Fix duplicated language names

Co-authored-by: katosdev <7927609+katosdev@users.noreply.github.com>

.gitattributes

@@ -0,0 +1,3 @@
+backend/internal/data/ent/** linguist-generated=true
+backend/internal/data/ent/schema/** linguist-generated=false
+frontend/lib/api/types/** linguist-generated=true

.github/FUNDING.yml

@@ -1 +1,2 @@
+open_collective: homebox
 github: [tankerkiller125,katosdev,tonyaellie]

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -58,6 +58,17 @@ body:
         - Other
     validations:
       required: true
+  - type: dropdown
+    id: database
+    attributes:
+      label: Database Type
+      description: What database backend are you using?
+      multiple: false
+      options:
+        - SQLite
+        - PostgreSQL
+    validations:
+      required: true
   - type: dropdown
     id: arch
     attributes:

.github/ISSUE_TEMPLATE/internal.md

@@ -0,0 +1,10 @@
+---
+name: "🛠️ Internal / Developer Issue"
+about: "Unstructured issue for project members only. Outside contributors: please use a standard template."
+title: "[INT]: "
+labels: ["internal"]
+assignees: []
+---
+
+**Summary:**
+[Write here]

.github/instructions/backend-app-api-handlers.instructions.md

@@ -0,0 +1,432 @@
+---
+applyTo: '/backend/app/api/handlers/**/*'
+---
+
+# Backend API Handlers Instructions (`/backend/app/api/handlers/v1/`)
+
+## Overview
+
+API handlers are the HTTP layer that processes requests, calls services, and returns responses. All handlers use the V1 API pattern with Swagger documentation for auto-generation.
+
+## Architecture Flow
+
+```
+HTTP Request → Router → Middleware → Handler → Service → Repository → Database
+                                        ↓
+                                  HTTP Response
+```
+
+## Directory Structure
+
+```
+backend/app/api/
+├── routes.go                       # Route definitions and middleware
+├── handlers/
+│   └── v1/
+│       ├── controller.go           # V1Controller struct and dependencies
+│       ├── v1_ctrl_items.go        # Item endpoints
+│       ├── v1_ctrl_users.go        # User endpoints
+│       ├── v1_ctrl_locations.go    # Location endpoints
+│       ├── v1_ctrl_auth.go         # Authentication endpoints
+│       ├── helpers.go              # HTTP helper functions
+│       ├── query_params.go         # Query parameter parsing
+│       └── assets/                 # Asset handling
+```
+
+## Handler Structure
+
+### V1Controller
+
+All handlers are methods on `V1Controller`:
+
+```go
+type V1Controller struct {
+    svc    *services.AllServices   // Service layer
+    repo   *repo.AllRepos          // Direct repo access (rare)
+    bus    *eventbus.EventBus      // Event publishing
+}
+
+func (ctrl *V1Controller) HandleItemCreate() errchain.HandlerFunc {
+    return func(w http.ResponseWriter, r *http.Request) error {
+        // Handler logic
+    }
+}
+```
+
+### Swagger Documentation
+
+**CRITICAL:** Every handler must have Swagger comments for API doc generation:
+
+```go
+// HandleItemsGetAll godoc
+//
+//	@Summary	Query All Items
+//	@Tags		Items
+//	@Produce	json
+//	@Param		q			query		string		false	"search string"
+//	@Param		page		query		int			false	"page number"
+//	@Param		pageSize	query		int			false	"items per page"
+//	@Success	200			{object}	repo.PaginationResult[repo.ItemSummary]{}
+//	@Router		/v1/items [GET]
+//	@Security	Bearer
+func (ctrl *V1Controller) HandleItemsGetAll() errchain.HandlerFunc {
+    return func(w http.ResponseWriter, r *http.Request) error {
+        // ...
+    }
+}
+```
+
+**After modifying Swagger comments, ALWAYS run:**
+```bash
+task generate  # Regenerates Swagger docs and TypeScript types
+```
+
+## Standard Handler Pattern
+
+### 1. Decode Request
+
+```go
+func (ctrl *V1Controller) HandleItemCreate() errchain.HandlerFunc {
+    return func(w http.ResponseWriter, r *http.Request) error {
+        var itemData repo.ItemCreate
+        if err := server.Decode(r, &itemData); err != nil {
+            return validate.NewRequestError(err, http.StatusBadRequest)
+        }
+        
+        // ... rest of handler
+    }
+}
+```
+
+### 2. Extract Context
+
+```go
+// Get current user from request (added by auth middleware)
+user := ctrl.CurrentUser(r)
+
+// Create service context with group/user IDs
+ctx := services.NewContext(r.Context(), user)
+```
+
+### 3. Call Service
+
+```go
+result, err := ctrl.svc.Items.Create(ctx, itemData)
+if err != nil {
+    return validate.NewRequestError(err, http.StatusInternalServerError)
+}
+```
+
+### 4. Return Response
+
+```go
+return server.JSON(w, result, http.StatusCreated)
+```
+
+## Common Handler Patterns
+
+### GET - Single Item
+
+```go
+// HandleItemGet godoc
+//
+//	@Summary	Get Item
+//	@Tags		Items
+//	@Produce	json
+//	@Param		id	path		string	true	"Item ID"
+//	@Success	200	{object}	repo.ItemOut
+//	@Router		/v1/items/{id} [GET]
+//	@Security	Bearer
+func (ctrl *V1Controller) HandleItemGet() errchain.HandlerFunc {
+    return func(w http.ResponseWriter, r *http.Request) error {
+        id, err := ctrl.RouteUUID(r, "id")
+        if err != nil {
+            return err
+        }
+        
+        ctx := services.NewContext(r.Context(), ctrl.CurrentUser(r))
+        item, err := ctrl.svc.Items.Get(ctx, id)
+        if err != nil {
+            return validate.NewRequestError(err, http.StatusNotFound)
+        }
+        
+        return server.JSON(w, item, http.StatusOK)
+    }
+}
+```
+
+### GET - List with Pagination
+
+```go
+func (ctrl *V1Controller) HandleItemsGetAll() errchain.HandlerFunc {
+    return func(w http.ResponseWriter, r *http.Request) error {
+        // Parse query parameters
+        query := extractItemQuery(r)
+        
+        ctx := services.NewContext(r.Context(), ctrl.CurrentUser(r))
+        items, err := ctrl.svc.Items.GetAll(ctx, query)
+        if err != nil {
+            return err
+        }
+        
+        return server.JSON(w, items, http.StatusOK)
+    }
+}
+
+// Helper to extract query params
+func extractItemQuery(r *http.Request) repo.ItemQuery {
+    params := r.URL.Query()
+    return repo.ItemQuery{
+        Page:       queryIntOrNegativeOne(params.Get("page")),
+        PageSize:   queryIntOrNegativeOne(params.Get("pageSize")),
+        Search:     params.Get("q"),
+        LocationIDs: queryUUIDList(params, "locations"),
+    }
+}
+```
+
+### POST - Create
+
+```go
+// HandleItemCreate godoc
+//
+//	@Summary	Create Item
+//	@Tags		Items
+//	@Accept		json
+//	@Produce	json
+//	@Param		payload	body		repo.ItemCreate	true	"Item Data"
+//	@Success	201		{object}	repo.ItemOut
+//	@Router		/v1/items [POST]
+//	@Security	Bearer
+func (ctrl *V1Controller) HandleItemCreate() errchain.HandlerFunc {
+    return func(w http.ResponseWriter, r *http.Request) error {
+        var data repo.ItemCreate
+        if err := server.Decode(r, &data); err != nil {
+            return validate.NewRequestError(err, http.StatusBadRequest)
+        }
+        
+        ctx := services.NewContext(r.Context(), ctrl.CurrentUser(r))
+        item, err := ctrl.svc.Items.Create(ctx, data)
+        if err != nil {
+            return err
+        }
+        
+        return server.JSON(w, item, http.StatusCreated)
+    }
+}
+```
+
+### PUT - Update
+
+```go
+// HandleItemUpdate godoc
+//
+//	@Summary	Update Item
+//	@Tags		Items
+//	@Accept		json
+//	@Produce	json
+//	@Param		id		path		string			true	"Item ID"
+//	@Param		payload	body		repo.ItemUpdate	true	"Item Data"
+//	@Success	200		{object}	repo.ItemOut
+//	@Router		/v1/items/{id} [PUT]
+//	@Security	Bearer
+func (ctrl *V1Controller) HandleItemUpdate() errchain.HandlerFunc {
+    return func(w http.ResponseWriter, r *http.Request) error {
+        id, err := ctrl.RouteUUID(r, "id")
+        if err != nil {
+            return err
+        }
+        
+        var data repo.ItemUpdate
+        if err := server.Decode(r, &data); err != nil {
+            return validate.NewRequestError(err, http.StatusBadRequest)
+        }
+        
+        ctx := services.NewContext(r.Context(), ctrl.CurrentUser(r))
+        item, err := ctrl.svc.Items.Update(ctx, id, data)
+        if err != nil {
+            return err
+        }
+        
+        return server.JSON(w, item, http.StatusOK)
+    }
+}
+```
+
+### DELETE
+
+```go
+// HandleItemDelete godoc
+//
+//	@Summary	Delete Item
+//	@Tags		Items
+//	@Param		id	path	string	true	"Item ID"
+//	@Success	204
+//	@Router		/v1/items/{id} [DELETE]
+//	@Security	Bearer
+func (ctrl *V1Controller) HandleItemDelete() errchain.HandlerFunc {
+    return func(w http.ResponseWriter, r *http.Request) error {
+        id, err := ctrl.RouteUUID(r, "id")
+        if err != nil {
+            return err
+        }
+        
+        ctx := services.NewContext(r.Context(), ctrl.CurrentUser(r))
+        err = ctrl.svc.Items.Delete(ctx, id)
+        if err != nil {
+            return err
+        }
+        
+        return server.JSON(w, nil, http.StatusNoContent)
+    }
+}
+```
+
+### File Upload
+
+```go
+func (ctrl *V1Controller) HandleItemAttachmentCreate() errchain.HandlerFunc {
+    return func(w http.ResponseWriter, r *http.Request) error {
+        id, err := ctrl.RouteUUID(r, "id")
+        if err != nil {
+            return err
+        }
+        
+        // Parse multipart form
+        err = r.ParseMultipartForm(32 << 20) // 32MB max
+        if err != nil {
+            return err
+        }
+        
+        file, header, err := r.FormFile("file")
+        if err != nil {
+            return err
+        }
+        defer file.Close()
+        
+        ctx := services.NewContext(r.Context(), ctrl.CurrentUser(r))
+        attachment, err := ctrl.svc.Items.CreateAttachment(ctx, id, file, header.Filename)
+        if err != nil {
+            return err
+        }
+        
+        return server.JSON(w, attachment, http.StatusCreated)
+    }
+}
+```
+
+## Routing
+
+Routes are defined in `backend/app/api/routes.go`:
+
+```go
+func (a *app) mountRoutes(repos *repo.AllRepos, svc *services.AllServices) {
+    v1 := v1.NewControllerV1(svc, repos)
+    
+    a.server.Get("/api/v1/items", v1.HandleItemsGetAll())
+    a.server.Post("/api/v1/items", v1.HandleItemCreate())
+    a.server.Get("/api/v1/items/{id}", v1.HandleItemGet())
+    a.server.Put("/api/v1/items/{id}", v1.HandleItemUpdate())
+    a.server.Delete("/api/v1/items/{id}", v1.HandleItemDelete())
+}
+```
+
+## Helper Functions
+
+### Query Parameter Parsing
+
+Located in `query_params.go`:
+
+```go
+func queryIntOrNegativeOne(s string) int
+func queryBool(s string) bool
+func queryUUIDList(params url.Values, key string) []uuid.UUID
+```
+
+### Response Helpers
+
+```go
+// From httpkit/server
+server.JSON(w, data, statusCode)           // JSON response
+server.Respond(w, statusCode)              // Empty response
+validate.NewRequestError(err, statusCode)  // Error response
+```
+
+### Authentication
+
+```go
+user := ctrl.CurrentUser(r)  // Get authenticated user (from middleware)
+```
+
+## Adding a New Endpoint
+
+### 1. Create Handler
+
+In `backend/app/api/handlers/v1/v1_ctrl_myentity.go`:
+
+```go
+// HandleMyEntityCreate godoc
+//
+//	@Summary	Create MyEntity
+//	@Tags		MyEntity
+//	@Accept		json
+//	@Produce	json
+//	@Param		payload	body		repo.MyEntityCreate	true	"Data"
+//	@Success	201		{object}	repo.MyEntityOut
+//	@Router		/v1/my-entity [POST]
+//	@Security	Bearer
+func (ctrl *V1Controller) HandleMyEntityCreate() errchain.HandlerFunc {
+    return func(w http.ResponseWriter, r *http.Request) error {
+        var data repo.MyEntityCreate
+        if err := server.Decode(r, &data); err != nil {
+            return validate.NewRequestError(err, http.StatusBadRequest)
+        }
+        
+        ctx := services.NewContext(r.Context(), ctrl.CurrentUser(r))
+        result, err := ctrl.svc.MyEntity.Create(ctx, data)
+        if err != nil {
+            return err
+        }
+        
+        return server.JSON(w, result, http.StatusCreated)
+    }
+}
+```
+
+### 2. Add Route
+
+In `backend/app/api/routes.go`:
+
+```go
+a.server.Post("/api/v1/my-entity", v1.HandleMyEntityCreate())
+```
+
+### 3. Generate Docs
+
+```bash
+task generate  # Generates Swagger docs and TypeScript types
+```
+
+### 4. Test
+
+```bash
+task go:build  # Verify builds
+task go:test   # Run tests
+```
+
+## Critical Rules
+
+1. **ALWAYS add Swagger comments** - required for API docs and TypeScript type generation
+2. **Run `task generate` after handler changes** - updates API documentation
+3. **Use services, not repos directly** - handlers call services, services call repos
+4. **Always use `services.Context`** - includes auth and multi-tenancy
+5. **Handle errors properly** - use `validate.NewRequestError()` with appropriate status codes
+6. **Validate input** - decode and validate request bodies
+7. **Return correct status codes** - 200 OK, 201 Created, 204 No Content, 400 Bad Request, 404 Not Found
+
+## Common Issues
+
+- **"Missing Swagger docs"** → Add `@Summary`, `@Tags`, `@Router` comments, run `task generate`
+- **TypeScript types outdated** → Run `task generate` to regenerate
+- **Auth failures** → Ensure route has auth middleware and `@Security Bearer`
+- **CORS errors** → Check middleware configuration in `routes.go`

.github/instructions/backend-internal-core-services.instructions.md

@@ -0,0 +1,341 @@
+---
+applyTo: '/backend/internal/core/services/**/*'
+---
+
+# Backend Services Layer Instructions (`/backend/internal/core/services/`)
+
+## Overview
+
+The services layer contains business logic that orchestrates between repositories and API handlers. Services handle complex operations, validation, and cross-cutting concerns.
+
+## Architecture Pattern
+
+```
+Handler (API) → Service (Business Logic) → Repository (Data Access) → Database
+```
+
+**Separation of concerns:**
+- **Handlers** (`backend/app/api/handlers/v1/`) - HTTP request/response, routing, auth
+- **Services** (`backend/internal/core/services/`) - Business logic, orchestration
+- **Repositories** (`backend/internal/data/repo/`) - Database operations, queries
+
+## Directory Structure
+
+```
+backend/internal/core/services/
+├── all.go                          # Service aggregation
+├── service_items.go                # Item business logic
+├── service_items_attachments.go    # Item attachments logic
+├── service_user.go                 # User management logic
+├── service_group.go                # Group management logic
+├── service_background.go           # Background tasks
+├── contexts.go                     # Service context types
+├── reporting/                      # Reporting subsystem
+│   ├── eventbus/                   # Event bus for notifications
+│   └── *.go                        # Report generation logic
+└── *_test.go                       # Service tests
+```
+
+## Service Structure
+
+### Standard Pattern
+
+```go
+type ItemService struct {
+    repo     *repo.AllRepos          // Access to all repositories
+    filepath string                   // File storage path
+    autoIncrementAssetID bool        // Feature flags
+}
+
+func (svc *ItemService) Create(ctx Context, item repo.ItemCreate) (repo.ItemOut, error) {
+    // 1. Validation
+    if item.Name == "" {
+        return repo.ItemOut{}, errors.New("name required")
+    }
+    
+    // 2. Business logic
+    if svc.autoIncrementAssetID {
+        highest, err := svc.repo.Items.GetHighestAssetID(ctx, ctx.GID)
+        if err != nil {
+            return repo.ItemOut{}, err
+        }
+        item.AssetID = highest + 1
+    }
+    
+    // 3. Repository call
+    return svc.repo.Items.Create(ctx, ctx.GID, item)
+}
+```
+
+### Service Context
+
+Services use a custom `Context` type that extends `context.Context`:
+
+```go
+type Context struct {
+    context.Context
+    GID uuid.UUID  // Group ID for multi-tenancy
+    UID uuid.UUID  // User ID for audit
+}
+```
+
+**Always use `Context` from services package, not raw `context.Context`.**
+
+## Common Service Patterns
+
+### 1. CRUD with Business Logic
+
+```go
+func (svc *ItemService) Update(ctx Context, id uuid.UUID, data repo.ItemUpdate) (repo.ItemOut, error) {
+    // Fetch existing
+    existing, err := svc.repo.Items.Get(ctx, id)
+    if err != nil {
+        return repo.ItemOut{}, err
+    }
+    
+    // Business rules
+    if existing.Archived && data.Quantity != nil {
+        return repo.ItemOut{}, errors.New("cannot modify archived items")
+    }
+    
+    // Update
+    return svc.repo.Items.Update(ctx, id, data)
+}
+```
+
+### 2. Orchestrating Multiple Repositories
+
+```go
+func (svc *ItemService) CreateWithAttachment(ctx Context, item repo.ItemCreate, file io.Reader) (repo.ItemOut, error) {
+    // Create item
+    created, err := svc.repo.Items.Create(ctx, ctx.GID, item)
+    if err != nil {
+        return repo.ItemOut{}, err
+    }
+    
+    // Upload attachment
+    attachment, err := svc.repo.Attachments.Create(ctx, created.ID, file)
+    if err != nil {
+        // Rollback - delete item
+        _ = svc.repo.Items.Delete(ctx, created.ID)
+        return repo.ItemOut{}, err
+    }
+    
+    created.Attachments = []repo.AttachmentOut{attachment}
+    return created, nil
+}
+```
+
+### 3. Background Tasks
+
+```go
+func (svc *ItemService) EnsureAssetID(ctx context.Context, gid uuid.UUID) (int, error) {
+    // Get items without asset IDs
+    items, err := svc.repo.Items.GetAllZeroAssetID(ctx, gid)
+    if err != nil {
+        return 0, err
+    }
+    
+    // Batch assign
+    highest := svc.repo.Items.GetHighestAssetID(ctx, gid)
+    for _, item := range items {
+        highest++
+        _ = svc.repo.Items.Update(ctx, item.ID, repo.ItemUpdate{
+            AssetID: &highest,
+        })
+    }
+    
+    return len(items), nil
+}
+```
+
+### 4. Event Publishing
+
+Services can publish events to the event bus:
+
+```go
+func (svc *ItemService) Delete(ctx Context, id uuid.UUID) error {
+    err := svc.repo.Items.Delete(ctx, id)
+    if err != nil {
+        return err
+    }
+    
+    // Publish event for notifications
+    svc.repo.Bus.Publish(eventbus.Event{
+        Type: "item.deleted",
+        Data: map[string]interface{}{"id": id},
+    })
+    
+    return nil
+}
+```
+
+## Service Aggregation
+
+All services are bundled in `all.go`:
+
+```go
+type AllServices struct {
+    User  *UserService
+    Group *GroupService
+    Items *ItemService
+    // ... other services
+}
+
+func New(repos *repo.AllRepos, filepath string) *AllServices {
+    return &AllServices{
+        User:  &UserService{repo: repos},
+        Items: &ItemService{repo: repos, filepath: filepath},
+        // ...
+    }
+}
+```
+
+**Accessed in handlers via:**
+```go
+ctrl.svc.Items.Create(ctx, itemData)
+```
+
+## Working with Services from Handlers
+
+Handlers call services, not repositories directly:
+
+```go
+// In backend/app/api/handlers/v1/v1_ctrl_items.go
+func (ctrl *V1Controller) HandleItemCreate() errchain.HandlerFunc {
+    return func(w http.ResponseWriter, r *http.Request) error {
+        var itemData repo.ItemCreate
+        if err := server.Decode(r, &itemData); err != nil {
+            return err
+        }
+        
+        // Get context with group/user IDs
+        ctx := services.NewContext(r.Context(), ctrl.CurrentUser(r))
+        
+        // Call service (not repository)
+        item, err := ctrl.svc.Items.Create(ctx, itemData)
+        if err != nil {
+            return err
+        }
+        
+        return server.JSON(w, item, http.StatusCreated)
+    }
+}
+```
+
+## Testing Services
+
+Service tests mock repositories using interfaces:
+
+```go
+func TestItemService_Create(t *testing.T) {
+    mockRepo := &mockItemRepo{
+        CreateFunc: func(ctx context.Context, gid uuid.UUID, data repo.ItemCreate) (repo.ItemOut, error) {
+            return repo.ItemOut{ID: uuid.New(), Name: data.Name}, nil
+        },
+    }
+    
+    svc := &ItemService{repo: &repo.AllRepos{Items: mockRepo}}
+    
+    ctx := services.Context{GID: uuid.New(), UID: uuid.New()}
+    result, err := svc.Create(ctx, repo.ItemCreate{Name: "Test"})
+    
+    assert.NoError(t, err)
+    assert.Equal(t, "Test", result.Name)
+}
+```
+
+**Run service tests:**
+```bash
+cd backend && go test ./internal/core/services -v
+```
+
+## Adding a New Service
+
+### 1. Create Service File
+
+Create `backend/internal/core/services/service_myentity.go`:
+
+```go
+package services
+
+type MyEntityService struct {
+    repo *repo.AllRepos
+}
+
+func (svc *MyEntityService) Create(ctx Context, data repo.MyEntityCreate) (repo.MyEntityOut, error) {
+    // Business logic here
+    return svc.repo.MyEntity.Create(ctx, ctx.GID, data)
+}
+```
+
+### 2. Add to AllServices
+
+Edit `backend/internal/core/services/all.go`:
+
+```go
+type AllServices struct {
+    // ... existing services
+    MyEntity *MyEntityService
+}
+
+func New(repos *repo.AllRepos, filepath string) *AllServices {
+    return &AllServices{
+        // ... existing services
+        MyEntity: &MyEntityService{repo: repos},
+    }
+}
+```
+
+### 3. Use in Handler
+
+In `backend/app/api/handlers/v1/`:
+
+```go
+func (ctrl *V1Controller) HandleMyEntityCreate() errchain.HandlerFunc {
+    return func(w http.ResponseWriter, r *http.Request) error {
+        ctx := services.NewContext(r.Context(), ctrl.CurrentUser(r))
+        result, err := ctrl.svc.MyEntity.Create(ctx, data)
+        // ...
+    }
+}
+```
+
+### 4. Run Tests
+
+```bash
+task generate    # If you modified schemas
+task go:test     # Run all tests
+```
+
+## Common Service Responsibilities
+
+**Services should:**
+- ✅ Contain business logic and validation
+- ✅ Orchestrate multiple repository calls
+- ✅ Handle transactions (when needed)
+- ✅ Publish events for side effects
+- ✅ Enforce access control and multi-tenancy
+- ✅ Transform data between API and repository formats
+
+**Services should NOT:**
+- ❌ Handle HTTP requests/responses (that's handlers)
+- ❌ Construct SQL queries (that's repositories)
+- ❌ Import handler packages (creates circular deps)
+- ❌ Directly access database (use repositories)
+
+## Critical Rules
+
+1. **Always use `services.Context`** - includes group/user IDs for multi-tenancy
+2. **Services call repos, handlers call services** - maintains layer separation
+3. **No direct database access** - always through repositories
+4. **Business logic goes here** - not in handlers or repositories
+5. **Test services independently** - mock repository dependencies
+
+## Common Patterns to Follow
+
+- **Validation:** Check business rules before calling repository
+- **Error wrapping:** Add context to repository errors
+- **Logging:** Use `log.Ctx(ctx)` for contextual logging
+- **Transactions:** Use `repo.WithTx()` for multi-step operations
+- **Events:** Publish to event bus for notifications/side effects

.github/instructions/backend-internal-data.instructions.md

@@ -0,0 +1,239 @@
+---
+applyTo: 'backend/internal/data/**/*'
+---
+
+
+# Backend Data Layer Instructions (`/backend/internal/data/`)
+
+## Overview
+
+This directory contains the data access layer using **Ent ORM** (entity framework). It follows a clear separation between schema definitions, generated code, and repository implementations.
+
+## Directory Structure
+
+```
+backend/internal/data/
+├── ent/                    # Ent ORM generated code (DO NOT EDIT)
+│   ├── schema/             # Schema definitions (EDIT THESE)
+│   │   ├── item.go         # Item entity schema
+│   │   ├── user.go         # User entity schema
+│   │   ├── location.go     # Location entity schema
+│   │   ├── label.go        # Label entity schema
+│   │   └── mixins/         # Reusable schema mixins
+│   ├── *.go                # Generated entity code
+│   └── migrate/            # Generated migrations
+├── repo/                   # Repository pattern implementations
+│   ├── repos_all.go        # Aggregates all repositories
+│   ├── repo_items.go       # Item repository
+│   ├── repo_users.go       # User repository
+│   ├── repo_locations.go   # Location repository
+│   └── *_test.go           # Repository tests
+├── migrations/             # Manual SQL migrations
+│   ├── sqlite3/            # SQLite-specific migrations
+│   └── postgres/           # PostgreSQL-specific migrations
+└── types/                  # Custom data types
+```
+
+## Ent ORM Workflow
+
+### 1. Defining Schemas (`ent/schema/`)
+
+**ALWAYS edit schema files here** - these define your database entities:
+
+```go
+// Example: backend/internal/data/ent/schema/item.go
+type Item struct {
+    ent.Schema
+}
+
+func (Item) Fields() []ent.Field {
+    return []ent.Field{
+        field.String("name").NotEmpty(),
+        field.Int("quantity").Default(1),
+        field.Bool("archived").Default(false),
+    }
+}
+
+func (Item) Edges() []ent.Edge {
+    return []ent.Edge{
+        edge.From("location", Location.Type).Ref("items").Unique(),
+        edge.From("labels", Label.Type).Ref("items"),
+    }
+}
+
+func (Item) Indexes() []ent.Index {
+    return []ent.Index{
+        index.Fields("name"),
+        index.Fields("archived"),
+    }
+}
+```
+
+**Common schema patterns:**
+- Use `mixins.BaseMixin{}` for `id`, `created_at`, `updated_at` fields
+- Use `mixins.DetailsMixin{}` for `name` and `description` fields
+- Use `GroupMixin{ref: "items"}` to link entities to groups
+- Add indexes for frequently queried fields
+
+### 2. Generating Code
+
+**After modifying any schema file, ALWAYS run:**
+
+```bash
+task generate
+```
+
+This:
+1. Runs `go generate ./...` in `backend/internal/` (generates Ent code)
+2. Generates Swagger docs from API handlers
+3. Generates TypeScript types for frontend
+
+**Generated files you'll see:**
+- `ent/*.go` - Entity types, builders, queries
+- `ent/migrate/migrate.go` - Auto migrations
+- `ent/predicate/predicate.go` - Query predicates
+
+**NEVER edit generated files directly** - changes will be overwritten.
+
+### 3. Using Generated Code in Repositories
+
+Repositories in `repo/` use the generated Ent client:
+
+```go
+// Example: backend/internal/data/repo/repo_items.go
+type ItemsRepository struct {
+    db  *ent.Client
+    bus *eventbus.EventBus
+}
+
+func (r *ItemsRepository) Create(ctx context.Context, gid uuid.UUID, data ItemCreate) (ItemOut, error) {
+    entity, err := r.db.Item.Create().
+        SetName(data.Name).
+        SetQuantity(data.Quantity).
+        SetGroupID(gid).
+        Save(ctx)
+    
+    return mapToItemOut(entity), err
+}
+```
+
+## Repository Pattern
+
+### Structure
+
+Each entity typically has:
+- **Repository struct** (`ItemsRepository`) - holds DB client and dependencies
+- **Input types** (`ItemCreate`, `ItemUpdate`) - API input DTOs
+- **Output types** (`ItemOut`, `ItemSummary`) - API response DTOs
+- **Query types** (`ItemQuery`) - search/filter parameters
+- **Mapper functions** (`mapToItemOut`) - converts Ent entities to output DTOs
+
+### Key Methods
+
+Repositories typically implement:
+- `Create(ctx, gid, input)` - Create new entity
+- `Get(ctx, id)` - Get single entity by ID
+- `GetAll(ctx, gid, query)` - Query with pagination/filters
+- `Update(ctx, id, input)` - Update entity
+- `Delete(ctx, id)` - Delete entity
+
+### Working with Ent Queries
+
+**Loading relationships (edges):**
+```go
+items, err := r.db.Item.Query().
+    WithLocation().        // Load location edge
+    WithLabels().          // Load labels edge
+    WithChildren().        // Load child items
+    Where(item.GroupIDEQ(gid)).
+    All(ctx)
+```
+
+**Filtering:**
+```go
+query := r.db.Item.Query().
+    Where(
+        item.GroupIDEQ(gid),
+        item.ArchivedEQ(false),
+        item.NameContainsFold(search),
+    )
+```
+
+**Ordering and pagination:**
+```go
+items, err := query.
+    Order(ent.Desc(item.FieldCreatedAt)).
+    Limit(pageSize).
+    Offset((page - 1) * pageSize).
+    All(ctx)
+```
+
+## Common Workflows
+
+### Adding a New Entity
+
+1. **Create schema:** `backend/internal/data/ent/schema/myentity.go`
+2. **Run:** `task generate` (generates Ent code)
+3. **Create repository:** `backend/internal/data/repo/repo_myentity.go`
+4. **Add to AllRepos:** Edit `repo/repos_all.go` to include new repo
+5. **Run tests:** `task go:test`
+
+### Adding Fields to Existing Entity
+
+1. **Edit schema:** `backend/internal/data/ent/schema/item.go`
+   ```go
+   field.String("new_field").Optional()
+   ```
+2. **Run:** `task generate`
+3. **Update repository:** Add field to input/output types in `repo/repo_items.go`
+4. **Update mappers:** Ensure mapper functions handle new field
+5. **Run tests:** `task go:test`
+
+### Adding Relationships (Edges)
+
+1. **Edit both schemas:**
+   ```go
+   // In item.go
+   edge.From("location", Location.Type).Ref("items").Unique()
+   
+   // In location.go
+   edge.To("items", Item.Type)
+   ```
+2. **Run:** `task generate`
+3. **Use in queries:** `.WithLocation()` to load the edge
+4. **Run tests:** `task go:test`
+
+## Testing
+
+Repository tests use `enttest` for in-memory SQLite:
+
+```go
+func TestItemRepo(t *testing.T) {
+    client := enttest.Open(t, "sqlite3", "file:ent?mode=memory&_fk=1")
+    defer client.Close()
+    
+    repo := &ItemsRepository{db: client}
+    // Test methods...
+}
+```
+
+**Run repository tests:**
+```bash
+cd backend && go test ./internal/data/repo -v
+```
+
+## Critical Rules
+
+1. **ALWAYS run `task generate` after schema changes** - builds will fail otherwise
+2. **NEVER edit files in `ent/` except `ent/schema/`** - they're generated
+3. **Use repositories, not raw Ent queries in services/handlers** - maintains separation
+4. **Include `group_id` in all queries** - ensures multi-tenancy
+5. **Use `.WithX()` to load edges** - avoids N+1 queries
+6. **Test with both SQLite and PostgreSQL** - CI tests both
+
+## Common Errors
+
+- **"undefined: ent.ItemX"** → Run `task generate` after schema changes
+- **Migration conflicts** → Check `migrations/` for manual migration files
+- **Foreign key violations** → Ensure edges are properly defined in both schemas
+- **Slow queries** → Add indexes in schema `Indexes()` method

.github/instructions/code.instructions.md

@@ -0,0 +1,157 @@
+# Homebox Repository Instructions for Coding Agents
+
+## Repository Overview
+
+**Type**: Full-stack home inventory management web app (monorepo)  
+**Size**: ~265 Go files, ~371 TypeScript/Vue files  
+**Build Tool**: Task (Taskfile.yml) - **ALWAYS use `task` commands**  
+**Database**: SQLite (default) or PostgreSQL
+
+### Stack
+- **Backend** (`/backend`): Go 1.24+, Chi router, Ent ORM, port 7745
+- **Frontend** (`/frontend`): Nuxt 4, Vue 3, TypeScript, Tailwind CSS, pnpm 9.1.4+, dev proxies to backend
+
+## Critical Build & Validation Commands
+
+### Initial Setup (Run Once)
+```bash
+task setup  # Installs swag, goose, Go deps, pnpm deps
+```
+
+### Code Generation (Required Before Backend Work)
+```bash
+task generate  # Generates Ent ORM, Swagger docs, TypeScript types
+```
+**ALWAYS run after**: schema changes, API handler changes, before backend server/tests  
+**Note**: "TypeSpecDef is nil" warnings are normal - ignore them
+
+### Backend Commands
+```bash
+task go:build    # Build binary (60-90s)
+task go:test     # Unit tests (5-10s)
+task go:lint     # golangci-lint (6m timeout in CI)
+task go:all      # Tidy + lint + test
+task go:run      # Start server (SQLite)
+task pr          # Full PR validation (3-5 min)
+```
+
+### Frontend Commands
+```bash
+task ui:dev    # Dev server port 3000
+task ui:check  # Type checking
+task ui:fix    # eslint --fix + prettier
+task ui:watch  # Vitest watch mode
+```
+**Lint**: Max 1 warning in CI (`pnpm run lint:ci`)
+
+### Testing
+```bash
+task test:ci            # Integration tests (15-30s + startup)
+task test:e2e           # Playwright E2E (60s+ per shard, needs playwright install)
+task pr                 # Full PR validation: generate + go:all + ui:check + ui:fix + test:ci (3-5 min)
+```
+
+## Project Structure
+
+### Key Root Files
+- `Taskfile.yml` - All commands (always use `task`)
+- `docker-compose.yml`, `Dockerfile*` - Docker configs
+- `CONTRIBUTING.md` - Contribution guidelines
+
+### Backend Structure (`/backend`)
+```
+backend/
+├── app/
+│   ├── api/              # Main API application
+│   │   ├── main.go       # Entry point
+│   │   ├── routes.go     # Route definitions
+│   │   ├── handlers/     # HTTP handlers (v1 API)
+│   │   ├── static/       # Swagger docs, embedded frontend
+│   │   └── providers/    # Service providers
+│   └── tools/
+│       └── typegen/      # TypeScript type generation tool
+├── internal/
+│   ├── core/
+│   │   └── services/     # Business logic layer
+│   ├── data/
+│   │   ├── ent/          # Ent ORM generated code + schemas
+│   │   │   └── schema/   # Schema definitions (edit these)
+│   │   └── repo/         # Repository pattern implementations
+│   ├── sys/              # System utilities (config, validation)
+│   └── web/              # Web middleware
+├── pkgs/                 # Reusable packages
+├── go.mod, go.sum        # Go dependencies
+└── .golangci.yml         # Linter configuration
+```
+
+**Patterns**: Schema/API changes → edit source → `task generate`. Never edit generated code in `ent/`.
+
+### Frontend Structure (`/frontend`)
+```
+frontend/
+├── app.vue               # Root component
+├── nuxt.config.ts        # Nuxt configuration
+├── package.json          # Frontend dependencies
+├── components/           # Vue components (auto-imported)
+├── pages/                # File-based routing
+├── layouts/              # Layout components
+├── composables/          # Vue composables (auto-imported)
+├── stores/               # Pinia state stores
+├── lib/
+│   └── api/
+│       └── types/        # Generated TypeScript API types
+├── locales/              # i18n translations
+├── test/                 # Vitest + Playwright tests
+├── eslint.config.mjs     # ESLint configuration
+└── tailwind.config.js    # Tailwind configuration
+```
+
+**Patterns**: Auto-imports for `components/` and `composables/`. API types auto-generated - never edit manually.
+
+## CI/CD Workflows
+
+PR checks (`.github/workflows/pull-requests.yaml`) on `main`/`vnext`:
+1. **Backend**: Go 1.24, golangci-lint, `task go:build`, `task go:coverage`
+2. **Frontend**: Lint (max 1 warning), typecheck, `task test:ci` (SQLite + PostgreSQL v15-17)
+3. **E2E**: 4 sharded Playwright runs (60min timeout)
+
+All must pass before merge.
+
+## Common Pitfalls
+
+1. **Missing tools**: Run `task setup` first (installs swag, goose, deps)
+2. **Stale generated code**: Always `task generate` after schema/API changes
+3. **Test failures**: Integration tests may fail first run (race condition) - retry
+4. **Port in use**: Backend uses 7745 - kill existing process
+5. **SQLite locked**: Delete `.data/homebox.db-*` files
+6. **Clean build**: `rm -rf build/ backend/app/api/static/public/ frontend/.nuxt`
+
+## Environment Variables
+
+Backend defaults in `Taskfile.yml`:
+- `HBOX_LOG_LEVEL=debug`
+- `HBOX_DATABASE_DRIVER=sqlite3` (or `postgres`)
+- `HBOX_DATABASE_SQLITE_PATH=.data/homebox.db?_pragma=busy_timeout=1000&_pragma=journal_mode=WAL&_fk=1`
+- PostgreSQL: `HBOX_DATABASE_*` vars for username/password/host/port/database
+
+## Validation Checklist
+
+Before PR:
+- [ ] `task generate` after schema/API changes
+- [ ] `task pr` passes (includes lint, test, typecheck)
+- [ ] No build artifacts committed (check `.gitignore`)
+- [ ] Code matches existing patterns
+
+## Quick Reference
+
+**Dev environment**: `task go:run` (terminal 1) + `task ui:dev` (terminal 2)
+
+**API changes**: Edit handlers → add Swagger comments → `task generate` → `task go:build` → `task go:test`
+
+**Schema changes**: Edit `ent/schema/*.go` → `task generate` → update repo methods → `task go:test`
+
+**Specific tests**: `cd backend && go test ./path -v` or `cd frontend && pnpm run test:watch`
+
+## Trust These Instructions
+
+Instructions are validated and current. Only explore further if info is incomplete, incorrect, or you encounter undocumented errors. Use `task --list-all` for all commands.

.github/instructions/frontend.instructions.md

@@ -0,0 +1,480 @@
+---
+applyTo: 'frontend/**/*'
+---
+
+
+# Frontend Components & Pages Instructions (`/frontend/`)
+
+## Overview
+
+The frontend is a Nuxt 4 application with Vue 3 and TypeScript. It uses auto-imports for components and composables, file-based routing, and generated TypeScript types from the backend API.
+
+## Directory Structure
+
+```
+frontend/
+├── components/              # Vue components (auto-imported)
+│   ├── Item/               # Item-related components
+│   ├── Location/           # Location components
+│   ├── Label/              # Label components
+│   ├── Form/               # Form components
+│   └── ui/                 # Shadcn-vue UI components
+├── pages/                  # File-based routes (auto-routing)
+│   ├── index.vue           # Home page (/)
+│   ├── items.vue           # Items list (/items)
+│   ├── item/
+│   │   └── [id].vue        # Item detail (/item/:id)
+│   ├── locations.vue       # Locations list (/locations)
+│   └── profile.vue         # User profile (/profile)
+├── composables/            # Vue composables (auto-imported)
+│   ├── use-api.ts          # API client wrapper
+│   ├── use-auth.ts         # Authentication
+│   └── use-user-api.ts     # User API helpers
+├── stores/                 # Pinia state management
+│   ├── auth.ts             # Auth state
+│   └── preferences.ts      # User preferences
+├── lib/
+│   └── api/
+│       └── types/          # Generated TypeScript types (DO NOT EDIT)
+├── layouts/                # Layout components
+│   └── default.vue         # Default layout
+├── locales/                # i18n translations
+├── test/                   # Tests (Vitest + Playwright)
+└── nuxt.config.ts          # Nuxt configuration
+```
+
+## Auto-Imports
+
+### Components
+
+Components in `components/` are **automatically imported** - no import statement needed:
+
+```vue
+<!-- components/Item/Card.vue -->
+<template>
+  <div class="item-card">{{ item.name }}</div>
+</template>
+
+<!-- pages/items.vue - NO import needed -->
+<template>
+  <ItemCard :item="item" />
+</template>
+```
+
+**Naming convention:** Nested path becomes component name
+- `components/Item/Card.vue` → `<ItemCard />`
+- `components/Form/TextField.vue` → `<FormTextField />`
+
+### Composables
+
+Composables in `composables/` are **automatically imported**:
+
+```ts
+// composables/use-items.ts
+export function useItems() {
+  const api = useUserApi()
+  
+  async function getItems() {
+    const { data } = await api.items.getAll()
+    return data
+  }
+  
+  return { getItems }
+}
+
+// pages/items.vue - NO import needed
+const { getItems } = useItems()
+const items = await getItems()
+```
+
+## File-Based Routing
+
+Pages in `pages/` automatically become routes:
+
+```
+pages/index.vue              → /
+pages/items.vue              → /items
+pages/item/[id].vue          → /item/:id
+pages/locations.vue          → /locations
+pages/location/[id].vue      → /location/:id
+pages/profile.vue            → /profile
+```
+
+### Dynamic Routes
+
+Use square brackets for dynamic segments:
+
+```vue
+<!-- pages/item/[id].vue -->
+<script setup lang="ts">
+const route = useRoute()
+const id = route.params.id
+
+const { data: item } = await useUserApi().items.getOne(id)
+</script>
+
+<template>
+  <div>
+    <h1>{{ item.name }}</h1>
+  </div>
+</template>
+```
+
+## API Integration
+
+### Generated Types
+
+API types are auto-generated from backend Swagger docs:
+
+```ts
+// lib/api/types/data-contracts.ts (GENERATED - DO NOT EDIT)
+export interface ItemOut {
+  id: string
+  name: string
+  quantity: number
+  createdAt: Date | string
+  updatedAt: Date | string
+}
+
+export interface ItemCreate {
+  name: string
+  quantity?: number
+  locationId?: string
+}
+```
+
+**Regenerate after backend API changes:**
+```bash
+task generate  # Runs in backend, updates frontend/lib/api/types/
+```
+
+### Using the API Client
+
+The `useUserApi()` composable provides typed API access:
+
+```vue
+<script setup lang="ts">
+import type { ItemCreate, ItemOut } from '~/lib/api/types/data-contracts'
+
+const api = useUserApi()
+
+// GET all items
+const { data: items } = await api.items.getAll({
+  q: 'search term',
+  page: 1,
+  pageSize: 20
+})
+
+// GET single item
+const { data: item } = await api.items.getOne(itemId)
+
+// POST create item
+const newItem: ItemCreate = {
+  name: 'New Item',
+  quantity: 1
+}
+const { data: created } = await api.items.create(newItem)
+
+// PUT update item
+const { data: updated } = await api.items.update(itemId, {
+  quantity: 5
+})
+
+// DELETE item
+await api.items.delete(itemId)
+</script>
+```
+
+## Component Patterns
+
+### Standard Vue 3 Composition API
+
+```vue
+<script setup lang="ts">
+import { ref, computed } from 'vue'
+import type { ItemOut } from '~/lib/api/types/data-contracts'
+
+// Props
+interface Props {
+  item: ItemOut
+  editable?: boolean
+}
+const props = defineProps<Props>()
+
+// Emits
+interface Emits {
+  (e: 'update', item: ItemOut): void
+  (e: 'delete', id: string): void
+}
+const emit = defineEmits<Emits>()
+
+// State
+const isEditing = ref(false)
+const localItem = ref({ ...props.item })
+
+// Computed
+const displayName = computed(() => {
+  return props.item.name.toUpperCase()
+})
+
+// Methods
+function handleSave() {
+  emit('update', localItem.value)
+  isEditing.value = false
+}
+</script>
+
+<template>
+  <div class="item-card">
+    <h3>{{ displayName }}</h3>
+    <p v-if="!isEditing">Quantity: {{ item.quantity }}</p>
+    
+    <input 
+      v-if="isEditing" 
+      v-model.number="localItem.quantity"
+      type="number"
+    />
+    
+    <button v-if="editable" @click="isEditing = !isEditing">
+      {{ isEditing ? 'Cancel' : 'Edit' }}
+    </button>
+    <button v-if="isEditing" @click="handleSave">Save</button>
+  </div>
+</template>
+
+<style scoped>
+.item-card {
+  padding: 1rem;
+  border: 1px solid #ccc;
+  border-radius: 0.5rem;
+}
+</style>
+```
+
+### Using Pinia Stores
+
+```vue
+<script setup lang="ts">
+import { useAuthStore } from '~/stores/auth'
+
+const authStore = useAuthStore()
+
+// Access state
+const user = computed(() => authStore.user)
+const isLoggedIn = computed(() => authStore.isLoggedIn)
+
+// Call actions
+async function logout() {
+  await authStore.logout()
+  navigateTo('/login')
+}
+</script>
+```
+
+### Form Handling
+
+```vue
+<script setup lang="ts">
+import { useForm } from 'vee-validate'
+import type { ItemCreate } from '~/lib/api/types/data-contracts'
+
+const api = useUserApi()
+
+const { values, errors, handleSubmit } = useForm<ItemCreate>({
+  initialValues: {
+    name: '',
+    quantity: 1
+  }
+})
+
+const onSubmit = handleSubmit(async (values) => {
+  try {
+    const { data } = await api.items.create(values)
+    navigateTo(`/item/${data.id}`)
+  } catch (error) {
+    console.error('Failed to create item:', error)
+  }
+})
+</script>
+
+<template>
+  <form @submit.prevent="onSubmit">
+    <input v-model="values.name" type="text" placeholder="Item name" />
+    <span v-if="errors.name">{{ errors.name }}</span>
+    
+    <input v-model.number="values.quantity" type="number" />
+    <span v-if="errors.quantity">{{ errors.quantity }}</span>
+    
+    <button type="submit">Create Item</button>
+  </form>
+</template>
+```
+
+## Styling
+
+### Tailwind CSS
+
+The project uses Tailwind CSS for styling:
+
+```vue
+<template>
+  <div class="flex items-center justify-between p-4 bg-white rounded-lg shadow-md">
+    <h3 class="text-lg font-semibold text-gray-900">{{ item.name }}</h3>
+    <span class="text-sm text-gray-500">Qty: {{ item.quantity }}</span>
+  </div>
+</template>
+```
+
+### Shadcn-vue Components
+
+UI components from `components/ui/` (Shadcn-vue):
+
+```vue
+<script setup lang="ts">
+import { Button } from '@/components/ui/button'
+import { Card, CardContent, CardHeader } from '@/components/ui/card'
+</script>
+
+<template>
+  <Card>
+    <CardHeader>
+      <h3>{{ item.name }}</h3>
+    </CardHeader>
+    <CardContent>
+      <p>{{ item.description }}</p>
+      <Button @click="handleEdit">Edit</Button>
+    </CardContent>
+  </Card>
+</template>
+```
+
+## Testing
+
+### Vitest (Unit/Integration)
+
+Tests use Vitest with the backend API running:
+
+```ts
+// test/items.test.ts
+import { describe, it, expect } from 'vitest'
+import { useUserApi } from '~/composables/use-user-api'
+
+describe('Items API', () => {
+  it('should create and fetch item', async () => {
+    const api = useUserApi()
+    
+    // Create item
+    const { data: created } = await api.items.create({
+      name: 'Test Item',
+      quantity: 1
+    })
+    
+    expect(created.name).toBe('Test Item')
+    
+    // Fetch item
+    const { data: fetched } = await api.items.getOne(created.id)
+    expect(fetched.id).toBe(created.id)
+  })
+})
+```
+
+**Run tests:**
+```bash
+task ui:watch  # Watch mode
+cd frontend && pnpm run test:ci  # CI mode
+```
+
+### Playwright (E2E)
+
+E2E tests in `test/`:
+
+```ts
+// test/e2e/items.spec.ts
+import { test, expect } from '@playwright/test'
+
+test('should create new item', async ({ page }) => {
+  await page.goto('/items')
+  
+  await page.click('button:has-text("New Item")')
+  await page.fill('input[name="name"]', 'Test Item')
+  await page.fill('input[name="quantity"]', '5')
+  await page.click('button:has-text("Save")')
+  
+  await expect(page.locator('text=Test Item')).toBeVisible()
+})
+```
+
+**Run E2E tests:**
+```bash
+task test:e2e  # Full E2E suite
+```
+
+## Adding a New Feature
+
+### 1. Update Backend API
+
+Make backend changes first (schema, service, handler):
+```bash
+# Edit backend files
+task generate  # Regenerates TypeScript types
+```
+
+### 2. Create Component
+
+Create `components/MyFeature/Card.vue`:
+```vue
+<script setup lang="ts">
+import type { MyFeatureOut } from '~/lib/api/types/data-contracts'
+
+interface Props {
+  feature: MyFeatureOut
+}
+defineProps<Props>()
+</script>
+
+<template>
+  <div>{{ feature.name }}</div>
+</template>
+```
+
+### 3. Create Page
+
+Create `pages/my-feature/[id].vue`:
+```vue
+<script setup lang="ts">
+const route = useRoute()
+const api = useUserApi()
+
+const { data: feature } = await api.myFeature.getOne(route.params.id)
+</script>
+
+<template>
+  <MyFeatureCard :feature="feature" />
+</template>
+```
+
+### 4. Test
+
+```bash
+task ui:check    # Type checking
+task ui:fix      # Linting
+task ui:watch    # Run tests
+```
+
+## Critical Rules
+
+1. **Never edit generated types** - `lib/api/types/` is auto-generated, run `task generate` after backend changes
+2. **No manual imports for components/composables** - auto-imported from `components/` and `composables/`
+3. **Use TypeScript** - all `.vue` files use `<script setup lang="ts">`
+4. **Follow file-based routing** - pages in `pages/` become routes automatically
+5. **Use `useUserApi()` for API calls** - provides typed, authenticated API client
+6. **Max 1 linting warning in CI** - run `task ui:fix` before committing
+7. **Test with backend running** - integration tests need API server
+
+## Common Issues
+
+- **"Type not found"** → Run `task generate` to regenerate types from backend
+- **Component not found** → Check naming (nested path = component name)
+- **API call fails** → Ensure backend is running (`task go:run`)
+- **Lint errors** → Run `task ui:fix` to auto-fix
+- **Type errors** → Run `task ui:check` for detailed errors

