primary":false,"is_unique":false,"column_comment":null}',
+              '{"table_catalog":"pqfgbylcwyuertjcrmgy","table_schema":"public","table_name":"authors","column_name":"name","ordinal_position":2,"column_default":null,"is_nullable":"NO","data_type":"text","character_maximum_length":null,"character_octet_length":1073741824,"numeric_precision":null,"numeric_precision_radix":null,"numeric_scale":null,"datetime_precision":null,"interval_type":null,"interval_precision":null,"character_set_catalog":null,"character_set_schema":null,"character_set_name":null,"collation_catalog":null,"collation_schema":null,"collation_name":null,"domain_catalog":null,"domain_schema":null,"domain_name":null,"udt_catalog":"pqfgbylcwyuertjcrmgy","udt_schema":"pg_catalog","udt_name":"text","scope_catalog":null,"scope_schema":null,"scope_name":null,"maximum_cardinality":null,"dtd_identifier":"2","is_self_referencing":"NO","is_identity":"NO","identity_generation":null,"identity_start":null,"identity_increment":null,"identity_maximum":null,"identity_minimum":null,"identity_cycle":"NO","is_generated":"NEVER","generation_expression":null,"is_updatable":"YES","is_primary":false,"is_unique":false,"column_comment":null}',
            ],
            [
-              '{"table_catalog":"pqfgbylcwyuertjcrmgy","table_schema":"public","table_name":"books","column_name":"release_date","ordinal_position":3,"column_default":null,"is_nullable":"NO","data_type":"timestamp without time zone","character_maximum_length":null,"character_octet_length":null,"numeric_precision":null,"numeric_precision_radix":null,"numeric_scale":null,"datetime_precision":6,"interval_type":null,"interval_precision":null,"character_set_catalog":null,"character_set_schema":null,"character_set_name":null,"collation_catalog":null,"collation_schema":null,"collation_name":null,"domain_catalog":null,"domain_schema":null,"domain_name":null,"udt_catalog":"pqfgbylcwyuertjcrmgy","udt_schema":"pg_catalog","udt_name":"timestamp","scope_catalog":null,"scope_schema":null,"scope_name":null,"maximum_cardinality":null,"dtd_identifier":"3","is_self_referencing":"NO","is_identity":"NO","identity_generation":null,"identity_start":null,"identity_increment":null,"identity_maximum":null,"identity_minimum":null,"identity_cycle":"NO","is_generated":"NEVER","generation_expression":null,"is_updatable":"YES","is_primary":false,"is_unique":false,"column_comment":null}',
-            ],
-            [
-              '{"table_catalog":"pqfgbylcwyuertjcrmgy","table_schema":"public","table_name":"books","column_name":"author_id","ordinal_position":4,"column_default":null,"is_nullable":"NO","data_type":"uuid","character_maximum_length":null,"character_octet_length":null,"numeric_precision":null,"numeric_precision_radix":null,"numeric_scale":null,"datetime_precision":null,"interval_type":null,"interval_precision":null,"character_set_catalog":null,"character_set_schema":null,"character_set_name":null,"collation_catalog":null,"collation_schema":null,"collation_name":null,"domain_catalog":null,"domain_schema":null,"domain_name":null,"udt_catalog":"pqfgbylcwyuertjcrmgy","udt_schema":"pg_catalog","udt_name":"uuid","scope_catalog":null,"scope_schema":null,"scope_name":null,"maximum_cardinality":null,"dtd_identifier":"4","is_self_referencing":"NO","is_identity":"NO","identity_generation":null,"identity_start":null,"identity_increment":null,"identity_maximum":null,"identity_minimum":null,"identity_cycle":"NO","is_generated":"NEVER","generation_expression":null,"is_updatable":"YES","is_primary":false,"is_unique":false,"column_comment":null}',
+              '{"table_catalog":"pqfgbylcwyuertjcrmgy","table_schema":"public","table_name":"authors","column_name":"birth_date","ordinal_position":3,"column_default":null,"is_nullable":"NO","data_type":"timestamp without time zone","character_maximum_length":null,"character_octet_length":null,"numeric_precision":null,"numeric_precision_radix":null,"numeric_scale":null,"datetime_precision":6,"interval_type":null,"interval_precision":null,"character_set_catalog":null,"character_set_schema":null,"character_set_name":null,"collation_catalog":null,"collation_schema":null,"collation_name":null,"domain_catalog":null,"domain_schema":null,"domain_name":null,"udt_catalog":"pqfgbylcwyuertjcrmgy","udt_schema":"pg_catalog","udt_name":"timestamp","scope_catalog":null,"scope_schema":null,"scope_name":null,"maximum_cardinality":null,"dtd_identifier":"3","is_self_referencing":"NO","is_identity":"NO","identity_generation":null,"identity_start":null,"identity_increment":null,"identity_maximum":null,"identity_minimum":null,"identity_cycle":"NO","is_generated":"NEVER","generation_expression":null,"is_updatable":"YES","is_primary":false,"is_unique":false,"column_comment":null}',
            ],
          ],
        },
@@ -147,16 +27,126 @@ const tableQuery = rest.post(
          result: [
            ['row_to_json'],
            [
-              '{"constraint_name":"books_author_id_fkey","constraint_type":"f","constraint_definition":"FOREIGN KEY (author_id) REFERENCES authors(id) ON UPDATE RESTRICT ON DELETE RESTRICT","column_name":"author_id"}',
-            ],
-            [
-              '{"constraint_name":"books_pkey","constraint_type":"p","constraint_definition":"PRIMARY KEY (id)","column_name":"id"}',
+              '{"constraint_name":"authors_pkey","constraint_type":"p","constraint_definition":"PRIMARY KEY (id)","column_name":"id"}',
            ],
          ],
        },
        { result_type: 'TuplesOk', result: [['count'], ['0']] },
-      ]),
-    );
+      ]);
+    }
+
+    if (/table_name = 'town'/gim.exec(body.args[0].args.sql) !== null) {
+      return HttpResponse.json([
+        {
+          result_type: 'TuplesOk',
+          result: [
+            ['row_to_json'],
+            [
+              '{"table_catalog":"local","table_schema":"public","table_name":"town","column_name":"id","ordinal_position":1,"column_default":"gen_random_uuid()","is_nullable":"NO","data_type":"uuid","character_maximum_length":null,"character_octet_length":null,"numeric_precision":null,"numeric_precision_radix":null,"numeric_scale":null,"datetime_precision":null,"interval_type":null,"interval_precision":null,"character_set_catalog":null,"character_set_schema":null,"character_set_name":null,"collation_catalog":null,"collation_schema":null,"collation_name":null,"domain_catalog":null,"domain_schema":null,"domain_name":null,"udt_catalog":"local","udt_schema":"pg_catalog","udt_name":"uuid","scope_catalog":null,"scope_schema":null,"scope_name":null,"maximum_cardinality":null,"dtd_identifier":"1","is_self_referencing":"NO","is_identity":"NO","identity_generation":null,"identity_start":null,"identity_increment":null,"identity_maximum":null,"identity_minimum":null,"identity_cycle":"NO","is_generated":"NEVER","generation_expression":null,"is_updatable":"YES","full_data_type":"uuid","is_primary":true,"is_unique":true,"column_comment":null}',
+            ],
+            [
+              '{"table_catalog":"local","table_schema":"public","table_name":"town","column_name":"name","ordinal_position":2,"column_default":null,"is_nullable":"NO","data_type":"text","character_maximum_length":null,"character_octet_length":1073741824,"numeric_precision":null,"numeric_precision_radix":null,"numeric_scale":null,"datetime_precision":null,"interval_type":null,"interval_precision":null,"character_set_catalog":null,"character_set_schema":null,"character_set_name":null,"collation_catalog":null,"collation_schema":null,"collation_name":null,"domain_catalog":null,"domain_schema":null,"domain_name":null,"udt_catalog":"local","udt_schema":"pg_catalog","udt_name":"text","scope_catalog":null,"scope_schema":null,"scope_name":null,"maximum_cardinality":null,"dtd_identifier":"2","is_self_referencing":"NO","is_identity":"NO","identity_generation":null,"identity_start":null,"identity_increment":null,"identity_maximum":null,"identity_minimum":null,"identity_cycle":"NO","is_generated":"NEVER","generation_expression":null,"is_updatable":"YES","full_data_type":"text","is_primary":false,"is_unique":false,"column_comment":null}',
+            ],
+            [
+              '{"table_catalog":"local","table_schema":"public","table_name":"town","column_name":"countyId","ordinal_position":3,"column_default":null,"is_nullable":"NO","data_type":"uuid","character_maximum_length":null,"character_octet_length":null,"numeric_precision":null,"numeric_precision_radix":null,"numeric_scale":null,"datetime_precision":null,"interval_type":null,"interval_precision":null,"character_set_catalog":null,"character_set_schema":null,"character_set_name":null,"collation_catalog":null,"collation_schema":null,"collation_name":null,"domain_catalog":null,"domain_schema":null,"domain_name":null,"udt_catalog":"local","udt_schema":"pg_catalog","udt_name":"uuid","scope_catalog":null,"scope_schema":null,"scope_name":null,"maximum_cardinality":null,"dtd_identifier":"3","is_self_referencing":"NO","is_identity":"NO","identity_generation":null,"identity_start":null,"identity_increment":null,"identity_maximum":null,"identity_minimum":null,"identity_cycle":"NO","is_generated":"NEVER","generation_expression":null,"is_updatable":"YES","full_data_type":"uuid","is_primary":false,"is_unique":false,"column_comment":null}',
+            ],
+          ],
+        },
+        {
+          result_type: 'TuplesOk',
+          result: [['row_to_json']],
+        },
+        {
+          result_type: 'TuplesOk',
+          result: [
+            ['row_to_json'],
+            [
+              '{"constraint_name":"town_countyId_fkey","constraint_type":"f","constraint_definition":"FOREIGN KEY (\\"countyId\\") REFERENCES county(id) ON UPDATE RESTRICT ON DELETE RESTRICT","column_name":"countyId"}',
+            ],
+            [
+              '{"constraint_name":"town_pkey","constraint_type":"p","constraint_definition":"PRIMARY KEY (id)","column_name":"id"}',
+            ],
+          ],
+        },
+        {
+          result_type: 'TuplesOk',
+          result: [['count'], ['0']],
+        },
+      ]);
+    }
+
+    if (/table_name = 'actor'/gim.exec(body.args[0].args.sql) !== null) {
+      return HttpResponse.json([
+        {
+          result_type: 'TuplesOk',
+          result: [
+            ['row_to_json'],
+            [
+              '{"table_catalog":"klkudrtrpapfrseiidkp","table_schema":"public","table_name":"actor","column_name":"id","ordinal_position":1,"column_default":"gen_random_uuid()","is_nullable":"NO","data_type":"uuid","character_maximum_length":null,"character_octet_length":null,"numeric_precision":null,"numeric_precision_radix":null,"numeric_scale":null,"datetime_precision":null,"interval_type":null,"interval_precision":null,"character_set_catalog":null,"character_set_schema":null,"character_set_name":null,"collation_catalog":null,"collation_schema":null,"collation_name":null,"domain_catalog":null,"domain_schema":null,"domain_name":null,"udt_catalog":"klkudrtrpapfrseiidkp","udt_schema":"pg_catalog","udt_name":"uuid","scope_catalog":null,"scope_schema":null,"scope_name":null,"maximum_cardinality":null,"dtd_identifier":"1","is_self_referencing":"NO","is_identity":"NO","identity_generation":null,"identity_start":null,"identity_increment":null,"identity_maximum":null,"identity_minimum":null,"identity_cycle":"NO","is_generated":"NEVER","generation_expression":null,"is_updatable":"YES","full_data_type":"uuid","is_primary":true,"is_unique":true,"column_comment":null}',
+            ],
+            [
+              '{"table_catalog":"klkudrtrpapfrseiidkp","table_schema":"public","table_name":"actor","column_name":"name","ordinal_position":2,"column_default":null,"is_nullable":"NO","data_type":"text","character_maximum_length":null,"character_octet_length":1073741824,"numeric_precision":null,"numeric_precision_radix":null,"numeric_scale":null,"datetime_precision":null,"interval_type":null,"interval_precision":null,"character_set_catalog":null,"character_set_schema":null,"character_set_name":null,"collation_catalog":null,"collation_schema":null,"collation_name":null,"domain_catalog":null,"domain_schema":null,"domain_name":null,"udt_catalog":"klkudrtrpapfrseiidkp","udt_schema":"pg_catalog","udt_name":"text","scope_catalog":null,"scope_schema":null,"scope_name":null,"maximum_cardinality":null,"dtd_identifier":"2","is_self_referencing":"NO","is_identity":"NO","identity_generation":null,"identity_start":null,"identity_increment":null,"identity_maximum":null,"identity_minimum":null,"identity_cycle":"NO","is_generated":"NEVER","generation_expression":null,"is_updatable":"YES","full_data_type":"text","is_primary":false,"is_unique":false,"column_comment":null}',