.github/screenshots/readme.md

@@ -1,8 +1,8 @@
-# Screenshots
-
-These screenshots are taken from our public [Demo](https://demo.homebox.software) instance.
-Note that whilst we will make every effort to ensure that these are maintained and updated, they may be outdated or missing functionality and we would always advise reviewing our demo instances:
-
-- [Demo](https://demo.homebox.software)
-- [Nightly](https://nightly.homebox.software)
+# Screenshots
+
+These screenshots are taken from our public [Demo](https://demo.homebox.software) instance.
+Note that whilst we will make every effort to ensure that these are maintained and updated, they may be outdated or missing functionality and we would always advise reviewing our demo instances:
+
+- [Demo](https://demo.homebox.software)
+- [Nightly](https://nightly.homebox.software)
 - [VNext](https://vnext.homebox.software/)

.github/scripts/update_currencies.py

@@ -1,16 +1,33 @@
 #!/usr/bin/env python3
+import csv
+import io
 import json
 import logging
+import os
 import sys
 from pathlib import Path
 
 import requests
-from requests.adapters import HTTPAdapter, Retry
+from requests.adapters import HTTPAdapter
+from urllib3.util.retry import Retry
 
 API_URL    = 'https://restcountries.com/v3.1/all?fields=name,common,currencies'
+# Default to a pinned commit for supply-chain security
+DEFAULT_ISO_4217_URL = 'https://raw.githubusercontent.com/datasets/currency-codes/052b3088938ba32028a14e75040c286c5e142145/data/codes-all.csv'
+ISO_4217_URL = os.environ.get('ISO_4217_URL', DEFAULT_ISO_4217_URL)
 SAVE_PATH  = Path('backend/internal/core/currencies/currencies.json')
 TIMEOUT    = 10  # seconds
 
+# Known currency decimal overrides
+CURRENCY_DECIMAL_OVERRIDES = {
+    "BTC": 8,  # Bitcoin uses 8 decimal places
+    "JPY": 0,  # Japanese Yen has no decimal places
+    "BHD": 3,  # Bahraini Dinar uses 3 decimal places
+}
+DEFAULT_DECIMALS = 2
+MIN_DECIMALS = 0
+MAX_DECIMALS = 6
+
 
 def setup_logging():
     logging.basicConfig(
@@ -19,7 +36,93 @@ def setup_logging():
     )
 
 
+def get_currency_decimals(code, iso_data):
+    """
+    Get the decimal places for a currency code.
+    Checks overrides first, then ISO data, then uses default.
+    Clamps result to safe range [MIN_DECIMALS, MAX_DECIMALS].
+    """
+    # Normalize the input code
+    normalized_code = (code or "").strip().upper()
+    
+    # First check overrides
+    if normalized_code in CURRENCY_DECIMAL_OVERRIDES:
+        decimals = CURRENCY_DECIMAL_OVERRIDES[normalized_code]
+    # Then check ISO data
+    elif normalized_code in iso_data:
+        decimals = iso_data[normalized_code]
+    # Finally use default
+    else:
+        decimals = DEFAULT_DECIMALS
+    
+    # Ensure it's an integer and clamp to safe range
+    try:
+        decimals = int(decimals)
+    except (ValueError, TypeError):
+        decimals = DEFAULT_DECIMALS
+    
+    return max(MIN_DECIMALS, min(MAX_DECIMALS, decimals))
+
+
+def fetch_iso_4217_data():
+    """
+    Fetch ISO 4217 currency data to get minor units (decimal places).
+    Returns a dict mapping currency code to minor units.
+    """
+    # Log the resolved URL for transparency
+    logging.info("Fetching ISO 4217 data from: %s", ISO_4217_URL)
+    if not ISO_4217_URL.lower().startswith("https://"):
+        logging.error("Refusing non-HTTPS ISO_4217_URL: %s", ISO_4217_URL)
+        return {}
+    
+    session = requests.Session()
+    retries = Retry(
+        total=3,
+        backoff_factor=1,
+        status_forcelist=[429, 500, 502, 503, 504],
+        allowed_methods=frozenset(['GET'])
+    )
+    session.mount('https://', HTTPAdapter(max_retries=retries))
+
+    try:
+        # Add Accept header for CSV content
+        headers = {'Accept': 'text/csv'}
+        resp = session.get(ISO_4217_URL, timeout=TIMEOUT, headers=headers)
+        resp.raise_for_status()
+    except requests.exceptions.RequestException as e:
+        logging.error("Failed to fetch ISO 4217 data: %s", e)
+        return {}
+
+    # Parse CSV data
+    iso_data = {}
+    try:
+        # Decode with utf-8-sig to strip BOM if present
+        csv_content = resp.content.decode('utf-8-sig')
+        csv_reader = csv.DictReader(io.StringIO(csv_content))
+        
+        for row in csv_reader:
+            code = row.get('AlphabeticCode', '').strip()
+            minor_unit = row.get('MinorUnit', '').strip()
+            
+            if code and minor_unit != 'N.A.':
+                try:
+                    # Convert minor unit to int (decimal places)
+                    iso_data[code] = int(minor_unit) if minor_unit.isdigit() else 2
+                except (ValueError, TypeError):
+                    iso_data[code] = 2  # Default to 2 if parsing fails
+                    
+        logging.info("Successfully loaded decimal data for %d currencies from ISO 4217", len(iso_data))
+        return iso_data
+        
+    except Exception as e:
+        logging.error("Failed to parse ISO 4217 CSV data: %s", e)
+        return {}
+
+
 def fetch_currencies():
+    # First, fetch ISO 4217 data for decimal places
+    iso_data = fetch_iso_4217_data()
+    
     session = requests.Session()
     retries = Retry(
         total=3,
@@ -46,11 +149,15 @@ def fetch_currencies():
     for country in countries:
         country_name = country.get('name', {}).get('common') or "Unknown"
         for code, info in country.get('currencies', {}).items():
+            # Get decimal places using the helper function
+            decimals = get_currency_decimals(code, iso_data)
+            
             results.append({
-                'code':   code,
-                'local':  country_name,
-                'symbol': info.get('symbol', ''),
-                'name':   info.get('name', '')
+                'code':     code,
+                'local':    country_name,
+                'symbol':   info.get('symbol', ''),
+                'name':     info.get('name', ''),
+                'decimals': decimals
             })
 
     # sort by country name for consistency

.github/scripts/update_language_names.py

@@ -0,0 +1,349 @@
+#!/usr/bin/env python3
+"""
+Script to automatically update language names in the English translation file.
+Queries Weblate for translation completion and language names.
+Only adds languages with >=80% completion to en.json.
+"""
+import json
+import logging
+import sys
+from pathlib import Path
+from typing import Dict, List, Optional
+
+import requests
+from babel import Locale, UnknownLocaleError
+
+LOCALES_DIR = Path('frontend/locales')
+EN_JSON_PATH = LOCALES_DIR / 'en.json'
+WEBLATE_API_URL = 'https://translate.sysadminsmedia.com/api'
+WEBLATE_PROJECT = 'homebox'
+WEBLATE_COMPONENT = 'frontend'
+COMPLETION_THRESHOLD = 80.0  # Minimum completion percentage to include language
+TIMEOUT = 10  # seconds
+
+
+def setup_logging():
+    logging.basicConfig(
+        level=logging.INFO,
+        format='%(asctime)s %(levelname)s: %(message)s'
+    )
+
+
+def get_locale_files() -> List[str]:
+    """Get all locale codes from JSON files in the locales directory."""
+    if not LOCALES_DIR.exists():
+        logging.error("Locales directory not found: %s", LOCALES_DIR)
+        return []
+    
+    locale_codes = []
+    for file in sorted(LOCALES_DIR.glob('*.json')):
+        # Extract locale code from filename (e.g., "en.json" -> "en")
+        locale_code = file.stem
+        # Validate locale code format - should not contain dots
+        if '.' not in locale_code:
+            locale_codes.append(locale_code)
+        else:
+            logging.warning("Skipping invalid locale code: %s", locale_code)
+    
+    logging.info("Found %d locale files", len(locale_codes))
+    return sorted(locale_codes)
+
+
+def fetch_weblate_translations() -> Optional[Dict[str, Dict]]:
+    """
+    Fetch translation statistics from Weblate API.
+    
+    Returns:
+        Dict mapping locale code to translation data (percent, name, native_name)
+        or None if API is unavailable
+    """
+    url = f"{WEBLATE_API_URL}/components/{WEBLATE_PROJECT}/{WEBLATE_COMPONENT}/translations/"
+    
+    try:
+        # Weblate API may require pagination
+        translations = {}
+        page_url = url
+        
+        while page_url:
+            logging.info("Fetching translations from Weblate: %s", page_url)
+            resp = requests.get(page_url, timeout=TIMEOUT)
+            
+            if resp.status_code != 200:
+                logging.warning("Weblate API returned status %d", resp.status_code)
+                return None
+            
+            data = resp.json()
+            
+            for trans in data.get('results', []):
+                # Weblate uses underscores, we use hyphens
+                locale_code = trans.get('language_code', '').replace('_', '-')
+                percent = trans.get('translated_percent', 0.0)
+                
+                lang_info = trans.get('language', {})
+                english_name = lang_info.get('name', '')
+                native_name = lang_info.get('native', '')
+                
+                translations[locale_code] = {
+                    'percent': percent,
+                    'english_name': english_name,
+                    'native_name': native_name
+                }
+            
+            # Check for next page
+            page_url = data.get('next')
+        
+        logging.info("Fetched %d translations from Weblate", len(translations))
+        return translations
+    
+    except requests.exceptions.RequestException as e:
+        logging.warning("Failed to fetch from Weblate API: %s", e)
+        return None
+    except Exception as e:
+        logging.error("Unexpected error fetching Weblate data: %s", e)
+        return None
+
+
+def get_language_name_from_babel(locale_code: str) -> Optional[str]:
+    """
+    Get the language name using Babel in format "English (Native)".
+    Special handling for variants that need disambiguation (Portuguese, Chinese).
+    
+    Args:
+        locale_code: Language/locale code (e.g., 'en', 'pt-BR', 'zh-CN')
+    
+    Returns:
+        Language name in format "English (Native)" or None if cannot parse
+    """
+    try:
+        # Special handling for ar-AA (non-standard code, use standard 'ar')
+        if locale_code == 'ar-AA':
+            locale = Locale.parse('ar')
+        else:
+            # Parse locale code using Babel
+            locale = Locale.parse(locale_code.replace('-', '_'))
+        
+        # Get English display name
+        english_name = locale.get_display_name('en')
+        
+        # Get native display name
+        native_name = locale.get_display_name(locale)
+        
+        if not english_name:
+            return None
+        
+        # Special handling for Portuguese variants (distinguish Brazil vs Portugal)
+        if locale_code == 'pt-BR':
+            native_base = native_name.split('(')[0].strip() if '(' in native_name else native_name
+            return f"Portuguese — Brazil ({native_base})"
+        elif locale_code == 'pt-PT':
+            native_base = native_name.split('(')[0].strip() if '(' in native_name else native_name
+            return f"Portuguese — Portugal ({native_base})"
+        
+        # Special handling for Chinese variants (distinguish Simplified/Traditional and regions)
+        if locale_code == 'zh-CN':
+            native_base = native_name.split('(')[0].strip() if '(' in native_name else native_name
+            return f"Chinese — Simplified ({native_base})"
+        elif locale_code == 'zh-TW':
+            native_base = native_name.split('(')[0].strip() if '(' in native_name else native_name
+            return f"Chinese — Traditional ({native_base})"
+        elif locale_code == 'zh-HK':
+            native_base = native_name.split('(')[0].strip() if '(' in native_name else native_name
+            return f"Chinese — Hong Kong ({native_base})"
+        elif locale_code == 'zh-MO':
+            native_base = native_name.split('(')[0].strip() if '(' in native_name else native_name
+            return f"Chinese — Macau ({native_base})"
+        
+        # Format: "English (Native)" if native name differs and is available
+        if native_name and native_name != english_name:
+            # Clean up nested parentheses for complex locales
+            if '(' in english_name and '(' in native_name:
+                # For cases like "Japanese (Japan) (日本語 (日本))"
+                # Simplify to "Japanese (日本語)"
+                english_base = english_name.split('(')[0].strip()
+                native_base = native_name.split('(')[0].strip()
+                return f"{english_base} ({native_base})"
+            else:
+                return f"{english_name} ({native_name})"
+        else:
+            return english_name
+    
+    except (UnknownLocaleError, ValueError) as e:
+        logging.debug("Could not parse locale '%s' with Babel: %s", locale_code, e)
+        return None
+
+
+def get_language_name(locale_code: str, weblate_data: Optional[Dict] = None) -> Optional[str]:
+    """
+    Get the display name for a locale code.
+    Priority: Weblate API > Babel > None
+    
+    Args:
+        locale_code: Language/locale code (e.g., 'en', 'pt-BR', 'zh-CN')
+        weblate_data: Translation data from Weblate (if available)
+    
+    Returns:
+        Language name in format "English (Native)" or None if invalid
+    """
+    # Validate locale code format
+    if '.' in locale_code or locale_code.startswith('languages.'):
+        logging.error("Invalid locale code format: %s", locale_code)
+        return None
+    
+    # Try Weblate first
+    if weblate_data and locale_code in weblate_data:
+        english_name = weblate_data[locale_code].get('english_name', '')
+        native_name = weblate_data[locale_code].get('native_name', '')
+        
+        if english_name:
+            # Format: "English (Native)" if both names available and different
+            if native_name and native_name != english_name:
+                return f"{english_name} ({native_name})"
+            else:
+                return english_name
+    
+    # Fallback to Babel
+    babel_name = get_language_name_from_babel(locale_code)
+    if babel_name:
+        return babel_name
+    
+    # If all else fails, return None (don't guess)
+    logging.warning("Could not determine language name for: %s", locale_code)
+    return None
+
+
+def load_en_json() -> dict:
+    """Load the English translation JSON file."""
+    if not EN_JSON_PATH.exists():
+        logging.error("English translation file not found: %s", EN_JSON_PATH)
+        return {}
+    
+    try:
+        with EN_JSON_PATH.open('r', encoding='utf-8') as f:
+            return json.load(f)
+    except (IOError, json.JSONDecodeError) as e:
+        logging.error("Failed to load %s: %s", EN_JSON_PATH, e)
+        return {}
+
+
+def save_en_json(data: dict):
+    """Save the English translation JSON file."""
+    try:
+        with EN_JSON_PATH.open('w', encoding='utf-8') as f:
+            # Use 4-space indentation to match existing file format
+            json.dump(data, f, ensure_ascii=False, indent=4)
+            # Add newline at end of file
+            f.write('\n')
+        logging.info("Saved updated en.json")
+    except IOError as e:
+        logging.error("Failed to save %s: %s", EN_JSON_PATH, e)
+        sys.exit(1)
+
+
+def update_language_names(en_data: dict, locale_codes: List[str], weblate_data: Optional[Dict] = None) -> bool:
+    """
+    Update the languages section in en.json.
+    - Add new languages with >=80% completion (from Weblate) or that exist as locale files
+    - Never remove existing entries (even if completion drops below 80%)
+    
+    Args:
+        en_data: The parsed en.json data
+        locale_codes: List of all locale codes from files
+        weblate_data: Translation data from Weblate (if available)
+    
+    Returns:
+        True if changes were made, False otherwise
+    """
+    # Ensure languages section exists
+    if 'languages' not in en_data:
+        en_data['languages'] = {}
+        logging.info("Created 'languages' section in en.json")
+    
+    languages = en_data['languages']
+    original_languages = languages.copy()
+    
+    # Process each locale file
+    added_count = 0
+    skipped_count = 0
+    
+    for locale_code in locale_codes:
+        # Skip if already in languages (never remove existing entries)
+        if locale_code in languages:
+            continue
+        
+        # Check Weblate completion threshold if data available
+        if weblate_data and locale_code in weblate_data:
+            percent = weblate_data[locale_code].get('percent', 0.0)
+            
+            if percent < COMPLETION_THRESHOLD:
+                logging.info("Skipping %s: %.1f%% completion (threshold: %.1f%%)", 
+                           locale_code, percent, COMPLETION_THRESHOLD)
+                skipped_count += 1
+                continue
+            else:
+                logging.info("Including %s: %.1f%% completion", locale_code, percent)
+        else:
+            # If Weblate data not available, include locale file but log warning
+            logging.info("Including %s: Weblate data not available, locale file exists", locale_code)
+        
+        # Get language name
+        language_name = get_language_name(locale_code, weblate_data)
+        
+        if language_name:
+            languages[locale_code] = language_name
+            logging.info("Added language: %s = %s", locale_code, language_name)
+            added_count += 1
+        else:
+            logging.warning("Skipping %s: could not determine language name", locale_code)
+            skipped_count += 1
+    
+    # Sort languages alphabetically by key
+    en_data['languages'] = dict(sorted(languages.items()))
+    
+    # Check if anything changed
+    changed = (original_languages != en_data['languages'])
+    
+    if changed:
+        logging.info("Updated %d language names, skipped %d", added_count, skipped_count)
+    else:
+        logging.info("All languages already present, no changes needed")
+    
+    return changed
+
+
+def main():
+    setup_logging()
+    logging.info("🔄 Starting language names update")
+    
+    # Get all locale files
+    locale_codes = get_locale_files()
+    if not locale_codes:
+        logging.error("No locale files found")
+        sys.exit(1)
+    
+    # Load English translation file
+    en_data = load_en_json()
+    if not en_data:
+        logging.error("Failed to load English translation file")
+        sys.exit(1)
+    
+    # Fetch Weblate translation statistics
+    weblate_data = fetch_weblate_translations()
+    if weblate_data:
+        logging.info("Successfully fetched Weblate data for %d languages", len(weblate_data))
+    else:
+        logging.warning("Weblate data not available, proceeding with locale files only")
+    
+    # Update language names
+    changed = update_language_names(en_data, locale_codes, weblate_data)
+    
+    if changed:
+        save_en_json(en_data)
+        logging.info("✅ Language names updated successfully")
+    else:
+        logging.info("✅ No updates needed, en.json is already up-to-date")
+    
+    sys.exit(0)
+
+
+if __name__ == "__main__":
+    main()

.github/scripts/upgrade-test/README.md

@@ -0,0 +1,259 @@
+# HomeBox Upgrade Testing Workflow
+
+This document describes the automated upgrade testing workflow for HomeBox.
+
+## Overview
+
+The upgrade test workflow is designed to ensure data integrity and functionality when upgrading HomeBox from one version to another. It automatically:
+
+1. Deploys a stable version of HomeBox
+2. Creates test data (users, items, locations, labels, notifiers, attachments)
+3. Upgrades to the latest version from the main branch
+4. Verifies all data and functionality remain intact
+
+## Workflow File
+
+**Location**: `.github/workflows/upgrade-test.yaml`
+
+## Trigger Conditions
+
+The workflow runs:
+- **Daily**: Automatically at 2 AM UTC (via cron schedule)
+- **Manual**: Can be triggered manually via GitHub Actions UI
+- **On Push**: When changes are made to the workflow files or test scripts
+
+## Test Scenarios
+
+### 1. Environment Setup
+- Pulls the latest stable HomeBox Docker image from GHCR
+- Starts the application with test configuration
+- Ensures the service is healthy and ready
+
+### 2. Data Creation
+
+The workflow creates comprehensive test data using the `create-test-data.sh` script:
+
+#### Users and Groups
+- **Group 1**: 5 users (user1@homebox.test through user5@homebox.test)
+- **Group 2**: 2 users (user6@homebox.test and user7@homebox.test)
+- All users have password: `TestPassword123!`
+
+#### Locations
+- **Group 1**: Living Room, Garage
+- **Group 2**: Home Office
+
+#### Labels
+- **Group 1**: Electronics, Important
+- **Group 2**: Work Equipment
+
+#### Items
+- **Group 1**: 5 items (Laptop Computer, Power Drill, TV Remote, Tool Box, Coffee Maker)
+- **Group 2**: 2 items (Monitor, Keyboard)
+
+#### Attachments
+- Multiple attachments added to various items (receipts, manuals, warranties)
+
+#### Notifiers
+- **Group 1**: Test notifier named "TESTING"
+
+### 3. Upgrade Process
+
+1. Stops the stable version container
+2. Builds a fresh image from the current main branch
+3. Copies the database to a new location
+4. Starts the new version with the existing data
+
+### 4. Verification Tests
+
+The Playwright test suite (`upgrade-verification.spec.ts`) verifies:
+
+- ✅ **User Authentication**: All 7 users can log in with their credentials
+- ✅ **Data Persistence**: All items, locations, and labels are present
+- ✅ **Attachments**: File attachments are correctly associated with items
+- ✅ **Notifiers**: The "TESTING" notifier is still configured
+- ✅ **UI Functionality**: Version display, theme switching work correctly
+- ✅ **Data Isolation**: Groups can only see their own data
+
+## Test Data File
+
+The setup script generates a JSON file at `/tmp/test-users.json` containing:
+
+```json
+{
+  "users": [
+    {
+      "email": "user1@homebox.test",
+      "password": "TestPassword123!",
+      "token": "...",
+      "group": "1"
+    },
+    ...
+  ],
+  "locations": {
+    "group1": ["location-id-1", "location-id-2"],
+    "group2": ["location-id-3"]
+  },
+  "labels": {...},
+  "items": {...},
+  "notifiers": {...}
+}
+```
+
+This file is used by the Playwright tests to verify data integrity.
+
+## Scripts
+
+### create-test-data.sh
+
+**Location**: `.github/scripts/upgrade-test/create-test-data.sh`
+
+**Purpose**: Creates all test data via the HomeBox REST API
+
+**Environment Variables**:
+- `HOMEBOX_URL`: Base URL of the HomeBox instance (default: http://localhost:7745)
+- `TEST_DATA_FILE`: Path to output JSON file (default: /tmp/test-users.json)
+
+**Requirements**:
+- `curl`: For API calls
+- `jq`: For JSON processing
+
+**Usage**:
+```bash
+export HOMEBOX_URL=http://localhost:7745
+./.github/scripts/upgrade-test/create-test-data.sh
+```
+
+## Running Tests Locally
+
+To run the upgrade tests locally:
+
+### Prerequisites
+```bash
+# Install dependencies
+sudo apt-get install -y jq curl docker.io
+
+# Install pnpm and Playwright
+cd frontend
+pnpm install
+pnpm exec playwright install --with-deps chromium
+```
+
+### Run the test
+```bash
+# Start stable version
+docker run -d \
+  --name homebox-test \
+  -p 7745:7745 \
+  -e HBOX_OPTIONS_ALLOW_REGISTRATION=true \
+  -v /tmp/homebox-data:/data \
+  ghcr.io/sysadminsmedia/homebox:latest
+
+# Wait for startup
+sleep 10
+
+# Create test data
+export HOMEBOX_URL=http://localhost:7745
+./.github/scripts/upgrade-test/create-test-data.sh
+
+# Stop container
+docker stop homebox-test
+docker rm homebox-test
+
+# Build new version
+docker build -t homebox:test .
+
+# Start new version with existing data
+docker run -d \
+  --name homebox-test \
+  -p 7745:7745 \
+  -e HBOX_OPTIONS_ALLOW_REGISTRATION=true \
+  -v /tmp/homebox-data:/data \
+  homebox:test
+
+# Wait for startup
+sleep 10
+
+# Run verification tests
+cd frontend
+TEST_DATA_FILE=/tmp/test-users.json \
+E2E_BASE_URL=http://localhost:7745 \
+pnpm exec playwright test \
+  --project=chromium \
+  test/upgrade/upgrade-verification.spec.ts
+
+# Cleanup
+docker stop homebox-test
+docker rm homebox-test
+```
+
+## Artifacts
+
+The workflow produces several artifacts:
+
+1. **playwright-report-upgrade-test**: HTML report of test results
+2. **playwright-traces**: Detailed traces for debugging failures
+3. **Docker logs**: Collected on failure for troubleshooting
+
+## Failure Scenarios
+
+The workflow will fail if:
+- The stable version fails to start
+- Test data creation fails
+- The new version fails to start with existing data
+- Any verification test fails
+- Database migrations fail
+
+## Troubleshooting
+
+### Test Data Creation Fails
+
+Check the Docker logs:
+```bash
+docker logs homebox-old
+```
+
+Verify the API is accessible:
+```bash
+curl http://localhost:7745/api/v1/status
+```
+
+### Verification Tests Fail
+
+1. Download the Playwright report from GitHub Actions artifacts
+2. Review the HTML report for detailed failure information
+3. Check traces for visual debugging
+
+### Database Issues
+
+If migrations fail:
+```bash
+# Check database file
+ls -lh /tmp/homebox-data-new/homebox.db
+
+# Check Docker logs for migration errors
+docker logs homebox-new
+```
+
+## Future Enhancements
+
+Potential improvements:
+- [ ] Test multiple upgrade paths (e.g., v0.10 → v0.11 → v0.12)
+- [ ] Test with PostgreSQL backend in addition to SQLite
+- [ ] Add performance benchmarks
+- [ ] Test with larger datasets
+- [ ] Add API-level verification in addition to UI tests
+- [ ] Test backup and restore functionality
+
+## Related Files
+
+- `.github/workflows/upgrade-test.yaml` - Main workflow definition
+- `.github/scripts/upgrade-test/create-test-data.sh` - Data generation script
+- `frontend/test/upgrade/upgrade-verification.spec.ts` - Playwright verification tests
+- `.github/workflows/e2e-partial.yaml` - Standard E2E test workflow (for reference)
+
+## Support
+
+For issues or questions about this workflow:
+1. Check the GitHub Actions run logs
+2. Review this documentation
+3. Open an issue in the repository

.github/scripts/upgrade-test/create-test-data.sh

@@ -0,0 +1,413 @@
+#!/bin/bash
+
+# Script to create test data in HomeBox for upgrade testing
+# This script creates users, items, attachments, notifiers, locations, and labels
+
+set -e
+
+HOMEBOX_URL="${HOMEBOX_URL:-http://localhost:7745}"
+API_URL="${HOMEBOX_URL}/api/v1"
+TEST_DATA_FILE="${TEST_DATA_FILE:-/tmp/test-users.json}"
+
+echo "Creating test data in HomeBox at $HOMEBOX_URL"
+
+# Function to make API calls with error handling
+api_call() {
+    local method=$1
+    local endpoint=$2
+    local data=$3
+    local token=$4
+    
+    if [ -n "$token" ]; then
+        if [ -n "$data" ]; then
+            curl -s -X "$method" \
+                -H "Authorization: Bearer $token" \
+                -H "Content-Type: application/json" \
+                -d "$data" \
+                "$API_URL$endpoint"
+        else
+            curl -s -X "$method" \
+                -H "Authorization: Bearer $token" \
+                -H "Content-Type: application/json" \
+                "$API_URL$endpoint"
+        fi
+    else
+        if [ -n "$data" ]; then
+            curl -s -X "$method" \
+                -H "Content-Type: application/json" \
+                -d "$data" \
+                "$API_URL$endpoint"
+        else
+            curl -s -X "$method" \
+                -H "Content-Type: application/json" \
+                "$API_URL$endpoint"
+        fi
+    fi
+}
+
+# Function to register a user and get token
+register_user() {
+    local email=$1
+    local name=$2
+    local password=$3
+    local group_token=$4
+    
+    echo "Registering user: $email"
+    
+    local payload="{\"email\":\"$email\",\"name\":\"$name\",\"password\":\"$password\""
+    
+    if [ -n "$group_token" ]; then
+        payload="$payload,\"groupToken\":\"$group_token\""
+    fi
+    
+    payload="$payload}"
+    
+    local response=$(curl -s -X POST \
+        -H "Content-Type: application/json" \
+        -d "$payload" \
+        "$API_URL/users/register")
+    
+    echo "$response"
+}
+
+# Function to login and get token
+login_user() {
+    local email=$1
+    local password=$2
+    
+    echo "Logging in user: $email" >&2
+    
+    local response=$(curl -s -X POST \
+        -H "Content-Type: application/json" \
+        -d "{\"username\":\"$email\",\"password\":\"$password\"}" \
+        "$API_URL/users/login")
+    
+    echo "$response" | jq -r '.token // empty'
+}
+
+# Function to create an item
+create_item() {
+    local token=$1
+    local name=$2
+    local description=$3
+    local location_id=$4
+    
+    echo "Creating item: $name" >&2
+    
+    local payload="{\"name\":\"$name\",\"description\":\"$description\""
+    
+    if [ -n "$location_id" ]; then
+        payload="$payload,\"locationId\":\"$location_id\""
+    fi
+    
+    payload="$payload}"
+    
+    local response=$(curl -s -X POST \
+        -H "Authorization: Bearer $token" \
+        -H "Content-Type: application/json" \
+        -d "$payload" \
+        "$API_URL/items")
+    
+    echo "$response"
+}
+
+# Function to create a location
+create_location() {
+    local token=$1
+    local name=$2
+    local description=$3
+    
+    echo "Creating location: $name" >&2
+    
+    local response=$(curl -s -X POST \
+        -H "Authorization: Bearer $token" \
+        -H "Content-Type: application/json" \
+        -d "{\"name\":\"$name\",\"description\":\"$description\"}" \
+        "$API_URL/locations")
+    
+    echo "$response"
+}
+
+# Function to create a label
+create_label() {
+    local token=$1
+    local name=$2
+    local description=$3
+    
+    echo "Creating label: $name" >&2
+    
+    local response=$(curl -s -X POST \
+        -H "Authorization: Bearer $token" \
+        -H "Content-Type: application/json" \
+        -d "{\"name\":\"$name\",\"description\":\"$description\"}" \
+        "$API_URL/labels")
+    
+    echo "$response"
+}
+
+# Function to create a notifier
+create_notifier() {
+    local token=$1
+    local name=$2
+    local url=$3
+    
+    echo "Creating notifier: $name" >&2
+    
+    local response=$(curl -s -X POST \
+        -H "Authorization: Bearer $token" \
+        -H "Content-Type: application/json" \
+        -d "{\"name\":\"$name\",\"url\":\"$url\",\"isActive\":true}" \
+        "$API_URL/groups/notifiers")
+    
+    echo "$response"
+}
+
+# Function to attach a file to an item (creates a dummy attachment)
+attach_file_to_item() {
+    local token=$1
+    local item_id=$2
+    local filename=$3
+    
+    echo "Creating attachment for item: $item_id" >&2
+    
+    # Create a temporary file with some content
+    local temp_file=$(mktemp)
+    echo "This is a test attachment for $filename" > "$temp_file"
+    
+    local response=$(curl -s -X POST \
+        -H "Authorization: Bearer $token" \
+        -F "file=@$temp_file" \
+        -F "type=attachment" \
+        -F "name=$filename" \
+        "$API_URL/items/$item_id/attachments")
+    
+    rm -f "$temp_file"
+    
+    echo "$response"
+}
+
+# Initialize test data storage
+echo "{\"users\":[]}" > "$TEST_DATA_FILE"
+
+echo "=== Step 1: Create first group with 5 users ==="
+
+# Register first user (creates a new group)
+user1_response=$(register_user "user1@homebox.test" "User One" "TestPassword123!")
+user1_token=$(echo "$user1_response" | jq -r '.token // empty')
+group_token=$(echo "$user1_response" | jq -r '.group.inviteToken // empty')
+
+if [ -z "$user1_token" ]; then
+    echo "Failed to register first user"
+    echo "Response: $user1_response"
+    exit 1
+fi
+
+echo "First user registered with token. Group token: $group_token"
+
+# Store user1 data
+jq --arg email "user1@homebox.test" \
+   --arg password "TestPassword123!" \
+   --arg token "$user1_token" \
+   --arg group "1" \
+   '.users += [{"email":$email,"password":$password,"token":$token,"group":$group}]' \
+   "$TEST_DATA_FILE" > "$TEST_DATA_FILE.tmp" && mv "$TEST_DATA_FILE.tmp" "$TEST_DATA_FILE"
+
+# Register 4 more users in the same group
+for i in {2..5}; do
+    echo "Registering user$i in group 1..."
+    user_response=$(register_user "user${i}@homebox.test" "User $i" "TestPassword123!" "$group_token")
+    user_token=$(echo "$user_response" | jq -r '.token // empty')
+    
+    if [ -z "$user_token" ]; then
+        echo "Failed to register user$i"
+        echo "Response: $user_response"
+    else
+        echo "user$i registered successfully"
+        # Store user data
+        jq --arg email "user${i}@homebox.test" \
+           --arg password "TestPassword123!" \
+           --arg token "$user_token" \
+           --arg group "1" \
+           '.users += [{"email":$email,"password":$password,"token":$token,"group":$group}]' \
+           "$TEST_DATA_FILE" > "$TEST_DATA_FILE.tmp" && mv "$TEST_DATA_FILE.tmp" "$TEST_DATA_FILE"
+    fi
+done
+
+echo "=== Step 2: Create second group with 2 users ==="
+
+# Register first user of second group
+user6_response=$(register_user "user6@homebox.test" "User Six" "TestPassword123!")
+user6_token=$(echo "$user6_response" | jq -r '.token // empty')
+group2_token=$(echo "$user6_response" | jq -r '.group.inviteToken // empty')
+
+if [ -z "$user6_token" ]; then
+    echo "Failed to register user6"
+    echo "Response: $user6_response"
+    exit 1
+fi
+
+echo "user6 registered with token. Group 2 token: $group2_token"
+
+# Store user6 data
+jq --arg email "user6@homebox.test" \
+   --arg password "TestPassword123!" \
+   --arg token "$user6_token" \
+   --arg group "2" \
+   '.users += [{"email":$email,"password":$password,"token":$token,"group":$group}]' \
+   "$TEST_DATA_FILE" > "$TEST_DATA_FILE.tmp" && mv "$TEST_DATA_FILE.tmp" "$TEST_DATA_FILE"
+
+# Register second user in group 2
+user7_response=$(register_user "user7@homebox.test" "User Seven" "TestPassword123!" "$group2_token")
+user7_token=$(echo "$user7_response" | jq -r '.token // empty')
+
+if [ -z "$user7_token" ]; then
+    echo "Failed to register user7"
+    echo "Response: $user7_response"
+else
+    echo "user7 registered successfully"
+    # Store user7 data
+    jq --arg email "user7@homebox.test" \
+       --arg password "TestPassword123!" \
+       --arg token "$user7_token" \
+       --arg group "2" \
+       '.users += [{"email":$email,"password":$password,"token":$token,"group":$group}]' \
+       "$TEST_DATA_FILE" > "$TEST_DATA_FILE.tmp" && mv "$TEST_DATA_FILE.tmp" "$TEST_DATA_FILE"
+fi
+
+echo "=== Step 3: Create locations for each group ==="
+
+# Create locations for group 1 (using user1's token)
+location1=$(create_location "$user1_token" "Living Room" "Main living area")
+location1_id=$(echo "$location1" | jq -r '.id // empty')
+echo "Created location: Living Room (ID: $location1_id)"
+
+location2=$(create_location "$user1_token" "Garage" "Storage and tools")
+location2_id=$(echo "$location2" | jq -r '.id // empty')
+echo "Created location: Garage (ID: $location2_id)"
+
+# Create location for group 2 (using user6's token)
+location3=$(create_location "$user6_token" "Home Office" "Work from home space")
+location3_id=$(echo "$location3" | jq -r '.id // empty')
+echo "Created location: Home Office (ID: $location3_id)"
+
+# Store locations
+jq --arg loc1 "$location1_id" \
+   --arg loc2 "$location2_id" \
+   --arg loc3 "$location3_id" \
+   '.locations = {"group1":[$loc1,$loc2],"group2":[$loc3]}' \
+   "$TEST_DATA_FILE" > "$TEST_DATA_FILE.tmp" && mv "$TEST_DATA_FILE.tmp" "$TEST_DATA_FILE"
+
+echo "=== Step 4: Create labels for each group ==="
+
+# Create labels for group 1
+label1=$(create_label "$user1_token" "Electronics" "Electronic devices")
+label1_id=$(echo "$label1" | jq -r '.id // empty')
+echo "Created label: Electronics (ID: $label1_id)"
+
+label2=$(create_label "$user1_token" "Important" "High priority items")
+label2_id=$(echo "$label2" | jq -r '.id // empty')
+echo "Created label: Important (ID: $label2_id)"
+
+# Create label for group 2
+label3=$(create_label "$user6_token" "Work Equipment" "Items for work")
+label3_id=$(echo "$label3" | jq -r '.id // empty')
+echo "Created label: Work Equipment (ID: $label3_id)"
+
+# Store labels
+jq --arg lab1 "$label1_id" \
+   --arg lab2 "$label2_id" \
+   --arg lab3 "$label3_id" \
+   '.labels = {"group1":[$lab1,$lab2],"group2":[$lab3]}' \
+   "$TEST_DATA_FILE" > "$TEST_DATA_FILE.tmp" && mv "$TEST_DATA_FILE.tmp" "$TEST_DATA_FILE"
+
+echo "=== Step 5: Create test notifier ==="
+
+# Create notifier for group 1
+notifier1=$(create_notifier "$user1_token" "TESTING" "https://example.com/webhook")
+notifier1_id=$(echo "$notifier1" | jq -r '.id // empty')
+echo "Created notifier: TESTING (ID: $notifier1_id)"
+
+# Store notifier
+jq --arg not1 "$notifier1_id" \
+   '.notifiers = {"group1":[$not1]}' \
+   "$TEST_DATA_FILE" > "$TEST_DATA_FILE.tmp" && mv "$TEST_DATA_FILE.tmp" "$TEST_DATA_FILE"
+
+echo "=== Step 6: Create items for all users ==="
+
+# Create items for users in group 1
+declare -A user_tokens
+user_tokens[1]=$user1_token
+user_tokens[2]=$(echo "$user1_token") # Users in same group share data, but we'll use user1 token
+user_tokens[3]=$(echo "$user1_token")
+user_tokens[4]=$(echo "$user1_token")
+user_tokens[5]=$(echo "$user1_token")
+
+# Items for group 1 users
+echo "Creating items for group 1..."
+item1=$(create_item "$user1_token" "Laptop Computer" "Dell XPS 15 for work" "$location1_id")
+item1_id=$(echo "$item1" | jq -r '.id // empty')
+echo "Created item: Laptop Computer (ID: $item1_id)"
+
+item2=$(create_item "$user1_token" "Power Drill" "DeWalt 20V cordless drill" "$location2_id")
+item2_id=$(echo "$item2" | jq -r '.id // empty')
+echo "Created item: Power Drill (ID: $item2_id)"
+
+item3=$(create_item "$user1_token" "TV Remote" "Samsung TV remote control" "$location1_id")
+item3_id=$(echo "$item3" | jq -r '.id // empty')
+echo "Created item: TV Remote (ID: $item3_id)"
+
+item4=$(create_item "$user1_token" "Tool Box" "Red metal tool box with tools" "$location2_id")
+item4_id=$(echo "$item4" | jq -r '.id // empty')
+echo "Created item: Tool Box (ID: $item4_id)"
+
+item5=$(create_item "$user1_token" "Coffee Maker" "Breville espresso machine" "$location1_id")
+item5_id=$(echo "$item5" | jq -r '.id // empty')
+echo "Created item: Coffee Maker (ID: $item5_id)"
+
+# Items for group 2 users
+echo "Creating items for group 2..."
+item6=$(create_item "$user6_token" "Monitor" "27 inch 4K monitor" "$location3_id")
+item6_id=$(echo "$item6" | jq -r '.id // empty')
+echo "Created item: Monitor (ID: $item6_id)"
+
+item7=$(create_item "$user6_token" "Keyboard" "Mechanical keyboard" "$location3_id")
+item7_id=$(echo "$item7" | jq -r '.id // empty')
+echo "Created item: Keyboard (ID: $item7_id)"
+
+# Store items
+jq --argjson group1_items "[\"$item1_id\",\"$item2_id\",\"$item3_id\",\"$item4_id\",\"$item5_id\"]" \
+   --argjson group2_items "[\"$item6_id\",\"$item7_id\"]" \
+   '.items = {"group1":$group1_items,"group2":$group2_items}' \
+   "$TEST_DATA_FILE" > "$TEST_DATA_FILE.tmp" && mv "$TEST_DATA_FILE.tmp" "$TEST_DATA_FILE"
+
+echo "=== Step 7: Add attachments to items ==="
+
+# Add attachments for group 1 items
+echo "Adding attachments to group 1 items..."
+attach_file_to_item "$user1_token" "$item1_id" "laptop-receipt.pdf"
+attach_file_to_item "$user1_token" "$item1_id" "laptop-warranty.pdf"
+attach_file_to_item "$user1_token" "$item2_id" "drill-manual.pdf"
+attach_file_to_item "$user1_token" "$item3_id" "remote-guide.pdf"
+attach_file_to_item "$user1_token" "$item4_id" "toolbox-inventory.txt"
+
+# Add attachments for group 2 items
+echo "Adding attachments to group 2 items..."
+attach_file_to_item "$user6_token" "$item6_id" "monitor-receipt.pdf"
+attach_file_to_item "$user6_token" "$item7_id" "keyboard-manual.pdf"
+
+echo "=== Test Data Creation Complete ==="
+echo "Test data file saved to: $TEST_DATA_FILE"
+echo "Summary:"
+echo "  - Users created: 7 (5 in group 1, 2 in group 2)"
+echo "  - Locations created: 3"
+echo "  - Labels created: 3"
+echo "  - Notifiers created: 1"
+echo "  - Items created: 7"
+echo "  - Attachments created: 7"
+
+# Display the test data file for verification
+echo ""
+echo "Test data:"
+cat "$TEST_DATA_FILE" | jq '.'
+
+exit 0

.github/workflows/binaries-publish.yaml

@@ -9,25 +9,25 @@ jobs:
   goreleaser:
     name: goreleaser
     runs-on: ubuntu-latest
+    outputs:
+      hashes: ${{ steps.binary.outputs.hashes }}
     permissions:
       contents: write
       packages: write
       id-token: write
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
         with:
           fetch-depth: 0
 
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c
         with:
           go-version: "1.24"
           cache-dependency-path: backend/go.mod
 
-      - uses: pnpm/action-setup@v2
-        with:
-          version: 9.15.3
+      - uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061
 
       - name: Build Frontend and Copy to Backend
         working-directory: frontend
@@ -41,9 +41,15 @@ jobs:
         run: |
           go install github.com/sigstore/cosign/cmd/cosign@latest
 
+      - name: Install Syft
+        working-directory: backend
+        run: |
+          go install github.com/anchore/syft/cmd/syft@latest
+
       - name: Run GoReleaser
+        id: releaser
         if: startsWith(github.ref, 'refs/tags/')
-        uses: goreleaser/goreleaser-action@v5
+        uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a
         with:
           workdir: "backend"
           distribution: goreleaser
@@ -54,9 +60,20 @@ jobs:
           COSIGN_PWD: ${{ secrets.COSIGN_PWD }}
           COSIGN_YES: "true"
 
+      - name: Generate binary hashes
+        if: startsWith(github.ref, 'refs/tags/')
+        id: binary
+        env:
+          ARTIFACTS: "${{ steps.releaser.outputs.artifacts }}"
+        run: |
+          set -euo pipefail
+          
+          checksum_file=$(echo "$ARTIFACTS" | jq -r '.[] | select (.type=="Checksum") | .path')
+          echo "hashes=$(cat $checksum_file | base64 -w0)" >> "$GITHUB_OUTPUT"
+
       - name: Run GoReleaser No Release
         if: ${{ !startsWith(github.ref, 'refs/tags/') }}
-        uses: goreleaser/goreleaser-action@v5
+        uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a
         with:
           workdir: "backend"
           distribution: goreleaser
@@ -65,4 +82,50 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           COSIGN_PWD: ${{ secrets.COSIGN_PWD }}
-          COSIGN_YES: "true"
+          COSIGN_YES: "true"
+
+  binary-provenance:
+    if: startsWith(github.ref, 'refs/tags/')
+    needs: [ goreleaser ]
+    permissions:
+      actions: read # To read the workflow path.
+      id-token: write # To sign the provenance.
+      contents: write # To add assets to a release.
+    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@f7dd8c54c2067bafc12ca7a55595d5ee9b75204a
+    with:
+      base64-subjects: "${{ needs.goreleaser.outputs.hashes }}"
+      upload-assets: true # upload to a new release
+
+  verification-with-slsa-verifier:
+    if: startsWith(github.ref, 'refs/tags/')
+    needs: [goreleaser, binary-provenance]
+    runs-on: ubuntu-latest
+    permissions: read-all
+    steps:
+      - name: Install the verifier
+        uses: slsa-framework/slsa-verifier/actions/installer@ea584f4502babc6f60d9bc799dbbb13c1caa9ee6
+
+      - name: Download assets
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PROVENANCE: "${{ needs.binary-provenance.outputs.provenance-name }}"
+        run: |
+          set -euo pipefail
+          gh -R "$GITHUB_REPOSITORY" release download "$GITHUB_REF_NAME" -p "*.tar.gz"
+          gh -R "$GITHUB_REPOSITORY" release download "$GITHUB_REF_NAME" -p "*.zip"
+          gh -R "$GITHUB_REPOSITORY" release download "$GITHUB_REF_NAME" -p "$PROVENANCE"
+      - name: Verify assets
+        env:
+          CHECKSUMS: ${{ needs.goreleaser.outputs.hashes }}
+          PROVENANCE: "${{ needs.binary-provenance.outputs.provenance-name }}"
+        run: |
+          set -euo pipefail
+          checksums=$(echo "$CHECKSUMS" | base64 -d)
+          while read -r line; do
+              fn=$(echo $line | cut -d ' ' -f2)
+              echo "Verifying $fn"
+              slsa-verifier verify-artifact --provenance-path "$PROVENANCE" \
+                                            --source-uri "github.com/$GITHUB_REPOSITORY" \
+                                            --source-tag "$GITHUB_REF_NAME" \
+                                            "$fn"
+          done <<<"$checksums"