+            ],
+          ],
+        },
+        {
+          result_type: 'TuplesOk',
+          result: [
+            ['row_to_json'],
+            ['{"id":"1902e481-b080-4340-abe3-27b0a60973c6","name":"There"}'],
+            ['{"id":"a486b088-50e8-41d0-88b0-5bf9a3e7b5e7","name":"hello"}'],
+          ],
+        },
+        {
+          result_type: 'TuplesOk',
+          result: [
+            ['row_to_json'],
+            [
+              '{"constraint_name":"actor_pkey","constraint_type":"p","constraint_definition":"PRIMARY KEY (id)","column_name":"id"}',
+            ],
+          ],
+        },
+        {
+          result_type: 'TuplesOk',
+          result: [['count'], ['2']],
+        },
+      ]);
+    }
+
+    return HttpResponse.json([
+      {
+        result_type: 'TuplesOk',
+        result: [
+          ['row_to_json'],
+          [
+            '{"table_catalog":"pqfgbylcwyuertjcrmgy","table_schema":"public","table_name":"books","column_name":"id","ordinal_position":1,"column_default":"gen_random_uuid()","is_nullable":"NO","data_type":"uuid","character_maximum_length":null,"character_octet_length":null,"numeric_precision":null,"numeric_precision_radix":null,"numeric_scale":null,"datetime_precision":null,"interval_type":null,"interval_precision":null,"character_set_catalog":null,"character_set_schema":null,"character_set_name":null,"collation_catalog":null,"collation_schema":null,"collation_name":null,"domain_catalog":null,"domain_schema":null,"domain_name":null,"udt_catalog":"pqfgbylcwyuertjcrmgy","udt_schema":"pg_catalog","udt_name":"uuid","scope_catalog":null,"scope_schema":null,"scope_name":null,"maximum_cardinality":null,"dtd_identifier":"1","is_self_referencing":"NO","is_identity":"NO","identity_generation":null,"identity_start":null,"identity_increment":null,"identity_maximum":null,"identity_minimum":null,"identity_cycle":"NO","is_generated":"NEVER","generation_expression":null,"is_updatable":"YES","is_primary":true,"is_unique":true,"column_comment":null}',
+          ],
+          [
+            '{"table_catalog":"pqfgbylcwyuertjcrmgy","table_schema":"public","table_name":"books","column_name":"title","ordinal_position":2,"column_default":null,"is_nullable":"NO","data_type":"text","character_maximum_length":null,"character_octet_length":1073741824,"numeric_precision":null,"numeric_precision_radix":null,"numeric_scale":null,"datetime_precision":null,"interval_type":null,"interval_precision":null,"character_set_catalog":null,"character_set_schema":null,"character_set_name":null,"collation_catalog":null,"collation_schema":null,"collation_name":null,"domain_catalog":null,"domain_schema":null,"domain_name":null,"udt_catalog":"pqfgbylcwyuertjcrmgy","udt_schema":"pg_catalog","udt_name":"text","scope_catalog":null,"scope_schema":null,"scope_name":null,"maximum_cardinality":null,"dtd_identifier":"2","is_self_referencing":"NO","is_identity":"NO","identity_generation":null,"identity_start":null,"identity_increment":null,"identity_maximum":null,"identity_minimum":null,"identity_cycle":"NO","is_generated":"NEVER","generation_expression":null,"is_updatable":"YES","is_primary":false,"is_unique":false,"column_comment":null}',
+          ],
+          [
+            '{"table_catalog":"pqfgbylcwyuertjcrmgy","table_schema":"public","table_name":"books","column_name":"release_date","ordinal_position":3,"column_default":null,"is_nullable":"NO","data_type":"timestamp without time zone","character_maximum_length":null,"character_octet_length":null,"numeric_precision":null,"numeric_precision_radix":null,"numeric_scale":null,"datetime_precision":6,"interval_type":null,"interval_precision":null,"character_set_catalog":null,"character_set_schema":null,"character_set_name":null,"collation_catalog":null,"collation_schema":null,"collation_name":null,"domain_catalog":null,"domain_schema":null,"domain_name":null,"udt_catalog":"pqfgbylcwyuertjcrmgy","udt_schema":"pg_catalog","udt_name":"timestamp","scope_catalog":null,"scope_schema":null,"scope_name":null,"maximum_cardinality":null,"dtd_identifier":"3","is_self_referencing":"NO","is_identity":"NO","identity_generation":null,"identity_start":null,"identity_increment":null,"identity_maximum":null,"identity_minimum":null,"identity_cycle":"NO","is_generated":"NEVER","generation_expression":null,"is_updatable":"YES","is_primary":false,"is_unique":false,"column_comment":null}',
+          ],
+          [
+            '{"table_catalog":"pqfgbylcwyuertjcrmgy","table_schema":"public","table_name":"books","column_name":"author_id","ordinal_position":4,"column_default":null,"is_nullable":"NO","data_type":"uuid","character_maximum_length":null,"character_octet_length":null,"numeric_precision":null,"numeric_precision_radix":null,"numeric_scale":null,"datetime_precision":null,"interval_type":null,"interval_precision":null,"character_set_catalog":null,"character_set_schema":null,"character_set_name":null,"collation_catalog":null,"collation_schema":null,"collation_name":null,"domain_catalog":null,"domain_schema":null,"domain_name":null,"udt_catalog":"pqfgbylcwyuertjcrmgy","udt_schema":"pg_catalog","udt_name":"uuid","scope_catalog":null,"scope_schema":null,"scope_name":null,"maximum_cardinality":null,"dtd_identifier":"4","is_self_referencing":"NO","is_identity":"NO","identity_generation":null,"identity_start":null,"identity_increment":null,"identity_maximum":null,"identity_minimum":null,"identity_cycle":"NO","is_generated":"NEVER","generation_expression":null,"is_updatable":"YES","is_primary":false,"is_unique":false,"column_comment":null}',
+          ],
+        ],
+      },
+      { result_type: 'TuplesOk', result: [['row_to_json']] },
+      {
+        result_type: 'TuplesOk',
+        result: [
+          ['row_to_json'],
+          [
+            '{"constraint_name":"books_author_id_fkey","constraint_type":"f","constraint_definition":"FOREIGN KEY (author_id) REFERENCES authors(id) ON UPDATE RESTRICT ON DELETE RESTRICT","column_name":"author_id"}',
+          ],
+          [
+            '{"constraint_name":"books_pkey","constraint_type":"p","constraint_definition":"PRIMARY KEY (id)","column_name":"id"}',
+          ],
+        ],
+      },
+      { result_type: 'TuplesOk', result: [['count'], ['0']] },
+    ]);
  },
 );