.github/workflows/clear-stale-docker-images.yml

@@ -12,7 +12,7 @@ jobs:
     permissions:
       packages: write
     steps:
-      - uses: dataaxiom/ghcr-cleanup-action@v1
+      - uses: dataaxiom/ghcr-cleanup-action@cd0cdb900b5dbf3a6f2cc869f0dbb0b8211f50c4
         with:
           dry-run: true
           delete-ghost-images: true
@@ -32,7 +32,7 @@ jobs:
     permissions:
       packages: write
     steps:
-      - uses: dataaxiom/ghcr-cleanup-action@v1
+      - uses: dataaxiom/ghcr-cleanup-action@cd0cdb900b5dbf3a6f2cc869f0dbb0b8211f50c4
         with:
           dry-run: false
           delete-untagged: true

.github/workflows/copilot-setup-steps.yml

@@ -26,25 +26,23 @@ jobs:
     # If you do not check out your code, Copilot will do this for you.
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
 
       - name: Set up Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f
         with:
-          node-version: "22"
+          node-version: "24"
 
-      - uses: pnpm/action-setup@v3.0.0
-        with:
-          version: 9.12.2
+      - uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061
 
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c
         with:
           go-version: "1.24"
           cache-dependency-path: backend/go.mod
 
       - name: Install Task
-        uses: arduino/setup-task@v1
+        uses: arduino/setup-task@b91d5d2c96a56797b48ac1e0e89220bf64044611
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
 

.github/workflows/docker-publish-hardened.yaml

@@ -33,7 +33,7 @@ env:
 
 jobs:
   build:
-    runs-on: ubuntu-latest
+    runs-on: ${{ matrix.runner }}
     permissions:
       contents: read
       packages: write
@@ -43,10 +43,11 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        platform:
-          - linux/amd64
-          - linux/arm64
-          - linux/arm/v7
+        include:
+          - platform: linux/amd64
+            runner: ubuntu-latest
+          - platform: linux/arm64
+            runner: ubuntu-24.04-arm
 
     steps:
       - name: Enable Debug Logs
@@ -56,7 +57,7 @@ jobs:
           ACTIONS_STEP_DEBUG: true
 
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
 
       - name: Prepare
         run: |
@@ -95,13 +96,13 @@ jobs:
       - name: Set up QEMU
         uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392
         with:
-          image: ghcr.io/amitie10g/binfmt:latest
+          image: ghcr.io/sysadminsmedia/binfmt:latest
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435
         with:
           driver-opts: |
-            image=ghcr.io/amitie10g/buildkit:master
+            image=ghcr.io/sysadminsmedia/buildkit:master
 
       - name: Build and push by digest
         id: build
@@ -118,10 +119,18 @@ jobs:
             VERSION=${{ github.ref_name }}
             COMMIT=${{ github.sha }}
             BUILD_TIME=${{ env.BUILD_TIME }}
-          provenance: true
+          provenance: mode=max
           sbom: true
           annotations: ${{ steps.meta.outputs.annotations }}
-          
+
+      - name: Attest platform-specific images
+        uses: actions/attest-build-provenance@00014ed6ed5efc5b1ab7f7f34a39eb55d41aa4f8
+        if: github.event_name != 'pull_request'
+        with:
+          subject-name: ${{ env.GHCR_REPO }}
+          subject-digest: ${{ steps.build.outputs.digest }}
+          push-to-registry: true
+
       - name: Export digest
         run: |
           mkdir -p /tmp/digests
@@ -173,7 +182,7 @@ jobs:
         uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435
         with:
           driver-opts: |
-            image=ghcr.io/amitie10g/buildkit:master
+            image=ghcr.io/sysadminsmedia/buildkit:master
 
       - name: Docker meta
         id: meta
@@ -196,13 +205,45 @@ jobs:
         id: push-ghcr
         working-directory: /tmp/digests
         run: |
+          set -euo pipefail
           docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
-            $(printf '${{ env.GHCR_REPO }}@sha256:%s ' *)
+            $(printf '${{ env.GHCR_REPO }}@sha256:%s ' *) 2>&1 | tee /tmp/push-ghcr.out
+          digest=$(grep -oE 'sha256:[a-f0-9]{64}' /tmp/push-ghcr.out | head -n1 || true)
+          if [ -z "$digest" ]; then
+            echo "No digest found in imagetools output:"
+            cat /tmp/push-ghcr.out
+            exit 1
+          fi
+          echo "digest=$digest" >> $GITHUB_OUTPUT
+
+      - name: Attest GHCR images
+        uses: actions/attest-build-provenance@00014ed6ed5efc5b1ab7f7f34a39eb55d41aa4f8
+        if: github.event_name != 'pull_request'
+        with:
+          subject-name: ${{ env.GHCR_REPO }}
+          subject-digest: ${{ steps.push-ghcr.outputs.digest }}
+          push-to-registry: true
 
       - name: Create manifest list and push Dockerhub
         id: push-dockerhub
         working-directory: /tmp/digests
         if: (github.event_name == 'schedule' || startsWith(github.ref, 'refs/tags/'))
         run: |
+          set -euo pipefail
           docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
-            $(printf '${{ env.DOCKERHUB_REPO }}@sha256:%s ' *)
+            $(printf '${{ env.DOCKERHUB_REPO }}@sha256:%s ' *) 2>&1 | tee /tmp/push-dockerhub.out
+          digest=$(grep -oE 'sha256:[a-f0-9]{64}' /tmp/push-dockerhub.out | head -n1 || true)
+          if [ -z "$digest" ]; then
+            echo "No digest found in imagetools output:"
+            cat /tmp/push-dockerhub.out
+            exit 1
+          fi
+          echo "digest=$digest" >> $GITHUB_OUTPUT
+
+      - name: Attest Dockerhub images
+        uses: actions/attest-build-provenance@00014ed6ed5efc5b1ab7f7f34a39eb55d41aa4f8
+        if: (github.event_name == 'schedule' || startsWith(github.ref, 'refs/tags/'))
+        with:
+          subject-name: docker.io/${{ env.DOCKERHUB_REPO }}
+          subject-digest: ${{ steps.push-dockerhub.outputs.digest }}
+          push-to-registry: true

.github/workflows/docker-publish-rootless.yaml

@@ -37,7 +37,7 @@ env:
 
 jobs:
   build:
-    runs-on: ubuntu-latest
+    runs-on: ${{ matrix.runner }}
     permissions:
       contents: read
       packages: write
@@ -47,10 +47,11 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        platform:
-          - linux/amd64
-          - linux/arm64
-          - linux/arm/v7
+        include:
+          - platform: linux/amd64
+            runner: ubuntu-latest
+          - platform: linux/arm64
+            runner: ubuntu-24.04-arm
 
     steps:
       - name: Enable Debug Logs
@@ -60,7 +61,7 @@ jobs:
           ACTIONS_STEP_DEBUG: true
 
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
 
       - name: Prepare
         run: |
@@ -75,40 +76,40 @@ jobs:
 
       - name: Docker meta
         id: meta
-        uses: docker/metadata-action@v5
+        uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f
         with:
           images: |
             name=${{ env.DOCKERHUB_REPO }},enable=${{ github.event_name == 'schedule' || startsWith(github.ref, 'refs/tags/') }}
             name=${{ env.GHCR_REPO }}
 
       - name: Login to Docker Hub
-        uses: docker/login-action@v3
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1
         if: (github.event_name == 'schedule' || startsWith(github.ref, 'refs/tags/'))
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
 
       - name: Login to GHCR
-        uses: docker/login-action@v3
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
+        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392
         with:
-          image: ghcr.io/amitie10g/binfmt:latest
+          image: ghcr.io/sysadminsmedia/binfmt:latest
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435
         with:
           driver-opts: |
-            image=ghcr.io/amitie10g/buildkit:master
+            image=ghcr.io/sysadminsmedia/buildkit:master
 
       - name: Build and push by digest
         id: build
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83
         with:
           context: . # Explicitly specify the build context
           file: ./Dockerfile.rootless # Explicitly specify the Dockerfile
@@ -120,10 +121,18 @@ jobs:
           build-args: |
             VERSION=${{ github.ref_name }}
             COMMIT=${{ github.sha }}
-          provenance: true
+          provenance: mode=max
           sbom: true
           annotations: ${{ steps.meta.outputs.annotations }}
-          
+
+      - name: Attest platform-specific images
+        uses: actions/attest-build-provenance@00014ed6ed5efc5b1ab7f7f34a39eb55d41aa4f8
+        if: github.event_name != 'pull_request'
+        with:
+          subject-name: ${{ env.GHCR_REPO }}
+          subject-digest: ${{ steps.build.outputs.digest }}
+          push-to-registry: true
+                              
       - name: Export digest
         run: |
           mkdir -p /tmp/digests
@@ -131,7 +140,7 @@ jobs:
           touch "/tmp/digests/${digest#sha256:}"
 
       - name: Upload digest
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
         with:
           name: digests-${{ env.PLATFORM_PAIR }}
           path: /tmp/digests/*
@@ -151,35 +160,35 @@ jobs:
 
     steps:
       - name: Download digests
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093
         with:
           path: /tmp/digests
           pattern: digests-*
           merge-multiple: true
 
       - name: Login to Docker Hub
-        uses: docker/login-action@v3
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1
         if: (github.event_name == 'schedule' || startsWith(github.ref, 'refs/tags/'))
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
 
       - name: Login to GHCR
-        uses: docker/login-action@v3
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435
         with:
           driver-opts: |
-            image=ghcr.io/amitie10g/buildkit:master
+            image=ghcr.io/sysadminsmedia/buildkit:master
 
       - name: Docker meta
         id: meta
-        uses: docker/metadata-action@v5
+        uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f
         with:
           images: |
             name=${{ env.DOCKERHUB_REPO }},enable=${{ github.event_name == 'schedule' || startsWith(github.ref, 'refs/tags/') }}
@@ -198,13 +207,45 @@ jobs:
         id: push-ghcr
         working-directory: /tmp/digests
         run: |
+          set -euo pipefail
           docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
-            $(printf '${{ env.GHCR_REPO }}@sha256:%s ' *)
+            $(printf '${{ env.GHCR_REPO }}@sha256:%s ' *) 2>&1 | tee /tmp/push-ghcr.out
+          digest=$(grep -oE 'sha256:[a-f0-9]{64}' /tmp/push-ghcr.out | head -n1 || true)
+          if [ -z "$digest" ]; then
+            echo "No digest found in imagetools output:"
+            cat /tmp/push-ghcr.out
+            exit 1
+          fi
+          echo "digest=$digest" >> $GITHUB_OUTPUT
+
+      - name: Attest GHCR images
+        uses: actions/attest-build-provenance@00014ed6ed5efc5b1ab7f7f34a39eb55d41aa4f8
+        if: github.event_name != 'pull_request'
+        with:
+          subject-name: ${{ env.GHCR_REPO }}
+          subject-digest: ${{ steps.push-ghcr.outputs.digest }}
+          push-to-registry: true
 
       - name: Create manifest list and push Dockerhub
         id: push-dockerhub
         working-directory: /tmp/digests
         if: (github.event_name == 'schedule' || startsWith(github.ref, 'refs/tags/'))
         run: |
+          set -euo pipefail
           docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
-            $(printf '${{ env.DOCKERHUB_REPO }}@sha256:%s ' *)
+            $(printf '${{ env.DOCKERHUB_REPO }}@sha256:%s ' *) 2>&1 | tee /tmp/push-dockerhub.out
+          digest=$(grep -oE 'sha256:[a-f0-9]{64}' /tmp/push-dockerhub.out | head -n1 || true)
+          if [ -z "$digest" ]; then
+            echo "No digest found in imagetools output:"
+            cat /tmp/push-dockerhub.out
+            exit 1
+          fi
+          echo "digest=$digest" >> $GITHUB_OUTPUT
+
+      - name: Attest Dockerhub images
+        uses: actions/attest-build-provenance@00014ed6ed5efc5b1ab7f7f34a39eb55d41aa4f8
+        if: (github.event_name == 'schedule' || startsWith(github.ref, 'refs/tags/'))
+        with:
+          subject-name: docker.io/${{ env.DOCKERHUB_REPO }}
+          subject-digest: ${{ steps.push-dockerhub.outputs.digest }}
+          push-to-registry: true

.github/workflows/docker-publish.yaml

@@ -37,7 +37,7 @@ permissions:
 
 jobs:
   build:
-    runs-on: ubuntu-latest
+    runs-on: ${{ matrix.runner }}
     permissions:
       contents: read     # Allows access to repository contents (read-only)
       packages: write    # Allows pushing to GHCR
@@ -47,14 +47,15 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        platform:
-          - linux/amd64
-          - linux/arm64
-          - linux/arm/v7
+        include:
+          - platform: linux/amd64
+            runner: ubuntu-latest
+          - platform: linux/arm64
+            runner: ubuntu-24.04-arm
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
 
       - name: Prepare
         run: |
@@ -70,40 +71,40 @@ jobs:
 
       - name: Docker meta
         id: meta
-        uses: docker/metadata-action@v5
+        uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f
         with:
           images: |
             name=${{ env.DOCKERHUB_REPO }},enable=${{ github.event_name == 'schedule' || startsWith(github.ref, 'refs/tags/') }}
             name=${{ env.GHCR_REPO }}
 
       - name: Login to Docker Hub
-        uses: docker/login-action@v3
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1
         if: (github.event_name == 'schedule' || startsWith(github.ref, 'refs/tags/'))
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
 
       - name: Login to GHCR
-        uses: docker/login-action@v3
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
+        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392
         with:
-          image: ghcr.io/amitie10g/binfmt:latest
+          image: ghcr.io/sysadminsmedia/binfmt:latest
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435
         with:
           driver-opts: |
-            image=ghcr.io/amitie10g/buildkit:master
+            image=ghcr.io/sysadminsmedia/buildkit:latest
 
       - name: Build and push by digest
         id: build
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83
         with:
           platforms: ${{ matrix.platform }}
           labels: ${{ steps.meta.outputs.labels }}
@@ -113,10 +114,18 @@ jobs:
           build-args: |
             VERSION=${{ github.ref_name }}
             COMMIT=${{ github.sha	}}
-          provenance: true
+          provenance: mode=max
           sbom: true
           annotations: ${{ steps.meta.outputs.annotations }}
 
+      - name: Attest platform-specific images
+        uses: actions/attest-build-provenance@00014ed6ed5efc5b1ab7f7f34a39eb55d41aa4f8
+        if: github.event_name != 'pull_request'
+        with:
+          subject-name: ${{ env.GHCR_REPO }}
+          subject-digest: ${{ steps.build.outputs.digest }}
+          push-to-registry: true
+
       - name: Export digest
         run: |
           mkdir -p /tmp/digests
@@ -124,7 +133,7 @@ jobs:
           touch "/tmp/digests/${digest#sha256:}"
 
       - name: Upload digest
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
         with:
           name: digests-${{ env.PLATFORM_PAIR }}
           path: /tmp/digests/*
@@ -144,35 +153,35 @@ jobs:
 
     steps:
       - name: Download digests
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093
         with:
           path: /tmp/digests
           pattern: digests-*
           merge-multiple: true
 
       - name: Login to Docker Hub
-        uses: docker/login-action@v3
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1
         if: (github.event_name == 'schedule' || startsWith(github.ref, 'refs/tags/'))
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
 
       - name: Login to GHCR
-        uses: docker/login-action@v3
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435
         with:
           driver-opts: |
-            image=ghcr.io/amitie10g/buildkit:master
+            image=ghcr.io/sysadminsmedia/buildkit:master
 
       - name: Docker meta
         id: meta
-        uses: docker/metadata-action@v5
+        uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f
         with:
           images: |
             name=${{ env.DOCKERHUB_REPO }},enable=${{ github.event_name == 'schedule' || startsWith(github.ref, 'refs/tags/') }}
@@ -189,13 +198,45 @@ jobs:
         id: push-ghcr
         working-directory: /tmp/digests
         run: |
+          set -euo pipefail
           docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
-            $(printf '${{ env.GHCR_REPO }}@sha256:%s ' *)
+            $(printf '${{ env.GHCR_REPO }}@sha256:%s ' *) 2>&1 | tee /tmp/push-ghcr.out
+          digest=$(grep -oE 'sha256:[a-f0-9]{64}' /tmp/push-ghcr.out | head -n1 || true)
+          if [ -z "$digest" ]; then
+            echo "No digest found in imagetools output:"
+            cat /tmp/push-ghcr.out
+            exit 1
+          fi
+          echo "digest=$digest" >> $GITHUB_OUTPUT
+
+      - name: Attest GHCR images
+        uses: actions/attest-build-provenance@00014ed6ed5efc5b1ab7f7f34a39eb55d41aa4f8
+        if: github.event_name != 'pull_request'
+        with:
+          subject-name: ${{ env.GHCR_REPO }}
+          subject-digest: ${{ steps.push-ghcr.outputs.digest }}
+          push-to-registry: true
 
       - name: Create manifest list and push Dockerhub
         id: push-dockerhub
         working-directory: /tmp/digests
         if: (github.event_name == 'schedule' || startsWith(github.ref, 'refs/tags/'))
         run: |
+          set -euo pipefail
           docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
-            $(printf '${{ env.DOCKERHUB_REPO }}@sha256:%s ' *)
+            $(printf '${{ env.DOCKERHUB_REPO }}@sha256:%s ' *) 2>&1 | tee /tmp/push-dockerhub.out
+          digest=$(grep -oE 'sha256:[a-f0-9]{64}' /tmp/push-dockerhub.out | head -n1 || true)
+          if [ -z "$digest" ]; then
+            echo "No digest found in imagetools output:"
+            cat /tmp/push-dockerhub.out
+            exit 1
+          fi
+          echo "digest=$digest" >> $GITHUB_OUTPUT
+
+      - name: Attest Dockerhub images
+        uses: actions/attest-build-provenance@00014ed6ed5efc5b1ab7f7f34a39eb55d41aa4f8
+        if: (github.event_name == 'schedule' || startsWith(github.ref, 'refs/tags/'))
+        with:
+          subject-name: docker.io/${{ env.DOCKERHUB_REPO }}
+          subject-digest: ${{ steps.push-dockerhub.outputs.digest }}
+          push-to-registry: true

.github/workflows/e2e-partial.yaml

@@ -1,5 +1,11 @@
 name: E2E (Playwright)
 
+permissions:
+  contents: read
+  actions: read
+  checks: write
+  pull-requests: write
+
 on:
   workflow_call:
 
@@ -15,28 +21,26 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
         with:
           fetch-depth: 0
 
       - name: Install Task
-        uses: arduino/setup-task@v1
+        uses: arduino/setup-task@b91d5d2c96a56797b48ac1e0e89220bf64044611
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c
         with:
-          go-version: "1.23"
+          go-version: "1.24"
           cache-dependency-path: backend/go.mod
 
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f
         with:
           node-version: lts/*
 
-      - uses: pnpm/action-setup@v3.0.0
-        with:
-          version: 9.12.2
+      - uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061
 
       - name: Install dependencies
         run: pnpm install
@@ -49,7 +53,7 @@ jobs:
       - name: Run E2E Tests
         run: task test:e2e -- --shard=${{ matrix.shardIndex }}/${{ matrix.shardTotal }}
 
-      - uses: actions/upload-artifact@v4
+      - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
         name: Upload partial Playwright report
         if: ${{ !cancelled() }}
         with:
@@ -64,20 +68,18 @@ jobs:
     name: Merge Playwright Reports
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
+      - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f
         with:
           node-version: lts/*
-      - uses: pnpm/action-setup@v3.0.0
-        with:
-          version: 9.12.2
+      - uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061
 
       - name: Install dependencies
         run: pnpm install
         working-directory: frontend
 
       - name: Download blob reports from GitHub Actions Artifacts
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093
         with:
           path: frontend/all-blob-reports
           pattern: blob-report-*
@@ -88,7 +90,7 @@ jobs:
         working-directory: frontend
 
       - name: Upload HTML report
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
         with:
           name: html-report--attempt-${{ github.run_attempt }}
           path: frontend/playwright-report

.github/workflows/issue-gatekeeper.yml

@@ -0,0 +1,50 @@
+name: Issue Gatekeeper
+
+permissions:
+  issues: write
+
+on:
+  issues:
+    types: [ opened ]
+
+jobs:
+  check-permissions:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Verify Internal Template Use
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd
+        with:
+          script: |
+            const { owner, repo } = context.repo;
+            const issue_number = context.issue.number;
+            const actor = context.payload.sender.login;
+            
+            // 1. Get user permission level
+            const { data: perms } = await github.rest.repos.getCollaboratorPermissionLevel({
+              owner,
+              repo,
+              username: actor
+            });
+
+            const isMember = ['admin', 'write'].includes(perms.permission);
+            const body = context.payload.issue.body || "";
+
+            // 2. Check if they used the internal template (or if the issue is blank)
+            // We detect this by checking for our specific template string or the 'internal' label
+            const usedInternal = context.payload.issue.labels.some(l => l.name === 'internal');
+
+            if (usedInternal && !isMember) {
+              await github.rest.issues.createComment({
+                owner,
+                repo,
+                issue_number,
+                body: `@${actor}, the "Internal" template is restricted to project members. Please use one of the standard bug or feature templates for this repository.`
+              });
+            
+              await github.rest.issues.update({
+                owner,
+                repo,
+                issue_number,
+                state: 'closed'
+              });
+            }

.github/workflows/partial-backend.yaml

@@ -1,5 +1,11 @@
 name: Go Build/Test
 
+permissions:
+  contents: read
+  actions: read
+  checks: write
+  pull-requests: write
+
 on:
   workflow_call:
 
@@ -7,21 +13,21 @@ jobs:
   Go:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
 
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c
         with:
           go-version: "1.24"
           cache-dependency-path: backend/go.mod
 
       - name: Install Task
-        uses: arduino/setup-task@v1
+        uses: arduino/setup-task@b91d5d2c96a56797b48ac1e0e89220bf64044611
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@v7
+        uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20
         with:
           # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version
           version: latest

.github/workflows/partial-frontend.yaml

@@ -1,5 +1,11 @@
 name: Frontend
 
+permissions:
+  contents: read
+  actions: read
+  checks: write
+  pull-requests: write
+
 on:
   workflow_call:
 
@@ -9,13 +15,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
         with:
           fetch-depth: 0
 
-      - uses: pnpm/action-setup@v3.0.0
-        with:
-          version: 9.12.2
+      - uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061
 
       - name: Install dependencies
         run: pnpm install
@@ -48,28 +52,26 @@ jobs:
           --health-retries 5
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
         with:
           fetch-depth: 0
 
       - name: Install Task
-        uses: arduino/setup-task@v1
+        uses: arduino/setup-task@b91d5d2c96a56797b48ac1e0e89220bf64044611
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c
         with:
-          go-version: "1.23"
+          go-version: "1.24"
           cache-dependency-path: backend/go.mod
 
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f
         with:
-          node-version: 18
+          node-version: lts/*
 
-      - uses: pnpm/action-setup@v3.0.0
-        with:
-          version: 9.12.2
+      - uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061
 
       - name: Install dependencies
         run: pnpm install
@@ -99,28 +101,26 @@ jobs:
           - 5432:5432
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
         with:
           fetch-depth: 0
 
       - name: Install Task
-        uses: arduino/setup-task@v1
+        uses: arduino/setup-task@b91d5d2c96a56797b48ac1e0e89220bf64044611
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c
         with:
-          go-version: "1.23"
+          go-version: "1.24"
           cache-dependency-path: backend/go.mod
 
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f
         with:
           node-version: lts/*
 
-      - uses: pnpm/action-setup@v3.0.0
-        with:
-          version: 9.12.2
+      - uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061
 
       - name: Install dependencies
         run: pnpm install

.github/workflows/pull-requests.yaml

@@ -1,5 +1,11 @@
 name: Pull Request CI
 
+permissions:
+  contents: read
+  actions: read
+  checks: write
+  pull-requests: write
+
 on:
   pull_request:
     branches:

.github/workflows/update-currencies.yml

@@ -5,18 +5,22 @@ on:
     branches: [ main ]
   workflow_dispatch:
 
+permissions:
+  contents: write
+  pull-requests: write
+
 jobs:
   update-currencies:
     runs-on: ubuntu-latest
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
         with:
           fetch-depth: 0
 
       - name: Set up Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548
         with:
           python-version: '3.8'
           cache: 'pip'
@@ -25,15 +29,14 @@ jobs:
       - name: Install dependencies
         run: |
           python -m pip install --upgrade pip
-          pip install requests
+          pip install -r .github/workflows/update-currencies/requirements.txt
 
       - name: Run currency update script
         run: python .github/scripts/update_currencies.py
 
-      - name: Check for file changes
-        id: changes
+      - name: Check for currencies.json changes
         run: |
-          if git diff --quiet; then
+          if git diff --quiet -- backend/internal/core/currencies/currencies.json; then
             echo "changed=false" >> $GITHUB_ENV
           else
             echo "changed=true"  >> $GITHUB_ENV
@@ -41,14 +44,16 @@ jobs:
 
       - name: Create Pull Request
         if: env.changed == 'true'
-        uses: peter-evans/create-pull-request@v7.0.8
+        uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           branch: update-currencies
           base: main
           title: "Update currencies.json"
           commit-message: "chore: update currencies.json"
-          path: backend/internal/core/currencies/currencies.json
+          path: .  
+          add-paths: |
+            backend/internal/core/currencies/currencies.json
 
       - name: No updates needed
         if: env.changed == 'false'

.github/workflows/update-language-names.yml

@@ -0,0 +1,70 @@
+name: Update Language Names
+
+on:
+  push:
+    branches: [ main ]
+    paths:
+      - 'frontend/locales/*.json'
+      - '.github/scripts/update_language_names.py'
+      - '.github/workflows/update-language-names.yml'
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  update-language-names:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
+        with:
+          fetch-depth: 0
+
+      - name: Set up Python
+        uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548
+        with:
+          python-version: '3.8'
+          cache: 'pip'
+          cache-dependency-path: .github/workflows/update-languages/requirements.txt
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r .github/workflows/update-languages/requirements.txt
+
+      - name: Run language names update script
+        run: python .github/scripts/update_language_names.py
+
+      - name: Check for en.json changes
+        run: |
+          if git diff --quiet -- frontend/locales/en.json; then
+            echo "changed=false" >> $GITHUB_ENV
+          else
+            echo "changed=true"  >> $GITHUB_ENV
+          fi
+
+      - name: Create Pull Request
+        if: env.changed == 'true'
+        uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          branch: automation/update-language-file
+          base: main
+          title: "Update language names in en.json"
+          commit-message: "chore: update language names in en.json"
+          body: |
+            This PR automatically updates the language names in `frontend/locales/en.json` based on the available locale files.
+            
+            New languages have been added to ensure all locale files have corresponding language names in the English translation file.
+            
+            🤖 This PR was automatically created by the update-language-names workflow.
+          path: .  
+          add-paths: |
+            frontend/locales/en.json
+
+      - name: No updates needed
+        if: env.changed == 'false'
+        run: echo "✅ en.json language names are already up-to-date"

.github/workflows/update-languages/requirements.txt

@@ -0,0 +1,2 @@
+babel
+requests

.github/workflows/upgrade-test.yaml

@@ -0,0 +1,177 @@
+#name: HomeBox Upgrade Test
+
+# on:
+#  schedule:
+    # Run daily at 2 AM UTC
+  #  - cron: '0 2 * * *'
+#  workflow_dispatch: # Allow manual trigger
+#  push:
+#    branches:
+#      - main
+#    paths:
+#      - '.github/workflows/upgrade-test.yaml'
+#      - '.github/scripts/upgrade-test/**'
+
+jobs:
+  upgrade-test:
+    name: Test Upgrade Path
+    runs-on: ubuntu-latest
+    timeout-minutes: 60
+    permissions:
+      contents: read        # Read repository contents
+      packages: read        # Pull Docker images from GHCR
+    
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: lts/*
+      
+      - name: Install pnpm
+        uses: pnpm/action-setup@v3.0.0
+        with:
+          version: 9.12.2
+      
+      - name: Install Playwright
+        run: |
+          cd frontend
+          pnpm install
+          pnpm exec playwright install --with-deps chromium
+      
+      - name: Create test data directory
+        run: |
+          mkdir -p /tmp/homebox-data-old
+          mkdir -p /tmp/homebox-data-new
+          chmod -R 777 /tmp/homebox-data-old
+          chmod -R 777 /tmp/homebox-data-new
+      
+      # Step 1: Pull and deploy latest stable version
+      - name: Pull latest stable HomeBox image
+        run: |
+          docker pull ghcr.io/sysadminsmedia/homebox:latest
+      
+      - name: Start HomeBox (stable version)
+        run: |
+          docker run -d \
+            --name homebox-old \
+            --restart unless-stopped \
+            -p 7745:7745 \
+            -e HBOX_LOG_LEVEL=debug \
+            -e HBOX_OPTIONS_ALLOW_REGISTRATION=true \
+            -e TZ=UTC \
+            -v /tmp/homebox-data-old:/data \
+            ghcr.io/sysadminsmedia/homebox:latest
+          
+          # Wait for the service to be ready
+          timeout 60 bash -c 'until curl -f http://localhost:7745/api/v1/status; do sleep 2; done'
+          echo "HomeBox stable version is ready"
+      
+      # Step 2: Create test data
+      - name: Create test data
+        run: |
+          chmod +x .github/scripts/upgrade-test/create-test-data.sh
+          .github/scripts/upgrade-test/create-test-data.sh
+        env:
+          HOMEBOX_URL: http://localhost:7745
+      
+      - name: Verify initial data creation
+        run: |
+          echo "Verifying test data was created..."
+          # Check if database file exists and has content
+          if [ -f /tmp/homebox-data-old/homebox.db ]; then
+            ls -lh /tmp/homebox-data-old/homebox.db
+            echo "Database file exists"
+          else
+            echo "Database file not found!"
+            exit 1
+          fi
+      
+      - name: Stop old HomeBox instance
+        run: |
+          docker stop homebox-old
+          docker rm homebox-old
+      
+      # Step 3: Build latest version from main branch
+      - name: Build HomeBox from main branch
+        run: |
+          docker build \
+            --build-arg VERSION=main \
+            --build-arg COMMIT=${{ github.sha }} \
+            --build-arg BUILD_TIME="$(date -u +"%Y-%m-%dT%H:%M:%SZ")" \
+            -t homebox:test \
+            -f Dockerfile \
+            .
+      
+      # Step 4: Copy data and start new version
+      - name: Copy data to new location
+        run: |
+          cp -r /tmp/homebox-data-old/* /tmp/homebox-data-new/
+          chmod -R 777 /tmp/homebox-data-new
+      
+      - name: Start HomeBox (new version)
+        run: |
+          docker run -d \
+            --name homebox-new \
+            --restart unless-stopped \
+            -p 7745:7745 \
+            -e HBOX_LOG_LEVEL=debug \
+            -e HBOX_OPTIONS_ALLOW_REGISTRATION=true \
+            -e TZ=UTC \
+            -v /tmp/homebox-data-new:/data \
+            homebox:test
+          
+          # Wait for the service to be ready
+          timeout 60 bash -c 'until curl -f http://localhost:7745/api/v1/status; do sleep 2; done'
+          echo "HomeBox new version is ready"
+      
+      # Step 5: Run verification tests with Playwright
+      - name: Run verification tests
+        run: |
+          cd frontend
+          TEST_DATA_FILE=/tmp/test-users.json \
+          E2E_BASE_URL=http://localhost:7745 \
+          pnpm exec playwright test \
+            -c ./test/playwright.config.ts \
+            --project=chromium \
+            test/upgrade/upgrade-verification.spec.ts
+        env:
+          HOMEBOX_URL: http://localhost:7745
+      
+      - name: Upload Playwright report
+        uses: actions/upload-artifact@v4
+        if: always()
+        with:
+          name: playwright-report-upgrade-test
+          path: frontend/playwright-report/
+          retention-days: 30
+      
+      - name: Upload test traces
+        uses: actions/upload-artifact@v4
+        if: always()
+        with:
+          name: playwright-traces
+          path: frontend/test-results/
+          retention-days: 7
+      
+      - name: Collect logs on failure
+        if: failure()
+        run: |
+          echo "=== Docker logs for new version ==="
+          docker logs homebox-new || true
+          echo "=== Database content ==="
+          ls -la /tmp/homebox-data-new/ || true
+      
+      - name: Cleanup
+        if: always()
+        run: |
+          docker stop homebox-new || true
+          docker rm homebox-new || true
+          docker rmi homebox:test || true

.gitignore

@@ -60,10 +60,12 @@ backend/app/api/static/public/*
 backend/api
 
 docs/.vitepress/cache/
-/.data/
+.data/
 
 # Playwright
 frontend/test-results/
 frontend/playwright-report/
 frontend/blob-report/
 frontend/playwright/.cache/
+__pycache__/
+*.pyc

.gitlab-ci.yml

@@ -0,0 +1,603 @@
+include:
+  - template: Jobs/SAST.gitlab-ci.yml
+  - component: $CI_SERVER_FQDN/components/code-quality-oss/codequality-os-scanners-integration/codequality-oss@1.1.4
+  - component: $CI_SERVER_FQDN/components/code-intelligence/golang-code-intel@v0.3.1
+  - component: $CI_SERVER_FQDN/components/code-intelligence/typescript-code-intel@v0.3.1
+    inputs:
+      node_version: 24
+  - component: $CI_SERVER_FQDN/components/secret-detection/secret-detection@2.1.0
+
+variables:
+  GITLAB_ADVANCED_SAST_ENABLED: 'true'
+  ADVANCED_SAST_PARTIAL_SCAN: 'differential'
+  DOCKER_DRIVER: overlay2
+  DOCKER_TLS_CERTDIR: "/certs"
+  # Registry configuration - adjust as needed
+  CI_REGISTRY_IMAGE: $CI_REGISTRY/$CI_PROJECT_PATH
+
+stages:
+  - test
+  - build-binaries
+  - build-docker
+  - release
+
+# ==========================================
+# Test Jobs
+# ==========================================
+
+# Backend Tests (Go)
+test:backend:
+  stage: test
+  image: golang:1.24
+  cache:
+    key:
+      files:
+        - backend/go.sum
+    paths:
+      - backend/.go-pkg-cache/
+    policy: pull-push
+  before_script:
+    - export GOMODCACHE=$(pwd)/backend/.go-pkg-cache
+    # Install Task
+    - sh -c "$(curl --location https://taskfile.dev/install.sh)" -- -d -b /usr/local/bin
+  script:
+    - cd backend
+    - task go:lint
+    - task go:build
+    - task go:coverage
+  coverage: '/coverage: \d+.\d+% of statements/'
+  artifacts:
+    reports:
+      coverage_report:
+        coverage_format: cobertura
+        path: backend/coverage.out
+    paths:
+      - backend/coverage.out
+    expire_in: 7 days
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+
+# Frontend Lint and Typecheck
+test:frontend:lint:
+  stage: test
+  image: node:22-alpine
+  cache:
+    key:
+      files:
+        - frontend/pnpm-lock.yaml
+    paths:
+      - frontend/node_modules/
+      - .pnpm-store/
+    policy: pull-push
+  before_script:
+    - npm install -g pnpm@9.15.3
+    - pnpm config set store-dir $(pwd)/.pnpm-store
+  script:
+    - cd frontend
+    - pnpm install --frozen-lockfile
+    - pnpm run lint:ci
+    - pnpm run typecheck
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+
+# Frontend Integration Tests (SQLite)
+test:frontend:integration:
+  stage: test
+  image: node:22
+  cache:
+    - key:
+        files:
+          - frontend/pnpm-lock.yaml
+      paths:
+        - frontend/node_modules/
+        - .pnpm-store/
+      policy: pull-push
+    - key:
+        files:
+          - backend/go.sum
+      paths:
+        - backend/.go-pkg-cache/
+      policy: pull-push
+  before_script:
+    - npm install -g pnpm@9.15.3
+    - pnpm config set store-dir $(pwd)/.pnpm-store
+    # Install Task
+    - sh -c "$(curl --location https://taskfile.dev/install.sh)" -- -d -b /usr/local/bin
+    # Install Go
+    - wget -q https://go.dev/dl/go1.24.0.linux-amd64.tar.gz
+    - tar -C /usr/local -xzf go1.24.0.linux-amd64.tar.gz
+    - export PATH=$PATH:/usr/local/go/bin
+    - export GOMODCACHE=$(pwd)/backend/.go-pkg-cache
+  script:
+    - cd frontend
+    - pnpm install --frozen-lockfile
+    - cd ..
+    - task test:ci
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+
+# Frontend Integration Tests (PostgreSQL Matrix)
+test:frontend:integration:postgresql:
+  stage: test
+  image: node:22
+  services:
+    - name: postgres:${POSTGRES_VERSION}
+      alias: postgres
+  variables:
+    POSTGRES_USER: homebox
+    POSTGRES_PASSWORD: homebox
+    POSTGRES_DB: homebox
+    POSTGRES_HOST_AUTH_METHOD: trust
+  parallel:
+    matrix:
+      - POSTGRES_VERSION: ["17", "16", "15"]
+  cache:
+    - key:
+        files:
+          - frontend/pnpm-lock.yaml
+      paths:
+        - frontend/node_modules/
+        - .pnpm-store/
+      policy: pull-push
+    - key:
+        files:
+          - backend/go.sum
+      paths:
+        - backend/.go-pkg-cache/
+      policy: pull-push
+  before_script:
+    - npm install -g pnpm@9.15.3
+    - pnpm config set store-dir $(pwd)/.pnpm-store
+    # Install Task
+    - sh -c "$(curl --location https://taskfile.dev/install.sh)" -- -d -b /usr/local/bin
+    # Install Go
+    - wget -q https://go.dev/dl/go1.24.0.linux-amd64.tar.gz
+    - tar -C /usr/local -xzf go1.24.0.linux-amd64.tar.gz
+    - export PATH=$PATH:/usr/local/go/bin
+    - export GOMODCACHE=$(pwd)/backend/.go-pkg-cache
+  script:
+    - cd frontend
+    - pnpm install --frozen-lockfile
+    - cd ..
+    - task test:ci:postgresql
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+
+# E2E Tests (Playwright) - Sharded
+test:e2e:playwright:
+  stage: test
+  image: mcr.microsoft.com/playwright:v1.48.2-jammy
+  timeout: 1h
+  parallel:
+    matrix:
+      - SHARD_INDEX: ["1", "2", "3", "4"]
+        SHARD_TOTAL: "4"
+  cache:
+    - key:
+        files:
+          - frontend/pnpm-lock.yaml
+      paths:
+        - frontend/node_modules/
+        - .pnpm-store/
+      policy: pull-push
+    - key:
+        files:
+          - backend/go.sum
+      paths:
+        - backend/.go-pkg-cache/
+      policy: pull-push
+  before_script:
+    - npm install -g pnpm@9.15.3
+    - pnpm config set store-dir $(pwd)/.pnpm-store
+    # Install Task
+    - sh -c "$(curl --location https://taskfile.dev/install.sh)" -- -d -b /usr/local/bin
+    # Install Go
+    - wget -q https://go.dev/dl/go1.24.0.linux-amd64.tar.gz
+    - tar -C /usr/local -xzf go1.24.0.linux-amd64.tar.gz
+    - export PATH=$PATH:/usr/local/go/bin
+    - export GOMODCACHE=$(pwd)/backend/.go-pkg-cache
+  script:
+    - cd frontend
+    - pnpm install --frozen-lockfile
+    - cd ..
+    - cd backend && go mod download
+    - task test:e2e -- --shard=$SHARD_INDEX/$SHARD_TOTAL
+  artifacts:
+    when: always
+    paths:
+      - frontend/blob-report/
+    expire_in: 2 days
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+
+# E2E Reports Merge
+test:e2e:merge-reports:
+  stage: test
+  image: mcr.microsoft.com/playwright:v1.48.2-jammy
+  needs:
+    - test:e2e:playwright
+  cache:
+    key:
+      files:
+        - frontend/pnpm-lock.yaml
+    paths:
+      - frontend/node_modules/
+      - .pnpm-store/
+    policy: pull
+  before_script:
+    - npm install -g pnpm@9.15.3
+    - pnpm config set store-dir $(pwd)/.pnpm-store
+  script:
+    - cd frontend
+    - pnpm install --frozen-lockfile
+    # Download all blob reports
+    - mkdir -p all-blob-reports
+    # GitLab automatically downloads artifacts from dependencies
+    - cp -r ../frontend/blob-report/* all-blob-reports/ || true
+    - pnpm exec playwright merge-reports --reporter html,github ./all-blob-reports || true
+  artifacts:
+    when: always
+    paths:
+      - frontend/playwright-report/
+    expire_in: 30 days
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+      when: always
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+      when: always
+
+# Update Currencies (Scheduled Job)
+update:currencies:
+  stage: test
+  image: python:3.11
+  cache:
+    key: python-currencies
+    paths:
+      - .pip-cache/
+  before_script:
+    - pip install --cache-dir .pip-cache -r .github/workflows/update-currencies/requirements.txt
+  script:
+    - python .github/scripts/update_currencies.py
+    - |
+      if git diff --quiet -- backend/internal/core/currencies/currencies.json; then
+        echo "✅ currencies.json is already up-to-date"
+        exit 0
+      else
+        echo "Changes detected in currencies.json"
+        git config user.name "GitLab CI"
+        git config user.email "ci@gitlab.com"
+        git checkout -b update-currencies-$CI_COMMIT_SHORT_SHA
+        git add backend/internal/core/currencies/currencies.json
+        git commit -m "chore: update currencies.json"
+        git push -o merge_request.create -o merge_request.target=$CI_DEFAULT_BRANCH -o merge_request.title="Update currencies.json" origin update-currencies-$CI_COMMIT_SHORT_SHA
+      fi
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "schedule" && $UPDATE_CURRENCIES == "true"
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $UPDATE_CURRENCIES == "true"
+
+# ==========================================
+# Binary Build with GoReleaser
+# ==========================================
+build:binaries:
+  stage: build-binaries
+  image: golang:1.24
+  cache:
+    - key:
+        files:
+          - frontend/pnpm-lock.yaml
+      paths:
+        - frontend/node_modules/
+        - .pnpm-store/
+      policy: pull-push
+    - key:
+        files:
+          - backend/go.sum
+      paths:
+        - backend/.go-pkg-cache/
+      policy: pull-push
+  before_script:
+    # Install Node.js and pnpm for frontend build
+    - curl -fsSL https://deb.nodesource.com/setup_22.x | bash -
+    - apt-get install -y nodejs
+    - npm install -g pnpm@9.15.3
+    # Configure pnpm store
+    - pnpm config set store-dir $(pwd)/.pnpm-store
+    # Install GoReleaser
+    - curl -sfL https://goreleaser.com/static/run | bash -s -- check
+    - curl -sfL https://goreleaser.com/static/run | bash -s -- --version
+    # Configure Go cache
+    - export GOMODCACHE=$(pwd)/backend/.go-pkg-cache
+  script:
+    # Build frontend
+    - cd frontend
+    - pnpm install --frozen-lockfile
+    - pnpm run build
+    - cp -r ./.output/public ../backend/app/api/static/
+    - cd ..
+    # Run GoReleaser
+    - cd backend
+    - |
+      if [ -n "$CI_COMMIT_TAG" ]; then
+        echo "Building release for tag: $CI_COMMIT_TAG"
+        curl -sfL https://goreleaser.com/static/run | bash -s -- release --clean --skip=publish
+      else
+        echo "Building snapshot"
+        curl -sfL https://goreleaser.com/static/run | bash -s -- release --clean --snapshot --skip=publish
+      fi
+  artifacts:
+    name: "homebox-binaries-$CI_COMMIT_REF_SLUG"
+    paths:
+      - backend/dist/
+    expire_in: 30 days
+  rules:
+    - if: $CI_COMMIT_TAG
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+
+# ==========================================
+# Docker Build Jobs - Regular
+# ==========================================
+.docker_build_template:
+  stage: build-docker
+  image: docker:latest
+  services:
+    - docker:dind
+  before_script:
+    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+  variables:
+    DOCKER_BUILDKIT: 1
+    DOCKERFILE: Dockerfile
+    IMAGE_SUFFIX: ""
+  script:
+    - export VERSION=${CI_COMMIT_TAG:-$CI_COMMIT_REF_NAME}
+    - export COMMIT=$CI_COMMIT_SHA
+    - export BUILD_TIME=$(date -u +%Y-%m-%dT%H:%M:%SZ)
+    - export CACHE_TAG=${IMAGE_SUFFIX:-regular}
+    # Build and push for the specific platform with layer caching
+    - |
+      docker buildx create --use --name builder-${CI_JOB_ID} || true
+      docker buildx build \
+        --platform $PLATFORM \
+        --build-arg VERSION=$VERSION \
+        --build-arg COMMIT=$COMMIT \
+        --build-arg BUILD_TIME=$BUILD_TIME \
+        --cache-from type=registry,ref=$CI_REGISTRY_IMAGE/cache:${PLATFORM_PAIR}-${CACHE_TAG}-$CI_COMMIT_REF_SLUG \
+        --cache-from type=registry,ref=$CI_REGISTRY_IMAGE/cache:${PLATFORM_PAIR}-${CACHE_TAG}-$CI_DEFAULT_BRANCH \
+        --cache-to type=registry,ref=$CI_REGISTRY_IMAGE/cache:${PLATFORM_PAIR}-${CACHE_TAG}-$CI_COMMIT_REF_SLUG,mode=max \
+        --file ./$DOCKERFILE \
+        --tag $CI_REGISTRY_IMAGE${IMAGE_SUFFIX}:${CI_COMMIT_REF_SLUG}-${PLATFORM_PAIR} \
+        --push \
+        .
+      docker buildx rm builder-${CI_JOB_ID} || true
+  rules:
+    - if: $CI_COMMIT_TAG
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+
+docker:build:amd64:
+  extends: .docker_build_template
+  variables:
+    PLATFORM: linux/amd64
+    PLATFORM_PAIR: linux-amd64
+
+docker:build:arm64:
+  extends: .docker_build_template
+  variables:
+    PLATFORM: linux/arm64
+    PLATFORM_PAIR: linux-arm64
+
+docker:build:armv7:
+  extends: .docker_build_template
+  variables:
+    PLATFORM: linux/arm/v7
+    PLATFORM_PAIR: linux-arm-v7
+
+# ==========================================
+# Docker Build Jobs - Rootless
+# ==========================================
+docker:build:rootless:amd64:
+  extends: .docker_build_template
+  variables:
+    PLATFORM: linux/amd64
+    PLATFORM_PAIR: linux-amd64
+    DOCKERFILE: Dockerfile.rootless
+    IMAGE_SUFFIX: -rootless
+
+docker:build:rootless:arm64:
+  extends: .docker_build_template
+  variables:
+    PLATFORM: linux/arm64
+    PLATFORM_PAIR: linux-arm64
+    DOCKERFILE: Dockerfile.rootless
+    IMAGE_SUFFIX: -rootless
+
+docker:build:rootless:armv7:
+  extends: .docker_build_template
+  variables:
+    PLATFORM: linux/arm/v7
+    PLATFORM_PAIR: linux-arm-v7
+    DOCKERFILE: Dockerfile.rootless
+    IMAGE_SUFFIX: -rootless
+
+# ==========================================
+# Docker Build Jobs - Hardened
+# ==========================================
+docker:build:hardened:amd64:
+  extends: .docker_build_template
+  variables:
+    PLATFORM: linux/amd64
+    PLATFORM_PAIR: linux-amd64
+    DOCKERFILE: Dockerfile.hardened
+    IMAGE_SUFFIX: -hardened
+
+docker:build:hardened:arm64:
+  extends: .docker_build_template
+  variables:
+    PLATFORM: linux/arm64
+    PLATFORM_PAIR: linux-arm64
+    DOCKERFILE: Dockerfile.hardened
+    IMAGE_SUFFIX: -hardened
+
+docker:build:hardened:armv7:
+  extends: .docker_build_template
+  variables:
+    PLATFORM: linux/arm/v7
+    PLATFORM_PAIR: linux-arm-v7
+    DOCKERFILE: Dockerfile.hardened
+    IMAGE_SUFFIX: -hardened
+
+# ==========================================
+# Docker Manifest Creation - Regular
+# ==========================================
+docker:manifest:
+  stage: release
+  image: docker:latest
+  services:
+    - docker:dind
+  before_script:
+    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+  script:
+    - export VERSION=${CI_COMMIT_TAG:-$CI_COMMIT_REF_NAME}
+    # Create manifest for regular image
+    - |
+      docker manifest create $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG \
+        $CI_REGISTRY_IMAGE:${CI_COMMIT_REF_SLUG}-linux-amd64 \
+        $CI_REGISTRY_IMAGE:${CI_COMMIT_REF_SLUG}-linux-arm64 \
+        $CI_REGISTRY_IMAGE:${CI_COMMIT_REF_SLUG}-linux-arm-v7
+      docker manifest push $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
+    # Tag as latest on main branch or create version tags
+    - |
+      if [ "$CI_COMMIT_BRANCH" = "$CI_DEFAULT_BRANCH" ]; then
+        docker manifest create $CI_REGISTRY_IMAGE:latest \
+          $CI_REGISTRY_IMAGE:${CI_COMMIT_REF_SLUG}-linux-amd64 \
+          $CI_REGISTRY_IMAGE:${CI_COMMIT_REF_SLUG}-linux-arm64 \
+          $CI_REGISTRY_IMAGE:${CI_COMMIT_REF_SLUG}-linux-arm-v7
+        docker manifest push $CI_REGISTRY_IMAGE:latest
+      fi
+    - |
+      if [ -n "$CI_COMMIT_TAG" ]; then
+        # Create version tag
+        docker manifest create $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG \
+          $CI_REGISTRY_IMAGE:${CI_COMMIT_REF_SLUG}-linux-amd64 \
+          $CI_REGISTRY_IMAGE:${CI_COMMIT_REF_SLUG}-linux-arm64 \
+          $CI_REGISTRY_IMAGE:${CI_COMMIT_REF_SLUG}-linux-arm-v7
+        docker manifest push $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG
+      
+        # Create major.minor tag if semantic version
+        MAJOR_MINOR=$(echo $CI_COMMIT_TAG | sed -E 's/^v?([0-9]+\.[0-9]+)\..*/\1/')
+        if [ -n "$MAJOR_MINOR" ]; then
+          docker manifest create $CI_REGISTRY_IMAGE:$MAJOR_MINOR \
+            $CI_REGISTRY_IMAGE:${CI_COMMIT_REF_SLUG}-linux-amd64 \
+            $CI_REGISTRY_IMAGE:${CI_COMMIT_REF_SLUG}-linux-arm64 \
+            $CI_REGISTRY_IMAGE:${CI_COMMIT_REF_SLUG}-linux-arm-v7
+          docker manifest push $CI_REGISTRY_IMAGE:$MAJOR_MINOR
+        fi
+      fi
+  needs:
+    - docker:build:amd64
+    - docker:build:arm64
+    - docker:build:armv7
+  rules:
+    - if: $CI_COMMIT_TAG
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+
+# ==========================================
+# Docker Manifest Creation - Rootless
+# ==========================================
+docker:manifest:rootless:
+  stage: release
+  image: docker:latest
+  services:
+    - docker:dind
+  before_script:
+    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+  script:
+    - export VERSION=${CI_COMMIT_TAG:-$CI_COMMIT_REF_NAME}
+    # Create manifest for rootless image
+    - |
+      docker manifest create $CI_REGISTRY_IMAGE-rootless:$CI_COMMIT_REF_SLUG \
+        $CI_REGISTRY_IMAGE-rootless:${CI_COMMIT_REF_SLUG}-linux-amd64 \
+        $CI_REGISTRY_IMAGE-rootless:${CI_COMMIT_REF_SLUG}-linux-arm64
+      docker manifest push $CI_REGISTRY_IMAGE-rootless:$CI_COMMIT_REF_SLUG
+    # Tag as latest on main branch or create version tags
+    - |
+      if [ "$CI_COMMIT_BRANCH" = "$CI_DEFAULT_BRANCH" ]; then
+        docker manifest create $CI_REGISTRY_IMAGE-rootless:latest \
+          $CI_REGISTRY_IMAGE-rootless:${CI_COMMIT_REF_SLUG}-linux-amd64 \
+          $CI_REGISTRY_IMAGE-rootless:${CI_COMMIT_REF_SLUG}-linux-arm64
+        docker manifest push $CI_REGISTRY_IMAGE-rootless:latest
+      fi
+    - |
+      if [ -n "$CI_COMMIT_TAG" ]; then
+        docker manifest create $CI_REGISTRY_IMAGE-rootless:$CI_COMMIT_TAG \
+          $CI_REGISTRY_IMAGE-rootless:${CI_COMMIT_REF_SLUG}-linux-amd64 \
+          $CI_REGISTRY_IMAGE-rootless:${CI_COMMIT_REF_SLUG}-linux-arm64
+        docker manifest push $CI_REGISTRY_IMAGE-rootless:$CI_COMMIT_TAG
+      
+        MAJOR_MINOR=$(echo $CI_COMMIT_TAG | sed -E 's/^v?([0-9]+\.[0-9]+)\..*/\1/')
+        if [ -n "$MAJOR_MINOR" ]; then
+          docker manifest create $CI_REGISTRY_IMAGE-rootless:$MAJOR_MINOR \
+            $CI_REGISTRY_IMAGE-rootless:${CI_COMMIT_REF_SLUG}-linux-amd64 \
+            $CI_REGISTRY_IMAGE-rootless:${CI_COMMIT_REF_SLUG}-linux-arm64
+          docker manifest push $CI_REGISTRY_IMAGE-rootless:$MAJOR_MINOR
+        fi
+      fi
+  needs:
+    - docker:build:rootless:amd64
+    - docker:build:rootless:arm64
+  rules:
+    - if: $CI_COMMIT_TAG
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+
+# ==========================================
+# Docker Manifest Creation - Hardened
+# ==========================================
+docker:manifest:hardened:
+  stage: release
+  image: docker:latest
+  services:
+    - docker:dind
+  before_script:
+    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+  script:
+    - export VERSION=${CI_COMMIT_TAG:-$CI_COMMIT_REF_NAME}
+    # Create manifest for hardened image
+    - |
+      docker manifest create $CI_REGISTRY_IMAGE-hardened:$CI_COMMIT_REF_SLUG \
+        $CI_REGISTRY_IMAGE-hardened:${CI_COMMIT_REF_SLUG}-linux-amd64 \
+        $CI_REGISTRY_IMAGE-hardened:${CI_COMMIT_REF_SLUG}-linux-arm64
+      docker manifest push $CI_REGISTRY_IMAGE-hardened:$CI_COMMIT_REF_SLUG
+    # Tag as latest on main branch or create version tags
+    - |
+      if [ "$CI_COMMIT_BRANCH" = "$CI_DEFAULT_BRANCH" ]; then
+        docker manifest create $CI_REGISTRY_IMAGE-hardened:latest \
+          $CI_REGISTRY_IMAGE-hardened:${CI_COMMIT_REF_SLUG}-linux-amd64 \
+          $CI_REGISTRY_IMAGE-hardened:${CI_COMMIT_REF_SLUG}-linux-arm64
+        docker manifest push $CI_REGISTRY_IMAGE-hardened:latest
+      fi
+    - |
+      if [ -n "$CI_COMMIT_TAG" ]; then
+        docker manifest create $CI_REGISTRY_IMAGE-hardened:$CI_COMMIT_TAG \
+          $CI_REGISTRY_IMAGE-hardened:${CI_COMMIT_REF_SLUG}-linux-amd64 \
+          $CI_REGISTRY_IMAGE-hardened:${CI_COMMIT_REF_SLUG}-linux-arm64
+        docker manifest push $CI_REGISTRY_IMAGE-hardened:$CI_COMMIT_TAG
+      
+        MAJOR_MINOR=$(echo $CI_COMMIT_TAG | sed -E 's/^v?([0-9]+\.[0-9]+)\..*/\1/')
+        if [ -n "$MAJOR_MINOR" ]; then
+          docker manifest create $CI_REGISTRY_IMAGE-hardened:$MAJOR_MINOR \
+            $CI_REGISTRY_IMAGE-hardened:${CI_COMMIT_REF_SLUG}-linux-amd64 \
+            $CI_REGISTRY_IMAGE-hardened:${CI_COMMIT_REF_SLUG}-linux-arm64
+          docker manifest push $CI_REGISTRY_IMAGE-hardened:$MAJOR_MINOR
+        fi
+      fi
+  needs:
+    - docker:build:hardened:amd64
+    - docker:build:hardened:arm64
+  rules:
+    - if: $CI_COMMIT_TAG
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH

.scaffold/go.sum

@@ -0,0 +1,14 @@
+entgo.io/ent v0.14.5 h1:Rj2WOYJtCkWyFo6a+5wB3EfBRP0rnx1fMk6gGA0UUe4=
+entgo.io/ent v0.14.5/go.mod h1:zTzLmWtPvGpmSwtkaayM2cm5m819NdM7z7tYPq3vN0U=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
+github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
+github.com/sysadminsmedia/homebox/backend v0.0.0-20251228172914-2a6773d1d610 h1:kNLtnxaPaOryBUZ7RgUHPQVWxIExXYR/q9pYCbum5Vk=
+github.com/sysadminsmedia/homebox/backend v0.0.0-20251228172914-2a6773d1d610/go.mod h1:9zHHw5TNttw5Kn4Wks+SxwXmJPz6PgGNbnB4BtF1Z4c=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

.vscode/settings.json

@@ -4,7 +4,7 @@
   },
   "explorer.fileNesting.enabled": true,
   "explorer.fileNesting.patterns": {
-    "package.json": "package-lock.json, yarn.lock, .eslintrc.js, tsconfig.json, .prettierrc, .editorconfig, pnpm-lock.yaml, postcss.config.js, tailwind.config.js",
+    "package.json": "package-lock.json, yarn.lock, eslint.config.mjs, tsconfig.json, .prettierrc, .editorconfig, pnpm-lock.yaml, postcss.config.js, tailwind.config.js",
     "docker-compose.yml": "Dockerfile, .dockerignore, docker-compose.dev.yml, docker-compose.yml",
     "README.md": "LICENSE, SECURITY.md"
   },
@@ -22,6 +22,8 @@
     "editor.defaultFormatter": "dbaeumer.vscode-eslint"
   },
   "eslint.format.enable": true,
+  "eslint.validate": ["javascript", "typescript", "vue"],
+  "eslint.useFlatConfig": true,
   "css.validate": false,
 	"tailwindCSS.includeLanguages": {
 		"vue": "html",

Dockerfile

@@ -1,5 +1,5 @@
 # Node dependencies stage
-FROM public.ecr.aws/docker/library/node:lts-alpine AS frontend-dependencies
+FROM public.ecr.aws/docker/library/node:22-alpine AS frontend-dependencies
 WORKDIR /app
 
 # Install pnpm globally (caching layer)
@@ -10,7 +10,7 @@ COPY frontend/package.json frontend/pnpm-lock.yaml ./
 RUN pnpm install --frozen-lockfile
 
 # Build Nuxt (frontend) stage
-FROM public.ecr.aws/docker/library/node:lts-alpine AS frontend-builder
+FROM public.ecr.aws/docker/library/node:22-alpine AS frontend-builder
 WORKDIR /app
 
 # Install pnpm globally again (it can reuse the cache if not changed)

Dockerfile.hardened

@@ -1,7 +1,7 @@
 # ---------------------------------------
 # Node dependencies stage
 # ---------------------------------------
-FROM public.ecr.aws/docker/library/node:lts-alpine AS frontend-dependencies
+FROM public.ecr.aws/docker/library/node:22-alpine AS frontend-dependencies
 WORKDIR /app
 
 # Install pnpm globally (caching layer)
@@ -14,7 +14,7 @@ RUN pnpm install --frozen-lockfile
 # ---------------------------------------
 # Build Nuxt (frontend) stage
 # ---------------------------------------
-FROM public.ecr.aws/docker/library/node:lts-alpine AS frontend-builder
+FROM public.ecr.aws/docker/library/node:22-alpine AS frontend-builder
 WORKDIR /app
 
 # Install pnpm globally again (it can reuse the cache if not changed)

Dockerfile.rootless

@@ -1,5 +1,5 @@
 # Node dependencies stage
-FROM public.ecr.aws/docker/library/node:lts-alpine AS frontend-dependencies
+FROM public.ecr.aws/docker/library/node:22-alpine AS frontend-dependencies
 WORKDIR /app
 
 # Install pnpm globally (caching layer)
@@ -10,7 +10,7 @@ COPY frontend/package.json frontend/pnpm-lock.yaml ./
 RUN pnpm install --frozen-lockfile
 
 # Build Nuxt (frontend) stage
-FROM public.ecr.aws/docker/library/node:lts-alpine AS frontend-builder
+FROM public.ecr.aws/docker/library/node:22-alpine AS frontend-builder
 WORKDIR /app
 
 # Install pnpm globally again (it can reuse the cache if not changed)

README.md

@@ -2,36 +2,59 @@
   <img src="/docs/public/lilbox.svg" height="200"/>
 </div>
 
-<h1 align="center" style="margin-top: -10px"> HomeBox </h1>
-<p align="center" style="width: 100;">
+<h1 align="center" style="margin-top: -10px;"> HomeBox </h1>
+<p align="center" style="width: 100%;">
    <a href="https://homebox.software/en/">Docs</a>
    |
    <a href="https://demo.homebox.software">Demo</a>
    |
    <a href="https://discord.gg/aY4DCkpNA9">Discord</a>
 </p>
+<p align="center" style="width: 100%;">
+    <img src="https://img.shields.io/github/check-runs/sysadminsmedia/homebox/main" alt="Github Checks"/>
+    <img src="https://img.shields.io/github/license/sysadminsmedia/homebox"/>
+    <img src="https://img.shields.io/github/v/release/sysadminsmedia/homebox?sort=semver&display_name=release"/>
+    <img src="https://img.shields.io/weblate/progress/homebox?server=https%3A%2F%2Ftranslate.sysadminsmedia.com"/>
+</p>
+<p align="center" style="width: 100%;">
+    <img src="https://img.shields.io/reddit/subreddit-subscribers/homebox"/>
+    <img src="https://img.shields.io/mastodon/follow/110749314839831923?domain=infosec.exchange"/>
+    <img src="https://img.shields.io/lemmy/homebox%40lemmy.world?label=lemmy"/>
+</p>
 
 ## What is HomeBox
 
-HomeBox is the inventory and organization system built for the Home User! With a focus on simplicity and ease of use, Homebox is the perfect solution for your home inventory, organization, and management needs. While developing this project, I've tried to keep the following principles in mind:
+HomeBox is the inventory and organization system built for the Home User! With a focus on simplicity and ease of use, Homebox is the perfect solution for your home inventory, organization, and management needs. While developing this project, We've tried to keep the following principles in mind:
 
-- _Simple_ - Homebox is designed to be simple and easy to use. No complicated setup or configuration required. Use either a single docker container, or deploy yourself by compiling the binary for your platform of choice.
-- _Blazingly Fast_ - Homebox is written in Go, which makes it extremely fast and requires minimal resources to deploy. In general, idle memory usage is less than 50MB for the whole container.
-- _Portable_ - Homebox is designed to be portable and run on anywhere. We use SQLite and an embedded Web UI to make it easy to deploy, use, and backup.
+- 🧘 _Simple but Expandable_ - Homebox is designed to be simple and easy to use. No complicated setup or configuration required. But expandable to whatever level of infrastructure you want to put into it.
+- 🚀 _Blazingly Fast_ - Homebox is written in Go, which makes it extremely fast and requires minimal resources to deploy. In general, idle memory usage is less than 50MB for the whole container.
+- 📦 _Portable_ - Homebox is designed to be portable and run on anywhere. We use SQLite and an embedded Web UI to make it easy to deploy, use, and backup.
+
+### Key Features
+- 📇 Rich Organization - Organize your items into categories, locations, and tags. You can also create custom fields to store additional information about your items.
+- 🔍 Powerful Search - Quickly find items in your inventory using the powerful search feature.
+- 📸 Image Upload - Upload images of your items to make it easy to identify them.
+- 📄 Document and Warranty Tracking - Keep track of important documents and warranties for your items.
+- 💰 Purchase & Maintenance Tracking - Track purchase dates, prices, and maintenance schedules for your items.
+- 📱 Responsive Design - Homebox is designed to work on any device, including desktops, tablets, and smartphones.
+
+## Screenshots
+![Login Screen](.github/screenshots/1.png)
+![Dashboard](.github/screenshots/2.png)
+![Item View](.github/screenshots/3.png)
+![Create Item](.github/screenshots/9.png)
+![Search](.github/screenshots/8.png)
 
-# Screenshots
-Check out screenshots of the project [here](https://github.com/sysadminsmedia/homebox/tree/main/screenshots).
 You can also try the demo instances of Homebox:
 - [Demo](https://demo.homebox.software)
 - [Nightly](https://nightly.homebox.software)
-- [VNext](https://vnext.homebox.software/)
 
 ## Quick Start
 
 [Configuration & Docker Compose](https://homebox.software/en/quick-start.html)
 
 ```bash
-# If using the rootless image, ensure data 
+# If using the rootless or hardened image, ensure data 
 # folder has correct permissions
 mkdir -p /path/to/data/folder
 chown 65532:65532 -R /path/to/data/folder
@@ -43,6 +66,7 @@ docker run -d \
   --volume /path/to/data/folder/:/data \
   ghcr.io/sysadminsmedia/homebox:latest
 # ghcr.io/sysadminsmedia/homebox:latest-rootless
+# ghcr.io/sysadminsmedia/homebox:latest-hardened
 ```
 
 <!-- CONTRIBUTING -->
@@ -51,14 +75,20 @@ docker run -d \
 
 Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are **greatly appreciated**.
 
-If you are not a coder, you can still contribute financially. Financial contributions help me prioritize working on this project over others and helps me know that there is a real demand for project development.
+To get started with code based contributions, please see our [contributing guide](https://homebox.software/en/contribute/get-started.html).
+
+If you are not a coder and can't help translate, you can still contribute financially. Financial contributions help us maintain the project and keep demos running.
 
 ## Help us Translate
 We want to make sure that Homebox is available in as many languages as possible. If you are interested in helping us translate Homebox, please help us via our [Weblate instance](https://translate.sysadminsmedia.com/projects/homebox/).
 
-[![Translation status](http://translate.sysadminsmedia.com/widget/homebox/multi-auto.svg)](http://translate.sysadminsmedia.com/engage/homebox/)
+[![Translation status](https://translate.sysadminsmedia.com/widget/homebox/multi-auto.svg)](https://translate.sysadminsmedia.com/engage/homebox/)
 
 ## Credits
-
 - Original project by [@hay-kot](https://github.com/hay-kot)
 - Logo by [@lakotelman](https://github.com/lakotelman)
+
+### Contributors
+<a href="https://github.com/sysadminsmedia/homebox/graphs/contributors">
+  <img src="https://contrib.rocks/image?repo=sysadminsmedia/homebox" />
+</a>

Taskfile.yml

@@ -23,10 +23,13 @@ tasks:
       INTERNAL: "../../../internal"
       PKGS: "../../../pkgs"
     cmds:
-      - swag fmt --dir={{ .API }}
       - swag init --dir={{ .API }},{{ .INTERNAL }}/core/services,{{ .INTERNAL }}/data/repo --parseDependency
-      - cp -r ./docs/swagger.json ../../../../docs/en/api/openapi-2.0.json
-      - cp -r ./docs/swagger.yaml ../../../../docs/en/api/openapi-2.0.yaml
+      - npx -y -p swagger2openapi swagger2openapi --outfile ./docs/openapi-3.json ./docs/swagger.json
+      - npx -y -p swagger2openapi swagger2openapi --yaml --outfile ./docs/openapi-3.yaml ./docs/swagger.json
+      - cp -r ./docs/swagger.json ../../../../docs/en/api/swagger-2.0.json
+      - cp -r ./docs/swagger.yaml ../../../../docs/en/api/swagger-2.0.yaml
+      - cp -r ./docs/openapi-3.json ../../../../docs/en/api/openapi-3.0.json
+      - cp -r ./docs/openapi-3.yaml ../../../../docs/en/api/openapi-3.0.yaml
     sources:
       - "./backend/app/api/**/*"
       - "./backend/internal/data/**"
@@ -93,6 +96,16 @@ tasks:
       - go run ./app/api/ {{ .CLI_ARGS }} &
     silent: true
 
+  go:ci:with-frontend:
+      desc: Run backend with frontend in CI mode
+      dir: frontend
+      cmds:
+        - pnpm install
+        - pnpm run build
+        - cp -r ./.output/public ../backend/app/api/static/
+        - task: go:ci
+      silent: true
+
   go:test:
     desc: Runs all go tests using gotestsum - supports passing gotestsum args
     dir: backend
@@ -201,12 +214,11 @@ tasks:
     desc: Runs end-to-end test on a live server
     dir: frontend
     cmds:
-      - task: go:ci
-      - task: ui:ci
+      - task: go:ci:with-frontend
       - pnpm exec playwright install-deps
       - pnpm exec playwright install
       - sleep 30
-      - TEST_SHUTDOWN_API_SERVER=true pnpm exec playwright test -c ./test/playwright.config.ts {{ .CLI_ARGS }}
+      - TEST_SHUTDOWN_API_SERVER=true E2E_BASE_URL=http://localhost:7745 pnpm exec playwright test -c ./test/playwright.config.ts {{ .CLI_ARGS }}
 
   pr:
     desc: Runs all tasks required for a PR

backend/.goreleaser.yaml

@@ -17,38 +17,31 @@ builds:
       - freebsd
     goarch:
       - amd64
-      - "386"
-      - arm
       - arm64
       - riscv64
-    ignore:
-      - goos: windows
-        goarch: arm
-      - goos: windows
-        goarch: "386"
-      - goos: freebsd
-        goarch: arm
-      - goos: freebsd
-        goarch: "386"
+    flags:
+      - -trimpath
+    ldflags:
+      - -s -w
+      - -X main.version={{.Version}}
+      - -X main.commit={{.Commit}}
+      - -X main.date={{.Date}}
     tags:
       - >-
         {{- if eq .Arch "riscv64" }}nodynamic
-        {{- else if eq .Arch "arm" }}nodynamic
-        {{- else if eq .Arch "386" }}nodynamic
         {{- else if eq .Os "freebsd" }}nodynamic
         {{ end }}
 
 signs:
   - cmd: cosign
-    stdin: "{{ .Env.COSIGN_PWD }}"
+    signature: "${artifact}.sigstore.json"
     args:
-      - "sign-blob"
-      - "--key=cosign.key"
-      - "--output-signature=${signature}"
+      - sign-blob
+      - "--bundle=${signature}"
       - "${artifact}"
-      - "--yes" # needed on cosign 2.0.0+
-    artifacts: all
-
+      - "--yes"
+    artifacts: checksum
+    output: true
 archives:
   - formats: [ 'tar.gz' ]
     # this name template makes the OS and Arch compatible with the results of uname.
@@ -56,14 +49,14 @@ archives:
       {{ .ProjectName }}_
       {{- title .Os }}_
       {{- if eq .Arch "amd64" }}x86_64
-      {{- else if eq .Arch "386" }}i386
       {{- else }}{{ .Arch }}{{ end }}
       {{- if .Arm }}v{{ .Arm }}{{ end }}
     # use zip for windows archives
     format_overrides:
     - goos: windows
       formats: [ 'zip' ]
-    
+sboms:
+  - artifacts: archive
 release:
   extra_files:
     - glob: dist/*.sig

backend/app/api/handlers/v1/controller.go

@@ -10,6 +10,7 @@ import (
 	"github.com/hay-kot/httpkit/errchain"
 	"github.com/hay-kot/httpkit/server"
 	"github.com/rs/zerolog/log"
+	"github.com/sysadminsmedia/homebox/backend/app/api/providers"
 	"github.com/sysadminsmedia/homebox/backend/internal/core/services"
 	"github.com/sysadminsmedia/homebox/backend/internal/core/services/reporting/eventbus"
 	"github.com/sysadminsmedia/homebox/backend/internal/data/repo"
@@ -74,6 +75,7 @@ type V1Controller struct {
 	bus               *eventbus.EventBus
 	url               string
 	config            *config.Config
+	oidcProvider      *providers.OIDCProvider
 }
 
 type (
@@ -95,6 +97,14 @@ type (
 		Demo              bool            `json:"demo"`
 		AllowRegistration bool            `json:"allowRegistration"`
 		LabelPrinting     bool            `json:"labelPrinting"`
+		OIDC              OIDCStatus      `json:"oidc"`
+	}
+
+	OIDCStatus struct {
+		Enabled      bool   `json:"enabled"`
+		ButtonText   string `json:"buttonText,omitempty"`
+		AutoRedirect bool   `json:"autoRedirect,omitempty"`
+		AllowLocal   bool   `json:"allowLocal"`
 	}
 )
 
@@ -111,9 +121,23 @@ func NewControllerV1(svc *services.AllServices, repos *repo.AllRepos, bus *event
 		opt(ctrl)
 	}
 
+	ctrl.initOIDCProvider()
+
 	return ctrl
 }
 
+func (ctrl *V1Controller) initOIDCProvider() {
+	if ctrl.config.OIDC.Enabled {
+		oidcProvider, err := providers.NewOIDCProvider(ctrl.svc.User, &ctrl.config.OIDC, &ctrl.config.Options, ctrl.cookieSecure)
+		if err != nil {
+			log.Err(err).Msg("failed to initialize OIDC provider at startup")
+		} else {
+			ctrl.oidcProvider = oidcProvider
+			log.Info().Msg("OIDC provider initialized successfully at startup")
+		}
+	}
+}
+
 // HandleBase godoc
 //
 //	@Summary	Application Info
@@ -132,6 +156,12 @@ func (ctrl *V1Controller) HandleBase(ready ReadyFunc, build Build) errchain.Hand
 			Demo:              ctrl.isDemo,
 			AllowRegistration: ctrl.allowRegistration,
 			LabelPrinting:     ctrl.config.LabelMaker.PrintCommand != nil,
+			OIDC: OIDCStatus{
+				Enabled:      ctrl.config.OIDC.Enabled,
+				ButtonText:   ctrl.config.OIDC.ButtonText,
+				AutoRedirect: ctrl.config.OIDC.AutoRedirect,
+				AllowLocal:   ctrl.config.Options.AllowLocalLogin,
+			},
 		})
 	}
 }

backend/app/api/handlers/v1/v1_ctrl_actions.go

@@ -2,6 +2,7 @@ package v1
 
 import (
 	"context"
+	"errors"
 	"net/http"
 
 	"github.com/google/uuid"
@@ -9,6 +10,7 @@ import (
 	"github.com/hay-kot/httpkit/server"
 	"github.com/rs/zerolog/log"
 	"github.com/sysadminsmedia/homebox/backend/internal/core/services"
+	"github.com/sysadminsmedia/homebox/backend/internal/core/services/reporting/eventbus"
 	"github.com/sysadminsmedia/homebox/backend/internal/sys/validate"
 )
 
@@ -94,3 +96,64 @@ func (ctrl *V1Controller) HandleSetPrimaryPhotos() errchain.HandlerFunc {
 func (ctrl *V1Controller) HandleCreateMissingThumbnails() errchain.HandlerFunc {
 	return actionHandlerFactory("create missing thumbnails", ctrl.repo.Attachments.CreateMissingThumbnails)
 }
+
+// WipeInventoryOptions represents the options for wiping inventory
+type WipeInventoryOptions struct {
+	WipeLabels      bool `json:"wipeLabels"`
+	WipeLocations   bool `json:"wipeLocations"`
+	WipeMaintenance bool `json:"wipeMaintenance"`
+}
+
+// HandleWipeInventory godoc
+//
+//	@Summary		Wipe Inventory
+//	@Description	Deletes all items in the inventory
+//	@Tags			Actions
+//	@Produce		json
+//	@Param			options	body	WipeInventoryOptions	false	"Wipe options"
+//	@Success		200	{object}	ActionAmountResult
+//	@Router			/v1/actions/wipe-inventory [Post]
+//	@Security		Bearer
+func (ctrl *V1Controller) HandleWipeInventory() errchain.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) error {
+		if ctrl.isDemo {
+			return validate.NewRequestError(errors.New("wipe inventory is not allowed in demo mode"), http.StatusForbidden)
+		}
+		
+		ctx := services.NewContext(r.Context())
+		
+		// Check if user is owner
+		if !ctx.User.IsOwner {
+			return validate.NewRequestError(errors.New("only group owners can wipe inventory"), http.StatusForbidden)
+		}
+		
+		// Parse options from request body
+		var options WipeInventoryOptions
+		if err := server.Decode(r, &options); err != nil {
+			// If no body provided, use default (false for all)
+			options = WipeInventoryOptions{
+				WipeLabels:      false,
+				WipeLocations:   false,
+				WipeMaintenance: false,
+			}
+		}
+		
+		totalCompleted, err := ctrl.repo.Items.WipeInventory(ctx, ctx.GID, options.WipeLabels, options.WipeLocations, options.WipeMaintenance)
+		if err != nil {
+			log.Err(err).Str("action_ref", "wipe inventory").Msg("failed to run action")
+			return validate.NewRequestError(err, http.StatusInternalServerError)
+		}
+		
+		// Publish mutation events for wiped resources
+		if ctrl.bus != nil {
+			if options.WipeLabels {
+				ctrl.bus.Publish(eventbus.EventLabelMutation, eventbus.GroupMutationEvent{GID: ctx.GID})
+			}
+			if options.WipeLocations {
+				ctrl.bus.Publish(eventbus.EventLocationMutation, eventbus.GroupMutationEvent{GID: ctx.GID})
+			}
+		}
+		
+		return server.JSON(w, http.StatusOK, ActionAmountResult{Completed: totalCompleted})
+	}
+}

backend/app/api/handlers/v1/v1_ctrl_auth.go

@@ -2,6 +2,7 @@ package v1
 
 import (
 	"errors"
+	"fmt"
 	"net/http"
 	"strconv"
 	"strings"
@@ -106,6 +107,11 @@ func (ctrl *V1Controller) HandleAuthLogin(ps ...AuthProvider) errchain.HandlerFu
 			provider = "local"
 		}
 
+		// Block local only when disabled
+		if provider == "local" && !ctrl.config.Options.AllowLocalLogin {
+			return validate.NewRequestError(fmt.Errorf("local login is not enabled"), http.StatusForbidden)
+		}
+
 		// Get the provider
 		p, ok := providers[provider]
 		if !ok {
@@ -114,11 +120,11 @@ func (ctrl *V1Controller) HandleAuthLogin(ps ...AuthProvider) errchain.HandlerFu
 
 		newToken, err := p.Authenticate(w, r)
 		if err != nil {
-			log.Err(err).Msg("failed to authenticate")
-			return server.JSON(w, http.StatusInternalServerError, err.Error())
+			log.Warn().Err(err).Msg("authentication failed")
+			return validate.NewUnauthorizedError()
 		}
 
-		ctrl.setCookies(w, noPort(r.Host), newToken.Raw, newToken.ExpiresAt, true)
+		ctrl.setCookies(w, noPort(r.Host), newToken.Raw, newToken.ExpiresAt, true, newToken.AttachmentToken)
 		return server.JSON(w, http.StatusOK, TokenResponse{
 			Token:           "Bearer " + newToken.Raw,
 			ExpiresAt:       newToken.ExpiresAt,
@@ -172,7 +178,7 @@ func (ctrl *V1Controller) HandleAuthRefresh() errchain.HandlerFunc {
 			return validate.NewUnauthorizedError()
 		}
 
-		ctrl.setCookies(w, noPort(r.Host), newToken.Raw, newToken.ExpiresAt, false)
+		ctrl.setCookies(w, noPort(r.Host), newToken.Raw, newToken.ExpiresAt, false, newToken.AttachmentToken)
 		return server.JSON(w, http.StatusOK, newToken)
 	}
 }
@@ -181,7 +187,7 @@ func noPort(host string) string {
 	return strings.Split(host, ":")[0]
 }
 
-func (ctrl *V1Controller) setCookies(w http.ResponseWriter, domain, token string, expires time.Time, remember bool) {
+func (ctrl *V1Controller) setCookies(w http.ResponseWriter, domain, token string, expires time.Time, remember bool, attachmentToken string) {
 	http.SetCookie(w, &http.Cookie{
 		Name:     cookieNameRemember,
 		Value:    strconv.FormatBool(remember),
@@ -213,6 +219,19 @@ func (ctrl *V1Controller) setCookies(w http.ResponseWriter, domain, token string
 		HttpOnly: false,
 		Path:     "/",
 	})
+
+	// Set attachment token cookie (accessible to frontend, not HttpOnly)
+	if attachmentToken != "" {
+		http.SetCookie(w, &http.Cookie{
+			Name:     "hb.auth.attachment_token",
+			Value:    attachmentToken,
+			Expires:  expires,
+			Domain:   domain,
+			Secure:   ctrl.cookieSecure,
+			HttpOnly: false,
+			Path:     "/",
+		})
+	}
 }
 
 func (ctrl *V1Controller) unsetCookies(w http.ResponseWriter, domain string) {
@@ -246,4 +265,77 @@ func (ctrl *V1Controller) unsetCookies(w http.ResponseWriter, domain string) {
 		HttpOnly: false,
 		Path:     "/",
 	})
+
+	// Unset attachment token cookie
+	http.SetCookie(w, &http.Cookie{
+		Name:     "hb.auth.attachment_token",
+		Value:    "",
+		Expires:  time.Unix(0, 0),
+		Domain:   domain,
+		Secure:   ctrl.cookieSecure,
+		HttpOnly: false,
+		Path:     "/",
+	})
+}
+
+// HandleOIDCLogin godoc
+//
+//	@Summary	OIDC Login Initiation
+//	@Tags		Authentication
+//	@Produce	json
+//	@Success	302
+//	@Router		/v1/users/login/oidc [GET]
+func (ctrl *V1Controller) HandleOIDCLogin() errchain.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) error {
+		// Forbidden if OIDC is not enabled
+		if !ctrl.config.OIDC.Enabled {
+			return validate.NewRequestError(fmt.Errorf("OIDC is not enabled"), http.StatusForbidden)
+		}
+
+		// Check if OIDC provider is available
+		if ctrl.oidcProvider == nil {
+			log.Error().Msg("OIDC provider not initialized")
+			return validate.NewRequestError(errors.New("OIDC provider not available"), http.StatusInternalServerError)
+		}
+
+		// Initiate OIDC flow
+		_, err := ctrl.oidcProvider.InitiateOIDCFlow(w, r)
+		return err
+	}
+}
+
+// HandleOIDCCallback godoc
+//
+//	@Summary	OIDC Callback Handler
+//	@Tags		Authentication
+//	@Param		code	query	string	true	"Authorization code"
+//	@Param		state	query	string	true	"State parameter"
+//	@Success	302
+//	@Router		/v1/users/login/oidc/callback [GET]
+func (ctrl *V1Controller) HandleOIDCCallback() errchain.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) error {
+		// Forbidden if OIDC is not enabled
+		if !ctrl.config.OIDC.Enabled {
+			return validate.NewRequestError(fmt.Errorf("OIDC is not enabled"), http.StatusForbidden)
+		}
+
+		// Check if OIDC provider is available
+		if ctrl.oidcProvider == nil {
+			log.Error().Msg("OIDC provider not initialized")
+			return validate.NewRequestError(errors.New("OIDC provider not available"), http.StatusInternalServerError)
+		}
+
+		// Handle callback
+		newToken, err := ctrl.oidcProvider.HandleCallback(w, r)
+		if err != nil {
+			log.Err(err).Msg("OIDC callback failed")
+			http.Redirect(w, r, "/?oidc_error=oidc_auth_failed", http.StatusFound)
+			return nil
+		}
+
+		// Set cookies and redirect to home
+		ctrl.setCookies(w, noPort(r.Host), newToken.Raw, newToken.ExpiresAt, true, newToken.AttachmentToken)
+		http.Redirect(w, r, "/home", http.StatusFound)
+		return nil
+	}
 }

backend/app/api/handlers/v1/v1_ctrl_item_templates.go

@@ -0,0 +1,164 @@
+package v1
+
+import (
+	"net/http"
+
+	"github.com/google/uuid"
+	"github.com/hay-kot/httpkit/errchain"
+	"github.com/sysadminsmedia/homebox/backend/internal/core/services"
+	"github.com/sysadminsmedia/homebox/backend/internal/data/repo"
+	"github.com/sysadminsmedia/homebox/backend/internal/web/adapters"
+)
+
+// HandleItemTemplatesGetAll godoc
+//
+//	@Summary	Get All Item Templates
+//	@Tags		Item Templates
+//	@Produce	json
+//	@Success	200	{object}	[]repo.ItemTemplateSummary
+//	@Router		/v1/templates [GET]
+//	@Security	Bearer
+func (ctrl *V1Controller) HandleItemTemplatesGetAll() errchain.HandlerFunc {
+	fn := func(r *http.Request) ([]repo.ItemTemplateSummary, error) {
+		auth := services.NewContext(r.Context())
+		return ctrl.repo.ItemTemplates.GetAll(r.Context(), auth.GID)
+	}
+
+	return adapters.Command(fn, http.StatusOK)
+}
+
+// HandleItemTemplatesGet godoc
+//
+//	@Summary	Get Item Template
+//	@Tags		Item Templates
+//	@Produce	json
+//	@Param		id	path		string	true	"Template ID"
+//	@Success	200	{object}	repo.ItemTemplateOut
+//	@Router		/v1/templates/{id} [GET]
+//	@Security	Bearer
+func (ctrl *V1Controller) HandleItemTemplatesGet() errchain.HandlerFunc {
+	fn := func(r *http.Request, ID uuid.UUID) (repo.ItemTemplateOut, error) {
+		auth := services.NewContext(r.Context())
+		return ctrl.repo.ItemTemplates.GetOne(r.Context(), auth.GID, ID)
+	}
+
+	return adapters.CommandID("id", fn, http.StatusOK)
+}
+
+// HandleItemTemplatesCreate godoc
+//
+//	@Summary	Create Item Template
+//	@Tags		Item Templates
+//	@Produce	json
+//	@Param		payload	body		repo.ItemTemplateCreate	true	"Template Data"
+//	@Success	201		{object}	repo.ItemTemplateOut
+//	@Router		/v1/templates [POST]
+//	@Security	Bearer
+func (ctrl *V1Controller) HandleItemTemplatesCreate() errchain.HandlerFunc {
+	fn := func(r *http.Request, body repo.ItemTemplateCreate) (repo.ItemTemplateOut, error) {
+		auth := services.NewContext(r.Context())
+		return ctrl.repo.ItemTemplates.Create(r.Context(), auth.GID, body)
+	}
+
+	return adapters.Action(fn, http.StatusCreated)
+}
+
+// HandleItemTemplatesUpdate godoc
+//
+//	@Summary	Update Item Template
+//	@Tags		Item Templates
+//	@Produce	json
+//	@Param		id		path		string					true	"Template ID"
+//	@Param		payload	body		repo.ItemTemplateUpdate	true	"Template Data"
+//	@Success	200		{object}	repo.ItemTemplateOut
+//	@Router		/v1/templates/{id} [PUT]
+//	@Security	Bearer
+func (ctrl *V1Controller) HandleItemTemplatesUpdate() errchain.HandlerFunc {
+	fn := func(r *http.Request, ID uuid.UUID, body repo.ItemTemplateUpdate) (repo.ItemTemplateOut, error) {
+		auth := services.NewContext(r.Context())
+		body.ID = ID
+		return ctrl.repo.ItemTemplates.Update(r.Context(), auth.GID, body)
+	}
+
+	return adapters.ActionID("id", fn, http.StatusOK)
+}
+
+// HandleItemTemplatesDelete godoc
+//
+//	@Summary	Delete Item Template
+//	@Tags		Item Templates
+//	@Produce	json
+//	@Param		id	path	string	true	"Template ID"
+//	@Success	204
+//	@Router		/v1/templates/{id} [DELETE]
+//	@Security	Bearer
+func (ctrl *V1Controller) HandleItemTemplatesDelete() errchain.HandlerFunc {
+	fn := func(r *http.Request, ID uuid.UUID) (any, error) {
+		auth := services.NewContext(r.Context())
+		err := ctrl.repo.ItemTemplates.Delete(r.Context(), auth.GID, ID)
+		return nil, err
+	}
+
+	return adapters.CommandID("id", fn, http.StatusNoContent)
+}
+
+type ItemTemplateCreateItemRequest struct {
+	Name        string      `json:"name"        validate:"required,min=1,max=255"`
+	Description string      `json:"description" validate:"max=1000"`
+	LocationID  uuid.UUID   `json:"locationId"  validate:"required"`
+	LabelIDs    []uuid.UUID `json:"labelIds"`
+	Quantity    *int        `json:"quantity"`
+}
+
+// HandleItemTemplatesCreateItem godoc
+//
+//	@Summary	Create Item from Template
+//	@Tags		Item Templates
+//	@Produce	json
+//	@Param		id		path		string							true	"Template ID"
+//	@Param		payload	body		ItemTemplateCreateItemRequest	true	"Item Data"
+//	@Success	201		{object}	repo.ItemOut
+//	@Router		/v1/templates/{id}/create-item [POST]
+//	@Security	Bearer
+func (ctrl *V1Controller) HandleItemTemplatesCreateItem() errchain.HandlerFunc {
+	fn := func(r *http.Request, templateID uuid.UUID, body ItemTemplateCreateItemRequest) (repo.ItemOut, error) {
+		auth := services.NewContext(r.Context())
+
+		template, err := ctrl.repo.ItemTemplates.GetOne(r.Context(), auth.GID, templateID)
+		if err != nil {
+			return repo.ItemOut{}, err
+		}
+
+		quantity := template.DefaultQuantity
+		if body.Quantity != nil {
+			quantity = *body.Quantity
+		}
+
+		// Build custom fields from template
+		fields := make([]repo.ItemField, len(template.Fields))
+		for i, f := range template.Fields {
+			fields[i] = repo.ItemField{
+				Type:      f.Type,
+				Name:      f.Name,
+				TextValue: f.TextValue,
+			}
+		}
+
+		// Create item with all template data in a single transaction
+		return ctrl.repo.Items.CreateFromTemplate(r.Context(), auth.GID, repo.ItemCreateFromTemplate{
+			Name:             body.Name,
+			Description:      body.Description,
+			Quantity:         quantity,
+			LocationID:       body.LocationID,
+			LabelIDs:         body.LabelIDs,
+			Insured:          template.DefaultInsured,
+			Manufacturer:     template.DefaultManufacturer,
+			ModelNumber:      template.DefaultModelNumber,
+			LifetimeWarranty: template.DefaultLifetimeWarranty,
+			WarrantyDetails:  template.DefaultWarrantyDetails,
+			Fields:           fields,
+		})
+	}
+
+	return adapters.ActionID("id", fn, http.StatusCreated)
+}

backend/app/api/handlers/v1/v1_ctrl_items_attachments.go

@@ -186,7 +186,7 @@ func (ctrl *V1Controller) handleItemAttachmentsHandler(w http.ResponseWriter, r
 			log.Err(err).Msg("failed to open bucket")
 			return validate.NewRequestError(err, http.StatusInternalServerError)
 		}
-		file, err := bucket.NewReader(ctx, doc.Path, nil)
+		file, err := bucket.NewReader(ctx, ctrl.repo.Attachments.GetFullPath(doc.Path), nil)
 		if err != nil {
 			log.Err(err).Msg("failed to open file")
 			return validate.NewRequestError(err, http.StatusInternalServerError)

backend/app/api/handlers/v1/v1_ctrl_user.go

@@ -20,9 +20,15 @@ import (
 //	@Produce	json
 //	@Param		payload	body	services.UserRegistration	true	"User Data"
 //	@Success	204
+//  @Failure    403 {string} string "Local login is not enabled"
 //	@Router		/v1/users/register [Post]
 func (ctrl *V1Controller) HandleUserRegistration() errchain.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) error {
+		// Forbidden if local login is not enabled
+		if !ctrl.config.Options.AllowLocalLogin {
+			return validate.NewRequestError(fmt.Errorf("local login is not enabled"), http.StatusForbidden)
+		}
+
 		regData := services.UserRegistration{}
 
 		if err := server.Decode(r, &regData); err != nil {

backend/app/api/main.go

@@ -108,7 +108,7 @@ func run(cfg *config.Config) error {
 		return err
 	}
 
-	if strings.ToLower(cfg.Database.Driver) == "postgres" {
+	if strings.ToLower(cfg.Database.Driver) == config.DriverPostgres {
 		if !validatePostgresSSLMode(cfg.Database.SslMode) {
 			log.Error().Str("sslmode", cfg.Database.SslMode).Msg("invalid sslmode")
 			return fmt.Errorf("invalid sslmode: %s", cfg.Database.SslMode)

backend/app/api/providers/oidc.go

@@ -0,0 +1,626 @@
+package providers
+
+import (
+	"context"
+	"crypto/rand"
+	"crypto/sha256"
+	"encoding/base64"
+	"fmt"
+	"net/http"
+	"net/url"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/coreos/go-oidc/v3/oidc"
+	"github.com/rs/zerolog/log"
+	"github.com/sysadminsmedia/homebox/backend/internal/core/services"
+	"github.com/sysadminsmedia/homebox/backend/internal/sys/config"
+	"golang.org/x/oauth2"
+)
+
+type OIDCProvider struct {
+	service      *services.UserService
+	config       *config.OIDCConf
+	options      *config.Options
+	cookieSecure bool
+	provider     *oidc.Provider
+	verifier     *oidc.IDTokenVerifier
+	endpoint     oauth2.Endpoint
+}
+
+type OIDCClaims struct {
+	Email         string
+	Groups        []string
+	Name          string
+	Subject       string
+	Issuer        string
+	EmailVerified *bool
+}
+
+func NewOIDCProvider(service *services.UserService, config *config.OIDCConf, options *config.Options, cookieSecure bool) (*OIDCProvider, error) {
+	if !config.Enabled {
+		return nil, fmt.Errorf("OIDC is not enabled")
+	}
+
+	// Validate required configuration
+	if config.ClientID == "" {
+		return nil, fmt.Errorf("OIDC client ID is required when OIDC is enabled (set HBOX_OIDC_CLIENT_ID)")
+	}
+	if config.ClientSecret == "" {
+		return nil, fmt.Errorf("OIDC client secret is required when OIDC is enabled (set HBOX_OIDC_CLIENT_SECRET)")
+	}
+	if config.IssuerURL == "" {
+		return nil, fmt.Errorf("OIDC issuer URL is required when OIDC is enabled (set HBOX_OIDC_ISSUER_URL)")
+	}
+
+	ctx, cancel := context.WithTimeout(context.Background(), config.RequestTimeout)
+	defer cancel()
+
+	provider, err := oidc.NewProvider(ctx, config.IssuerURL)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create OIDC provider from issuer URL: %w", err)
+	}
+
+	// Create ID token verifier
+	verifier := provider.Verifier(&oidc.Config{
+		ClientID: config.ClientID,
+	})
+
+	log.Info().
+		Str("issuer", config.IssuerURL).
+		Str("client_id", config.ClientID).
+		Str("scope", config.Scope).
+		Msg("OIDC provider initialized successfully with discovery")
+
+	return &OIDCProvider{
+		service:      service,
+		config:       config,
+		options:      options,
+		cookieSecure: cookieSecure,
+		provider:     provider,
+		verifier:     verifier,
+		endpoint:     provider.Endpoint(),
+	}, nil
+}
+
+func (p *OIDCProvider) Name() string {
+	return "oidc"
+}
+
+// Authenticate implements the AuthProvider interface but is not used for OIDC
+// OIDC uses dedicated endpoints: GET /api/v1/users/login/oidc and GET /api/v1/users/login/oidc/callback
+func (p *OIDCProvider) Authenticate(w http.ResponseWriter, r *http.Request) (services.UserAuthTokenDetail, error) {
+	_ = w
+	_ = r
+	return services.UserAuthTokenDetail{}, fmt.Errorf("OIDC authentication uses dedicated endpoints: /api/v1/users/login/oidc")
+}
+
+// AuthenticateWithBaseURL is the main authentication method that requires baseURL
+// Called from handleCallback after state, nonce, and PKCE verification
+func (p *OIDCProvider) AuthenticateWithBaseURL(baseURL, expectedNonce, pkceVerifier string, _ http.ResponseWriter, r *http.Request) (services.UserAuthTokenDetail, error) {
+	code := r.URL.Query().Get("code")
+	if code == "" {
+		return services.UserAuthTokenDetail{}, fmt.Errorf("missing authorization code")
+	}
+
+	// Get OAuth2 config for this request
+	oauth2Config := p.getOAuth2Config(baseURL)
+
+	// Exchange code for token with timeout and PKCE verifier
+	ctx, cancel := context.WithTimeout(r.Context(), p.config.RequestTimeout)
+	defer cancel()
+
+	token, err := oauth2Config.Exchange(ctx, code, oauth2.SetAuthURLParam("code_verifier", pkceVerifier))
+	if err != nil {
+		log.Err(err).Msg("failed to exchange OIDC code for token")
+		return services.UserAuthTokenDetail{}, fmt.Errorf("failed to exchange code for token")
+	}
+
+	// Extract ID token
+	idToken, ok := token.Extra("id_token").(string)
+	if !ok {
+		return services.UserAuthTokenDetail{}, fmt.Errorf("no id_token in response")
+	}
+
+	// Parse and validate the ID token using the library's verifier with timeout
+	verifyCtx, verifyCancel := context.WithTimeout(r.Context(), p.config.RequestTimeout)
+	defer verifyCancel()
+
+	idTokenStruct, err := p.verifier.Verify(verifyCtx, idToken)
+	if err != nil {
+		log.Err(err).Msg("failed to verify ID token")
+		return services.UserAuthTokenDetail{}, fmt.Errorf("failed to verify ID token")
+	}
+
+	// Extract claims from the verified token using dynamic parsing
+	var rawClaims map[string]interface{}
+	if err := idTokenStruct.Claims(&rawClaims); err != nil {
+		log.Err(err).Msg("failed to extract claims from ID token")
+		return services.UserAuthTokenDetail{}, fmt.Errorf("failed to extract claims from ID token")
+	}
+
+	// Attempt to retrieve UserInfo claims; use them as primary, fallback to ID token claims.
+	finalClaims := rawClaims
+	userInfoCtx, uiCancel := context.WithTimeout(r.Context(), p.config.RequestTimeout)
+	defer uiCancel()
+
+	userInfo, uiErr := p.provider.UserInfo(userInfoCtx, oauth2.StaticTokenSource(token))
+	if uiErr != nil {
+		log.Debug().Err(uiErr).Msg("OIDC UserInfo fetch failed; falling back to ID token claims")
+	} else {
+		var uiClaims map[string]interface{}
+		if err := userInfo.Claims(&uiClaims); err != nil {
+			log.Debug().Err(err).Msg("failed to decode UserInfo claims; falling back to ID token claims")
+		} else {
+			finalClaims = mergeOIDCClaims(uiClaims, rawClaims) // UserInfo first, then fill gaps from ID token
+			log.Debug().Int("userinfo_claims", len(uiClaims)).Int("id_token_claims", len(rawClaims)).Int("merged_claims", len(finalClaims)).Msg("merged UserInfo and ID token claims")
+		}
+	}
+
+	// Parse claims using configurable claim names (after merge)
+	claims, err := p.parseOIDCClaims(finalClaims)
+	if err != nil {
+		log.Err(err).Msg("failed to parse OIDC claims")
+		return services.UserAuthTokenDetail{}, fmt.Errorf("failed to parse OIDC claims: %w", err)
+	}
+
+	// Verify nonce claim matches expected value (nonce only from ID token; ensure preserved in merged map)
+	tokenNonce, exists := finalClaims["nonce"]
+	if !exists {
+		log.Warn().Msg("nonce claim missing from ID token - possible replay attack")
+		return services.UserAuthTokenDetail{}, fmt.Errorf("nonce claim missing from token")
+	}
+
+	tokenNonceStr, ok := tokenNonce.(string)
+	if !ok {
+		log.Warn().Msg("nonce claim is not a string in ID token")
+		return services.UserAuthTokenDetail{}, fmt.Errorf("invalid nonce claim format")
+	}
+
+	if tokenNonceStr != expectedNonce {
+		log.Warn().Str("received", tokenNonceStr).Str("expected", expectedNonce).Msg("OIDC nonce mismatch - possible replay attack")
+		return services.UserAuthTokenDetail{}, fmt.Errorf("nonce parameter mismatch")
+	}
+
+	// Check if email is verified
+	if p.config.VerifyEmail {
+		if claims.EmailVerified == nil {
+			return services.UserAuthTokenDetail{}, fmt.Errorf("email verification status not found in token claims")
+		}
+
+		if !*claims.EmailVerified {
+			return services.UserAuthTokenDetail{}, fmt.Errorf("email not verified")
+		}
+	}
+
+	// Check group authorization if configured
+	if p.config.AllowedGroups != "" {
+		allowedGroups := strings.Split(p.config.AllowedGroups, ",")
+		if !p.hasAllowedGroup(claims.Groups, allowedGroups) {
+			log.Warn().
+				Strs("user_groups", claims.Groups).
+				Strs("allowed_groups", allowedGroups).
+				Str("user", claims.Email).
+				Msg("user not in allowed groups")
+			return services.UserAuthTokenDetail{}, fmt.Errorf("user not in allowed groups")
+		}
+	}
+
+	// Determine username from claims
+	email := claims.Email
+	if email == "" {
+		return services.UserAuthTokenDetail{}, fmt.Errorf("no email found in token claims")
+	}
+	if claims.Subject == "" {
+		return services.UserAuthTokenDetail{}, fmt.Errorf("no subject (sub) claim present")
+	}
+	if claims.Issuer == "" {
+		claims.Issuer = p.config.IssuerURL // fallback to configured issuer, though spec requires 'iss'
+	}
+
+	// Use the dedicated OIDC login method (issuer + subject identity)
+	sessionToken, err := p.service.LoginOIDC(r.Context(), claims.Issuer, claims.Subject, email, claims.Name)
+	if err != nil {
+		log.Err(err).Str("email", email).Str("issuer", claims.Issuer).Str("subject", claims.Subject).Msg("OIDC login failed")
+		return services.UserAuthTokenDetail{}, fmt.Errorf("OIDC login failed: %w", err)
+	}
+
+	return sessionToken, nil
+}
+
+func (p *OIDCProvider) parseOIDCClaims(rawClaims map[string]interface{}) (OIDCClaims, error) {
+	var claims OIDCClaims
+
+	// Parse email claim
+	key := p.config.EmailClaim
+	if key == "" {
+		key = "email"
+	}
+	if emailValue, exists := rawClaims[key]; exists {
+		if email, ok := emailValue.(string); ok {
+			claims.Email = email
+		}
+	}
+
+	// Parse email_verified claim
+	if p.config.VerifyEmail {
+		key = p.config.EmailVerifiedClaim
+		if key == "" {
+			key = "email_verified"
+		}
+		if emailVerifiedValue, exists := rawClaims[key]; exists {
+			switch v := emailVerifiedValue.(type) {
+			case bool:
+				claims.EmailVerified = &v
+			case string:
+				if b, err := strconv.ParseBool(v); err == nil {
+					claims.EmailVerified = &b
+				}
+			}
+		}
+	}
+
+	// Parse name claim
+	key = p.config.NameClaim
+	if key == "" {
+		key = "name"
+	}
+	if nameValue, exists := rawClaims[key]; exists {
+		if name, ok := nameValue.(string); ok {
+			claims.Name = name
+		}
+	}
+
+	// Parse groups claim
+	key = p.config.GroupClaim
+	if key == "" {
+		key = "groups"
+	}
+	if groupsValue, exists := rawClaims[key]; exists {
+		switch groups := groupsValue.(type) {
+		case []interface{}:
+			for _, group := range groups {
+				if groupStr, ok := group.(string); ok {
+					claims.Groups = append(claims.Groups, groupStr)
+				}
+			}
+		case []string:
+			claims.Groups = groups
+		case string:
+			// Single group as string
+			claims.Groups = []string{groups}
+		}
+	}
+
+	// Parse subject claim (always "sub")
+	if subValue, exists := rawClaims["sub"]; exists {
+		if subject, ok := subValue.(string); ok {
+			claims.Subject = subject
+		}
+	}
+	// Parse issuer claim ("iss")
+	if issValue, exists := rawClaims["iss"]; exists {
+		if iss, ok := issValue.(string); ok {
+			claims.Issuer = iss
+		}
+	}
+
+	return claims, nil
+}
+
+func (p *OIDCProvider) hasAllowedGroup(userGroups, allowedGroups []string) bool {
+	if len(allowedGroups) == 0 {
+		return true
+	}
+
+	allowedGroupsMap := make(map[string]bool)
+	for _, group := range allowedGroups {
+		allowedGroupsMap[strings.TrimSpace(group)] = true
+	}
+
+	for _, userGroup := range userGroups {
+		if allowedGroupsMap[userGroup] {
+			return true
+		}
+	}
+
+	return false
+}
+
+func (p *OIDCProvider) GetAuthURL(baseURL, state, nonce, pkceVerifier string) string {
+	oauth2Config := p.getOAuth2Config(baseURL)
+	pkceChallenge := generatePKCEChallenge(pkceVerifier)
+	return oauth2Config.AuthCodeURL(state,
+		oidc.Nonce(nonce),
+		oauth2.SetAuthURLParam("code_challenge", pkceChallenge),
+		oauth2.SetAuthURLParam("code_challenge_method", "S256"))
+}
+
+func (p *OIDCProvider) getOAuth2Config(baseURL string) oauth2.Config {
+	// Construct full redirect URL with dedicated callback endpoint
+	redirectURL, err := url.JoinPath(baseURL, "/api/v1/users/login/oidc/callback")
+	if err != nil {
+		log.Err(err).Msg("failed to construct redirect URL")
+		return oauth2.Config{}
+	}
+
+	return oauth2.Config{
+		ClientID:     p.config.ClientID,
+		ClientSecret: p.config.ClientSecret,
+		RedirectURL:  redirectURL,
+		Endpoint:     p.endpoint,
+		Scopes:       strings.Fields(p.config.Scope),
+	}
+}
+
+// initiateOIDCFlow handles the initial OIDC authentication request by redirecting to the provider
+func (p *OIDCProvider) initiateOIDCFlow(w http.ResponseWriter, r *http.Request) (services.UserAuthTokenDetail, error) {
+	// Generate state parameter for CSRF protection
+	state, err := generateSecureToken()
+	if err != nil {
+		log.Err(err).Msg("failed to generate OIDC state parameter")
+		return services.UserAuthTokenDetail{}, fmt.Errorf("internal server error")
+	}
+
+	// Generate nonce parameter for replay attack protection
+	nonce, err := generateSecureToken()
+	if err != nil {
+		log.Err(err).Msg("failed to generate OIDC nonce parameter")
+		return services.UserAuthTokenDetail{}, fmt.Errorf("internal server error")
+	}
+
+	// Generate PKCE verifier for code interception protection
+	pkceVerifier, err := generatePKCEVerifier()
+	if err != nil {
+		log.Err(err).Msg("failed to generate OIDC PKCE verifier")
+		return services.UserAuthTokenDetail{}, fmt.Errorf("internal server error")
+	}
+
+	// Get base URL from request
+	baseURL := p.getBaseURL(r)
+	u, _ := url.Parse(baseURL)
+	domain := u.Hostname()
+	if domain == "" {
+		domain = noPort(r.Host)
+	}
+
+	// Store state in session cookie for validation
+	http.SetCookie(w, &http.Cookie{
+		Name:     "oidc_state",
+		Value:    state,
+		Expires:  time.Now().Add(p.config.StateExpiry),
+		Domain:   domain,
+		Secure:   p.isSecure(r),
+		HttpOnly: true,
+		Path:     "/",
+		SameSite: http.SameSiteLaxMode,
+	})
+
+	// Store nonce in session cookie for validation
+	http.SetCookie(w, &http.Cookie{
+		Name:     "oidc_nonce",
+		Value:    nonce,
+		Expires:  time.Now().Add(p.config.StateExpiry),
+		Domain:   domain,
+		Secure:   p.isSecure(r),
+		HttpOnly: true,
+		Path:     "/",
+		SameSite: http.SameSiteLaxMode,
+	})
+
+	// Store PKCE verifier in session cookie for token exchange
+	http.SetCookie(w, &http.Cookie{
+		Name:     "oidc_pkce_verifier",
+		Value:    pkceVerifier,
+		Expires:  time.Now().Add(p.config.StateExpiry),
+		Domain:   domain,
+		Secure:   p.isSecure(r),
+		HttpOnly: true,
+		Path:     "/",
+		SameSite: http.SameSiteLaxMode,
+	})
+
+	// Generate auth URL and redirect
+	authURL := p.GetAuthURL(baseURL, state, nonce, pkceVerifier)
+	http.Redirect(w, r, authURL, http.StatusFound)
+
+	// Return empty token since this is a redirect response
+	return services.UserAuthTokenDetail{}, nil
+}
+
+// handleCallback processes the OAuth2 callback from the OIDC provider
+func (p *OIDCProvider) handleCallback(w http.ResponseWriter, r *http.Request) (services.UserAuthTokenDetail, error) {
+	// Helper to clear state cookie using computed domain
+	baseURL := p.getBaseURL(r)
+	u, _ := url.Parse(baseURL)
+	domain := u.Hostname()
+	if domain == "" {
+		domain = noPort(r.Host)
+	}
+	clearCookies := func() {
+		http.SetCookie(w, &http.Cookie{
+			Name:     "oidc_state",
+			Value:    "",
+			Expires:  time.Unix(0, 0),
+			Domain:   domain,
+			MaxAge:   -1,
+			Secure:   p.isSecure(r),
+			HttpOnly: true,
+			Path:     "/",
+			SameSite: http.SameSiteLaxMode,
+		})
+		http.SetCookie(w, &http.Cookie{
+			Name:     "oidc_nonce",
+			Value:    "",
+			Expires:  time.Unix(0, 0),
+			Domain:   domain,
+			MaxAge:   -1,
+			Secure:   p.isSecure(r),
+			HttpOnly: true,
+			Path:     "/",
+			SameSite: http.SameSiteLaxMode,
+		})
+		http.SetCookie(w, &http.Cookie{
+			Name:     "oidc_pkce_verifier",
+			Value:    "",
+			Expires:  time.Unix(0, 0),
+			Domain:   domain,
+			MaxAge:   -1,
+			Secure:   p.isSecure(r),
+			HttpOnly: true,
+			Path:     "/",
+			SameSite: http.SameSiteLaxMode,
+		})
+	}
+
+	// Check for OAuth error responses first
+	if errCode := r.URL.Query().Get("error"); errCode != "" {
+		errDesc := r.URL.Query().Get("error_description")
+		log.Warn().Str("error", errCode).Str("description", errDesc).Msg("OIDC provider returned error")
+		clearCookies()
+		return services.UserAuthTokenDetail{}, fmt.Errorf("OIDC provider error: %s - %s", errCode, errDesc)
+	}
+
+	// Verify state parameter
+	stateCookie, err := r.Cookie("oidc_state")
+	if err != nil {
+		log.Warn().Err(err).Msg("OIDC state cookie not found - possible CSRF attack or expired session")
+		clearCookies()
+		return services.UserAuthTokenDetail{}, fmt.Errorf("state cookie not found")
+	}
+
+	stateParam := r.URL.Query().Get("state")
+	if stateParam == "" {
+		log.Warn().Msg("OIDC state parameter missing from callback")
+		clearCookies()
+		return services.UserAuthTokenDetail{}, fmt.Errorf("state parameter missing")
+	}
+
+	if stateParam != stateCookie.Value {
+		log.Warn().Str("received", stateParam).Str("expected", stateCookie.Value).Msg("OIDC state mismatch - possible CSRF attack")
+		clearCookies()
+		return services.UserAuthTokenDetail{}, fmt.Errorf("state parameter mismatch")
+	}
+
+	// Verify nonce parameter
+	nonceCookie, err := r.Cookie("oidc_nonce")
+	if err != nil {
+		log.Warn().Err(err).Msg("OIDC nonce cookie not found - possible replay attack or expired session")
+		clearCookies()
+		return services.UserAuthTokenDetail{}, fmt.Errorf("nonce cookie not found")
+	}
+
+	// Verify PKCE verifier parameter
+	pkceCookie, err := r.Cookie("oidc_pkce_verifier")
+	if err != nil {
+		log.Warn().Err(err).Msg("OIDC PKCE verifier cookie not found - possible code interception attack or expired session")
+		clearCookies()
+		return services.UserAuthTokenDetail{}, fmt.Errorf("PKCE verifier cookie not found")
+	}
+
+	// Clear cookies before proceeding to token verification
+	clearCookies()
+
+	// Use the existing callback logic but return the token instead of redirecting
+	return p.AuthenticateWithBaseURL(baseURL, nonceCookie.Value, pkceCookie.Value, w, r)
+}
+
+// Helper functions
+func generateSecureToken() (string, error) {
+	// Generate 32 bytes of cryptographically secure random data
+	bytes := make([]byte, 32)
+	_, err := rand.Read(bytes)
+	if err != nil {
+		return "", fmt.Errorf("failed to generate secure random token: %w", err)
+	}
+	// Use URL-safe base64 encoding without padding for clean URLs
+	return base64.RawURLEncoding.EncodeToString(bytes), nil
+}
+
+// generatePKCEVerifier generates a cryptographically secure code verifier for PKCE
+func generatePKCEVerifier() (string, error) {
+	// PKCE verifier must be 43-128 characters, we'll use 43 for efficiency
+	// 32 bytes = 43 characters when base64url encoded without padding
+	bytes := make([]byte, 32)
+	_, err := rand.Read(bytes)
+	if err != nil {
+		return "", fmt.Errorf("failed to generate PKCE verifier: %w", err)
+	}
+	return base64.RawURLEncoding.EncodeToString(bytes), nil
+}
+
+// generatePKCEChallenge generates a code challenge from a verifier using S256 method
+func generatePKCEChallenge(verifier string) string {
+	hash := sha256.Sum256([]byte(verifier))
+	return base64.RawURLEncoding.EncodeToString(hash[:])
+}
+
+func noPort(host string) string {
+	return strings.Split(host, ":")[0]
+}
+
+func (p *OIDCProvider) getBaseURL(r *http.Request) string {
+	scheme := "http"
+	if r.TLS != nil {
+		scheme = "https"
+	} else if p.options.TrustProxy && r.Header.Get("X-Forwarded-Proto") == "https" {
+		scheme = "https"
+	}
+
+	host := r.Host
+	if p.options.Hostname != "" {
+		host = p.options.Hostname
+	} else if p.options.TrustProxy {
+		if xfHost := r.Header.Get("X-Forwarded-Host"); xfHost != "" {
+			host = xfHost
+		}
+	}
+
+	return scheme + "://" + host
+}
+
+func (p *OIDCProvider) isSecure(r *http.Request) bool {
+	_ = r
+	return p.cookieSecure
+}
+
+// InitiateOIDCFlow starts the OIDC authentication flow by redirecting to the provider
+func (p *OIDCProvider) InitiateOIDCFlow(w http.ResponseWriter, r *http.Request) (services.UserAuthTokenDetail, error) {
+	return p.initiateOIDCFlow(w, r)
+}
+
+// HandleCallback processes the OIDC callback and returns the authenticated user token
+func (p *OIDCProvider) HandleCallback(w http.ResponseWriter, r *http.Request) (services.UserAuthTokenDetail, error) {
+	return p.handleCallback(w, r)
+}
+
+func mergeOIDCClaims(primary, secondary map[string]interface{}) map[string]interface{} {
+	// primary has precedence; fill missing/empty values from secondary.
+	merged := make(map[string]interface{}, len(primary)+len(secondary))
+	for k, v := range primary {
+		merged[k] = v
+	}
+	for k, v := range secondary {
+		if existing, ok := merged[k]; !ok || isEmptyClaim(existing) {
+			merged[k] = v
+		}
+	}
+	return merged
+}
+
+func isEmptyClaim(v interface{}) bool {
+	if v == nil {
+		return true
+	}
+	switch val := v.(type) {
+	case string:
+		return val == ""
+	case []interface{}:
+		return len(val) == 0
+	case []string:
+		return len(val) == 0
+	default:
+		return false
+	}
+}

backend/app/api/routes.go

@@ -75,6 +75,11 @@ func (a *app) mountRoutes(r *chi.Mux, chain *errchain.ErrChain, repos *repo.AllR
 		r.Post("/users/register", chain.ToHandlerFunc(v1Ctrl.HandleUserRegistration()))
 		r.Post("/users/login", chain.ToHandlerFunc(v1Ctrl.HandleAuthLogin(providers...)))
 
+		if a.conf.OIDC.Enabled {
+			r.Get("/users/login/oidc", chain.ToHandlerFunc(v1Ctrl.HandleOIDCLogin()))
+			r.Get("/users/login/oidc/callback", chain.ToHandlerFunc(v1Ctrl.HandleOIDCCallback()))
+		}
+
 		userMW := []errchain.Middleware{
 			a.mwAuthToken,
 			a.mwRoles(RoleModeOr, authroles.RoleUser.String()),
@@ -103,6 +108,7 @@ func (a *app) mountRoutes(r *chi.Mux, chain *errchain.ErrChain, repos *repo.AllR
 		r.Post("/actions/ensure-import-refs", chain.ToHandlerFunc(v1Ctrl.HandleEnsureImportRefs(), userMW...))
 		r.Post("/actions/set-primary-photos", chain.ToHandlerFunc(v1Ctrl.HandleSetPrimaryPhotos(), userMW...))
 		r.Post("/actions/create-missing-thumbnails", chain.ToHandlerFunc(v1Ctrl.HandleCreateMissingThumbnails(), userMW...))
+		r.Post("/actions/wipe-inventory", chain.ToHandlerFunc(v1Ctrl.HandleWipeInventory(), userMW...))
 
 		r.Get("/locations", chain.ToHandlerFunc(v1Ctrl.HandleLocationGetAll(), userMW...))
 		r.Post("/locations", chain.ToHandlerFunc(v1Ctrl.HandleLocationCreate(), userMW...))
@@ -140,6 +146,14 @@ func (a *app) mountRoutes(r *chi.Mux, chain *errchain.ErrChain, repos *repo.AllR
 
 		r.Get("/assets/{id}", chain.ToHandlerFunc(v1Ctrl.HandleAssetGet(), userMW...))
 
+		// Item Templates
+		r.Get("/templates", chain.ToHandlerFunc(v1Ctrl.HandleItemTemplatesGetAll(), userMW...))
+		r.Post("/templates", chain.ToHandlerFunc(v1Ctrl.HandleItemTemplatesCreate(), userMW...))
+		r.Get("/templates/{id}", chain.ToHandlerFunc(v1Ctrl.HandleItemTemplatesGet(), userMW...))
+		r.Put("/templates/{id}", chain.ToHandlerFunc(v1Ctrl.HandleItemTemplatesUpdate(), userMW...))
+		r.Delete("/templates/{id}", chain.ToHandlerFunc(v1Ctrl.HandleItemTemplatesDelete(), userMW...))
+		r.Post("/templates/{id}/create-item", chain.ToHandlerFunc(v1Ctrl.HandleItemTemplatesCreateItem(), userMW...))
+
 		// Maintenance
 		r.Get("/maintenance", chain.ToHandlerFunc(v1Ctrl.HandleMaintenanceGetAll(), userMW...))
 		r.Put("/maintenance/{id}", chain.ToHandlerFunc(v1Ctrl.HandleMaintenanceEntryUpdate(), userMW...))

backend/app/api/setup.go

@@ -41,7 +41,7 @@ func setupStorageDir(cfg *config.Config) error {
 func setupDatabaseURL(cfg *config.Config) (string, error) {
 	databaseURL := ""
 	switch strings.ToLower(cfg.Database.Driver) {
-	case "sqlite3":
+	case config.DriverSqlite3:
 		databaseURL = cfg.Database.SqlitePath
 		dbFilePath := strings.Split(cfg.Database.SqlitePath, "?")[0]
 		dbDir := filepath.Dir(dbFilePath)
@@ -49,7 +49,7 @@ func setupDatabaseURL(cfg *config.Config) (string, error) {
 			log.Error().Err(err).Str("path", dbDir).Msg("failed to create SQLite database directory")
 			return "", fmt.Errorf("failed to create SQLite database directory: %w", err)
 		}
-	case "postgres":
+	case config.DriverPostgres:
 		databaseURL = fmt.Sprintf("host=%s port=%s dbname=%s sslmode=%s", cfg.Database.Host, cfg.Database.Port, cfg.Database.Database, cfg.Database.SslMode)
 		if cfg.Database.Username != "" {
 			databaseURL += fmt.Sprintf(" user=%s", cfg.Database.Username)

backend/app/api/static/docs/docs.go

@@ -118,6 +118,41 @@ const docTemplate = `{
                 }
             }
         },
+        "/v1/actions/wipe-inventory": {
+            "post": {
+                "security": [
+                    {
+                        "Bearer": []
+                    }
+                ],
+                "description": "Deletes all items in the inventory",
+                "produces": [
+                    "application/json"
+                ],
+                "tags": [
+                    "Actions"
+                ],
+                "summary": "Wipe Inventory",
+                "parameters": [
+                    {
+                        "description": "Wipe options",
+                        "name": "options",
+                        "in": "body",
+                        "schema": {
+                            "$ref": "#/definitions/v1.WipeInventoryOptions"
+                        }
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "$ref": "#/definitions/v1.ActionAmountResult"
+                        }
+                    }
+                }
+            }
+        },
         "/v1/actions/zero-item-time-fields": {
             "post": {
                 "security": [
@@ -1963,6 +1998,209 @@ const docTemplate = `{
                 }
             }
         },
+        "/v1/templates": {
+            "get": {
+                "security": [
+                    {
+                        "Bearer": []
+                    }
+                ],
+                "produces": [
+                    "application/json"
+                ],
+                "tags": [
+                    "Item Templates"
+                ],
+                "summary": "Get All Item Templates",
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "type": "array",
+                            "items": {
+                                "$ref": "#/definitions/repo.ItemTemplateSummary"
+                            }
+                        }
+                    }
+                }
+            },
+            "post": {
+                "security": [
+                    {
+                        "Bearer": []
+                    }
+                ],
+                "produces": [
+                    "application/json"
+                ],
+                "tags": [
+                    "Item Templates"
+                ],
+                "summary": "Create Item Template",
+                "parameters": [
+                    {
+                        "description": "Template Data",
+                        "name": "payload",
+                        "in": "body",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/repo.ItemTemplateCreate"
+                        }
+                    }
+                ],
+                "responses": {
+                    "201": {
+                        "description": "Created",
+                        "schema": {
+                            "$ref": "#/definitions/repo.ItemTemplateOut"
+                        }
+                    }
+                }
+            }
+        },
+        "/v1/templates/{id}": {
+            "get": {
+                "security": [
+                    {
+                        "Bearer": []
+                    }
+                ],
+                "produces": [
+                    "application/json"
+                ],
+                "tags": [
+                    "Item Templates"
+                ],
+                "summary": "Get Item Template",
+                "parameters": [
+                    {
+                        "type": "string",
+                        "description": "Template ID",
+                        "name": "id",
+                        "in": "path",
+                        "required": true
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "$ref": "#/definitions/repo.ItemTemplateOut"
+                        }
+                    }
+                }
+            },
+            "put": {
+                "security": [
+                    {
+                        "Bearer": []
+                    }
+                ],
+                "produces": [
+                    "application/json"
+                ],
+                "tags": [
+                    "Item Templates"
+                ],
+                "summary": "Update Item Template",
+                "parameters": [
+                    {
+                        "type": "string",
+                        "description": "Template ID",
+                        "name": "id",
+                        "in": "path",
+                        "required": true
+                    },
+                    {
+                        "description": "Template Data",
+                        "name": "payload",
+                        "in": "body",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/repo.ItemTemplateUpdate"
+                        }
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "$ref": "#/definitions/repo.ItemTemplateOut"
+                        }
+                    }
+                }
+            },
+            "delete": {
+                "security": [
+                    {
+                        "Bearer": []
+                    }
+                ],
+                "produces": [
+                    "application/json"
+                ],
+                "tags": [
+                    "Item Templates"
+                ],
+                "summary": "Delete Item Template",
+                "parameters": [
+                    {
+                        "type": "string",
+                        "description": "Template ID",
+                        "name": "id",
+                        "in": "path",
+                        "required": true
+                    }
+                ],
+                "responses": {
+                    "204": {
+                        "description": "No Content"
+                    }
+                }
+            }
+        },
+        "/v1/templates/{id}/create-item": {
+            "post": {
+                "security": [
+                    {
+                        "Bearer": []
+                    }
+                ],
+                "produces": [
+                    "application/json"
+                ],
+                "tags": [
+                    "Item Templates"
+                ],
+                "summary": "Create Item from Template",
+                "parameters": [
+                    {
+                        "type": "string",
+                        "description": "Template ID",
+                        "name": "id",
+                        "in": "path",
+                        "required": true
+                    },
+                    {
+                        "description": "Item Data",
+                        "name": "payload",
+                        "in": "body",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/v1.ItemTemplateCreateItemRequest"
+                        }
+                    }
+                ],
+                "responses": {
+                    "201": {
+                        "description": "Created",
+                        "schema": {
+                            "$ref": "#/definitions/repo.ItemOut"
+                        }
+                    }
+                }
+            }
+        },
         "/v1/users/change-password": {
             "put": {
                 "security": [
@@ -2032,6 +2270,51 @@ const docTemplate = `{
                 }
             }
         },
+        "/v1/users/login/oidc": {
+            "get": {
+                "produces": [
+                    "application/json"
+                ],
+                "tags": [
+                    "Authentication"
+                ],
+                "summary": "OIDC Login Initiation",
+                "responses": {
+                    "302": {
+                        "description": "Found"
+                    }
+                }
+            }
+        },
+        "/v1/users/login/oidc/callback": {
+            "get": {
+                "tags": [
+                    "Authentication"
+                ],
+                "summary": "OIDC Callback Handler",
+                "parameters": [
+                    {
+                        "type": "string",
+                        "description": "Authorization code",
+                        "name": "code",
+                        "in": "query",
+                        "required": true
+                    },
+                    {
+                        "type": "string",
+                        "description": "State parameter",
+                        "name": "state",
+                        "in": "query",
+                        "required": true
+                    }
+                ],
+                "responses": {
+                    "302": {
+                        "description": "Found"
+                    }
+                }
+            }
+        },
         "/v1/users/logout": {
             "post": {
                 "security": [
@@ -2092,6 +2375,12 @@ const docTemplate = `{
                 "responses": {
                     "204": {
                         "description": "No Content"
+                    },
+                    "403": {
+                        "description": "Local login is not enabled",
+                        "schema": {
+                            "type": "string"
+                        }
                     }
                 }
             }
@@ -2240,6 +2529,9 @@ const docTemplate = `{
                 "code": {
                     "type": "string"
                 },
+                "decimals": {
+                    "type": "integer"
+                },
                 "local": {
                     "type": "string"
                 },
@@ -2459,6 +2751,13 @@ const docTemplate = `{
                         "$ref": "#/definitions/ent.GroupInvitationToken"
                     }
                 },
+                "item_templates": {
+                    "description": "ItemTemplates holds the value of the item_templates edge.",
+                    "type": "array",
+                    "items": {
+                        "$ref": "#/definitions/ent.ItemTemplate"
+                    }
+                },
                 "items": {
                     "description": "Items holds the value of the items edge.",
                     "type": "array",
@@ -2796,6 +3095,122 @@ const docTemplate = `{
                 }
             }
         },
+        "ent.ItemTemplate": {
+            "type": "object",
+            "properties": {
+                "created_at": {
+                    "description": "CreatedAt holds the value of the \"created_at\" field.",
+                    "type": "string"
+                },
+                "default_description": {
+                    "description": "Default description for items created from this template",
+                    "type": "string"
+                },
+                "default_insured": {
+                    "description": "DefaultInsured holds the value of the \"default_insured\" field.",
+                    "type": "boolean"
+                },
+                "default_label_ids": {
+                    "description": "Default label IDs for items created from this template",
+                    "type": "array",
+                    "items": {
+                        "type": "string"
+                    }
+                },
+                "default_lifetime_warranty": {
+                    "description": "DefaultLifetimeWarranty holds the value of the \"default_lifetime_warranty\" field.",
+                    "type": "boolean"
+                },
+                "default_manufacturer": {
+                    "description": "DefaultManufacturer holds the value of the \"default_manufacturer\" field.",
+                    "type": "string"
+                },
+                "default_model_number": {
+                    "description": "Default model number for items created from this template",
+                    "type": "string"
+                },
+                "default_name": {
+                    "description": "Default name template for items (can use placeholders)",
+                    "type": "string"
+                },
+                "default_quantity": {
+                    "description": "DefaultQuantity holds the value of the \"default_quantity\" field.",
+                    "type": "integer"
+                },
+                "default_warranty_details": {
+                    "description": "DefaultWarrantyDetails holds the value of the \"default_warranty_details\" field.",
+                    "type": "string"
+                },
+                "description": {
+                    "description": "Description holds the value of the \"description\" field.",
+                    "type": "string"
+                },
+                "edges": {
+                    "description": "Edges holds the relations/edges for other nodes in the graph.\nThe values are being populated by the ItemTemplateQuery when eager-loading is set.",
+                    "allOf": [
+                        {
+                            "$ref": "#/definitions/ent.ItemTemplateEdges"
+                        }
+                    ]
+                },
+                "id": {
+                    "description": "ID of the ent.",
+                    "type": "string"
+                },
+                "include_purchase_fields": {
+                    "description": "Whether to include purchase fields in items created from this template",
+                    "type": "boolean"
+                },
+                "include_sold_fields": {
+                    "description": "Whether to include sold fields in items created from this template",
+                    "type": "boolean"
+                },
+                "include_warranty_fields": {
+                    "description": "Whether to include warranty fields in items created from this template",
+                    "type": "boolean"
+                },
+                "name": {
+                    "description": "Name holds the value of the \"name\" field.",
+                    "type": "string"
+                },
+                "notes": {
+                    "description": "Notes holds the value of the \"notes\" field.",
+                    "type": "string"
+                },
+                "updated_at": {
+                    "description": "UpdatedAt holds the value of the \"updated_at\" field.",
+                    "type": "string"
+                }
+            }
+        },
+        "ent.ItemTemplateEdges": {
+            "type": "object",
+            "properties": {
+                "fields": {
+                    "description": "Fields holds the value of the fields edge.",
+                    "type": "array",
+                    "items": {
+                        "$ref": "#/definitions/ent.TemplateField"
+                    }
+                },
+                "group": {
+                    "description": "Group holds the value of the group edge.",
+                    "allOf": [
+                        {
+                            "$ref": "#/definitions/ent.Group"
+                        }
+                    ]
+                },
+                "location": {
+                    "description": "Location holds the value of the location edge.",
+                    "allOf": [
+                        {
+                            "$ref": "#/definitions/ent.Location"
+                        }
+                    ]
+                }
+            }
+        },
         "ent.Label": {
             "type": "object",
             "properties": {
@@ -3045,6 +3460,64 @@ const docTemplate = `{
                 }
             }
         },
+        "ent.TemplateField": {
+            "type": "object",
+            "properties": {
+                "created_at": {
+                    "description": "CreatedAt holds the value of the \"created_at\" field.",
+                    "type": "string"
+                },
+                "description": {
+                    "description": "Description holds the value of the \"description\" field.",
+                    "type": "string"
+                },
+                "edges": {
+                    "description": "Edges holds the relations/edges for other nodes in the graph.\nThe values are being populated by the TemplateFieldQuery when eager-loading is set.",
+                    "allOf": [
+                        {
+                            "$ref": "#/definitions/ent.TemplateFieldEdges"
+                        }
+                    ]
+                },
+                "id": {
+                    "description": "ID of the ent.",
+                    "type": "string"
+                },
+                "name": {
+                    "description": "Name holds the value of the \"name\" field.",
+                    "type": "string"
+                },
+                "text_value": {
+                    "description": "TextValue holds the value of the \"text_value\" field.",
+                    "type": "string"
+                },
+                "type": {
+                    "description": "Type holds the value of the \"type\" field.",
+                    "allOf": [
+                        {
+                            "$ref": "#/definitions/templatefield.Type"
+                        }
+                    ]
+                },
+                "updated_at": {
+                    "description": "UpdatedAt holds the value of the \"updated_at\" field.",
+                    "type": "string"
+                }
+            }
+        },
+        "ent.TemplateFieldEdges": {
+            "type": "object",
+            "properties": {
+                "item_template": {
+                    "description": "ItemTemplate holds the value of the item_template edge.",
+                    "allOf": [
+                        {
+                            "$ref": "#/definitions/ent.ItemTemplate"
+                        }
+                    ]
+                }
+            }
+        },
         "ent.User": {
             "type": "object",
             "properties": {
@@ -3080,6 +3553,14 @@ const docTemplate = `{
                     "description": "Name holds the value of the \"name\" field.",
                     "type": "string"
                 },
+                "oidc_issuer": {
+                    "description": "OidcIssuer holds the value of the \"oidc_issuer\" field.",
+                    "type": "string"
+                },
+                "oidc_subject": {
+                    "description": "OidcSubject holds the value of the \"oidc_subject\" field.",
+                    "type": "string"
+                },
                 "role": {
                     "description": "Role holds the value of the \"role\" field.",
                     "allOf": [
@@ -3480,6 +3961,19 @@ const docTemplate = `{
                 "id": {
                     "type": "string"
                 },
+                "labelIds": {
+                    "type": "array",
+                    "items": {
+                        "type": "string"
+                    },
+                    "x-nullable": true,
+                    "x-omitempty": true
+                },
+                "locationId": {
+                    "type": "string",
+                    "x-nullable": true,
+                    "x-omitempty": true
+                },
                 "quantity": {
                     "type": "integer",
                     "x-nullable": true,
@@ -3567,6 +4061,280 @@ const docTemplate = `{
                 }
             }
         },
+        "repo.ItemTemplateCreate": {
+            "type": "object",
+            "required": [
+                "name"
+            ],
+            "properties": {
+                "defaultDescription": {
+                    "type": "string",
+                    "maxLength": 1000,
+                    "x-nullable": true
+                },
+                "defaultInsured": {
+                    "type": "boolean"
+                },
+                "defaultLabelIds": {
+                    "type": "array",
+                    "items": {
+                        "type": "string"
+                    },
+                    "x-nullable": true
+                },
+                "defaultLifetimeWarranty": {
+                    "type": "boolean"
+                },
+                "defaultLocationId": {
+                    "description": "Default location and labels",
+                    "type": "string",
+                    "x-nullable": true
+                },
+                "defaultManufacturer": {
+                    "type": "string",
+                    "maxLength": 255,
+                    "x-nullable": true
+                },
+                "defaultModelNumber": {
+                    "type": "string",
+                    "maxLength": 255,
+                    "x-nullable": true
+                },
+                "defaultName": {
+                    "type": "string",
+                    "maxLength": 255,
+                    "x-nullable": true
+                },
+                "defaultQuantity": {
+                    "description": "Default values for items",
+                    "type": "integer",
+                    "x-nullable": true
+                },
+                "defaultWarrantyDetails": {
+                    "type": "string",
+                    "maxLength": 1000,
+                    "x-nullable": true
+                },
+                "description": {
+                    "type": "string",
+                    "maxLength": 1000
+                },
+                "fields": {
+                    "description": "Custom fields",
+                    "type": "array",
+                    "items": {
+                        "$ref": "#/definitions/repo.TemplateField"
+                    }
+                },
+                "includePurchaseFields": {
+                    "type": "boolean"
+                },
+                "includeSoldFields": {
+                    "type": "boolean"
+                },
+                "includeWarrantyFields": {
+                    "description": "Metadata flags",
+                    "type": "boolean"
+                },
+                "name": {
+                    "type": "string",
+                    "maxLength": 255,
+                    "minLength": 1
+                },
+                "notes": {
+                    "type": "string",
+                    "maxLength": 1000
+                }
+            }
+        },
+        "repo.ItemTemplateOut": {
+            "type": "object",
+            "properties": {
+                "createdAt": {
+                    "type": "string"
+                },
+                "defaultDescription": {
+                    "type": "string"
+                },
+                "defaultInsured": {
+                    "type": "boolean"
+                },
+                "defaultLabels": {
+                    "type": "array",
+                    "items": {
+                        "$ref": "#/definitions/repo.TemplateLabelSummary"
+                    }
+                },
+                "defaultLifetimeWarranty": {
+                    "type": "boolean"
+                },
+                "defaultLocation": {
+                    "description": "Default location and labels",
+                    "allOf": [
+                        {
+                            "$ref": "#/definitions/repo.TemplateLocationSummary"
+                        }
+                    ]
+                },
+                "defaultManufacturer": {
+                    "type": "string"
+                },
+                "defaultModelNumber": {
+                    "type": "string"
+                },
+                "defaultName": {
+                    "type": "string"
+                },
+                "defaultQuantity": {
+                    "description": "Default values for items",
+                    "type": "integer"
+                },
+                "defaultWarrantyDetails": {
+                    "type": "string"
+                },
+                "description": {
+                    "type": "string"
+                },
+                "fields": {
+                    "description": "Custom fields",
+                    "type": "array",
+                    "items": {
+                        "$ref": "#/definitions/repo.TemplateField"
+                    }
+                },
+                "id": {
+                    "type": "string"
+                },
+                "includePurchaseFields": {
+                    "type": "boolean"
+                },
+                "includeSoldFields": {
+                    "type": "boolean"
+                },
+                "includeWarrantyFields": {
+                    "description": "Metadata flags",
+                    "type": "boolean"
+                },
+                "name": {
+                    "type": "string"
+                },
+                "notes": {
+                    "type": "string"
+                },
+                "updatedAt": {
+                    "type": "string"
+                }
+            }
+        },
+        "repo.ItemTemplateSummary": {
+            "type": "object",
+            "properties": {
+                "createdAt": {
+                    "type": "string"
+                },
+                "description": {
+                    "type": "string"
+                },
+                "id": {
+                    "type": "string"
+                },
+                "name": {
+                    "type": "string"
+                },
+                "updatedAt": {
+                    "type": "string"
+                }
+            }
+        },
+        "repo.ItemTemplateUpdate": {
+            "type": "object",
+            "required": [
+                "name"
+            ],
+            "properties": {
+                "defaultDescription": {
+                    "type": "string",
+                    "maxLength": 1000,
+                    "x-nullable": true
+                },
+                "defaultInsured": {
+                    "type": "boolean"
+                },
+                "defaultLabelIds": {
+                    "type": "array",
+                    "items": {
+                        "type": "string"
+                    },
+                    "x-nullable": true
+                },
+                "defaultLifetimeWarranty": {
+                    "type": "boolean"
+                },
+                "defaultLocationId": {
+                    "description": "Default location and labels",
+                    "type": "string",
+                    "x-nullable": true
+                },
+                "defaultManufacturer": {
+                    "type": "string",
+                    "maxLength": 255,
+                    "x-nullable": true
+                },
+                "defaultModelNumber": {
+                    "type": "string",
+                    "maxLength": 255,
+                    "x-nullable": true
+                },
+                "defaultName": {
+                    "type": "string",
+                    "maxLength": 255,
+                    "x-nullable": true
+                },
+                "defaultQuantity": {
+                    "description": "Default values for items",
+                    "type": "integer",
+                    "x-nullable": true
+                },
+                "defaultWarrantyDetails": {
+                    "type": "string",
+                    "maxLength": 1000,
+                    "x-nullable": true
+                },
+                "description": {
+                    "type": "string",
+                    "maxLength": 1000
+                },
+                "fields": {
+                    "description": "Custom fields",
+                    "type": "array",
+                    "items": {
+                        "$ref": "#/definitions/repo.TemplateField"
+                    }
+                },
+                "id": {
+                    "type": "string"
+                },
+                "includePurchaseFields": {
+                    "type": "boolean"
+                },
+                "includeSoldFields": {
+                    "type": "boolean"
+                },
+                "includeWarrantyFields": {
+                    "description": "Metadata flags",
+                    "type": "boolean"
+                },
+                "name": {
+                    "type": "string",
+                    "maxLength": 255,
+                    "minLength": 1
+                },
+                "notes": {
+                    "type": "string",
+                    "maxLength": 1000
+                }
+            }
+        },
         "repo.ItemType": {
             "type": "string",
             "enum": [
@@ -4062,6 +4830,45 @@ const docTemplate = `{
                 }
             }
         },
+        "repo.TemplateField": {
+            "type": "object",
+            "properties": {
+                "id": {
+                    "type": "string"
+                },
+                "name": {
+                    "type": "string"
+                },
+                "textValue": {
+                    "type": "string"
+                },
+                "type": {
+                    "type": "string"
+                }
+            }
+        },
+        "repo.TemplateLabelSummary": {
+            "type": "object",
+            "properties": {
+                "id": {
+                    "type": "string"
+                },
+                "name": {
+                    "type": "string"
+                }
+            }
+        },
+        "repo.TemplateLocationSummary": {
+            "type": "object",
+            "properties": {
+                "id": {
+                    "type": "string"
+                },
+                "name": {
+                    "type": "string"
+                }
+            }
+        },
         "repo.TotalsByOrganizer": {
             "type": "object",
             "properties": {
@@ -4119,6 +4926,12 @@ const docTemplate = `{
                 },
                 "name": {
                     "type": "string"
+                },
+                "oidcIssuer": {
+                    "type": "string"
+                },
+                "oidcSubject": {
+                    "type": "string"
                 }
             }
         },
@@ -4198,6 +5011,15 @@ const docTemplate = `{
                 }
             }
         },
+        "templatefield.Type": {
+            "type": "string",
+            "enum": [
+                "text"
+            ],
+            "x-enum-varnames": [
+                "TypeText"
+            ]
+        },
         "user.Role": {
             "type": "string",
             "enum": [
@@ -4235,6 +5057,9 @@ const docTemplate = `{
                 "message": {
                     "type": "string"
                 },
+                "oidc": {
+                    "$ref": "#/definitions/v1.OIDCStatus"
+                },
                 "title": {
                     "type": "string"
                 },
@@ -4317,6 +5142,36 @@ const docTemplate = `{
                 }
             }
         },
+        "v1.ItemTemplateCreateItemRequest": {
+            "type": "object",
+            "required": [
+                "locationId",
+                "name"
+            ],
+            "properties": {
+                "description": {
+                    "type": "string",
+                    "maxLength": 1000
+                },
+                "labelIds": {
+                    "type": "array",
+                    "items": {
+                        "type": "string"
+                    }
+                },
+                "locationId": {
+                    "type": "string"
+                },
+                "name": {
+                    "type": "string",
+                    "maxLength": 255,
+                    "minLength": 1
+                },
+                "quantity": {
+                    "type": "integer"
+                }
+            }
+        },
         "v1.LoginForm": {
             "type": "object",
             "properties": {
@@ -4333,6 +5188,23 @@ const docTemplate = `{
                 }
             }
         },
+        "v1.OIDCStatus": {
+            "type": "object",
+            "properties": {
+                "allowLocal": {
+                    "type": "boolean"
+                },
+                "autoRedirect": {
+                    "type": "boolean"
+                },
+                "buttonText": {
+                    "type": "string"
+                },
+                "enabled": {
+                    "type": "boolean"
+                }
+            }
+        },
         "v1.TokenResponse": {
             "type": "object",
             "properties": {
@@ -4347,6 +5219,20 @@ const docTemplate = `{
                 }
             }
         },
+        "v1.WipeInventoryOptions": {
+            "type": "object",
+            "properties": {
+                "wipeLabels": {
+                    "type": "boolean"
+                },
+                "wipeLocations": {
+                    "type": "boolean"
+                },
+                "wipeMaintenance": {
+                    "type": "boolean"
+                }
+            }
+        },
         "v1.Wrapped": {
             "type": "object",
             "properties": {