--- a/dashboard/src/tests/msw/mocks/rest/tokenQuery.ts
+++ b/dashboard/src/tests/msw/mocks/rest/tokenQuery.ts
@@ -1,10 +1,10 @@
 import { mockSession } from '@/tests/mocks';
 import type { Session } from '@nhost/nhost-js/auth';
-import { rest } from 'msw';
+import { http, HttpResponse } from 'msw';

-const tokenQuery = rest.post(
+const tokenQuery = http.post(
  'https://local.auth.local.nhost.run/v1/token',
-  (_req, res, ctx) => res(ctx.json<Session>(mockSession)),
+  () => HttpResponse.json<Session>(mockSession),
 );

 export default tokenQuery;
--- a/dashboard/src/tests/testUtils.tsx
+++ b/dashboard/src/tests/testUtils.tsx
@@ -35,6 +35,7 @@ import userEvent, {
  type Options,
  type UserEvent,
 } from '@testing-library/user-event';
+import { HttpResponse } from 'msw';
 import { RouterContext } from 'next/dist/shared/lib/router-context.shared-runtime';
 import type { PropsWithChildren, ReactElement } from 'react';
 import { Toaster } from 'react-hot-toast';
@@ -154,9 +155,9 @@ const graphqlRequestHandlerFactory = (
  type: 'mutation' | 'query',
  responsePromise: any,
 ) =>
-  nhostGraphQLLink[type](operationName, async (_req, res, ctx) => {
+  nhostGraphQLLink[type](operationName, async () => {
    const data = await responsePromise;
-    return res(ctx.data(data));
+    return HttpResponse.json({ data });
  });
 /* Helper function to pause responses to be able to test loading states */
 export const createGraphqlMockResolver = (
--- a/dashboard/src/utils/nhost/nhost.ts
+++ b/dashboard/src/utils/nhost/nhost.ts
@@ -4,7 +4,7 @@ import {
  getGraphqlServiceUrl,
  getStorageServiceUrl,
 } from '@/utils/env';
-import { createClient } from '@nhost/nhost-js';
+import { createClient, createNhostClient } from '@nhost/nhost-js';
 import { type Session, type SessionStorageBackend } from '@nhost/nhost-js/session';

 const nhost = createClient({
@@ -14,6 +14,13 @@ const nhost = createClient({
  storageUrl: getStorageServiceUrl(),
 });

+const nhostRoutesClient = createNhostClient({
+  authUrl: getAuthServiceUrl(),
+  graphqlUrl: getGraphqlServiceUrl(),
+  functionsUrl: getFunctionsServiceUrl(),
+  storageUrl: getStorageServiceUrl(),
+});
+
 export class DummySessionStorage implements SessionStorageBackend {
  private session: Session | null = null;

@@ -41,4 +48,5 @@ export class DummySessionStorage implements SessionStorageBackend {
  }
 }

+export { nhostRoutesClient };
 export default nhost;
--- a/docs/docs.json
+++ b/docs/docs.json
@@ -122,29 +122,37 @@
                "group": "Sign In Methods",
                "pages": [
                  {
-                    "group": "Social Providers",
+                    "group": "Providers",
                    "icon": "at",
                    "pages": [
-                      "products/auth/social/sign-in-apple",
-                      "products/auth/social/sign-in-azuread",
-                      "products/auth/social/sign-in-discord",
-                      "products/auth/social/sign-in-entraid",
-                      "products/auth/social/sign-in-facebook",
-                      "products/auth/social/sign-in-github",
-                      "products/auth/social/sign-in-google",
-                      "products/auth/social/sign-in-linkedin",
-                      "products/auth/social/sign-in-spotify",
-                      "products/auth/social/sign-in-twitch",
-                      "products/auth/social/sign-in-workos"
+                      "products/auth/providers/overview",
+                      "products/auth/providers/tokens",
+                      "products/auth/providers/connect",
+                      "products/auth/providers/idtokens",
+                      {
+                        "group": "Configuration",
+                        "icon": "gear",
+                        "pages": [
+                          "products/auth/providers/sign-in-apple",
+                          "products/auth/providers/sign-in-azuread",
+                          "products/auth/providers/sign-in-discord",
+                          "products/auth/providers/sign-in-entraid",
+                          "products/auth/providers/sign-in-facebook",
+                          "products/auth/providers/sign-in-github",
+                          "products/auth/providers/sign-in-google",
+                          "products/auth/providers/sign-in-linkedin",
+                          "products/auth/providers/sign-in-spotify",
+                          "products/auth/providers/sign-in-twitch",
+                          "products/auth/providers/sign-in-workos"
+                        ]
+                      }
                    ]
                  },
-                  "/products/auth/social-connect",
                  "/products/auth/sign-in-email-password",
                  "/products/auth/sign-in-otp",
                  "/products/auth/sign-in-magic-link",
                  "/products/auth/sign-in-sms-otp",
-                  "/products/auth/webauthn",
-                  "/products/auth/idtokens"
+                  "/products/auth/webauthn"
                ]
              },
              {
@@ -152,7 +160,6 @@
                "icon": "diagram-project",
                "pages": [
                  "/products/auth/workflows/email-password",
-                  "/products/auth/workflows/oauth-providers",
                  "/products/auth/workflows/passwordless-email",
                  "/products/auth/workflows/passwordless-sms",
                  "/products/auth/workflows/webauthn",
@@ -352,6 +359,7 @@
                    "reference/auth/post-signin-pat",
                    "reference/auth/get-signin-provider-{provider}",
                    "reference/auth/get-signin-provider-{provider}-callback",
+                    "reference/auth/get-signin-provider-{provider}-callback-tokens",
                    "reference/auth/post-signin-provider-{provider}-callback",
                    "reference/auth/post-signin-webauthn",
                    "reference/auth/post-signin-webauthn-verify",
@@ -360,6 +368,7 @@
                    "reference/auth/post-signup-webauthn",
                    "reference/auth/post-signup-webauthn-verify",
                    "reference/auth/post-token",
+                    "reference/auth/post-token-provider-{provider}",
                    "reference/auth/post-token-verify",
                    "reference/auth/get-user",
                    "reference/auth/post-user-deanonymize",
@@ -704,6 +713,20 @@
      }
    ]
  },
+  "redirects": [
+    {
+      "source": "/products/auth/social/:slug*",
+      "destination": "/products/auth/providers/:slug*"
+    },
+    {
+      "source": "/products/auth/social-connect",
+      "destination": "products/auth/providers/connect"
+    },
+    {
+      "source": "/products/auth/idtokens",
+      "destination": "products/auth/providers/idtokens"
+    }
+  ],
  "logo": {
    "light": "/images/logo/light.svg",
    "dark": "/images/logo/dark.svg"
--- a/docs/gen.sh
+++ b/docs/gen.sh
@@ -62,6 +62,7 @@ function build_typedoc() {
 function build_cli_docs() {
    echo "⚒️⚒️⚒️ Building CLI documentation..."
    cli docs > reference/cli/commands.mdx
+    cat reference/cli/commands.mdx
 }