backend/app/api/static/docs/swagger.json

@@ -116,6 +116,41 @@
                 }
             }
         },
+        "/v1/actions/wipe-inventory": {
+            "post": {
+                "security": [
+                    {
+                        "Bearer": []
+                    }
+                ],
+                "description": "Deletes all items in the inventory",
+                "produces": [
+                    "application/json"
+                ],
+                "tags": [
+                    "Actions"
+                ],
+                "summary": "Wipe Inventory",
+                "parameters": [
+                    {
+                        "description": "Wipe options",
+                        "name": "options",
+                        "in": "body",
+                        "schema": {
+                            "$ref": "#/definitions/v1.WipeInventoryOptions"
+                        }
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "$ref": "#/definitions/v1.ActionAmountResult"
+                        }
+                    }
+                }
+            }
+        },
         "/v1/actions/zero-item-time-fields": {
             "post": {
                 "security": [
@@ -1961,6 +1996,209 @@
                 }
             }
         },
+        "/v1/templates": {
+            "get": {
+                "security": [
+                    {
+                        "Bearer": []
+                    }
+                ],
+                "produces": [
+                    "application/json"
+                ],
+                "tags": [
+                    "Item Templates"
+                ],
+                "summary": "Get All Item Templates",
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "type": "array",
+                            "items": {
+                                "$ref": "#/definitions/repo.ItemTemplateSummary"
+                            }
+                        }
+                    }
+                }
+            },
+            "post": {
+                "security": [
+                    {
+                        "Bearer": []
+                    }
+                ],
+                "produces": [
+                    "application/json"
+                ],
+                "tags": [
+                    "Item Templates"
+                ],
+                "summary": "Create Item Template",
+                "parameters": [
+                    {
+                        "description": "Template Data",
+                        "name": "payload",
+                        "in": "body",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/repo.ItemTemplateCreate"
+                        }
+                    }
+                ],
+                "responses": {
+                    "201": {
+                        "description": "Created",
+                        "schema": {
+                            "$ref": "#/definitions/repo.ItemTemplateOut"
+                        }
+                    }
+                }
+            }
+        },
+        "/v1/templates/{id}": {
+            "get": {
+                "security": [
+                    {
+                        "Bearer": []
+                    }
+                ],
+                "produces": [
+                    "application/json"
+                ],
+                "tags": [
+                    "Item Templates"
+                ],
+                "summary": "Get Item Template",
+                "parameters": [
+                    {
+                        "type": "string",
+                        "description": "Template ID",
+                        "name": "id",
+                        "in": "path",
+                        "required": true
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "$ref": "#/definitions/repo.ItemTemplateOut"
+                        }
+                    }
+                }
+            },
+            "put": {
+                "security": [
+                    {
+                        "Bearer": []
+                    }
+                ],
+                "produces": [
+                    "application/json"
+                ],
+                "tags": [
+                    "Item Templates"
+                ],
+                "summary": "Update Item Template",
+                "parameters": [
+                    {
+                        "type": "string",
+                        "description": "Template ID",
+                        "name": "id",
+                        "in": "path",
+                        "required": true
+                    },
+                    {
+                        "description": "Template Data",
+                        "name": "payload",
+                        "in": "body",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/repo.ItemTemplateUpdate"
+                        }
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "$ref": "#/definitions/repo.ItemTemplateOut"
+                        }
+                    }
+                }
+            },
+            "delete": {
+                "security": [
+                    {
+                        "Bearer": []
+                    }
+                ],
+                "produces": [
+                    "application/json"
+                ],
+                "tags": [
+                    "Item Templates"
+                ],
+                "summary": "Delete Item Template",
+                "parameters": [
+                    {
+                        "type": "string",
+                        "description": "Template ID",
+                        "name": "id",
+                        "in": "path",
+                        "required": true
+                    }
+                ],
+                "responses": {
+                    "204": {
+                        "description": "No Content"
+                    }
+                }
+            }
+        },
+        "/v1/templates/{id}/create-item": {
+            "post": {
+                "security": [
+                    {
+                        "Bearer": []
+                    }
+                ],
+                "produces": [
+                    "application/json"
+                ],
+                "tags": [
+                    "Item Templates"
+                ],
+                "summary": "Create Item from Template",
+                "parameters": [
+                    {
+                        "type": "string",
+                        "description": "Template ID",
+                        "name": "id",
+                        "in": "path",
+                        "required": true
+                    },
+                    {
+                        "description": "Item Data",
+                        "name": "payload",
+                        "in": "body",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/v1.ItemTemplateCreateItemRequest"
+                        }
+                    }
+                ],
+                "responses": {
+                    "201": {
+                        "description": "Created",
+                        "schema": {
+                            "$ref": "#/definitions/repo.ItemOut"
+                        }
+                    }
+                }
+            }
+        },
         "/v1/users/change-password": {
             "put": {
                 "security": [
@@ -2030,6 +2268,51 @@
                 }
             }
         },
+        "/v1/users/login/oidc": {
+            "get": {
+                "produces": [
+                    "application/json"
+                ],
+                "tags": [
+                    "Authentication"
+                ],
+                "summary": "OIDC Login Initiation",
+                "responses": {
+                    "302": {
+                        "description": "Found"
+                    }
+                }
+            }
+        },
+        "/v1/users/login/oidc/callback": {
+            "get": {
+                "tags": [
+                    "Authentication"
+                ],
+                "summary": "OIDC Callback Handler",
+                "parameters": [
+                    {
+                        "type": "string",
+                        "description": "Authorization code",
+                        "name": "code",
+                        "in": "query",
+                        "required": true
+                    },
+                    {
+                        "type": "string",
+                        "description": "State parameter",
+                        "name": "state",
+                        "in": "query",
+                        "required": true
+                    }
+                ],
+                "responses": {
+                    "302": {
+                        "description": "Found"
+                    }
+                }
+            }
+        },
         "/v1/users/logout": {
             "post": {
                 "security": [
@@ -2090,6 +2373,12 @@
                 "responses": {
                     "204": {
                         "description": "No Content"
+                    },
+                    "403": {
+                        "description": "Local login is not enabled",
+                        "schema": {
+                            "type": "string"
+                        }
                     }
                 }
             }
@@ -2238,6 +2527,9 @@
                 "code": {
                     "type": "string"
                 },
+                "decimals": {
+                    "type": "integer"
+                },
                 "local": {
                     "type": "string"
                 },
@@ -2457,6 +2749,13 @@
                         "$ref": "#/definitions/ent.GroupInvitationToken"
                     }
                 },
+                "item_templates": {
+                    "description": "ItemTemplates holds the value of the item_templates edge.",
+                    "type": "array",
+                    "items": {
+                        "$ref": "#/definitions/ent.ItemTemplate"
+                    }
+                },
                 "items": {
                     "description": "Items holds the value of the items edge.",
                     "type": "array",
@@ -2794,6 +3093,122 @@
                 }
             }
         },
+        "ent.ItemTemplate": {
+            "type": "object",
+            "properties": {
+                "created_at": {
+                    "description": "CreatedAt holds the value of the \"created_at\" field.",
+                    "type": "string"
+                },
+                "default_description": {
+                    "description": "Default description for items created from this template",
+                    "type": "string"
+                },
+                "default_insured": {
+                    "description": "DefaultInsured holds the value of the \"default_insured\" field.",
+                    "type": "boolean"
+                },
+                "default_label_ids": {
+                    "description": "Default label IDs for items created from this template",
+                    "type": "array",
+                    "items": {
+                        "type": "string"
+                    }
+                },
+                "default_lifetime_warranty": {
+                    "description": "DefaultLifetimeWarranty holds the value of the \"default_lifetime_warranty\" field.",
+                    "type": "boolean"
+                },
+                "default_manufacturer": {
+                    "description": "DefaultManufacturer holds the value of the \"default_manufacturer\" field.",
+                    "type": "string"
+                },
+                "default_model_number": {
+                    "description": "Default model number for items created from this template",
+                    "type": "string"
+                },
+                "default_name": {
+                    "description": "Default name template for items (can use placeholders)",
+                    "type": "string"
+                },
+                "default_quantity": {
+                    "description": "DefaultQuantity holds the value of the \"default_quantity\" field.",
+                    "type": "integer"
+                },
+                "default_warranty_details": {
+                    "description": "DefaultWarrantyDetails holds the value of the \"default_warranty_details\" field.",
+                    "type": "string"
+                },
+                "description": {
+                    "description": "Description holds the value of the \"description\" field.",
+                    "type": "string"
+                },
+                "edges": {
+                    "description": "Edges holds the relations/edges for other nodes in the graph.\nThe values are being populated by the ItemTemplateQuery when eager-loading is set.",
+                    "allOf": [
+                        {
+                            "$ref": "#/definitions/ent.ItemTemplateEdges"
+                        }
+                    ]
+                },
+                "id": {
+                    "description": "ID of the ent.",
+                    "type": "string"
+                },
+                "include_purchase_fields": {
+                    "description": "Whether to include purchase fields in items created from this template",
+                    "type": "boolean"
+                },
+                "include_sold_fields": {
+                    "description": "Whether to include sold fields in items created from this template",
+                    "type": "boolean"
+                },
+                "include_warranty_fields": {
+                    "description": "Whether to include warranty fields in items created from this template",
+                    "type": "boolean"
+                },
+                "name": {
+                    "description": "Name holds the value of the \"name\" field.",
+                    "type": "string"
+                },
+                "notes": {
+                    "description": "Notes holds the value of the \"notes\" field.",
+                    "type": "string"
+                },
+                "updated_at": {
+                    "description": "UpdatedAt holds the value of the \"updated_at\" field.",
+                    "type": "string"
+                }
+            }
+        },
+        "ent.ItemTemplateEdges": {
+            "type": "object",
+            "properties": {
+                "fields": {
+                    "description": "Fields holds the value of the fields edge.",
+                    "type": "array",
+                    "items": {
+                        "$ref": "#/definitions/ent.TemplateField"
+                    }
+                },
+                "group": {
+                    "description": "Group holds the value of the group edge.",
+                    "allOf": [
+                        {
+                            "$ref": "#/definitions/ent.Group"
+                        }
+                    ]
+                },
+                "location": {
+                    "description": "Location holds the value of the location edge.",
+                    "allOf": [
+                        {
+                            "$ref": "#/definitions/ent.Location"
+                        }
+                    ]
+                }
+            }
+        },
         "ent.Label": {
             "type": "object",
             "properties": {
@@ -3043,6 +3458,64 @@
                 }
             }
         },
+        "ent.TemplateField": {
+            "type": "object",
+            "properties": {
+                "created_at": {
+                    "description": "CreatedAt holds the value of the \"created_at\" field.",
+                    "type": "string"
+                },
+                "description": {
+                    "description": "Description holds the value of the \"description\" field.",
+                    "type": "string"
+                },
+                "edges": {
+                    "description": "Edges holds the relations/edges for other nodes in the graph.\nThe values are being populated by the TemplateFieldQuery when eager-loading is set.",
+                    "allOf": [
+                        {
+                            "$ref": "#/definitions/ent.TemplateFieldEdges"
+                        }
+                    ]
+                },
+                "id": {
+                    "description": "ID of the ent.",
+                    "type": "string"
+                },
+                "name": {
+                    "description": "Name holds the value of the \"name\" field.",
+                    "type": "string"
+                },
+                "text_value": {
+                    "description": "TextValue holds the value of the \"text_value\" field.",
+                    "type": "string"
+                },
+                "type": {
+                    "description": "Type holds the value of the \"type\" field.",
+                    "allOf": [
+                        {
+                            "$ref": "#/definitions/templatefield.Type"
+                        }
+                    ]
+                },
+                "updated_at": {
+                    "description": "UpdatedAt holds the value of the \"updated_at\" field.",
+                    "type": "string"
+                }
+            }
+        },
+        "ent.TemplateFieldEdges": {
+            "type": "object",
+            "properties": {
+                "item_template": {
+                    "description": "ItemTemplate holds the value of the item_template edge.",
+                    "allOf": [
+                        {
+                            "$ref": "#/definitions/ent.ItemTemplate"
+                        }
+                    ]
+                }
+            }
+        },
         "ent.User": {
             "type": "object",
             "properties": {
@@ -3078,6 +3551,14 @@
                     "description": "Name holds the value of the \"name\" field.",
                     "type": "string"
                 },
+                "oidc_issuer": {
+                    "description": "OidcIssuer holds the value of the \"oidc_issuer\" field.",
+                    "type": "string"
+                },
+                "oidc_subject": {
+                    "description": "OidcSubject holds the value of the \"oidc_subject\" field.",
+                    "type": "string"
+                },
                 "role": {
                     "description": "Role holds the value of the \"role\" field.",
                     "allOf": [
@@ -3478,6 +3959,19 @@
                 "id": {
                     "type": "string"
                 },
+                "labelIds": {
+                    "type": "array",
+                    "items": {
+                        "type": "string"
+                    },
+                    "x-nullable": true,
+                    "x-omitempty": true
+                },
+                "locationId": {
+                    "type": "string",
+                    "x-nullable": true,
+                    "x-omitempty": true
+                },
                 "quantity": {
                     "type": "integer",
                     "x-nullable": true,
@@ -3565,6 +4059,280 @@
                 }
             }
         },
+        "repo.ItemTemplateCreate": {
+            "type": "object",
+            "required": [
+                "name"
+            ],
+            "properties": {
+                "defaultDescription": {
+                    "type": "string",
+                    "maxLength": 1000,
+                    "x-nullable": true
+                },
+                "defaultInsured": {
+                    "type": "boolean"
+                },
+                "defaultLabelIds": {
+                    "type": "array",
+                    "items": {
+                        "type": "string"
+                    },
+                    "x-nullable": true
+                },
+                "defaultLifetimeWarranty": {
+                    "type": "boolean"
+                },
+                "defaultLocationId": {
+                    "description": "Default location and labels",
+                    "type": "string",
+                    "x-nullable": true
+                },
+                "defaultManufacturer": {
+                    "type": "string",
+                    "maxLength": 255,
+                    "x-nullable": true
+                },
+                "defaultModelNumber": {
+                    "type": "string",
+                    "maxLength": 255,
+                    "x-nullable": true
+                },
+                "defaultName": {
+                    "type": "string",
+                    "maxLength": 255,
+                    "x-nullable": true
+                },
+                "defaultQuantity": {
+                    "description": "Default values for items",
+                    "type": "integer",
+                    "x-nullable": true
+                },
+                "defaultWarrantyDetails": {
+                    "type": "string",
+                    "maxLength": 1000,
+                    "x-nullable": true
+                },
+                "description": {
+                    "type": "string",
+                    "maxLength": 1000
+                },
+                "fields": {
+                    "description": "Custom fields",
+                    "type": "array",
+                    "items": {
+                        "$ref": "#/definitions/repo.TemplateField"
+                    }
+                },
+                "includePurchaseFields": {
+                    "type": "boolean"
+                },
+                "includeSoldFields": {
+                    "type": "boolean"
+                },
+                "includeWarrantyFields": {
+                    "description": "Metadata flags",
+                    "type": "boolean"
+                },
+                "name": {
+                    "type": "string",
+                    "maxLength": 255,
+                    "minLength": 1
+                },
+                "notes": {
+                    "type": "string",
+                    "maxLength": 1000
+                }
+            }
+        },
+        "repo.ItemTemplateOut": {
+            "type": "object",
+            "properties": {
+                "createdAt": {
+                    "type": "string"
+                },
+                "defaultDescription": {
+                    "type": "string"
+                },
+                "defaultInsured": {
+                    "type": "boolean"
+                },
+                "defaultLabels": {
+                    "type": "array",
+                    "items": {
+                        "$ref": "#/definitions/repo.TemplateLabelSummary"
+                    }
+                },
+                "defaultLifetimeWarranty": {
+                    "type": "boolean"
+                },
+                "defaultLocation": {
+                    "description": "Default location and labels",
+                    "allOf": [
+                        {
+                            "$ref": "#/definitions/repo.TemplateLocationSummary"
+                        }
+                    ]
+                },
+                "defaultManufacturer": {
+                    "type": "string"
+                },
+                "defaultModelNumber": {
+                    "type": "string"
+                },
+                "defaultName": {
+                    "type": "string"
+                },
+                "defaultQuantity": {
+                    "description": "Default values for items",
+                    "type": "integer"
+                },
+                "defaultWarrantyDetails": {
+                    "type": "string"
+                },
+                "description": {
+                    "type": "string"
+                },
+                "fields": {
+                    "description": "Custom fields",
+                    "type": "array",
+                    "items": {
+                        "$ref": "#/definitions/repo.TemplateField"
+                    }
+                },
+                "id": {
+                    "type": "string"
+                },
+                "includePurchaseFields": {
+                    "type": "boolean"
+                },
+                "includeSoldFields": {
+                    "type": "boolean"
+                },
+                "includeWarrantyFields": {
+                    "description": "Metadata flags",
+                    "type": "boolean"
+                },
+                "name": {
+                    "type": "string"
+                },
+                "notes": {
+                    "type": "string"
+                },
+                "updatedAt": {
+                    "type": "string"
+                }
+            }
+        },
+        "repo.ItemTemplateSummary": {
+            "type": "object",
+            "properties": {
+                "createdAt": {
+                    "type": "string"
+                },
+                "description": {
+                    "type": "string"
+                },
+                "id": {
+                    "type": "string"
+                },
+                "name": {
+                    "type": "string"
+                },
+                "updatedAt": {
+                    "type": "string"
+                }
+            }
+        },
+        "repo.ItemTemplateUpdate": {
+            "type": "object",
+            "required": [
+                "name"
+            ],
+            "properties": {
+                "defaultDescription": {
+                    "type": "string",
+                    "maxLength": 1000,
+                    "x-nullable": true
+                },
+                "defaultInsured": {
+                    "type": "boolean"
+                },
+                "defaultLabelIds": {
+                    "type": "array",
+                    "items": {
+                        "type": "string"
+                    },
+                    "x-nullable": true
+                },
+                "defaultLifetimeWarranty": {
+                    "type": "boolean"
+                },
+                "defaultLocationId": {
+                    "description": "Default location and labels",
+                    "type": "string",
+                    "x-nullable": true
+                },
+                "defaultManufacturer": {
+                    "type": "string",
+                    "maxLength": 255,
+                    "x-nullable": true
+                },
+                "defaultModelNumber": {
+                    "type": "string",
+                    "maxLength": 255,
+                    "x-nullable": true
+                },
+                "defaultName": {
+                    "type": "string",
+                    "maxLength": 255,
+                    "x-nullable": true
+                },
+                "defaultQuantity": {
+                    "description": "Default values for items",
+                    "type": "integer",
+                    "x-nullable": true
+                },
+                "defaultWarrantyDetails": {
+                    "type": "string",
+                    "maxLength": 1000,
+                    "x-nullable": true
+                },
+                "description": {
+                    "type": "string",
+                    "maxLength": 1000
+                },
+                "fields": {
+                    "description": "Custom fields",
+                    "type": "array",
+                    "items": {
+                        "$ref": "#/definitions/repo.TemplateField"
+                    }
+                },
+                "id": {
+                    "type": "string"
+                },
+                "includePurchaseFields": {
+                    "type": "boolean"
+                },
+                "includeSoldFields": {
+                    "type": "boolean"
+                },
+                "includeWarrantyFields": {
+                    "description": "Metadata flags",
+                    "type": "boolean"
+                },
+                "name": {
+                    "type": "string",
+                    "maxLength": 255,
+                    "minLength": 1
+                },
+                "notes": {
+                    "type": "string",
+                    "maxLength": 1000
+                }
+            }
+        },
         "repo.ItemType": {
             "type": "string",
             "enum": [
@@ -4060,6 +4828,45 @@
                 }
             }
         },
+        "repo.TemplateField": {
+            "type": "object",
+            "properties": {
+                "id": {
+                    "type": "string"
+                },
+                "name": {
+                    "type": "string"
+                },
+                "textValue": {
+                    "type": "string"
+                },
+                "type": {
+                    "type": "string"
+                }
+            }
+        },
+        "repo.TemplateLabelSummary": {
+            "type": "object",
+            "properties": {
+                "id": {
+                    "type": "string"
+                },
+                "name": {
+                    "type": "string"
+                }
+            }
+        },
+        "repo.TemplateLocationSummary": {
+            "type": "object",
+            "properties": {
+                "id": {
+                    "type": "string"
+                },
+                "name": {
+                    "type": "string"
+                }
+            }
+        },
         "repo.TotalsByOrganizer": {
             "type": "object",
             "properties": {
@@ -4117,6 +4924,12 @@
                 },
                 "name": {
                     "type": "string"
+                },
+                "oidcIssuer": {
+                    "type": "string"
+                },
+                "oidcSubject": {
+                    "type": "string"
                 }
             }
         },
@@ -4196,6 +5009,15 @@
                 }
             }
         },
+        "templatefield.Type": {
+            "type": "string",
+            "enum": [
+                "text"
+            ],
+            "x-enum-varnames": [
+                "TypeText"
+            ]
+        },
         "user.Role": {
             "type": "string",
             "enum": [
@@ -4233,6 +5055,9 @@
                 "message": {
                     "type": "string"
                 },
+                "oidc": {
+                    "$ref": "#/definitions/v1.OIDCStatus"
+                },
                 "title": {
                     "type": "string"
                 },
@@ -4315,6 +5140,36 @@
                 }
             }
         },
+        "v1.ItemTemplateCreateItemRequest": {
+            "type": "object",
+            "required": [
+                "locationId",
+                "name"
+            ],
+            "properties": {
+                "description": {
+                    "type": "string",
+                    "maxLength": 1000
+                },
+                "labelIds": {
+                    "type": "array",
+                    "items": {
+                        "type": "string"
+                    }
+                },
+                "locationId": {
+                    "type": "string"
+                },
+                "name": {
+                    "type": "string",
+                    "maxLength": 255,
+                    "minLength": 1
+                },
+                "quantity": {
+                    "type": "integer"
+                }
+            }
+        },
         "v1.LoginForm": {
             "type": "object",
             "properties": {
@@ -4331,6 +5186,23 @@
                 }
             }
         },
+        "v1.OIDCStatus": {
+            "type": "object",
+            "properties": {
+                "allowLocal": {
+                    "type": "boolean"
+                },
+                "autoRedirect": {
+                    "type": "boolean"
+                },
+                "buttonText": {
+                    "type": "string"
+                },
+                "enabled": {
+                    "type": "boolean"
+                }
+            }
+        },
         "v1.TokenResponse": {
             "type": "object",
             "properties": {
@@ -4345,6 +5217,20 @@
                 }
             }
         },
+        "v1.WipeInventoryOptions": {
+            "type": "object",
+            "properties": {
+                "wipeLabels": {
+                    "type": "boolean"
+                },
+                "wipeLocations": {
+                    "type": "boolean"
+                },
+                "wipeMaintenance": {
+                    "type": "boolean"
+                }
+            }
+        },
         "v1.Wrapped": {
             "type": "object",
             "properties": {

backend/app/api/static/docs/swagger.yaml

@@ -34,6 +34,8 @@ definitions:
     properties:
       code:
         type: string
+      decimals:
+        type: integer
       local:
         type: string
       name:
@@ -177,6 +179,11 @@ definitions:
         items:
           $ref: '#/definitions/ent.GroupInvitationToken'
         type: array
+      item_templates:
+        description: ItemTemplates holds the value of the item_templates edge.
+        items:
+          $ref: '#/definitions/ent.ItemTemplate'
+        type: array
       items:
         description: Items holds the value of the items edge.
         items:
@@ -412,6 +419,92 @@ definitions:
         - $ref: '#/definitions/ent.Item'
         description: Item holds the value of the item edge.
     type: object
+  ent.ItemTemplate:
+    properties:
+      created_at:
+        description: CreatedAt holds the value of the "created_at" field.
+        type: string
+      default_description:
+        description: Default description for items created from this template
+        type: string
+      default_insured:
+        description: DefaultInsured holds the value of the "default_insured" field.
+        type: boolean
+      default_label_ids:
+        description: Default label IDs for items created from this template
+        items:
+          type: string
+        type: array
+      default_lifetime_warranty:
+        description: DefaultLifetimeWarranty holds the value of the "default_lifetime_warranty"
+          field.
+        type: boolean
+      default_manufacturer:
+        description: DefaultManufacturer holds the value of the "default_manufacturer"
+          field.
+        type: string
+      default_model_number:
+        description: Default model number for items created from this template
+        type: string
+      default_name:
+        description: Default name template for items (can use placeholders)
+        type: string
+      default_quantity:
+        description: DefaultQuantity holds the value of the "default_quantity" field.
+        type: integer
+      default_warranty_details:
+        description: DefaultWarrantyDetails holds the value of the "default_warranty_details"
+          field.
+        type: string
+      description:
+        description: Description holds the value of the "description" field.
+        type: string
+      edges:
+        allOf:
+        - $ref: '#/definitions/ent.ItemTemplateEdges'
+        description: |-
+          Edges holds the relations/edges for other nodes in the graph.
+          The values are being populated by the ItemTemplateQuery when eager-loading is set.
+      id:
+        description: ID of the ent.
+        type: string
+      include_purchase_fields:
+        description: Whether to include purchase fields in items created from this
+          template
+        type: boolean
+      include_sold_fields:
+        description: Whether to include sold fields in items created from this template
+        type: boolean
+      include_warranty_fields:
+        description: Whether to include warranty fields in items created from this
+          template
+        type: boolean
+      name:
+        description: Name holds the value of the "name" field.
+        type: string
+      notes:
+        description: Notes holds the value of the "notes" field.
+        type: string
+      updated_at:
+        description: UpdatedAt holds the value of the "updated_at" field.
+        type: string
+    type: object
+  ent.ItemTemplateEdges:
+    properties:
+      fields:
+        description: Fields holds the value of the fields edge.
+        items:
+          $ref: '#/definitions/ent.TemplateField'
+        type: array
+      group:
+        allOf:
+        - $ref: '#/definitions/ent.Group'
+        description: Group holds the value of the group edge.
+      location:
+        allOf:
+        - $ref: '#/definitions/ent.Location'
+        description: Location holds the value of the location edge.
+    type: object
   ent.Label:
     properties:
       color:
@@ -580,6 +673,44 @@ definitions:
         - $ref: '#/definitions/ent.User'
         description: User holds the value of the user edge.
     type: object
+  ent.TemplateField:
+    properties:
+      created_at:
+        description: CreatedAt holds the value of the "created_at" field.
+        type: string
+      description:
+        description: Description holds the value of the "description" field.
+        type: string
+      edges:
+        allOf:
+        - $ref: '#/definitions/ent.TemplateFieldEdges'
+        description: |-
+          Edges holds the relations/edges for other nodes in the graph.
+          The values are being populated by the TemplateFieldQuery when eager-loading is set.
+      id:
+        description: ID of the ent.
+        type: string
+      name:
+        description: Name holds the value of the "name" field.
+        type: string
+      text_value:
+        description: TextValue holds the value of the "text_value" field.
+        type: string
+      type:
+        allOf:
+        - $ref: '#/definitions/templatefield.Type'
+        description: Type holds the value of the "type" field.
+      updated_at:
+        description: UpdatedAt holds the value of the "updated_at" field.
+        type: string
+    type: object
+  ent.TemplateFieldEdges:
+    properties:
+      item_template:
+        allOf:
+        - $ref: '#/definitions/ent.ItemTemplate'
+        description: ItemTemplate holds the value of the item_template edge.
+    type: object
   ent.User:
     properties:
       activated_on:
@@ -606,6 +737,12 @@ definitions:
       name:
         description: Name holds the value of the "name" field.
         type: string
+      oidc_issuer:
+        description: OidcIssuer holds the value of the "oidc_issuer" field.
+        type: string
+      oidc_subject:
+        description: OidcSubject holds the value of the "oidc_subject" field.
+        type: string
       role:
         allOf:
         - $ref: '#/definitions/user.Role'
@@ -873,6 +1010,16 @@ definitions:
     properties:
       id:
         type: string
+      labelIds:
+        items:
+          type: string
+        type: array
+        x-nullable: true
+        x-omitempty: true
+      locationId:
+        type: string
+        x-nullable: true
+        x-omitempty: true
       quantity:
         type: integer
         x-nullable: true
@@ -932,6 +1079,201 @@ definitions:
       updatedAt:
         type: string
     type: object
+  repo.ItemTemplateCreate:
+    properties:
+      defaultDescription:
+        maxLength: 1000
+        type: string
+        x-nullable: true
+      defaultInsured:
+        type: boolean
+      defaultLabelIds:
+        items:
+          type: string
+        type: array
+        x-nullable: true
+      defaultLifetimeWarranty:
+        type: boolean
+      defaultLocationId:
+        description: Default location and labels
+        type: string
+        x-nullable: true
+      defaultManufacturer:
+        maxLength: 255
+        type: string
+        x-nullable: true
+      defaultModelNumber:
+        maxLength: 255
+        type: string
+        x-nullable: true
+      defaultName:
+        maxLength: 255
+        type: string
+        x-nullable: true
+      defaultQuantity:
+        description: Default values for items
+        type: integer
+        x-nullable: true
+      defaultWarrantyDetails:
+        maxLength: 1000
+        type: string
+        x-nullable: true
+      description:
+        maxLength: 1000
+        type: string
+      fields:
+        description: Custom fields
+        items:
+          $ref: '#/definitions/repo.TemplateField'
+        type: array
+      includePurchaseFields:
+        type: boolean
+      includeSoldFields:
+        type: boolean
+      includeWarrantyFields:
+        description: Metadata flags
+        type: boolean
+      name:
+        maxLength: 255
+        minLength: 1
+        type: string
+      notes:
+        maxLength: 1000
+        type: string
+    required:
+    - name
+    type: object
+  repo.ItemTemplateOut:
+    properties:
+      createdAt:
+        type: string
+      defaultDescription:
+        type: string
+      defaultInsured:
+        type: boolean
+      defaultLabels:
+        items:
+          $ref: '#/definitions/repo.TemplateLabelSummary'
+        type: array
+      defaultLifetimeWarranty:
+        type: boolean
+      defaultLocation:
+        allOf:
+        - $ref: '#/definitions/repo.TemplateLocationSummary'
+        description: Default location and labels
+      defaultManufacturer:
+        type: string
+      defaultModelNumber:
+        type: string
+      defaultName:
+        type: string
+      defaultQuantity:
+        description: Default values for items
+        type: integer
+      defaultWarrantyDetails:
+        type: string
+      description:
+        type: string
+      fields:
+        description: Custom fields
+        items:
+          $ref: '#/definitions/repo.TemplateField'
+        type: array
+      id:
+        type: string
+      includePurchaseFields:
+        type: boolean
+      includeSoldFields:
+        type: boolean
+      includeWarrantyFields:
+        description: Metadata flags
+        type: boolean
+      name:
+        type: string
+      notes:
+        type: string
+      updatedAt:
+        type: string
+    type: object
+  repo.ItemTemplateSummary:
+    properties:
+      createdAt:
+        type: string
+      description:
+        type: string
+      id:
+        type: string
+      name:
+        type: string
+      updatedAt:
+        type: string
+    type: object
+  repo.ItemTemplateUpdate:
+    properties:
+      defaultDescription:
+        maxLength: 1000
+        type: string
+        x-nullable: true
+      defaultInsured:
+        type: boolean
+      defaultLabelIds:
+        items:
+          type: string
+        type: array
+        x-nullable: true
+      defaultLifetimeWarranty:
+        type: boolean
+      defaultLocationId:
+        description: Default location and labels
+        type: string
+        x-nullable: true
+      defaultManufacturer:
+        maxLength: 255
+        type: string
+        x-nullable: true
+      defaultModelNumber:
+        maxLength: 255
+        type: string
+        x-nullable: true
+      defaultName:
+        maxLength: 255
+        type: string
+        x-nullable: true
+      defaultQuantity:
+        description: Default values for items
+        type: integer
+        x-nullable: true
+      defaultWarrantyDetails:
+        maxLength: 1000
+        type: string
+        x-nullable: true
+      description:
+        maxLength: 1000
+        type: string
+      fields:
+        description: Custom fields
+        items:
+          $ref: '#/definitions/repo.TemplateField'
+        type: array
+      id:
+        type: string
+      includePurchaseFields:
+        type: boolean
+      includeSoldFields:
+        type: boolean
+      includeWarrantyFields:
+        description: Metadata flags
+        type: boolean
+      name:
+        maxLength: 255
+        minLength: 1
+        type: string
+      notes:
+        maxLength: 1000
+        type: string
+    required:
+    - name
+    type: object
   repo.ItemType:
     enum:
     - location
@@ -1269,6 +1611,31 @@ definitions:
       total:
         type: integer
     type: object
+  repo.TemplateField:
+    properties:
+      id:
+        type: string
+      name:
+        type: string
+      textValue:
+        type: string
+      type:
+        type: string
+    type: object
+  repo.TemplateLabelSummary:
+    properties:
+      id:
+        type: string
+      name:
+        type: string
+    type: object
+  repo.TemplateLocationSummary:
+    properties:
+      id:
+        type: string
+      name:
+        type: string
+    type: object
   repo.TotalsByOrganizer:
     properties:
       id:
@@ -1307,6 +1674,10 @@ definitions:
         type: boolean
       name:
         type: string
+      oidcIssuer:
+        type: string
+      oidcSubject:
+        type: string
     type: object
   repo.UserUpdate:
     properties:
@@ -1357,6 +1728,12 @@ definitions:
       token:
         type: string
     type: object
+  templatefield.Type:
+    enum:
+    - text
+    type: string
+    x-enum-varnames:
+    - TypeText
   user.Role:
     enum:
     - user
@@ -1383,6 +1760,8 @@ definitions:
         $ref: '#/definitions/services.Latest'
       message:
         type: string
+      oidc:
+        $ref: '#/definitions/v1.OIDCStatus'
       title:
         type: string
       versions:
@@ -1436,6 +1815,27 @@ definitions:
       token:
         type: string
     type: object
+  v1.ItemTemplateCreateItemRequest:
+    properties:
+      description:
+        maxLength: 1000
+        type: string
+      labelIds:
+        items:
+          type: string
+        type: array
+      locationId:
+        type: string
+      name:
+        maxLength: 255
+        minLength: 1
+        type: string
+      quantity:
+        type: integer
+    required:
+    - locationId
+    - name
+    type: object
   v1.LoginForm:
     properties:
       password:
@@ -1447,6 +1847,17 @@ definitions:
         example: admin@admin.com
         type: string
     type: object
+  v1.OIDCStatus:
+    properties:
+      allowLocal:
+        type: boolean
+      autoRedirect:
+        type: boolean
+      buttonText:
+        type: string
+      enabled:
+        type: boolean
+    type: object
   v1.TokenResponse:
     properties:
       attachmentToken:
@@ -1456,6 +1867,15 @@ definitions:
       token:
         type: string
     type: object
+  v1.WipeInventoryOptions:
+    properties:
+      wipeLabels:
+        type: boolean
+      wipeLocations:
+        type: boolean
+      wipeMaintenance:
+        type: boolean
+    type: object
   v1.Wrapped:
     properties:
       item: {}
@@ -1536,6 +1956,27 @@ paths:
       summary: Set Primary Photos
       tags:
       - Actions
+  /v1/actions/wipe-inventory:
+    post:
+      description: Deletes all items in the inventory
+      parameters:
+      - description: Wipe options
+        in: body
+        name: options
+        schema:
+          $ref: '#/definitions/v1.WipeInventoryOptions'
+      produces:
+      - application/json
+      responses:
+        "200":
+          description: OK
+          schema:
+            $ref: '#/definitions/v1.ActionAmountResult'
+      security:
+      - Bearer: []
+      summary: Wipe Inventory
+      tags:
+      - Actions
   /v1/actions/zero-item-time-fields:
     post:
       description: Resets all item date fields to the beginning of the day
@@ -2667,6 +3108,130 @@ paths:
       summary: Application Info
       tags:
       - Base
+  /v1/templates:
+    get:
+      produces:
+      - application/json
+      responses:
+        "200":
+          description: OK
+          schema:
+            items:
+              $ref: '#/definitions/repo.ItemTemplateSummary'
+            type: array
+      security:
+      - Bearer: []
+      summary: Get All Item Templates
+      tags:
+      - Item Templates
+    post:
+      parameters:
+      - description: Template Data
+        in: body
+        name: payload
+        required: true
+        schema:
+          $ref: '#/definitions/repo.ItemTemplateCreate'
+      produces:
+      - application/json
+      responses:
+        "201":
+          description: Created
+          schema:
+            $ref: '#/definitions/repo.ItemTemplateOut'
+      security:
+      - Bearer: []
+      summary: Create Item Template
+      tags:
+      - Item Templates
+  /v1/templates/{id}:
+    delete:
+      parameters:
+      - description: Template ID
+        in: path
+        name: id
+        required: true
+        type: string
+      produces:
+      - application/json
+      responses:
+        "204":
+          description: No Content
+      security:
+      - Bearer: []
+      summary: Delete Item Template
+      tags:
+      - Item Templates
+    get:
+      parameters:
+      - description: Template ID
+        in: path
+        name: id
+        required: true
+        type: string
+      produces:
+      - application/json
+      responses:
+        "200":
+          description: OK
+          schema:
+            $ref: '#/definitions/repo.ItemTemplateOut'
+      security:
+      - Bearer: []
+      summary: Get Item Template
+      tags:
+      - Item Templates
+    put:
+      parameters:
+      - description: Template ID
+        in: path
+        name: id
+        required: true
+        type: string
+      - description: Template Data
+        in: body
+        name: payload
+        required: true
+        schema:
+          $ref: '#/definitions/repo.ItemTemplateUpdate'
+      produces:
+      - application/json
+      responses:
+        "200":
+          description: OK
+          schema:
+            $ref: '#/definitions/repo.ItemTemplateOut'
+      security:
+      - Bearer: []
+      summary: Update Item Template
+      tags:
+      - Item Templates
+  /v1/templates/{id}/create-item:
+    post:
+      parameters:
+      - description: Template ID
+        in: path
+        name: id
+        required: true
+        type: string
+      - description: Item Data
+        in: body
+        name: payload
+        required: true
+        schema:
+          $ref: '#/definitions/v1.ItemTemplateCreateItemRequest'
+      produces:
+      - application/json
+      responses:
+        "201":
+          description: Created
+          schema:
+            $ref: '#/definitions/repo.ItemOut'
+      security:
+      - Bearer: []
+      summary: Create Item from Template
+      tags:
+      - Item Templates
   /v1/users/change-password:
     put:
       parameters:
@@ -2710,6 +3275,35 @@ paths:
       summary: User Login
       tags:
       - Authentication
+  /v1/users/login/oidc:
+    get:
+      produces:
+      - application/json
+      responses:
+        "302":
+          description: Found
+      summary: OIDC Login Initiation
+      tags:
+      - Authentication
+  /v1/users/login/oidc/callback:
+    get:
+      parameters:
+      - description: Authorization code
+        in: query
+        name: code
+        required: true
+        type: string
+      - description: State parameter
+        in: query
+        name: state
+        required: true
+        type: string
+      responses:
+        "302":
+          description: Found
+      summary: OIDC Callback Handler
+      tags:
+      - Authentication
   /v1/users/logout:
     post:
       responses:
@@ -2747,6 +3341,10 @@ paths:
       responses:
         "204":
           description: No Content
+        "403":
+          description: Local login is not enabled
+          schema:
+            type: string
       summary: Register New User
       tags:
       - User

backend/go.mod

@@ -6,15 +6,16 @@ toolchain go1.24.3
 
 require (
 	entgo.io/ent v0.14.5
-	github.com/ardanlabs/conf/v3 v3.8.0
+	github.com/ardanlabs/conf/v3 v3.10.0
 	github.com/containrrr/shoutrrr v0.8.0
+	github.com/coreos/go-oidc/v3 v3.17.0
 	github.com/evanoberholster/imagemeta v0.3.1
 	github.com/gen2brain/avif v0.4.4
-	github.com/gen2brain/heic v0.4.5
+	github.com/gen2brain/heic v0.4.7
 	github.com/gen2brain/jpegxl v0.4.5
 	github.com/gen2brain/webp v0.5.5
-	github.com/go-chi/chi/v5 v5.2.2
-	github.com/go-playground/validator/v10 v10.27.0
+	github.com/go-chi/chi/v5 v5.2.3
+	github.com/go-playground/validator/v10 v10.30.1
 	github.com/gocarina/gocsv v0.0.0-20240520201108-78e41c74b4b1
 	github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0
 	github.com/google/uuid v1.6.0
@@ -22,40 +23,42 @@ require (
 	github.com/hay-kot/httpkit v0.0.11
 	github.com/lib/pq v1.10.9
 	github.com/mattn/go-sqlite3 v1.14.32
-	github.com/olahol/melody v1.3.0
+	github.com/olahol/melody v1.4.0
 	github.com/pkg/errors v0.9.1
-	github.com/pressly/goose/v3 v3.24.3
+	github.com/pressly/goose/v3 v3.26.0
 	github.com/rs/zerolog v1.34.0
-	github.com/shirou/gopsutil/v4 v4.25.7
+	github.com/shirou/gopsutil/v4 v4.25.11
 	github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e
-	github.com/stretchr/testify v1.10.0
+	github.com/stretchr/testify v1.11.1
 	github.com/swaggo/http-swagger/v2 v2.0.2
 	github.com/swaggo/swag v1.16.6
 	github.com/yeqown/go-qrcode/v2 v2.2.5
 	github.com/yeqown/go-qrcode/writer/standard v1.3.0
 	github.com/zeebo/blake3 v0.2.4
 	go.balki.me/anyhttp v0.5.2
-	gocloud.dev v0.43.0
-	gocloud.dev/pubsub/kafkapubsub v0.43.0
-	gocloud.dev/pubsub/natspubsub v0.43.0
-	gocloud.dev/pubsub/rabbitpubsub v0.43.0
-	golang.org/x/crypto v0.41.0
-	golang.org/x/image v0.30.0
-	golang.org/x/text v0.28.0
-	modernc.org/sqlite v1.38.2
+	gocloud.dev v0.44.0
+	gocloud.dev/pubsub/kafkapubsub v0.44.0
+	gocloud.dev/pubsub/natspubsub v0.44.0
+	gocloud.dev/pubsub/rabbitpubsub v0.44.0
+	golang.org/x/crypto v0.46.0
+	golang.org/x/image v0.34.0
+	golang.org/x/oauth2 v0.34.0
+	golang.org/x/text v0.32.0
+	modernc.org/sqlite v1.41.0
 )
 
 require (
 	ariga.io/atlas v0.32.1-0.20250325101103-175b25e1c1b9 // indirect
 	cel.dev/expr v0.24.0 // indirect
-	cloud.google.com/go v0.121.4 // indirect
-	cloud.google.com/go/auth v0.16.4 // indirect
+	cloud.google.com/go v0.121.6 // indirect
+	cloud.google.com/go/auth v0.17.0 // indirect
 	cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect
-	cloud.google.com/go/compute/metadata v0.8.0 // indirect
-	cloud.google.com/go/iam v1.5.2 // indirect
-	cloud.google.com/go/monitoring v1.24.2 // indirect
-	cloud.google.com/go/pubsub v1.49.0 // indirect
-	cloud.google.com/go/storage v1.55.0 // indirect
+	cloud.google.com/go/compute/metadata v0.9.0 // indirect
+	cloud.google.com/go/iam v1.5.3 // indirect
+	cloud.google.com/go/monitoring v1.24.3 // indirect
+	cloud.google.com/go/pubsub v1.50.1 // indirect
+	cloud.google.com/go/pubsub/v2 v2.2.1 // indirect
+	cloud.google.com/go/storage v1.56.0 // indirect
 	github.com/Azure/azure-amqp-common-go/v3 v3.2.3 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.1 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.10.1 // indirect
@@ -66,71 +69,74 @@ require (
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/Azure/go-autorest/autorest/to v0.4.1 // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.4.2 // indirect
-	github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.29.0 // indirect
+	github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.30.0 // indirect
 	github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.53.0 // indirect
 	github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.53.0 // indirect
-	github.com/IBM/sarama v1.45.2 // indirect
+	github.com/IBM/sarama v1.46.3 // indirect
 	github.com/KyleBanks/depth v1.2.1 // indirect
 	github.com/agext/levenshtein v1.2.3 // indirect
 	github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
-	github.com/aws/aws-sdk-go v1.55.7 // indirect
-	github.com/aws/aws-sdk-go-v2 v1.36.5 // indirect
-	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.11 // indirect
-	github.com/aws/aws-sdk-go-v2/config v1.29.17 // indirect
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.70 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.32 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.84 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.36 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.36 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.36 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.4 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.7.4 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.17 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.17 // indirect
-	github.com/aws/aws-sdk-go-v2/service/s3 v1.84.0 // indirect
+	github.com/aws/aws-sdk-go-v2 v1.39.6 // indirect
+	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.3 // indirect
+	github.com/aws/aws-sdk-go-v2/config v1.31.17 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.18.21 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.13 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.20.3 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.13 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.13 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.13 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.13 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.13 // indirect
+	github.com/aws/aws-sdk-go-v2/service/s3 v1.89.2 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sns v1.34.7 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sqs v1.38.8 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.25.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.3 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.34.0 // indirect
-	github.com/aws/smithy-go v1.22.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.30.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.39.1 // indirect
+	github.com/aws/smithy-go v1.23.2 // indirect
 	github.com/bmatcuk/doublestar v1.3.4 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
-	github.com/cncf/xds/go v0.0.0-20250501225837-2ac532fd4443 // indirect
+	github.com/cncf/xds/go v0.0.0-20251022180443-0feb69152e9f // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect
 	github.com/eapache/go-resiliency v1.7.0 // indirect
 	github.com/eapache/go-xerial-snappy v0.0.0-20230731223053-c322873962e3 // indirect
 	github.com/eapache/queue v1.1.0 // indirect
-	github.com/ebitengine/purego v0.8.4 // indirect
-	github.com/envoyproxy/go-control-plane/envoy v1.32.4 // indirect
+	github.com/ebitengine/purego v0.9.1 // indirect
+	github.com/envoyproxy/go-control-plane/envoy v1.35.0 // indirect
 	github.com/envoyproxy/protoc-gen-validate v1.2.1 // indirect
 	github.com/fatih/color v1.18.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/fogleman/gg v1.3.0 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.9 // indirect
-	github.com/go-jose/go-jose/v4 v4.1.1 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.12 // indirect
+	github.com/go-jose/go-jose/v4 v4.1.3 // indirect
 	github.com/go-logr/logr v1.4.3 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-ole/go-ole v1.2.6 // indirect
 	github.com/go-openapi/inflect v0.19.0 // indirect
-	github.com/go-openapi/jsonpointer v0.21.2 // indirect
-	github.com/go-openapi/jsonreference v0.21.0 // indirect
-	github.com/go-openapi/spec v0.21.0 // indirect
-	github.com/go-openapi/swag v0.23.1 // indirect
+	github.com/go-openapi/jsonpointer v0.22.4 // indirect
+	github.com/go-openapi/jsonreference v0.21.4 // indirect
+	github.com/go-openapi/spec v0.22.3 // indirect
+	github.com/go-openapi/swag/conv v0.25.4 // indirect
+	github.com/go-openapi/swag/jsonname v0.25.4 // indirect
+	github.com/go-openapi/swag/jsonutils v0.25.4 // indirect
+	github.com/go-openapi/swag/loading v0.25.4 // indirect
+	github.com/go-openapi/swag/stringutils v0.25.4 // indirect
+	github.com/go-openapi/swag/typeutils v0.25.4 // indirect
+	github.com/go-openapi/swag/yamlutils v0.25.4 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/golang-jwt/jwt/v5 v5.2.3 // indirect
 	github.com/golang/snappy v1.0.0 // indirect
 	github.com/google/go-cmp v0.7.0 // indirect
 	github.com/google/s2a-go v0.1.9 // indirect
-	github.com/google/wire v0.6.0 // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.3.6 // indirect
-	github.com/googleapis/gax-go/v2 v2.15.0 // indirect
+	github.com/google/wire v0.7.0 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.7 // indirect
+	github.com/googleapis/gax-go/v2 v2.16.0 // indirect
 	github.com/gorilla/websocket v1.5.3 // indirect
-	github.com/hashicorp/errwrap v1.1.0 // indirect
-	github.com/hashicorp/go-multierror v1.1.1 // indirect
 	github.com/hashicorp/go-uuid v1.0.3 // indirect
 	github.com/hashicorp/hcl/v2 v2.18.1 // indirect
 	github.com/jcmturner/aescts/v2 v2.0.0 // indirect
@@ -138,70 +144,66 @@ require (
 	github.com/jcmturner/gofork v1.7.6 // indirect
 	github.com/jcmturner/gokrb5/v8 v8.4.4 // indirect
 	github.com/jcmturner/rpc/v2 v2.0.3 // indirect
-	github.com/jmespath/go-jmespath v0.4.0 // indirect
-	github.com/josharian/intern v1.0.0 // indirect
-	github.com/klauspost/compress v1.18.0 // indirect
+	github.com/klauspost/compress v1.18.2 // indirect
 	github.com/klauspost/cpuid/v2 v2.3.0 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 // indirect
-	github.com/mailru/easyjson v0.9.0 // indirect
 	github.com/mattn/go-colorable v0.1.14 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mfridman/interpolate v0.0.2 // indirect
 	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
-	github.com/nats-io/nats.go v1.44.0 // indirect
-	github.com/nats-io/nkeys v0.4.11 // indirect
+	github.com/nats-io/nats.go v1.48.0 // indirect
+	github.com/nats-io/nkeys v0.4.12 // indirect
 	github.com/nats-io/nuid v1.0.1 // indirect
-	github.com/ncruces/go-strftime v0.1.9 // indirect
+	github.com/ncruces/go-strftime v1.0.0 // indirect
 	github.com/philhofer/fwd v1.2.0 // indirect
-	github.com/pierrec/lz4/v4 v4.1.22 // indirect
+	github.com/pierrec/lz4/v4 v4.1.23 // indirect
 	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
 	github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
-	github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect
+	github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 // indirect
 	github.com/rabbitmq/amqp091-go v1.10.0 // indirect
 	github.com/rcrowley/go-metrics v0.0.0-20250401214520-65e299d6c5c9 // indirect
 	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
 	github.com/sethvargo/go-retry v0.3.0 // indirect
-	github.com/spiffe/go-spiffe/v2 v2.5.0 // indirect
+	github.com/spiffe/go-spiffe/v2 v2.6.0 // indirect
 	github.com/swaggo/files/v2 v2.0.2 // indirect
-	github.com/tetratelabs/wazero v1.9.0 // indirect
-	github.com/tinylib/msgp v1.3.0 // indirect
-	github.com/tklauser/go-sysconf v0.3.15 // indirect
-	github.com/tklauser/numcpus v0.10.0 // indirect
+	github.com/tetratelabs/wazero v1.11.0 // indirect
+	github.com/tinylib/msgp v1.6.1 // indirect
+	github.com/tklauser/go-sysconf v0.3.16 // indirect
+	github.com/tklauser/numcpus v0.11.0 // indirect
 	github.com/yeqown/reedsolomon v1.0.0 // indirect
 	github.com/yusufpapurcu/wmi v1.2.4 // indirect
 	github.com/zclconf/go-cty v1.14.4 // indirect
 	github.com/zclconf/go-cty-yaml v1.1.0 // indirect
-	github.com/zeebo/errs v1.4.0 // indirect
-	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
-	go.opentelemetry.io/contrib/detectors/gcp v1.37.0 // indirect
+	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
+	go.opentelemetry.io/contrib/detectors/gcp v1.38.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.62.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.62.0 // indirect
-	go.opentelemetry.io/otel v1.37.0 // indirect
-	go.opentelemetry.io/otel/metric v1.37.0 // indirect
-	go.opentelemetry.io/otel/sdk v1.37.0 // indirect
-	go.opentelemetry.io/otel/sdk/metric v1.37.0 // indirect
-	go.opentelemetry.io/otel/trace v1.37.0 // indirect
+	go.opentelemetry.io/otel v1.39.0 // indirect
+	go.opentelemetry.io/otel/metric v1.39.0 // indirect
+	go.opentelemetry.io/otel/sdk v1.39.0 // indirect
+	go.opentelemetry.io/otel/sdk/metric v1.39.0 // indirect
+	go.opentelemetry.io/otel/trace v1.39.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	golang.org/x/exp v0.0.0-20250813145105-42675adae3e6 // indirect
-	golang.org/x/mod v0.27.0 // indirect
-	golang.org/x/net v0.43.0 // indirect
-	golang.org/x/oauth2 v0.30.0 // indirect
-	golang.org/x/sync v0.16.0 // indirect
-	golang.org/x/sys v0.35.0 // indirect
-	golang.org/x/time v0.12.0 // indirect
-	golang.org/x/tools v0.36.0 // indirect
+	go.yaml.in/yaml/v3 v3.0.4 // indirect
+	golang.org/x/exp v0.0.0-20251219203646-944ab1f22d93 // indirect
+	golang.org/x/mod v0.31.0 // indirect
+	golang.org/x/net v0.48.0 // indirect
+	golang.org/x/sync v0.19.0 // indirect
+	golang.org/x/sys v0.39.0 // indirect
+	golang.org/x/time v0.14.0 // indirect
+	golang.org/x/tools v0.40.0 // indirect
 	golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da // indirect
-	google.golang.org/api v0.247.0 // indirect
-	google.golang.org/genproto v0.0.0-20250715232539-7130f93afb79 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20250715232539-7130f93afb79 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20250811230008-5f3141c8851a // indirect
-	google.golang.org/grpc v1.74.2 // indirect
-	google.golang.org/protobuf v1.36.7 // indirect
+	google.golang.org/api v0.258.0 // indirect
+	google.golang.org/genproto v0.0.0-20251202230838-ff82c1b0f217 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20251222181119-0a764e51fe1b // indirect
+	google.golang.org/grpc v1.78.0 // indirect
+	google.golang.org/protobuf v1.36.11 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	modernc.org/libc v1.66.7 // indirect
+	modernc.org/libc v1.67.2 // indirect
 	modernc.org/mathutil v1.7.1 // indirect
 	modernc.org/memory v1.11.0 // indirect
 )