 build_openapi
--- a/docs/images/auth/provider-connect-permissions.png
+++ b/docs/images/auth/provider-connect-permissions.png
--- a/docs/package.json
+++ b/docs/package.json
@@ -9,7 +9,7 @@
    "test:broken-links": "pnpm exec mintlify broken-links"
  },
  "devDependencies": {
-    "mintlify": "^4.2.87",
+    "mintlify": "^4.2.158",
    "prettier": "^3.5.3",
    "typedoc": "^0.28.4",
    "typedoc-plugin-markdown": "^4.6.3"
--- a/docs/platform/cli/overview.mdx
+++ b/docs/platform/cli/overview.mdx
@@ -10,10 +10,10 @@ The Nhost CLI provides flexible development workflows that adapt to your needs.
 ## Development Workflows

 <CardGroup cols={2}>
-  <Card title="Local Development" icon="laptop-code">
+  <Card title="Local Development" icon="laptop-code" href="/platform/cli/local-development">
    Run the complete Nhost stack locally for offline development, fast iteration, and full control over your environment.
  </Card>
-  <Card title="Cloud Development" icon="cloud">
+  <Card title="Cloud Development" icon="cloud" href="/platform/cli/cloud-development">
    Develop against cloud infrastructure while maintaining local tools for simplified remote testing and team collaboration.
  </Card>
 </CardGroup>
--- a/docs/pnpm-lock.yaml
+++ b/docs/pnpm-lock.yaml
--- a/docs/products/auth/email-templates.mdx
+++ b/docs/products/auth/email-templates.mdx
@@ -120,21 +120,26 @@ sender = 'myapp@mydomain.com'
 It is very important that the `host` is set exactly to `postmark`.
 </Warning>

-2. In postmark you need to create thre templates for each locale with the following alias:
+2. In postmark you need to create three templates for each locale with the following alias:

- $locale.email-change
+- $locale.email-confirm-change
 - $locale.email-verify
 - $locale.password-reset

 For instance:

- en.email-change
+- en.email-confirm-change
 - en.email-verify
 - en.password-reset
- se.email-change
+- se.email-confirm-change
 - se.email-verify
 - se.password-reset

+Additionally, if you want to use the passwordless sign-in or OTP sign-in emails, you need to create the following templates as well:
+
+- $locale.signin-passwordless
+- $locale.signin-otp
+
 After these two steps have been completed, the Auth service will leverage these templates instead of the ones described in the previous section.

 <Note>
--- a/docs/products/auth/overview.mdx
+++ b/docs/products/auth/overview.mdx
@@ -19,7 +19,7 @@ Nhost Auth is a ready-to-use authentication service seamlessly integrated with t
  </Card>
  <Card title="Security Keys (WebAuthn)" icon="square-5" href="/products/auth/webauthn">
  </Card>
-  <Card title="ID Tokens" icon="square-6" href="/products/auth/idtokens">
+  <Card title="ID Tokens" icon="square-6" href="/products/auth/providers/idtokens">
  </Card>
  <Card title="Elevated Permissions" icon="square-7" href="/products/auth/elevated-permissions">
  </Card>
@@ -28,24 +28,24 @@ Nhost Auth is a ready-to-use authentication service seamlessly integrated with t
 ### OAuth Providers

 <CardGroup cols={4}>
-  <Card title="Apple" icon="apple" href="/products/auth/social/sign-in-apple">
+  <Card title="Apple" icon="apple" href="/products/auth/providers/sign-in-apple">
  </Card>
-  <Card title="Discord" icon="discord" href="/products/auth/social/sign-in-discord">
+  <Card title="Discord" icon="discord" href="/products/auth/providers/sign-in-discord">
  </Card>
-  <Card title="Entra ID" icon="microsoft" href="/products/auth/social/sign-in-entraid">
+  <Card title="Entra ID" icon="microsoft" href="/products/auth/providers/sign-in-entraid">
  </Card>
-  <Card title="Facebook" icon="facebook" href="/products/auth/social/sign-in-facebook">
+  <Card title="Facebook" icon="facebook" href="/products/auth/providers/sign-in-facebook">
  </Card>
-  <Card title="GitHub" icon="github" href="/products/auth/social/sign-in-github">
+  <Card title="GitHub" icon="github" href="/products/auth/providers/sign-in-github">
  </Card>
-  <Card title="Google" icon="google" href="/products/auth/social/sign-in-google">
+  <Card title="Google" icon="google" href="/products/auth/providers/sign-in-google">
  </Card>
-  <Card title="Linkedin" icon="linkedin" href="/products/auth/social/sign-in-linkedin">
+  <Card title="Linkedin" icon="linkedin" href="/products/auth/providers/sign-in-linkedin">
  </Card>
-  <Card title="Spotify" icon="spotify" href="/products/auth/social/sign-in-spotify">
+  <Card title="Spotify" icon="spotify" href="/products/auth/providers/sign-in-spotify">
  </Card>
-  <Card title="Twitch" icon="twitch" href="/products/auth/social/sign-in-twitch">
+  <Card title="Twitch" icon="twitch" href="/products/auth/providers/sign-in-twitch">
  </Card>
-  <Card title="WorkOS" icon="square-9" href="/products/auth/social/sign-in-workos">
+  <Card title="WorkOS" icon="square-9" href="/products/auth/providers/sign-in-workos">
  </Card>
 </CardGroup>
--- a/docs/products/auth/providers/connect.mdx
+++ b/docs/products/auth/providers/connect.mdx
@@ -0,0 +1,41 @@
+---
+title: Connecting existing users
+sidebarTitle: Connecting existing users
+description: Connect a provider to existing user accounts
+icon: link
+---
+
+With the provider connect feature, users can link configured providers with their account, regardless of the initial sign-up method. It enables users to link different providers to their accounts, even if the email addresses do not match (e.g., linking a GitHub profile to an account registered with a different email). This feature offers flexibility, allowing users to streamline their login process by connecting multiple authentication methods.
+
+To add a provider authentication method to an existing user you need to call the url `https://${subdomain}.auth.${region}.nhost.run/v1/signin/provider/${provider}?connect=${jwt}`. This is very easy to achieve with our SDK:
+
+``` js
+nhost.auth.connectProvider({
+  provider: 'github'
+})
+```
+
+<Note>
+Keep in mind that as we need a `JWT` the user needs to be logged in.
+</Note>
+
+## Viewing and Deleting Provider Authentication Mechanisms
+
+If you want to allow your users to view and/or delete provider authentication mechanisms, you can provide the necessary permissions to the table `auth.user_providers` (i.e. `select` and/or `delete`) and then use the appropriate GraphQL query. For example, the following permissions should allow users to list their own providers:
+
+![provider connect permissions](/images/auth/provider-connect-permissions.png)
+
+Using the following GraphQL query:
+
+``` js
+const { error, data } = await nhost.graphql.request(
+  gql`
+    query getAuthUserProviders {
+      authUserProviders {
+        id
+        providerId
+      }
+    }
+  `,
+)
+```
--- a/docs/products/auth/providers/idtokens.mdx
+++ b/docs/products/auth/providers/idtokens.mdx
@@ -13,7 +13,9 @@ ID tokens serve as a secure proof that a user has already been authenticated by

 ## Usage

-To use ID tokens, you need to configure supported identity providers (currently [apple](/products/auth/social/sign-in-apple) and [google](/products/auth/social/sign-in-google)) and make sure the `audience` is set correctly.
+<Note>
+To use ID tokens, you need to configure supported identity providers (currently [apple](/products/auth/providers/sign-in-apple) and [google](/products/auth/providers/sign-in-google)) and make sure the `audience` is set correctly.
+</Note>

 ### Sign in

@@ -41,7 +43,7 @@ Once everything is configured you can use an ID token to authenticate users with

 ### Link Provider to existing user

-Similarly to the [Social Connect](/products/auth/social-connect) feature, you can link an identity provider to an existing user:
+Similarly to the [Provider Connect](/products/auth/providers/connect) feature, you can link an identity provider to an existing user:

 <Tabs>
  <Tab title="javascript">
@@ -69,10 +71,4 @@ Below you can find some examples on how to extract an ID Token from various iden

 ### React Native

-#### Apple
-
-For an example on how to authenticate using "Sign in with Apple" on iOS using React Native you can refer to our [sample component](https://github.com/nhost/nhost/blob/main/examples/react_native/src/components/SignInWithAppleButton.tsx).
-
-#### Google
-
-For an example on how to authenticate using "Sign in with Google" on Android using React Native you can refer to our [sample component](https://github.com/nhost/nhost/blob/main/examples/react_native/src/components/SignInWithGoogleButton.tsx).
+Please, refer to our [React Native Tutorial](/getting-started/tutorials/reactnative/1-introduction) on how to implement Sign in with Apple and Google Sign-In in your React Native app.
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
David Barroso	e8c9e1e239	Merge branch 'main' into timing	2025-10-30 16:42:08 +01:00
David Barroso	c662d063a7	chore(nixops): bump go to 1.25.3 and nixpkgs due to CVEs (#3652 )	2025-10-30 16:37:52 +01:00
David Barroso	0cc0f74404	asd	2025-10-30 09:19:40 +01:00
David Barroso	dd04d64a6b	chore(cli): increase timeouts for testing purposes	2025-10-30 09:16:50 +01:00
David Barroso	b518132349	chore(nhost-js): regenerate types (#3648 )	2025-10-29 12:50:22 +01:00
David BM	b677d3768f	fix(dashboard): update SQL editor to use correct hasura migrations API URL (#3645 )	2025-10-28 15:58:25 +01:00
David Barroso	51ec151752	feat(auth): added endpoints to retrieve and refresh oauth2 providers' tokens (#3614 )	2025-10-28 12:50:30 +01:00
David Barroso	223322d654	fix(ci): run pull_request_target workflows against PR (#3646 )	2025-10-28 11:51:55 +01:00
David Barroso	add2c20c95	chore(nixops): bump nhost-cli (#3641 )	2025-10-28 10:05:47 +01:00
github-actions[bot]	961bc5feea	release(cli): 1.34.4 (#3644 ) Co-authored-by: dbarrosop <dbarrosop@users.noreply.github.com>	2025-10-28 09:46:18 +01:00
David Barroso	0ca89974b9	fix(cli): update NEXT_PUBLIC_NHOST_HASURA_MIGRATIONS_API_URL correctly (#3643 )	2025-10-28 09:44:14 +01:00
github-actions[bot]	e8d52859a3	release(cli): 1.34.3 (#3624 ) Co-authored-by: dbarrosop <dbarrosop@users.noreply.github.com>	2025-10-27 16:05:01 +01:00
David Barroso	67740ebe3d	chore(cli): bump nhost/dashboard to 2.40.0 (#3629 ) Co-authored-by: dbarrosop <dbarrosop@users.noreply.github.com>	2025-10-27 16:03:07 +01:00
github-actions[bot]	d6f7b01aee	release(dashboard): 2.40.0 (#3631 ) Co-authored-by: dbarrosop <dbarrosop@users.noreply.github.com>	2025-10-27 15:23:14 +01:00
dependabot[bot]	0fc65df78d	chore(ci): bump actions/upload-artifact from 4 to 5 (#3638 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-10-27 09:50:12 +01:00
dependabot[bot]	52e3db7f61	chore(ci): bump actions/download-artifact from 5 to 6 (#3639 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-10-27 08:51:05 +01:00
David Barroso	235449d68c	chore(docs): update guidelines on the use of AI for contributions (#3637 )	2025-10-27 08:46:10 +01:00
Jason Overmier	323834d212	feat(dashboard): allow configuring CSP header (#3627 ) Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: David Barroso <dbarrosop@dravetech.com>	2025-10-23 12:05:04 +02:00
David Barroso	f7bd250f73	chore(ci): changed pull_request to pull_request_target for access to secrets (#3632 )	2025-10-23 11:15:29 +02:00
David BM	579f9dbf31	chore(dashboard): various improvements to support ticket page (#3630 ) Co-authored-by: robertkasza <robert.kasza@bishop-co.com>	2025-10-23 09:38:45 +02:00
github-actions[bot]	9f2b93d44b	release(dashboard): 2.39.0 (#3600 ) Co-authored-by: dbarrosop <dbarrosop@users.noreply.github.com>	2025-10-22 10:59:29 +02:00
David Barroso	1aeef26ec6	feat(dashboard): move zendesk request to API route (#3628 )	2025-10-22 10:54:42 +02:00
David Barroso	749bb4e637	feat(nhost-js): added various middlewares to work with headers and customizable createNhostClient (#3612 )	2025-10-22 10:32:23 +02:00
David Barroso	accabc83f7	chore(cli): update schema (#3622 )	2025-10-21 16:53:07 +02:00
David Barroso	8c127d7b6b	chore(docs): fix broken link in openapi spec and minor mistakes in postmark integration info (#3621 )	2025-10-21 12:32:44 +02:00
David BM	f9c614ef99	chore(deps): update Vite to address security advisory (#3620 )	2025-10-21 12:18:29 +02:00
David Barroso	1d183f7fc4	feat(auth): encrypt TOTP secret (#3619 )	2025-10-21 09:04:31 +02:00
github-actions[bot]	46e740f060	release(cli): 1.34.2 (#3603 ) Co-authored-by: dbarrosop <dbarrosop@users.noreply.github.com>	2025-10-20 14:30:47 +02:00
David Barroso	0d30ab4eec	chore(cli): update schema (#3613 )	2025-10-20 14:27:49 +02:00
github-actions[bot]	d5fd3cb59c	release(services/auth): 0.42.4 (#3618 ) Co-authored-by: dbarrosop <dbarrosop@users.noreply.github.com>	2025-10-20 13:25:21 +02:00
David Barroso	f36d360b9e	fix(auth): apply relationships on new projects (#3617 )	2025-10-20 13:23:33 +02:00
github-actions[bot]	61af5087fd	release(services/auth): 0.42.3 (#3608 ) Co-authored-by: dbarrosop <dbarrosop@users.noreply.github.com>	2025-10-20 12:42:03 +02:00
David Barroso	7429d8ae3f	fix(auth): always apply expected metadata (#3616 )	2025-10-20 12:37:52 +02:00
github-actions[bot]	8ce9705b17	release(services/storage): 0.8.2 (#3585 ) Co-authored-by: dbarrosop <dbarrosop@users.noreply.github.com>	2025-10-15 14:51:31 +02:00
David Barroso	5b53c568ad	fix(ci): set config.custom_model_max_tokens (#3611 )	2025-10-14 13:31:28 +02:00
David Barroso	24c5db943d	feat(nhost-js): added pushChainFunction to functions and graphql clients (#3610 )	2025-10-14 13:30:07 +02:00
David BM	ea87b81db6	chore(docs): add links to local development and cloud development (#3609 ) Co-authored-by: robertkasza <robert.kasza@bishop-co.com>	2025-10-14 11:56:42 +02:00
robertkasza	226a22e322	fix(dashboard): Remove vite-plugin-dts (#3607 )	2025-10-14 11:27:46 +02:00
David Barroso	9c58b4307a	chore(storage): migrate to urfave and slog libraries (#3606 )	2025-10-14 10:17:20 +02:00
robertkasza	7ecfa41790	fix(dashboard): Run audit and lint in dashboard (#3578 )	2025-10-14 08:49:42 +02:00
David Barroso	2633747992	chore(cli): minor fix to download script when specifying version (#3602 )	2025-10-13 15:26:04 +02:00