backend/go.sum

@@ -2,28 +2,30 @@ ariga.io/atlas v0.32.1-0.20250325101103-175b25e1c1b9 h1:E0wvcUXTkgyN4wy4LGtNzMNG
 ariga.io/atlas v0.32.1-0.20250325101103-175b25e1c1b9/go.mod h1:Oe1xWPuu5q9LzyrWfbZmEZxFYeu4BHTyzfjeW2aZp/w=
 cel.dev/expr v0.24.0 h1:56OvJKSH3hDGL0ml5uSxZmz3/3Pq4tJ+fb1unVLAFcY=
 cel.dev/expr v0.24.0/go.mod h1:hLPLo1W4QUmuYdA72RBX06QTs6MXw941piREPl3Yfiw=
-cloud.google.com/go v0.121.4 h1:cVvUiY0sX0xwyxPwdSU2KsF9knOVmtRyAMt8xou0iTs=
-cloud.google.com/go v0.121.4/go.mod h1:XEBchUiHFJbz4lKBZwYBDHV/rSyfFktk737TLDU089s=
-cloud.google.com/go/auth v0.16.4 h1:fXOAIQmkApVvcIn7Pc2+5J8QTMVbUGLscnSVNl11su8=
-cloud.google.com/go/auth v0.16.4/go.mod h1:j10ncYwjX/g3cdX7GpEzsdM+d+ZNsXAbb6qXA7p1Y5M=
+cloud.google.com/go v0.121.6 h1:waZiuajrI28iAf40cWgycWNgaXPO06dupuS+sgibK6c=
+cloud.google.com/go v0.121.6/go.mod h1:coChdst4Ea5vUpiALcYKXEpR1S9ZgXbhEzzMcMR66vI=
+cloud.google.com/go/auth v0.17.0 h1:74yCm7hCj2rUyyAocqnFzsAYXgJhrG26XCFimrc/Kz4=
+cloud.google.com/go/auth v0.17.0/go.mod h1:6wv/t5/6rOPAX4fJiRjKkJCvswLwdet7G8+UGXt7nCQ=
 cloud.google.com/go/auth/oauth2adapt v0.2.8 h1:keo8NaayQZ6wimpNSmW5OPc283g65QNIiLpZnkHRbnc=
 cloud.google.com/go/auth/oauth2adapt v0.2.8/go.mod h1:XQ9y31RkqZCcwJWNSx2Xvric3RrU88hAYYbjDWYDL+c=
-cloud.google.com/go/compute/metadata v0.8.0 h1:HxMRIbao8w17ZX6wBnjhcDkW6lTFpgcaobyVfZWqRLA=
-cloud.google.com/go/compute/metadata v0.8.0/go.mod h1:sYOGTp851OV9bOFJ9CH7elVvyzopvWQFNNghtDQ/Biw=
-cloud.google.com/go/iam v1.5.2 h1:qgFRAGEmd8z6dJ/qyEchAuL9jpswyODjA2lS+w234g8=
-cloud.google.com/go/iam v1.5.2/go.mod h1:SE1vg0N81zQqLzQEwxL2WI6yhetBdbNQuTvIKCSkUHE=
-cloud.google.com/go/logging v1.13.0 h1:7j0HgAp0B94o1YRDqiqm26w4q1rDMH7XNRU34lJXHYc=
-cloud.google.com/go/logging v1.13.0/go.mod h1:36CoKh6KA/M0PbhPKMq6/qety2DCAErbhXT62TuXALA=
-cloud.google.com/go/longrunning v0.6.7 h1:IGtfDWHhQCgCjwQjV9iiLnUta9LBCo8R9QmAFsS/PrE=
-cloud.google.com/go/longrunning v0.6.7/go.mod h1:EAFV3IZAKmM56TyiE6VAP3VoTzhZzySwI/YI1s/nRsY=
-cloud.google.com/go/monitoring v1.24.2 h1:5OTsoJ1dXYIiMiuL+sYscLc9BumrL3CarVLL7dd7lHM=
-cloud.google.com/go/monitoring v1.24.2/go.mod h1:x7yzPWcgDRnPEv3sI+jJGBkwl5qINf+6qY4eq0I9B4U=
-cloud.google.com/go/pubsub v1.49.0 h1:5054IkbslnrMCgA2MAEPcsN3Ky+AyMpEZcii/DoySPo=
-cloud.google.com/go/pubsub v1.49.0/go.mod h1:K1FswTWP+C1tI/nfi3HQecoVeFvL4HUOB1tdaNXKhUY=
-cloud.google.com/go/storage v1.55.0 h1:NESjdAToN9u1tmhVqhXCaCwYBuvEhZLLv0gBr+2znf0=
-cloud.google.com/go/storage v1.55.0/go.mod h1:ztSmTTwzsdXe5syLVS0YsbFxXuvEmEyZj7v7zChEmuY=
-cloud.google.com/go/trace v1.11.6 h1:2O2zjPzqPYAHrn3OKl029qlqG6W8ZdYaOWRyr8NgMT4=
-cloud.google.com/go/trace v1.11.6/go.mod h1:GA855OeDEBiBMzcckLPE2kDunIpC72N+Pq8WFieFjnI=
+cloud.google.com/go/compute/metadata v0.9.0 h1:pDUj4QMoPejqq20dK0Pg2N4yG9zIkYGdBtwLoEkH9Zs=
+cloud.google.com/go/compute/metadata v0.9.0/go.mod h1:E0bWwX5wTnLPedCKqk3pJmVgCBSM6qQI1yTBdEb3C10=
+cloud.google.com/go/iam v1.5.3 h1:+vMINPiDF2ognBJ97ABAYYwRgsaqxPbQDlMnbHMjolc=
+cloud.google.com/go/iam v1.5.3/go.mod h1:MR3v9oLkZCTlaqljW6Eb2d3HGDGK5/bDv93jhfISFvU=
+cloud.google.com/go/logging v1.13.1 h1:O7LvmO0kGLaHY/gq8cV7T0dyp6zJhYAOtZPX4TF3QtY=
+cloud.google.com/go/logging v1.13.1/go.mod h1:XAQkfkMBxQRjQek96WLPNze7vsOmay9H5PqfsNYDqvw=
+cloud.google.com/go/longrunning v0.7.0 h1:FV0+SYF1RIj59gyoWDRi45GiYUMM3K1qO51qoboQT1E=
+cloud.google.com/go/longrunning v0.7.0/go.mod h1:ySn2yXmjbK9Ba0zsQqunhDkYi0+9rlXIwnoAf+h+TPY=
+cloud.google.com/go/monitoring v1.24.3 h1:dde+gMNc0UhPZD1Azu6at2e79bfdztVDS5lvhOdsgaE=
+cloud.google.com/go/monitoring v1.24.3/go.mod h1:nYP6W0tm3N9H/bOw8am7t62YTzZY+zUeQ+Bi6+2eonI=
+cloud.google.com/go/pubsub v1.50.1 h1:fzbXpPyJnSGvWXF1jabhQeXyxdbCIkXTpjXHy7xviBM=
+cloud.google.com/go/pubsub v1.50.1/go.mod h1:6YVJv3MzWJUVdvQXG081sFvS0dWQOdnV+oTo++q/xFk=
+cloud.google.com/go/pubsub/v2 v2.2.1 h1:3brZcshL3fIiD1qOxAE2QW9wxsfjioy014x4yC9XuYI=
+cloud.google.com/go/pubsub/v2 v2.2.1/go.mod h1:O5f0KHG9zDheZAd3z5rlCRhxt2JQtB+t/IYLKK3Bpvw=
+cloud.google.com/go/storage v1.56.0 h1:iixmq2Fse2tqxMbWhLWC9HfBj1qdxqAmiK8/eqtsLxI=
+cloud.google.com/go/storage v1.56.0/go.mod h1:Tpuj6t4NweCLzlNbw9Z9iwxEkrSem20AetIeH/shgVU=
+cloud.google.com/go/trace v1.11.7 h1:kDNDX8JkaAG3R2nq1lIdkb7FCSi1rCmsEtKVsty7p+U=
+cloud.google.com/go/trace v1.11.7/go.mod h1:TNn9d5V3fQVf6s4SCveVMIBS2LJUqo73GACmq/Tky0s=
 entgo.io/ent v0.14.5 h1:Rj2WOYJtCkWyFo6a+5wB3EfBRP0rnx1fMk6gGA0UUe4=
 entgo.io/ent v0.14.5/go.mod h1:zTzLmWtPvGpmSwtkaayM2cm5m819NdM7z7tYPq3vN0U=
 github.com/Azure/azure-amqp-common-go/v3 v3.2.3 h1:uDF62mbd9bypXWi19V1bN5NZEO84JqgmI5G73ibAmrk=
@@ -61,78 +63,78 @@ github.com/AzureAD/microsoft-authentication-library-for-go v1.4.2 h1:oygO0locgZJ
 github.com/AzureAD/microsoft-authentication-library-for-go v1.4.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI=
 github.com/DATA-DOG/go-sqlmock v1.5.0 h1:Shsta01QNfFxHCfpW6YH2STWB0MudeXXEWMr20OEh60=
 github.com/DATA-DOG/go-sqlmock v1.5.0/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q5eFN3EC/SaM=
-github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.29.0 h1:UQUsRi8WTzhZntp5313l+CHIAT95ojUI2lpP/ExlZa4=
-github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.29.0/go.mod h1:Cz6ft6Dkn3Et6l2v2a9/RpN7epQ1GtDlO6lj8bEcOvw=
+github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.30.0 h1:sBEjpZlNHzK1voKq9695PJSX2o5NEXl7/OL3coiIY0c=
+github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.30.0/go.mod h1:P4WPRUkOhJC13W//jWpyfJNDAIpvRbAUIYLX/4jtlE0=
 github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.53.0 h1:owcC2UnmsZycprQ5RfRgjydWhuoxg71LUfyiQdijZuM=
 github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.53.0/go.mod h1:ZPpqegjbE99EPKsu3iUWV22A04wzGPcAY/ziSIQEEgs=
 github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock v0.53.0 h1:4LP6hvB4I5ouTbGgWtixJhgED6xdf67twf9PoY96Tbg=
 github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock v0.53.0/go.mod h1:jUZ5LYlw40WMd07qxcQJD5M40aUxrfwqQX1g7zxYnrQ=
 github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.53.0 h1:Ron4zCA/yk6U7WOBXhTJcDpsUBG9npumK6xw2auFltQ=
 github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.53.0/go.mod h1:cSgYe11MCNYunTnRXrKiR/tHc0eoKjICUuWpNZoVCOo=
-github.com/IBM/sarama v1.45.2 h1:8m8LcMCu3REcwpa7fCP6v2fuPuzVwXDAM2DOv3CBrKw=
-github.com/IBM/sarama v1.45.2/go.mod h1:ppaoTcVdGv186/z6MEKsMm70A5fwJfRTpstI37kVn3Y=
+github.com/IBM/sarama v1.46.3 h1:njRsX6jNlnR+ClJ8XmkO+CM4unbrNr/2vB5KK6UA+IE=
+github.com/IBM/sarama v1.46.3/go.mod h1:GTUYiF9DMOZVe3FwyGT+dtSPceGFIgA+sPc5u6CBwko=
 github.com/KyleBanks/depth v1.2.1 h1:5h8fQADFrWtarTdtDudMmGsC7GPbOAu6RVB3ffsVFHc=
 github.com/KyleBanks/depth v1.2.1/go.mod h1:jzSb9d0L43HxTQfT+oSA1EEp2q+ne2uh6XgeJcm8brE=
 github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo=
 github.com/agext/levenshtein v1.2.3/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=
 github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew1u1fNQOlOtuGxQY=
 github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4=
-github.com/ardanlabs/conf/v3 v3.8.0 h1:Mvv2wZJz8tIl705m5BU3ZRCP1V6TKY6qebA8i4sykrY=
-github.com/ardanlabs/conf/v3 v3.8.0/go.mod h1:XlL9P0quWP4m1weOVFmlezabinbZLI05niDof/+Ochk=
-github.com/aws/aws-sdk-go v1.55.7 h1:UJrkFq7es5CShfBwlWAC8DA077vp8PyVbQd3lqLiztE=
-github.com/aws/aws-sdk-go v1.55.7/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU=
-github.com/aws/aws-sdk-go-v2 v1.36.5 h1:0OF9RiEMEdDdZEMqF9MRjevyxAQcf6gY+E7vwBILFj0=
-github.com/aws/aws-sdk-go-v2 v1.36.5/go.mod h1:EYrzvCCN9CMUTa5+6lf6MM4tq3Zjp8UhSGR/cBsjai0=
-github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.11 h1:12SpdwU8Djs+YGklkinSSlcrPyj3H4VifVsKf78KbwA=
-github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.11/go.mod h1:dd+Lkp6YmMryke+qxW/VnKyhMBDTYP41Q2Bb+6gNZgY=
-github.com/aws/aws-sdk-go-v2/config v1.29.17 h1:jSuiQ5jEe4SAMH6lLRMY9OVC+TqJLP5655pBGjmnjr0=
-github.com/aws/aws-sdk-go-v2/config v1.29.17/go.mod h1:9P4wwACpbeXs9Pm9w1QTh6BwWwJjwYvJ1iCt5QbCXh8=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.70 h1:ONnH5CM16RTXRkS8Z1qg7/s2eDOhHhaXVd72mmyv4/0=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.70/go.mod h1:M+lWhhmomVGgtuPOhO85u4pEa3SmssPTdcYpP/5J/xc=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.32 h1:KAXP9JSHO1vKGCr5f4O6WmlVKLFFXgWYAGoJosorxzU=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.32/go.mod h1:h4Sg6FQdexC1yYG9RDnOvLbW1a/P986++/Y/a+GyEM8=
-github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.84 h1:cTXRdLkpBanlDwISl+5chq5ui1d1YWg4PWMR9c3kXyw=
-github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.84/go.mod h1:kwSy5X7tfIHN39uucmjQVs2LvDdXEjQucgQQEqCggEo=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.36 h1:SsytQyTMHMDPspp+spo7XwXTP44aJZZAC7fBV2C5+5s=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.36/go.mod h1:Q1lnJArKRXkenyog6+Y+zr7WDpk4e6XlR6gs20bbeNo=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.36 h1:i2vNHQiXUvKhs3quBR6aqlgJaiaexz/aNvdCktW/kAM=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.36/go.mod h1:UdyGa7Q91id/sdyHPwth+043HhmP6yP9MBHgbZM0xo8=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 h1:bIqFDwgGXXN1Kpp99pDOdKMTTb5d2KyU5X/BZxjOkRo=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3/go.mod h1:H5O/EsxDWyU+LP/V8i5sm8cxoZgc2fdNR9bxlOFrQTo=
-github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.36 h1:GMYy2EOWfzdP3wfVAGXBNKY5vK4K8vMET4sYOYltmqs=
-github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.36/go.mod h1:gDhdAV6wL3PmPqBhiPbnlS447GoWs8HTTOYef9/9Inw=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.4 h1:CXV68E2dNqhuynZJPB80bhPQwAKqBWVer887figW6Jc=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.4/go.mod h1:/xFi9KtvBXP97ppCz1TAEvU1Uf66qvid89rbem3wCzQ=
-github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.7.4 h1:nAP2GYbfh8dd2zGZqFRSMlq+/F6cMPBUuCsGAMkN074=
-github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.7.4/go.mod h1:LT10DsiGjLWh4GbjInf9LQejkYEhBgBCjLG5+lvk4EE=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.17 h1:t0E6FzREdtCsiLIoLCWsYliNsRBgyGD/MCK571qk4MI=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.17/go.mod h1:ygpklyoaypuyDvOM5ujWGrYWpAK3h7ugnmKCU/76Ys4=
-github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.17 h1:qcLWgdhq45sDM9na4cvXax9dyLitn8EYBRl8Ak4XtG4=
-github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.17/go.mod h1:M+jkjBFZ2J6DJrjMv2+vkBbuht6kxJYtJiwoVgX4p4U=
-github.com/aws/aws-sdk-go-v2/service/s3 v1.84.0 h1:0reDqfEN+tB+sozj2r92Bep8MEwBZgtAXTND1Kk9OXg=
-github.com/aws/aws-sdk-go-v2/service/s3 v1.84.0/go.mod h1:kUklwasNoCn5YpyAqC/97r6dzTA1SRKJfKq16SXeoDU=
+github.com/ardanlabs/conf/v3 v3.10.0 h1:qIrJ/WBmH/hFQ/IX4xH9LX9LzwK44T9aEOy78M+4S+0=
+github.com/ardanlabs/conf/v3 v3.10.0/go.mod h1:XlL9P0quWP4m1weOVFmlezabinbZLI05niDof/+Ochk=
+github.com/aws/aws-sdk-go-v2 v1.39.6 h1:2JrPCVgWJm7bm83BDwY5z8ietmeJUbh3O2ACnn+Xsqk=
+github.com/aws/aws-sdk-go-v2 v1.39.6/go.mod h1:c9pm7VwuW0UPxAEYGyTmyurVcNrbF6Rt/wixFqDhcjE=
+github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.3 h1:DHctwEM8P8iTXFxC/QK0MRjwEpWQeM9yzidCRjldUz0=
+github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.3/go.mod h1:xdCzcZEtnSTKVDOmUZs4l/j3pSV6rpo1WXl5ugNsL8Y=
+github.com/aws/aws-sdk-go-v2/config v1.31.17 h1:QFl8lL6RgakNK86vusim14P2k8BFSxjvUkcWLDjgz9Y=
+github.com/aws/aws-sdk-go-v2/config v1.31.17/go.mod h1:V8P7ILjp/Uef/aX8TjGk6OHZN6IKPM5YW6S78QnRD5c=
+github.com/aws/aws-sdk-go-v2/credentials v1.18.21 h1:56HGpsgnmD+2/KpG0ikvvR8+3v3COCwaF4r+oWwOeNA=
+github.com/aws/aws-sdk-go-v2/credentials v1.18.21/go.mod h1:3YELwedmQbw7cXNaII2Wywd+YY58AmLPwX4LzARgmmA=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.13 h1:T1brd5dR3/fzNFAQch/iBKeX07/ffu/cLu+q+RuzEWk=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.13/go.mod h1:Peg/GBAQ6JDt+RoBf4meB1wylmAipb7Kg2ZFakZTlwk=
+github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.20.3 h1:4GNV1lhyELGjMz5ILMRxDvxvOaeo3Ux9Z69S1EgVMMQ=
+github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.20.3/go.mod h1:br7KA6edAAqDGUYJ+zVVPAyMrPhnN+zdt17yTUT6FPw=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.13 h1:a+8/MLcWlIxo1lF9xaGt3J/u3yOZx+CdSveSNwjhD40=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.13/go.mod h1:oGnKwIYZ4XttyU2JWxFrwvhF6YKiK/9/wmE3v3Iu9K8=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.13 h1:HBSI2kDkMdWz4ZM7FjwE7e/pWDEZ+nR95x8Ztet1ooY=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.13/go.mod h1:YE94ZoDArI7awZqJzBAZ3PDD2zSfuP7w6P2knOzIn8M=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4 h1:WKuaxf++XKWlHWu9ECbMlha8WOEGm0OUEZqm4K/Gcfk=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4/go.mod h1:ZWy7j6v1vWGmPReu0iSGvRiise4YI5SkR3OHKTZ6Wuc=
+github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.13 h1:eg/WYAa12vqTphzIdWMzqYRVKKnCboVPRlvaybNCqPA=
+github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.13/go.mod h1:/FDdxWhz1486obGrKKC1HONd7krpk38LBt+dutLcN9k=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.3 h1:x2Ibm/Af8Fi+BH+Hsn9TXGdT+hKbDd5XOTZxTMxDk7o=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.3/go.mod h1:IW1jwyrQgMdhisceG8fQLmQIydcT/jWY21rFhzgaKwo=
+github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.4 h1:NvMjwvv8hpGUILarKw7Z4Q0w1H9anXKsesMxtw++MA4=
+github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.4/go.mod h1:455WPHSwaGj2waRSpQp7TsnpOnBfw8iDfPfbwl7KPJE=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.13 h1:kDqdFvMY4AtKoACfzIGD8A0+hbT41KTKF//gq7jITfM=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.13/go.mod h1:lmKuogqSU3HzQCwZ9ZtcqOc5XGMqtDK7OIc2+DxiUEg=
+github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.13 h1:zhBJXdhWIFZ1acfDYIhu4+LCzdUS2Vbcum7D01dXlHQ=
+github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.13/go.mod h1:JaaOeCE368qn2Hzi3sEzY6FgAZVCIYcC2nwbro2QCh8=
+github.com/aws/aws-sdk-go-v2/service/s3 v1.89.2 h1:xgBWsgaeUESl8A8k80p6yBdexMWDVeiDmJ/pkjohJ7c=
+github.com/aws/aws-sdk-go-v2/service/s3 v1.89.2/go.mod h1:+wArOOrcHUevqdto9k1tKOF5++YTe9JEcPSc9Tx2ZSw=
 github.com/aws/aws-sdk-go-v2/service/sns v1.34.7 h1:OBuZE9Wt8h2imuRktu+WfjiTGrnYdCIJg8IX92aalHE=
 github.com/aws/aws-sdk-go-v2/service/sns v1.34.7/go.mod h1:4WYoZAhHt+dWYpoOQUgkUKfuQbE6Gg/hW4oXE0pKS9U=
 github.com/aws/aws-sdk-go-v2/service/sqs v1.38.8 h1:80dpSqWMwx2dAm30Ib7J6ucz1ZHfiv5OCRwN/EnCOXQ=
 github.com/aws/aws-sdk-go-v2/service/sqs v1.38.8/go.mod h1:IzNt/udsXlETCdvBOL0nmyMe2t9cGmXmZgsdoZGYYhI=
-github.com/aws/aws-sdk-go-v2/service/sso v1.25.5 h1:AIRJ3lfb2w/1/8wOOSqYb9fUKGwQbtysJ2H1MofRUPg=
-github.com/aws/aws-sdk-go-v2/service/sso v1.25.5/go.mod h1:b7SiVprpU+iGazDUqvRSLf5XmCdn+JtT1on7uNL6Ipc=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.3 h1:BpOxT3yhLwSJ77qIY3DoHAQjZsc4HEGfMCE4NGy3uFg=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.3/go.mod h1:vq/GQR1gOFLquZMSrxUK/cpvKCNVYibNyJ1m7JrU88E=
-github.com/aws/aws-sdk-go-v2/service/sts v1.34.0 h1:NFOJ/NXEGV4Rq//71Hs1jC/NvPs1ezajK+yQmkwnPV0=
-github.com/aws/aws-sdk-go-v2/service/sts v1.34.0/go.mod h1:7ph2tGpfQvwzgistp2+zga9f+bCjlQJPkPUmMgDSD7w=
-github.com/aws/smithy-go v1.22.4 h1:uqXzVZNuNexwc/xrh6Tb56u89WDlJY6HS+KC0S4QSjw=
-github.com/aws/smithy-go v1.22.4/go.mod h1:t1ufH5HMublsJYulve2RKmHDC15xu1f26kHCp/HgceI=
+github.com/aws/aws-sdk-go-v2/service/sso v1.30.1 h1:0JPwLz1J+5lEOfy/g0SURC9cxhbQ1lIMHMa+AHZSzz0=
+github.com/aws/aws-sdk-go-v2/service/sso v1.30.1/go.mod h1:fKvyjJcz63iL/ftA6RaM8sRCtN4r4zl4tjL3qw5ec7k=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.5 h1:OWs0/j2UYR5LOGi88sD5/lhN6TDLG6SfA7CqsQO9zF0=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.5/go.mod h1:klO+ejMvYsB4QATfEOIXk8WAEwN4N0aBfJpvC+5SZBo=
+github.com/aws/aws-sdk-go-v2/service/sts v1.39.1 h1:mLlUgHn02ue8whiR4BmxxGJLR2gwU6s6ZzJ5wDamBUs=
+github.com/aws/aws-sdk-go-v2/service/sts v1.39.1/go.mod h1:E19xDjpzPZC7LS2knI9E6BaRFDK43Eul7vd6rSq2HWk=
+github.com/aws/smithy-go v1.23.2 h1:Crv0eatJUQhaManss33hS5r40CG3ZFH+21XSkqMrIUM=
+github.com/aws/smithy-go v1.23.2/go.mod h1:LEj2LM3rBRQJxPZTB4KuzZkaZYnZPnvgIhb4pu07mx0=
 github.com/bmatcuk/doublestar v1.3.4 h1:gPypJ5xD31uhX6Tf54sDPUOBXTqKH4c9aPY66CyQrS0=
 github.com/bmatcuk/doublestar v1.3.4/go.mod h1:wiQtGV+rzVYxB7WIlirSN++5HPtPlXEo9MEoZQC/PmE=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/cncf/xds/go v0.0.0-20250501225837-2ac532fd4443 h1:aQ3y1lwWyqYPiWZThqv1aFbZMiM9vblcSArJRf2Irls=
-github.com/cncf/xds/go v0.0.0-20250501225837-2ac532fd4443/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8=
+github.com/cncf/xds/go v0.0.0-20251022180443-0feb69152e9f h1:Y8xYupdHxryycyPlc9Y+bSQAYZnetRJ70VMVKm5CKI0=
+github.com/cncf/xds/go v0.0.0-20251022180443-0feb69152e9f/go.mod h1:HlzOvOjVBOfTGSRXRyY0OiCS/3J1akRGQQpRO/7zyF4=
 github.com/coder/websocket v1.8.13 h1:f3QZdXy7uGVz+4uCJy2nTZyM0yTBj8yANEHhqlXZ9FE=
 github.com/coder/websocket v1.8.13/go.mod h1:LNVeNrXQZfe5qhS9ALED3uA+l5pPqvwXg3CKoDBB2gs=
 github.com/containrrr/shoutrrr v0.8.0 h1:mfG2ATzIS7NR2Ec6XL+xyoHzN97H8WPjir8aYzJUSec=
 github.com/containrrr/shoutrrr v0.8.0/go.mod h1:ioyQAyu1LJY6sILuNyKaQaw+9Ttik5QePU8atnAdO2o=
+github.com/coreos/go-oidc/v3 v3.17.0 h1:hWBGaQfbi0iVviX4ibC7bk8OKT5qNr4klBaCHVNvehc=
+github.com/coreos/go-oidc/v3 v3.17.0/go.mod h1:wqPbKFrVnE90vty060SB40FCJ8fTHTxSwyXJqZH+sI8=
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -149,12 +151,12 @@ github.com/eapache/go-xerial-snappy v0.0.0-20230731223053-c322873962e3 h1:Oy0F4A
 github.com/eapache/go-xerial-snappy v0.0.0-20230731223053-c322873962e3/go.mod h1:YvSRo5mw33fLEx1+DlK6L2VV43tJt5Eyel9n9XBcR+0=
 github.com/eapache/queue v1.1.0 h1:YOEu7KNc61ntiQlcEeUIoDTJ2o8mQznoNvUhiigpIqc=
 github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I=
-github.com/ebitengine/purego v0.8.4 h1:CF7LEKg5FFOsASUj0+QwaXf8Ht6TlFxg09+S9wz0omw=
-github.com/ebitengine/purego v0.8.4/go.mod h1:iIjxzd6CiRiOG0UyXP+V1+jWqUXVjPKLAI0mRfJZTmQ=
-github.com/envoyproxy/go-control-plane v0.13.4 h1:zEqyPVyku6IvWCFwux4x9RxkLOMUL+1vC9xUFv5l2/M=
-github.com/envoyproxy/go-control-plane v0.13.4/go.mod h1:kDfuBlDVsSj2MjrLEtRWtHlsWIFcGyB2RMO44Dc5GZA=
-github.com/envoyproxy/go-control-plane/envoy v1.32.4 h1:jb83lalDRZSpPWW2Z7Mck/8kXZ5CQAFYVjQcdVIr83A=
-github.com/envoyproxy/go-control-plane/envoy v1.32.4/go.mod h1:Gzjc5k8JcJswLjAx1Zm+wSYE20UrLtt7JZMWiWQXQEw=
+github.com/ebitengine/purego v0.9.1 h1:a/k2f2HQU3Pi399RPW1MOaZyhKJL9w/xFpKAg4q1s0A=
+github.com/ebitengine/purego v0.9.1/go.mod h1:iIjxzd6CiRiOG0UyXP+V1+jWqUXVjPKLAI0mRfJZTmQ=
+github.com/envoyproxy/go-control-plane v0.13.5-0.20251024222203-75eaa193e329 h1:K+fnvUM0VZ7ZFJf0n4L/BRlnsb9pL/GuDG6FqaH+PwM=
+github.com/envoyproxy/go-control-plane v0.13.5-0.20251024222203-75eaa193e329/go.mod h1:Alz8LEClvR7xKsrq3qzoc4N0guvVNSS8KmSChGYr9hs=
+github.com/envoyproxy/go-control-plane/envoy v1.35.0 h1:ixjkELDE+ru6idPxcHLj8LBVc2bFP7iBytj353BoHUo=
+github.com/envoyproxy/go-control-plane/envoy v1.35.0/go.mod h1:09qwbGVuSWWAyN5t/b3iyVfz5+z8QWGrzkoqm/8SbEs=
 github.com/envoyproxy/go-control-plane/ratelimit v0.1.0 h1:/G9QYbddjL25KvtKTv3an9lx6VBE2cnb8wp1vEGNYGI=
 github.com/envoyproxy/go-control-plane/ratelimit v0.1.0/go.mod h1:Wk+tMFAFbCXaJPzVVHnPgRKdUdwW/KdbRt94AzgRee4=
 github.com/envoyproxy/protoc-gen-validate v1.2.1 h1:DEo3O99U8j4hBFwbJfrz9VtgcDfUKS7KJ7spH3d86P8=
@@ -170,20 +172,20 @@ github.com/fogleman/gg v1.3.0/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzP
 github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
 github.com/fortytw2/leaktest v1.3.0 h1:u8491cBMTQ8ft8aeV+adlcytMZylmA5nnwwkRZjI8vw=
 github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g=
-github.com/gabriel-vasile/mimetype v1.4.9 h1:5k+WDwEsD9eTLL8Tz3L0VnmVh9QxGjRmjBvAG7U/oYY=
-github.com/gabriel-vasile/mimetype v1.4.9/go.mod h1:WnSQhFKJuBlRyLiKohA/2DtIlPFAbguNaG7QCHcyGok=
+github.com/gabriel-vasile/mimetype v1.4.12 h1:e9hWvmLYvtp846tLHam2o++qitpguFiYCKbn0w9jyqw=
+github.com/gabriel-vasile/mimetype v1.4.12/go.mod h1:d+9Oxyo1wTzWdyVUPMmXFvp4F9tea18J8ufA774AB3s=
 github.com/gen2brain/avif v0.4.4 h1:Ga/ss7qcWWQm2bxFpnjYjhJsNfZrWs5RsyklgFjKRSE=
 github.com/gen2brain/avif v0.4.4/go.mod h1:/XCaJcjZraQwKVhpu9aEd9aLOssYOawLvhMBtmHVGqk=
-github.com/gen2brain/heic v0.4.5 h1:Cq3hPu6wwlTJNv2t48ro3oWje54h82Q5pALeCBNgaSk=
-github.com/gen2brain/heic v0.4.5/go.mod h1:ECnpqbqLu0qSje4KSNWUUDK47UPXPzl80T27GWGEL5I=
+github.com/gen2brain/heic v0.4.7 h1:xw/e9R3HdIvb+uEhRDMRJdviYnB3ODe/VwL8SYLaMGc=
+github.com/gen2brain/heic v0.4.7/go.mod h1:ECnpqbqLu0qSje4KSNWUUDK47UPXPzl80T27GWGEL5I=
 github.com/gen2brain/jpegxl v0.4.5 h1:TWpVEn5xkIfsswzkjHBArd0Cc9AE0tbjBSoa0jDsrbo=
 github.com/gen2brain/jpegxl v0.4.5/go.mod h1:4kWYJ18xCEuO2vzocYdGpeqNJ990/Gjy3uLMg5TBN6I=
 github.com/gen2brain/webp v0.5.5 h1:MvQR75yIPU/9nSqYT5h13k4URaJK3gf9tgz/ksRbyEg=
 github.com/gen2brain/webp v0.5.5/go.mod h1:xOSMzp4aROt2KFW++9qcK/RBTOVC2S9tJG66ip/9Oc0=
-github.com/go-chi/chi/v5 v5.2.2 h1:CMwsvRVTbXVytCk1Wd72Zy1LAsAh9GxMmSNWLHCG618=
-github.com/go-chi/chi/v5 v5.2.2/go.mod h1:L2yAIGWB3H+phAw1NxKwWM+7eUH/lU8pOMm5hHcoops=
-github.com/go-jose/go-jose/v4 v4.1.1 h1:JYhSgy4mXXzAdF3nUx3ygx347LRXJRrpgyU3adRmkAI=
-github.com/go-jose/go-jose/v4 v4.1.1/go.mod h1:BdsZGqgdO3b6tTc6LSE56wcDbMMLuPsw5d4ZD5f94kA=
+github.com/go-chi/chi/v5 v5.2.3 h1:WQIt9uxdsAbgIYgid+BpYc+liqQZGMHRaUwp0JUcvdE=
+github.com/go-chi/chi/v5 v5.2.3/go.mod h1:L2yAIGWB3H+phAw1NxKwWM+7eUH/lU8pOMm5hHcoops=
+github.com/go-jose/go-jose/v4 v4.1.3 h1:CVLmWDhDVRa6Mi/IgCgaopNosCaHz7zrMeF9MlZRkrs=
+github.com/go-jose/go-jose/v4 v4.1.3/go.mod h1:x4oUasVrzR7071A4TnHLGSPpNOm2a21K9Kf04k1rs08=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI=
 github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
@@ -193,22 +195,41 @@ github.com/go-ole/go-ole v1.2.6 h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY=
 github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
 github.com/go-openapi/inflect v0.19.0 h1:9jCH9scKIbHeV9m12SmPilScz6krDxKRasNNSNPXu/4=
 github.com/go-openapi/inflect v0.19.0/go.mod h1:lHpZVlpIQqLyKwJ4N+YSc9hchQy/i12fJykb83CRBH4=
-github.com/go-openapi/jsonpointer v0.21.2 h1:AqQaNADVwq/VnkCmQg6ogE+M3FOsKTytwges0JdwVuA=
-github.com/go-openapi/jsonpointer v0.21.2/go.mod h1:50I1STOfbY1ycR8jGz8DaMeLCdXiI6aDteEdRNNzpdk=
-github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ=
-github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4=
-github.com/go-openapi/spec v0.21.0 h1:LTVzPc3p/RzRnkQqLRndbAzjY0d0BCL72A6j3CdL9ZY=
-github.com/go-openapi/spec v0.21.0/go.mod h1:78u6VdPw81XU44qEWGhtr982gJ5BWg2c0I5XwVMotYk=
-github.com/go-openapi/swag v0.23.1 h1:lpsStH0n2ittzTnbaSloVZLuB5+fvSY/+hnagBjSNZU=
-github.com/go-openapi/swag v0.23.1/go.mod h1:STZs8TbRvEQQKUA+JZNAm3EWlgaOBGpyFDqQnDHMef0=
+github.com/go-openapi/jsonpointer v0.22.4 h1:dZtK82WlNpVLDW2jlA1YCiVJFVqkED1MegOUy9kR5T4=
+github.com/go-openapi/jsonpointer v0.22.4/go.mod h1:elX9+UgznpFhgBuaMQ7iu4lvvX1nvNsesQ3oxmYTw80=
+github.com/go-openapi/jsonreference v0.21.4 h1:24qaE2y9bx/q3uRK/qN+TDwbok1NhbSmGjjySRCHtC8=
+github.com/go-openapi/jsonreference v0.21.4/go.mod h1:rIENPTjDbLpzQmQWCj5kKj3ZlmEh+EFVbz3RTUh30/4=
+github.com/go-openapi/spec v0.22.3 h1:qRSmj6Smz2rEBxMnLRBMeBWxbbOvuOoElvSvObIgwQc=
+github.com/go-openapi/spec v0.22.3/go.mod h1:iIImLODL2loCh3Vnox8TY2YWYJZjMAKYyLH2Mu8lOZs=
+github.com/go-openapi/swag v0.19.15 h1:D2NRCBzS9/pEY3gP9Nl8aDqGUcPFrwG2p+CNFrLyrCM=
+github.com/go-openapi/swag/conv v0.25.4 h1:/Dd7p0LZXczgUcC/Ikm1+YqVzkEeCc9LnOWjfkpkfe4=
+github.com/go-openapi/swag/conv v0.25.4/go.mod h1:3LXfie/lwoAv0NHoEuY1hjoFAYkvlqI/Bn5EQDD3PPU=
+github.com/go-openapi/swag/jsonname v0.25.4 h1:bZH0+MsS03MbnwBXYhuTttMOqk+5KcQ9869Vye1bNHI=
+github.com/go-openapi/swag/jsonname v0.25.4/go.mod h1:GPVEk9CWVhNvWhZgrnvRA6utbAltopbKwDu8mXNUMag=
+github.com/go-openapi/swag/jsonutils v0.25.4 h1:VSchfbGhD4UTf4vCdR2F4TLBdLwHyUDTd1/q4i+jGZA=
+github.com/go-openapi/swag/jsonutils v0.25.4/go.mod h1:7OYGXpvVFPn4PpaSdPHJBtF0iGnbEaTk8AvBkoWnaAY=
+github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.4 h1:IACsSvBhiNJwlDix7wq39SS2Fh7lUOCJRmx/4SN4sVo=
+github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.4/go.mod h1:Mt0Ost9l3cUzVv4OEZG+WSeoHwjWLnarzMePNDAOBiM=
+github.com/go-openapi/swag/loading v0.25.4 h1:jN4MvLj0X6yhCDduRsxDDw1aHe+ZWoLjW+9ZQWIKn2s=
+github.com/go-openapi/swag/loading v0.25.4/go.mod h1:rpUM1ZiyEP9+mNLIQUdMiD7dCETXvkkC30z53i+ftTE=
+github.com/go-openapi/swag/stringutils v0.25.4 h1:O6dU1Rd8bej4HPA3/CLPciNBBDwZj9HiEpdVsb8B5A8=
+github.com/go-openapi/swag/stringutils v0.25.4/go.mod h1:GTsRvhJW5xM5gkgiFe0fV3PUlFm0dr8vki6/VSRaZK0=
+github.com/go-openapi/swag/typeutils v0.25.4 h1:1/fbZOUN472NTc39zpa+YGHn3jzHWhv42wAJSN91wRw=
+github.com/go-openapi/swag/typeutils v0.25.4/go.mod h1:Ou7g//Wx8tTLS9vG0UmzfCsjZjKhpjxayRKTHXf2pTE=
+github.com/go-openapi/swag/yamlutils v0.25.4 h1:6jdaeSItEUb7ioS9lFoCZ65Cne1/RZtPBZ9A56h92Sw=
+github.com/go-openapi/swag/yamlutils v0.25.4/go.mod h1:MNzq1ulQu+yd8Kl7wPOut/YHAAU/H6hL91fF+E2RFwc=
+github.com/go-openapi/testify/enable/yaml/v2 v2.0.2 h1:0+Y41Pz1NkbTHz8NngxTuAXxEodtNSI1WG1c/m5Akw4=
+github.com/go-openapi/testify/enable/yaml/v2 v2.0.2/go.mod h1:kme83333GCtJQHXQ8UKX3IBZu6z8T5Dvy5+CW3NLUUg=
+github.com/go-openapi/testify/v2 v2.0.2 h1:X999g3jeLcoY8qctY/c/Z8iBHTbwLz7R2WXd6Ub6wls=
+github.com/go-openapi/testify/v2 v2.0.2/go.mod h1:HCPmvFFnheKK2BuwSA0TbbdxJ3I16pjwMkYkP4Ywn54=
 github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
 github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
 github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
 github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
-github.com/go-playground/validator/v10 v10.27.0 h1:w8+XrWVMhGkxOaaowyKH35gFydVHOvC0/uWoy2Fzwn4=
-github.com/go-playground/validator/v10 v10.27.0/go.mod h1:I5QpIEbmr8On7W0TktmJAumgzX4CA1XNl4ZmDuVHKKo=
+github.com/go-playground/validator/v10 v10.30.1 h1:f3zDSN/zOma+w6+1Wswgd9fLkdwy06ntQJp0BBvFG0w=
+github.com/go-playground/validator/v10 v10.30.1/go.mod h1:oSuBIQzuJxL//3MelwSLD5hc2Tu889bF0Idm9Dg26cM=
 github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
 github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
 github.com/go-test/deep v1.0.3 h1:ZrJSEWsXzPOxaZnFteGEfooLba+ju3FYIbOrS+rQd68=
@@ -226,7 +247,6 @@ github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek
 github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
 github.com/golang/snappy v1.0.0 h1:Oy607GVXHs7RtbggtPBnr2RmDArIsAefDwvrdWvRhGs=
 github.com/golang/snappy v1.0.0/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
-github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
@@ -241,29 +261,25 @@ github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e h1:ijClszYn+mADRFY17k
 github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA=
 github.com/google/s2a-go v0.1.9 h1:LGD7gtMgezd8a/Xak7mEWL0PjoTQFvpRudN895yqKW0=
 github.com/google/s2a-go v0.1.9/go.mod h1:YA0Ei2ZQL3acow2O62kdp9UlnvMmU7kA6Eutn0dXayM=
-github.com/google/subcommands v1.2.0/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/wire v0.6.0 h1:HBkoIh4BdSxoyo9PveV8giw7ZsaBOvzWKfcg/6MrVwI=
-github.com/google/wire v0.6.0/go.mod h1:F4QhpQ9EDIdJ1Mbop/NZBRB+5yrR6qg3BnctaoUk6NA=
-github.com/googleapis/enterprise-certificate-proxy v0.3.6 h1:GW/XbdyBFQ8Qe+YAmFU9uHLo7OnF5tL52HFAgMmyrf4=
-github.com/googleapis/enterprise-certificate-proxy v0.3.6/go.mod h1:MkHOF77EYAE7qfSuSS9PU6g4Nt4e11cnsDUowfwewLA=
-github.com/googleapis/gax-go/v2 v2.15.0 h1:SyjDc1mGgZU5LncH8gimWo9lW1DtIfPibOG81vgd/bo=
-github.com/googleapis/gax-go/v2 v2.15.0/go.mod h1:zVVkkxAQHa1RQpg9z2AUCMnKhi0Qld9rcmyfL1OZhoc=
+github.com/google/wire v0.7.0 h1:JxUKI6+CVBgCO2WToKy/nQk0sS+amI9z9EjVmdaocj4=
+github.com/google/wire v0.7.0/go.mod h1:n6YbUQD9cPKTnHXEBN2DXlOp/mVADhVErcMFb0v3J18=
+github.com/googleapis/enterprise-certificate-proxy v0.3.7 h1:zrn2Ee/nWmHulBx5sAVrGgAa0f2/R35S4DJwfFaUPFQ=
+github.com/googleapis/enterprise-certificate-proxy v0.3.7/go.mod h1:MkHOF77EYAE7qfSuSS9PU6g4Nt4e11cnsDUowfwewLA=
+github.com/googleapis/gax-go/v2 v2.16.0 h1:iHbQmKLLZrexmb0OSsNGTeSTS0HO4YvFOG8g5E4Zd0Y=
+github.com/googleapis/gax-go/v2 v2.16.0/go.mod h1:o1vfQjjNZn4+dPnRdl/4ZD7S9414Y4xA+a/6Icj6l14=
 github.com/gorilla/schema v1.4.1 h1:jUg5hUjCSDZpNGLuXQOgIWGdlgrIdYvgQ0wZtdK1M3E=
 github.com/gorilla/schema v1.4.1/go.mod h1:Dg5SSm5PV60mhF2NFaTV1xuYYj8tV8NOPRo4FggUMnM=
 github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
 github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM=
 github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg=
 github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
-github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
-github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
-github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
-github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
-github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
 github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8=
 github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
+github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k=
+github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM=
 github.com/hashicorp/hcl/v2 v2.18.1 h1:6nxnOJFku1EuSawSD81fuviYUV8DxFr3fp2dUi3ZYSo=
 github.com/hashicorp/hcl/v2 v2.18.1/go.mod h1:ThLC89FV4p9MPW804KVbe/cEXoQ8NZEh+JtMeeGErHE=
 github.com/hay-kot/httpkit v0.0.11 h1:ZdB2uqsFBSDpfUoClGK5c5orjBjQkEVSXh7fZX5FKEk=
@@ -282,18 +298,12 @@ github.com/jcmturner/gokrb5/v8 v8.4.4 h1:x1Sv4HaTpepFkXbt2IkL29DXRf8sOfZXo8eRKh6
 github.com/jcmturner/gokrb5/v8 v8.4.4/go.mod h1:1btQEpgT6k+unzCwX1KdWMEwPPkkgBtP+F6aCACiMrs=
 github.com/jcmturner/rpc/v2 v2.0.3 h1:7FXXj8Ti1IaVFpSAziCZWNzbNuZmnvw/i6CqLNdWfZY=
 github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc=
-github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
-github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
-github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
-github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
 github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0=
 github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=
-github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
-github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
 github.com/keybase/go-keychain v0.0.1 h1:way+bWYa6lDppZoZcgMbYsvC7GxljxrskdNInRtuthU=
 github.com/keybase/go-keychain v0.0.1/go.mod h1:PdEILRW3i9D8JcdM+FmY6RwkHGnhHxXwkPPMeUgOK1k=
-github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo=
-github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ=
+github.com/klauspost/compress v1.18.2 h1:iiPHWW0YrcFgpBYhsA6D1+fqHssJscY/Tm/y2Uqnapk=
+github.com/klauspost/compress v1.18.2/go.mod h1:R0h/fSBs8DE4ENlcrlib3PsXS61voFxhIs2DeRhCvJ4=
 github.com/klauspost/cpuid/v2 v2.3.0 h1:S4CRMLnYUhGeDFDqkGriYKdfoFlDnMtqTiI/sFzhA9Y=
 github.com/klauspost/cpuid/v2 v2.3.0/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
@@ -308,8 +318,6 @@ github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
 github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 h1:6E+4a0GO5zZEnZ81pIr0yLvtUWk2if982qA3F3QD6H4=
 github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0/go.mod h1:zJYVVT2jmtg6P3p1VtQj7WsuWi/y4VnjVBn7F8KPB3I=
-github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4=
-github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU=
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
 github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE=
 github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8=
@@ -329,25 +337,24 @@ github.com/nats-io/jwt/v2 v2.5.0 h1:WQQ40AAlqqfx+f6ku+i0pOVm+ASirD4fUh+oQsiE9Ak=
 github.com/nats-io/jwt/v2 v2.5.0/go.mod h1:24BeQtRwxRV8ruvC4CojXlx/WQ/VjuwlYiH+vu/+ibI=
 github.com/nats-io/nats-server/v2 v2.9.23 h1:6Wj6H6QpP9FMlpCyWUaNu2yeZ/qGj+mdRkZ1wbikExU=
 github.com/nats-io/nats-server/v2 v2.9.23/go.mod h1:wEjrEy9vnqIGE4Pqz4/c75v9Pmaq7My2IgFmnykc4C0=
-github.com/nats-io/nats.go v1.44.0 h1:ECKVrDLdh/kDPV1g0gAQ+2+m2KprqZK5O/eJAyAnH2M=
-github.com/nats-io/nats.go v1.44.0/go.mod h1:iRWIPokVIFbVijxuMQq4y9ttaBTMe0SFdlZfMDd+33g=
-github.com/nats-io/nkeys v0.4.11 h1:q44qGV008kYd9W1b1nEBkNzvnWxtRSQ7A8BoqRrcfa0=
-github.com/nats-io/nkeys v0.4.11/go.mod h1:szDimtgmfOi9n25JpfIdGw12tZFYXqhGxjhVxsatHVE=
+github.com/nats-io/nats.go v1.48.0 h1:pSFyXApG+yWU/TgbKCjmm5K4wrHu86231/w84qRVR+U=
+github.com/nats-io/nats.go v1.48.0/go.mod h1:iRWIPokVIFbVijxuMQq4y9ttaBTMe0SFdlZfMDd+33g=
+github.com/nats-io/nkeys v0.4.12 h1:nssm7JKOG9/x4J8II47VWCL1Ds29avyiQDRn0ckMvDc=
+github.com/nats-io/nkeys v0.4.12/go.mod h1:MT59A1HYcjIcyQDJStTfaOY6vhy9XTUjOFo+SVsvpBg=
 github.com/nats-io/nuid v1.0.1 h1:5iA8DT8V7q8WK2EScv2padNa/rTESc1KdnPw4TC2paw=
 github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c=
-github.com/ncruces/go-strftime v0.1.9 h1:bY0MQC28UADQmHmaF5dgpLmImcShSi2kHU9XLdhx/f4=
-github.com/ncruces/go-strftime v0.1.9/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJmn9CehxcKcls=
-github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
-github.com/olahol/melody v1.3.0 h1:n7UlKiQnxVrgxKoM0d7usZiN+Z0y2lVENtYLgKtXS6s=
-github.com/olahol/melody v1.3.0/go.mod h1:GgkTl6Y7yWj/HtfD48Q5vLKPVoZOH+Qqgfa7CvJgJM4=
+github.com/ncruces/go-strftime v1.0.0 h1:HMFp8mLCTPp341M/ZnA4qaf7ZlsbTc+miZjCLOFAw7w=
+github.com/ncruces/go-strftime v1.0.0/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJmn9CehxcKcls=
+github.com/olahol/melody v1.4.0 h1:Pa5SdeZL/zXPi1tJuMAPDbl4n3gQOThSL6G1p4qZ4SI=
+github.com/olahol/melody v1.4.0/go.mod h1:GgkTl6Y7yWj/HtfD48Q5vLKPVoZOH+Qqgfa7CvJgJM4=
 github.com/onsi/ginkgo/v2 v2.9.2 h1:BA2GMJOtfGAfagzYtrAlufIP0lq6QERkFmHLMLPwFSU=
 github.com/onsi/ginkgo/v2 v2.9.2/go.mod h1:WHcJJG2dIlcCqVfBAwUCrJxSPFb6v4azBwgxeMeDuts=
 github.com/onsi/gomega v1.27.6 h1:ENqfyGeS5AX/rlXDd/ETokDz93u0YufY1Pgxuy/PvWE=
 github.com/onsi/gomega v1.27.6/go.mod h1:PIQNjfQwkP3aQAH7lf7j87O/5FiNr+ZR8+ipb+qQlhg=
 github.com/philhofer/fwd v1.2.0 h1:e6DnBTl7vGY+Gz322/ASL4Gyp1FspeMvx1RNDoToZuM=
 github.com/philhofer/fwd v1.2.0/go.mod h1:RqIHx9QI14HlwKwm98g9Re5prTQ6LdeRQn+gXJFxsJM=
-github.com/pierrec/lz4/v4 v4.1.22 h1:cKFw6uJDK+/gfw5BcDL0JL5aBsAFdsIT18eRtLj7VIU=
-github.com/pierrec/lz4/v4 v4.1.22/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
+github.com/pierrec/lz4/v4 v4.1.23 h1:oJE7T90aYBGtFNrI8+KbETnPymobAhzRrR8Mu8n1yfU=
+github.com/pierrec/lz4/v4 v4.1.23/go.mod h1:EoQMVJgeeEOMsCqCzqFm2O0cJvljX2nGZjcRIPL34O4=
 github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ=
 github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
@@ -357,10 +364,10 @@ github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10/go.mod h1
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c h1:ncq/mPwQF4JjgDlrVEn3C11VoGHZN7m8qihwgMEtzYw=
-github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE=
-github.com/pressly/goose/v3 v3.24.3 h1:DSWWNwwggVUsYZ0X2VitiAa9sKuqtBfe+Jr9zFGwWlM=
-github.com/pressly/goose/v3 v3.24.3/go.mod h1:v9zYL4xdViLHCUUJh/mhjnm6JrK7Eul8AS93IxiZM4E=
+github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 h1:o4JXh1EVt9k/+g42oCprj/FisM4qX9L3sZB3upGN2ZU=
+github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE=
+github.com/pressly/goose/v3 v3.26.0 h1:KJakav68jdH0WDvoAcj8+n61WqOIaPGgH0bJWS6jpmM=
+github.com/pressly/goose/v3 v3.26.0/go.mod h1:4hC1KrritdCxtuFsqgs1R4AU5bWtTAf+cnWvfhf2DNY=
 github.com/rabbitmq/amqp091-go v1.10.0 h1:STpn5XsHlHGcecLmMFCtg7mqq0RnD+zFr4uzukfVhBw=
 github.com/rabbitmq/amqp091-go v1.10.0/go.mod h1:Hy4jKW5kQART1u+JkDTF9YYOQUHXqMuhrgxOEeS7G4o=
 github.com/rcrowley/go-metrics v0.0.0-20250401214520-65e299d6c5c9 h1:bsUq1dX0N8AOIL7EB/X911+m4EHsnWEHeJ0c+3TTBrg=
@@ -378,12 +385,12 @@ github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8=
 github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I=
 github.com/sethvargo/go-retry v0.3.0 h1:EEt31A35QhrcRZtrYFDTBg91cqZVnFL2navjDrah2SE=
 github.com/sethvargo/go-retry v0.3.0/go.mod h1:mNX17F0C/HguQMyMyJxcnU471gOZGxCLyYaFyAZraas=
-github.com/shirou/gopsutil/v4 v4.25.7 h1:bNb2JuqKuAu3tRlPv5piSmBZyMfecwQ+t/ILq+1JqVM=
-github.com/shirou/gopsutil/v4 v4.25.7/go.mod h1:XV/egmwJtd3ZQjBpJVY5kndsiOO4IRqy9TQnmm6VP7U=
+github.com/shirou/gopsutil/v4 v4.25.11 h1:X53gB7muL9Gnwwo2evPSE+SfOrltMoR6V3xJAXZILTY=
+github.com/shirou/gopsutil/v4 v4.25.11/go.mod h1:EivAfP5x2EhLp2ovdpKSozecVXn1TmuG7SMzs/Wh4PU=
 github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e h1:MRM5ITcdelLK2j1vwZ3Je0FKVCfqOLp5zO6trqMLYs0=
 github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e/go.mod h1:XV66xRDqSt+GTGFMVlhk3ULuV0y9ZmzeVGR4mloJI3M=
-github.com/spiffe/go-spiffe/v2 v2.5.0 h1:N2I01KCUkv1FAjZXJMwh95KK1ZIQLYbPfhaxw8WS0hE=
-github.com/spiffe/go-spiffe/v2 v2.5.0/go.mod h1:P+NxobPc6wXhVtINNtFjNWGBTreew1GBUCwT2wPmb7g=
+github.com/spiffe/go-spiffe/v2 v2.6.0 h1:l+DolpxNWYgruGQVV0xsfeya3CsC7m8iBzDnMpsbLuo=
+github.com/spiffe/go-spiffe/v2 v2.6.0/go.mod h1:gm2SeUoMZEtpnzPNs2Csc0D/gX33k1xIx7lEzqblHEs=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
@@ -393,22 +400,22 @@ github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
-github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
+github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
 github.com/swaggo/files/v2 v2.0.2 h1:Bq4tgS/yxLB/3nwOMcul5oLEUKa877Ykgz3CJMVbQKU=
 github.com/swaggo/files/v2 v2.0.2/go.mod h1:TVqetIzZsO9OhHX1Am9sRf9LdrFZqoK49N37KON/jr0=
 github.com/swaggo/http-swagger/v2 v2.0.2 h1:FKCdLsl+sFCx60KFsyM0rDarwiUSZ8DqbfSyIKC9OBg=
 github.com/swaggo/http-swagger/v2 v2.0.2/go.mod h1:r7/GBkAWIfK6E/OLnE8fXnviHiDeAHmgIyooa4xm3AQ=
 github.com/swaggo/swag v1.16.6 h1:qBNcx53ZaX+M5dxVyTrgQ0PJ/ACK+NzhwcbieTt+9yI=
 github.com/swaggo/swag v1.16.6/go.mod h1:ngP2etMK5a0P3QBizic5MEwpRmluJZPHjXcMoj4Xesg=
-github.com/tetratelabs/wazero v1.9.0 h1:IcZ56OuxrtaEz8UYNRHBrUa9bYeX9oVY93KspZZBf/I=
-github.com/tetratelabs/wazero v1.9.0/go.mod h1:TSbcXCfFP0L2FGkRPxHphadXPjo1T6W+CseNNY7EkjM=
-github.com/tinylib/msgp v1.3.0 h1:ULuf7GPooDaIlbyvgAxBV/FI7ynli6LZ1/nVUNu+0ww=
-github.com/tinylib/msgp v1.3.0/go.mod h1:ykjzy2wzgrlvpDCRc4LA8UXy6D8bzMSuAF3WD57Gok0=
-github.com/tklauser/go-sysconf v0.3.15 h1:VE89k0criAymJ/Os65CSn1IXaol+1wrsFHEB8Ol49K4=
-github.com/tklauser/go-sysconf v0.3.15/go.mod h1:Dmjwr6tYFIseJw7a3dRLJfsHAMXZ3nEnL/aZY+0IuI4=
-github.com/tklauser/numcpus v0.10.0 h1:18njr6LDBk1zuna922MgdjQuJFjrdppsZG60sHGfjso=
-github.com/tklauser/numcpus v0.10.0/go.mod h1:BiTKazU708GQTYF4mB+cmlpT2Is1gLk7XVuEeem8LsQ=
+github.com/tetratelabs/wazero v1.11.0 h1:+gKemEuKCTevU4d7ZTzlsvgd1uaToIDtlQlmNbwqYhA=
+github.com/tetratelabs/wazero v1.11.0/go.mod h1:eV28rsN8Q+xwjogd7f4/Pp4xFxO7uOGbLcD/LzB1wiU=
+github.com/tinylib/msgp v1.6.1 h1:ESRv8eL3u+DNHUoSAAQRE50Hm162zqAnBoGv9PzScPY=
+github.com/tinylib/msgp v1.6.1/go.mod h1:RSp0LW9oSxFut3KzESt5Voq4GVWyS+PSulT77roAqEA=
+github.com/tklauser/go-sysconf v0.3.16 h1:frioLaCQSsF5Cy1jgRBrzr6t502KIIwQ0MArYICU0nA=
+github.com/tklauser/go-sysconf v0.3.16/go.mod h1:/qNL9xxDhc7tx3HSRsLWNnuzbVfh3e7gh/BmM179nYI=
+github.com/tklauser/numcpus v0.11.0 h1:nSTwhKH5e1dMNsCdVBukSZrURJRoHbSEQjdEbY+9RXw=
+github.com/tklauser/numcpus v0.11.0/go.mod h1:z+LwcLq54uWZTX0u/bGobaV34u6V7KNlTZejzM6/3MQ=
 github.com/yeqown/go-qrcode/v2 v2.2.5 h1:HCOe2bSjkhZyYoyyNaXNzh4DJZll6inVJQQw+8228Zk=
 github.com/yeqown/go-qrcode/v2 v2.2.5/go.mod h1:uHpt9CM0V1HeXLz+Wg5MN50/sI/fQhfkZlOM+cOTHxw=
 github.com/yeqown/go-qrcode/writer/standard v1.3.0 h1:chdyhEfRtUPgQtuPeaWVGQ/TQx4rE1PqeoW3U+53t34=
@@ -426,62 +433,57 @@ github.com/zeebo/assert v1.1.0 h1:hU1L1vLTHsnO8x8c9KAR5GmM5QscxHg5RNU5z5qbUWY=
 github.com/zeebo/assert v1.1.0/go.mod h1:Pq9JiuJQpG8JLJdtkwrJESF0Foym2/D9XMU5ciN/wJ0=
 github.com/zeebo/blake3 v0.2.4 h1:KYQPkhpRtcqh0ssGYcKLG1JYvddkEA8QwCM/yBqhaZI=
 github.com/zeebo/blake3 v0.2.4/go.mod h1:7eeQ6d2iXWRGF6npfaxl2CU+xy2Fjo2gxeyZGCRUjcE=
-github.com/zeebo/errs v1.4.0 h1:XNdoD/RRMKP7HD0UhJnIzUy74ISdGGxURlYG8HSWSfM=
-github.com/zeebo/errs v1.4.0/go.mod h1:sgbWHsvVuTPHcqJJGQ1WhI5KbWlHYz+2+2C/LSEtCw4=
 github.com/zeebo/pcg v1.0.1 h1:lyqfGeWiv4ahac6ttHs+I5hwtH/+1mrhlCtVNQM2kHo=
 github.com/zeebo/pcg v1.0.1/go.mod h1:09F0S9iiKrwn9rlI5yjLkmrug154/YRW6KnnXVDM/l4=
 go.balki.me/anyhttp v0.5.2 h1:et4tCDXLeXpWfMNvRKG7ojfrnlr3du7cEaG966MLSpA=
 go.balki.me/anyhttp v0.5.2/go.mod h1:JhfekOIjgVODoVqUCficjpIgmB3wwlB7jhN0eN2EZ/s=
-go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA=
-go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A=
-go.opentelemetry.io/contrib/detectors/gcp v1.37.0 h1:B+WbN9RPsvobe6q4vP6KgM8/9plR/HNjgGBrfcOlweA=
-go.opentelemetry.io/contrib/detectors/gcp v1.37.0/go.mod h1:K5zQ3TT7p2ru9Qkzk0bKtCql0RGkPj9pRjpXgZJZ+rU=
+go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64=
+go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y=
+go.opentelemetry.io/contrib/detectors/gcp v1.38.0 h1:ZoYbqX7OaA/TAikspPl3ozPI6iY6LiIY9I8cUfm+pJs=
+go.opentelemetry.io/contrib/detectors/gcp v1.38.0/go.mod h1:SU+iU7nu5ud4oCb3LQOhIZ3nRLj6FNVrKgtflbaf2ts=
 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.62.0 h1:rbRJ8BBoVMsQShESYZ0FkvcITu8X8QNwJogcLUmDNNw=
 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.62.0/go.mod h1:ru6KHrNtNHxM4nD/vd6QrLVWgKhxPYgblq4VAtNawTQ=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.62.0 h1:Hf9xI/XLML9ElpiHVDNwvqI0hIFlzV8dgIr35kV1kRU=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.62.0/go.mod h1:NfchwuyNoMcZ5MLHwPrODwUF1HWCXWrL31s8gSAdIKY=
-go.opentelemetry.io/otel v1.37.0 h1:9zhNfelUvx0KBfu/gb+ZgeAfAgtWrfHJZcAqFC228wQ=
-go.opentelemetry.io/otel v1.37.0/go.mod h1:ehE/umFRLnuLa/vSccNq9oS1ErUlkkK71gMcN34UG8I=
+go.opentelemetry.io/otel v1.39.0 h1:8yPrr/S0ND9QEfTfdP9V+SiwT4E0G7Y5MO7p85nis48=
+go.opentelemetry.io/otel v1.39.0/go.mod h1:kLlFTywNWrFyEdH0oj2xK0bFYZtHRYUdv1NklR/tgc8=
 go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.37.0 h1:6VjV6Et+1Hd2iLZEPtdV7vie80Yyqf7oikJLjQ/myi0=
 go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.37.0/go.mod h1:u8hcp8ji5gaM/RfcOo8z9NMnf1pVLfVY7lBY2VOGuUU=
-go.opentelemetry.io/otel/metric v1.37.0 h1:mvwbQS5m0tbmqML4NqK+e3aDiO02vsf/WgbsdpcPoZE=
-go.opentelemetry.io/otel/metric v1.37.0/go.mod h1:04wGrZurHYKOc+RKeye86GwKiTb9FKm1WHtO+4EVr2E=
-go.opentelemetry.io/otel/sdk v1.37.0 h1:ItB0QUqnjesGRvNcmAcU0LyvkVyGJ2xftD29bWdDvKI=
-go.opentelemetry.io/otel/sdk v1.37.0/go.mod h1:VredYzxUvuo2q3WRcDnKDjbdvmO0sCzOvVAiY+yUkAg=
-go.opentelemetry.io/otel/sdk/metric v1.37.0 h1:90lI228XrB9jCMuSdA0673aubgRobVZFhbjxHHspCPc=
-go.opentelemetry.io/otel/sdk/metric v1.37.0/go.mod h1:cNen4ZWfiD37l5NhS+Keb5RXVWZWpRE+9WyVCpbo5ps=
-go.opentelemetry.io/otel/trace v1.37.0 h1:HLdcFNbRQBE2imdSEgm/kwqmQj1Or1l/7bW6mxVK7z4=
-go.opentelemetry.io/otel/trace v1.37.0/go.mod h1:TlgrlQ+PtQO5XFerSPUYG0JSgGyryXewPGyayAWSBS0=
+go.opentelemetry.io/otel/metric v1.39.0 h1:d1UzonvEZriVfpNKEVmHXbdf909uGTOQjA0HF0Ls5Q0=
+go.opentelemetry.io/otel/metric v1.39.0/go.mod h1:jrZSWL33sD7bBxg1xjrqyDjnuzTUB0x1nBERXd7Ftcs=
+go.opentelemetry.io/otel/sdk v1.39.0 h1:nMLYcjVsvdui1B/4FRkwjzoRVsMK8uL/cj0OyhKzt18=
+go.opentelemetry.io/otel/sdk v1.39.0/go.mod h1:vDojkC4/jsTJsE+kh+LXYQlbL8CgrEcwmt1ENZszdJE=
+go.opentelemetry.io/otel/sdk/metric v1.39.0 h1:cXMVVFVgsIf2YL6QkRF4Urbr/aMInf+2WKg+sEJTtB8=
+go.opentelemetry.io/otel/sdk/metric v1.39.0/go.mod h1:xq9HEVH7qeX69/JnwEfp6fVq5wosJsY1mt4lLfYdVew=
+go.opentelemetry.io/otel/trace v1.39.0 h1:2d2vfpEDmCJ5zVYz7ijaJdOF59xLomrvj7bjt6/qCJI=
+go.opentelemetry.io/otel/trace v1.39.0/go.mod h1:88w4/PnZSazkGzz/w84VHpQafiU4EtqqlVdxWy+rNOA=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
 go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
-gocloud.dev v0.43.0 h1:aW3eq4RMyehbJ54PMsh4hsp7iX8cO/98ZRzJJOzN/5M=
-gocloud.dev v0.43.0/go.mod h1:eD8rkg7LhKUHrzkEdLTZ+Ty/vgPHPCd+yMQdfelQVu4=
-gocloud.dev/pubsub/kafkapubsub v0.43.0 h1:Kgwi0na69W3RgxEffEkdrMhox6A3Q0gajoJtjHGVr/s=
-gocloud.dev/pubsub/kafkapubsub v0.43.0/go.mod h1:uKI0CXuj7HJ/YnnOLQ3VkDnuUnkz+q/d+tRzmfhmOOU=
-gocloud.dev/pubsub/natspubsub v0.43.0 h1:k35tFoaorvD9Fa26zVEEzyXiMOEyXNHc0pBOmRYvQI0=
-gocloud.dev/pubsub/natspubsub v0.43.0/go.mod h1:xJn8TO8pGYieDn6AsRFsYfhQW8cnC+xGmG9APGNxkpQ=
-gocloud.dev/pubsub/rabbitpubsub v0.43.0 h1:6nNZFSlJ1dk2GujL8PFltfLz3vC6IbrpjGS4FTduo1s=
-gocloud.dev/pubsub/rabbitpubsub v0.43.0/go.mod h1:sEaueAGat+OASRoB3QDkghCtibKttgg7X6zsPTm1pl0=
+go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc=
+go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg=
+gocloud.dev v0.44.0 h1:iVyMAqFl2r6xUy7M4mfqwlN+21UpJoEtgHEcfiLMUXs=
+gocloud.dev v0.44.0/go.mod h1:ZmjROXGdC/eKZLF1N+RujDlFRx3D+4Av2thREKDMVxY=
+gocloud.dev/pubsub/kafkapubsub v0.44.0 h1:nQvzfnEN6lCh4j2p+1t0OLS4nmC2U/Ji5aWHVwgkifg=
+gocloud.dev/pubsub/kafkapubsub v0.44.0/go.mod h1:/gcNz6OG4HgcY+w2LXwwY4qaRMgtq+SXoPSQU2jOlcw=
+gocloud.dev/pubsub/natspubsub v0.44.0 h1:1Us76ckkdgtiE1p1rJZ+38b9TQP051bmjAiQlFQzYrM=
+gocloud.dev/pubsub/natspubsub v0.44.0/go.mod h1:PvVAGIhL14PWGwWIXX/zAK42ixr2/PKP4Q4yMiAUraQ=
+gocloud.dev/pubsub/rabbitpubsub v0.44.0 h1:MpRIO6XJ/JTqrlUWt3CxwDe1LvaiXUVu4sS5cv4f/AM=
+gocloud.dev/pubsub/rabbitpubsub v0.44.0/go.mod h1:BB9+qT3r6g4M5+4asiXaEeqw4QAOzsWusO5krYaqkdA=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
-golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
-golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
-golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4=
-golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc=
-golang.org/x/exp v0.0.0-20250813145105-42675adae3e6 h1:SbTAbRFnd5kjQXbczszQ0hdk3ctwYf3qBNH9jIsGclE=
-golang.org/x/exp v0.0.0-20250813145105-42675adae3e6/go.mod h1:4QTo5u+SEIbbKW1RacMZq1YEfOBqeXa19JeshGi+zc4=
-golang.org/x/image v0.30.0 h1:jD5RhkmVAnjqaCUXfbGBrn3lpxbknfN9w2UhHHU+5B4=
-golang.org/x/image v0.30.0/go.mod h1:SAEUTxCCMWSrJcCy/4HwavEsfZZJlYxeHLc6tTiAe/c=
+golang.org/x/crypto v0.46.0 h1:cKRW/pmt1pKAfetfu+RCEvjvZkA9RimPbh7bhFjGVBU=
+golang.org/x/crypto v0.46.0/go.mod h1:Evb/oLKmMraqjZ2iQTwDwvCtJkczlDuTmdJXoZVzqU0=
+golang.org/x/exp v0.0.0-20251219203646-944ab1f22d93 h1:fQsdNF2N+/YewlRZiricy4P1iimyPKZ/xwniHj8Q2a0=
+golang.org/x/exp v0.0.0-20251219203646-944ab1f22d93/go.mod h1:EPRbTFwzwjXj9NpYyyrvenVh9Y+GFeEvMNh7Xuz7xgU=
+golang.org/x/image v0.34.0 h1:33gCkyw9hmwbZJeZkct8XyR11yH889EQt/QH4VmXMn8=
+golang.org/x/image v0.34.0/go.mod h1:2RNFBZRB+vnwwFil8GkMdRvrJOFd1AzdZI6vOY+eJVU=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
-golang.org/x/mod v0.27.0 h1:kb+q2PyFnEADO2IEF935ehFUXlWiNjJWtRNgBLSfbxQ=
-golang.org/x/mod v0.27.0/go.mod h1:rWI627Fq0DEoudcK+MBkNkCe0EetEaDSwJJkCcjpazc=
+golang.org/x/mod v0.31.0 h1:HaW9xtz0+kOcWKwli0ZXy79Ix+UW/vOfmWI5QVd2tgI=
+golang.org/x/mod v0.31.0/go.mod h1:43JraMp9cGx1Rx3AqioxrbrhNsLl2l/iNAvuBkrezpg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
@@ -489,20 +491,14 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
-golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
-golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
-golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE=
-golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg=
-golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI=
-golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU=
+golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU=
+golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY=
+golang.org/x/oauth2 v0.34.0 h1:hqK/t4AKgbqWkdkcAeI8XLmbK+4m4G5YeQRrmiotGlw=
+golang.org/x/oauth2 v0.34.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
-golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw=
-golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
+golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -515,74 +511,64 @@ golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI=
-golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk=
+golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
-golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
-golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
-golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
-golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng=
-golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU=
-golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE=
-golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
+golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU=
+golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY=
+golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI=
+golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
-golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps=
-golang.org/x/tools v0.36.0 h1:kWS0uv/zsvHEle1LbV5LE8QujrxB3wfQyxHfhOk0Qkg=
-golang.org/x/tools v0.36.0/go.mod h1:WBDiHKJK8YgLHlcQPYQzNCkUxUypCaa5ZegCVutKm+s=
+golang.org/x/tools v0.40.0 h1:yLkxfA+Qnul4cs9QA3KnlFu0lVmd8JJfoq+E41uSutA=
+golang.org/x/tools v0.40.0/go.mod h1:Ik/tzLRlbscWpqqMRjyWYDisX8bG13FrdXp3o4Sr9lc=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da h1:noIWHXmPHxILtqtCOPIhSt0ABwskkZKjD3bXGnZGpNY=
 golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da/go.mod h1:NDW/Ps6MPRej6fsCIbMTohpP40sJ/P/vI1MoTEGwX90=
-google.golang.org/api v0.247.0 h1:tSd/e0QrUlLsrwMKmkbQhYVa109qIintOls2Wh6bngc=
-google.golang.org/api v0.247.0/go.mod h1:r1qZOPmxXffXg6xS5uhx16Fa/UFY8QU/K4bfKrnvovM=
-google.golang.org/genproto v0.0.0-20250715232539-7130f93afb79 h1:Nt6z9UHqSlIdIGJdz6KhTIs2VRx/iOsA5iE8bmQNcxs=
-google.golang.org/genproto v0.0.0-20250715232539-7130f93afb79/go.mod h1:kTmlBHMPqR5uCZPBvwa2B18mvubkjyY3CRLI0c6fj0s=
-google.golang.org/genproto/googleapis/api v0.0.0-20250715232539-7130f93afb79 h1:iOye66xuaAK0WnkPuhQPUFy8eJcmwUXqGGP3om6IxX8=
-google.golang.org/genproto/googleapis/api v0.0.0-20250715232539-7130f93afb79/go.mod h1:HKJDgKsFUnv5VAGeQjz8kxcgDP0HoE0iZNp0OdZNlhE=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20250811230008-5f3141c8851a h1:tPE/Kp+x9dMSwUm/uM0JKK0IfdiJkwAbSMSeZBXXJXc=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20250811230008-5f3141c8851a/go.mod h1:gw1tLEfykwDz2ET4a12jcXt4couGAm7IwsVaTy0Sflo=
-google.golang.org/grpc v1.74.2 h1:WoosgB65DlWVC9FqI82dGsZhWFNBSLjQ84bjROOpMu4=
-google.golang.org/grpc v1.74.2/go.mod h1:CtQ+BGjaAIXHs/5YS3i473GqwBBa1zGQNevxdeBEXrM=
-google.golang.org/protobuf v1.36.7 h1:IgrO7UwFQGJdRNXH/sQux4R1Dj1WAKcLElzeeRaXV2A=
-google.golang.org/protobuf v1.36.7/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY=
+gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk=
+gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E=
+google.golang.org/api v0.258.0 h1:IKo1j5FBlN74fe5isA2PVozN3Y5pwNKriEgAXPOkDAc=
+google.golang.org/api v0.258.0/go.mod h1:qhOMTQEZ6lUps63ZNq9jhODswwjkjYYguA7fA3TBFww=
+google.golang.org/genproto v0.0.0-20251202230838-ff82c1b0f217 h1:GvESR9BIyHUahIb0NcTum6itIWtdoglGX+rnGxm2934=
+google.golang.org/genproto v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:yJ2HH4EHEDTd3JiLmhds6NkJ17ITVYOdV3m3VKOnws0=
+google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 h1:fCvbg86sFXwdrl5LgVcTEvNC+2txB5mgROGmRL5mrls=
+google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:+rXWjjaukWZun3mLfjmVnQi18E1AsFbDN9QdJ5YXLto=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20251222181119-0a764e51fe1b h1:Mv8VFug0MP9e5vUxfBcE3vUkV6CImK3cMNMIDFjmzxU=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20251222181119-0a764e51fe1b/go.mod h1:j9x/tPzZkyxcgEFkiKEEGxfvyumM01BEtsW8xzOahRQ=
+google.golang.org/grpc v1.78.0 h1:K1XZG/yGDJnzMdd/uZHAkVqJE+xIDOcmdSFZkBUicNc=
+google.golang.org/grpc v1.78.0/go.mod h1:I47qjTo4OKbMkjA/aOOwxDIiPSBofUtQUI5EfpWvW7U=
+google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE=
+google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
-gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-modernc.org/cc/v4 v4.26.3 h1:yEN8dzrkRFnn4PUUKXLYIqVf2PJYAEjMTFjO3BDGc3I=
-modernc.org/cc/v4 v4.26.3/go.mod h1:uVtb5OGqUKpoLWhqwNQo/8LwvoiEBLvZXIQ/SmO6mL0=
-modernc.org/ccgo/v4 v4.28.0 h1:rjznn6WWehKq7dG4JtLRKxb52Ecv8OUGah8+Z/SfpNU=
-modernc.org/ccgo/v4 v4.28.0/go.mod h1:JygV3+9AV6SmPhDasu4JgquwU81XAKLd3OKTUDNOiKE=
-modernc.org/fileutil v1.3.15 h1:rJAXTP6ilMW/1+kzDiqmBlHLWszheUFXIyGQIAvjJpY=
-modernc.org/fileutil v1.3.15/go.mod h1:HxmghZSZVAz/LXcMNwZPA/DRrQZEVP9VX0V4LQGQFOc=
+modernc.org/cc/v4 v4.27.1 h1:9W30zRlYrefrDV2JE2O8VDtJ1yPGownxciz5rrbQZis=
+modernc.org/cc/v4 v4.27.1/go.mod h1:uVtb5OGqUKpoLWhqwNQo/8LwvoiEBLvZXIQ/SmO6mL0=
+modernc.org/ccgo/v4 v4.30.1 h1:4r4U1J6Fhj98NKfSjnPUN7Ze2c6MnAdL0hWw6+LrJpc=
+modernc.org/ccgo/v4 v4.30.1/go.mod h1:bIOeI1JL54Utlxn+LwrFyjCx2n2RDiYEaJVSrgdrRfM=
+modernc.org/fileutil v1.3.40 h1:ZGMswMNc9JOCrcrakF1HrvmergNLAmxOPjizirpfqBA=
+modernc.org/fileutil v1.3.40/go.mod h1:HxmghZSZVAz/LXcMNwZPA/DRrQZEVP9VX0V4LQGQFOc=
 modernc.org/gc/v2 v2.6.5 h1:nyqdV8q46KvTpZlsw66kWqwXRHdjIlJOhG6kxiV/9xI=
 modernc.org/gc/v2 v2.6.5/go.mod h1:YgIahr1ypgfe7chRuJi2gD7DBQiKSLMPgBQe9oIiito=
+modernc.org/gc/v3 v3.1.1 h1:k8T3gkXWY9sEiytKhcgyiZ2L0DTyCQ/nvX+LoCljoRE=
+modernc.org/gc/v3 v3.1.1/go.mod h1:HFK/6AGESC7Ex+EZJhJ2Gni6cTaYpSMmU/cT9RmlfYY=
 modernc.org/goabi0 v0.2.0 h1:HvEowk7LxcPd0eq6mVOAEMai46V+i7Jrj13t4AzuNks=
 modernc.org/goabi0 v0.2.0/go.mod h1:CEFRnnJhKvWT1c1JTI3Avm+tgOWbkOu5oPA8eH8LnMI=
-modernc.org/libc v1.66.7 h1:rjhZ8OSCybKWxS1CJr0hikpEi6Vg+944Ouyrd+bQsoY=
-modernc.org/libc v1.66.7/go.mod h1:ln6tbWX0NH+mzApEoDRvilBvAWFt1HX7AUA4VDdVDPM=
+modernc.org/libc v1.67.2 h1:ZbNmly1rcbjhot5jlOZG0q4p5VwFfjwWqZ5rY2xxOXo=
+modernc.org/libc v1.67.2/go.mod h1:QvvnnJ5P7aitu0ReNpVIEyesuhmDLQ8kaEoyMjIFZJA=
 modernc.org/mathutil v1.7.1 h1:GCZVGXdaN8gTqB1Mf/usp1Y/hSqgI2vAGGP4jZMCxOU=
 modernc.org/mathutil v1.7.1/go.mod h1:4p5IwJITfppl0G4sUEDtCr4DthTaT47/N3aT6MhfgJg=
 modernc.org/memory v1.11.0 h1:o4QC8aMQzmcwCK3t3Ux/ZHmwFPzE6hf2Y5LbkRs+hbI=
@@ -591,8 +577,8 @@ modernc.org/opt v0.1.4 h1:2kNGMRiUjrp4LcaPuLY2PzUfqM/w9N23quVwhKt5Qm8=
 modernc.org/opt v0.1.4/go.mod h1:03fq9lsNfvkYSfxrfUhZCWPk1lm4cq4N+Bh//bEtgns=
 modernc.org/sortutil v1.2.1 h1:+xyoGf15mM3NMlPDnFqrteY07klSFxLElE2PVuWIJ7w=
 modernc.org/sortutil v1.2.1/go.mod h1:7ZI3a3REbai7gzCLcotuw9AC4VZVpYMjDzETGsSMqJE=
-modernc.org/sqlite v1.38.2 h1:Aclu7+tgjgcQVShZqim41Bbw9Cho0y/7WzYptXqkEek=
-modernc.org/sqlite v1.38.2/go.mod h1:cPTJYSlgg3Sfg046yBShXENNtPrWrDX8bsbAQBzgQ5E=
+modernc.org/sqlite v1.41.0 h1:bJXddp4ZpsqMsNN1vS0jWo4IJTZzb8nWpcgvyCFG9Ck=
+modernc.org/sqlite v1.41.0/go.mod h1:9fjQZ0mB1LLP0GYrp39oOJXx/I2sxEnZtzCmEQIKvGE=
 modernc.org/strutil v1.2.1 h1:UneZBkQA+DX2Rp35KcM69cSsNES9ly8mQWD71HKlOA0=
 modernc.org/strutil v1.2.1/go.mod h1:EHkiggD70koQxjVdSBM3JKM7k6L0FbGE5eymy9i3B9A=
 modernc.org/token v1.1.0 h1:Xl7Ap9dKaEs5kLoOQeQmPWevfnk/DM5qcLcYlA8ys6Y=

backend/internal/core/currencies/currencies.go

@@ -7,6 +7,7 @@ import (
 	_ "embed"
 	"encoding/json"
 	"io"
+	"log"
 	"slices"
 	"strings"
 	"sync"
@@ -15,6 +16,24 @@ import (
 //go:embed currencies.json
 var defaults []byte
 
+const (
+	MinDecimals = 0
+	MaxDecimals = 18
+)
+
+// clampDecimals ensures the decimals value is within a safe range [0, 18]
+func clampDecimals(decimals int, code string) int {
+	original := decimals
+	if decimals < MinDecimals {
+		decimals = MinDecimals
+		log.Printf("WARNING: Currency %s had negative decimals (%d), normalized to %d", code, original, decimals)
+	} else if decimals > MaxDecimals {
+		decimals = MaxDecimals
+		log.Printf("WARNING: Currency %s had excessive decimals (%d), normalized to %d", code, original, decimals)
+	}
+	return decimals
+}
+
 type CollectorFunc func() ([]Currency, error)
 
 func CollectJSON(reader io.Reader) CollectorFunc {
@@ -25,6 +44,11 @@ func CollectJSON(reader io.Reader) CollectorFunc {
 			return nil, err
 		}
 
+		// Clamp decimals during collection to ensure early normalization
+		for i := range currencies {
+			currencies[i].Decimals = clampDecimals(currencies[i].Decimals, currencies[i].Code)
+		}
+
 		return currencies, nil
 	}
 }
@@ -48,10 +72,11 @@ func CollectionCurrencies(collectors ...CollectorFunc) ([]Currency, error) {
 }
 
 type Currency struct {
-	Name   string `json:"name"`
-	Code   string `json:"code"`
-	Local  string `json:"local"`
-	Symbol string `json:"symbol"`
+	Name     string `json:"name"`
+	Code     string `json:"code"`
+	Local    string `json:"local"`
+	Symbol   string `json:"symbol"`
+	Decimals int    `json:"decimals"`
 }
 
 type CurrencyRegistry struct {
@@ -62,7 +87,10 @@ type CurrencyRegistry struct {
 func NewCurrencyService(currencies []Currency) *CurrencyRegistry {
 	registry := make(map[string]Currency, len(currencies))
 	for i := range currencies {
-		registry[currencies[i].Code] = currencies[i]
+		// Clamp decimals to safe range before adding to registry
+		currency := currencies[i]
+		currency.Decimals = clampDecimals(currency.Decimals, currency.Code)
+		registry[currency.Code] = currency
 	}
 
 	return &CurrencyRegistry{

backend/internal/core/services/main_test.go

@@ -38,10 +38,11 @@ func bootstrap() {
 		log.Fatal(err)
 	}
 
+	password := fk.Str(10)
 	tUser, err = tRepos.Users.Create(ctx, repo.UserCreate{
 		Name:        fk.Str(10),
 		Email:       fk.Email(),
-		Password:    fk.Str(10),
+		Password:    &password,
 		IsSuperuser: fk.Bool(),
 		GroupID:     tGroup.ID,
 	})

backend/internal/core/services/service_items_attachments.go

@@ -50,6 +50,7 @@ func (svc *ItemService) AttachmentAdd(ctx Context, itemID uuid.UUID, filename st
 	_, err = svc.repo.Attachments.Create(ctx, itemID, repo.ItemCreateAttachment{Title: filename, Content: file}, attachmentType, primary)
 	if err != nil {
 		log.Err(err).Msg("failed to create attachment")
+		return repo.ItemOut{}, err
 	}
 
 	return svc.repo.Items.GetOneByGroup(ctx, ctx.GID, itemID)

backend/internal/core/services/service_items_attachments_test.go

@@ -10,6 +10,7 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"github.com/sysadminsmedia/homebox/backend/internal/data/repo"
+	"github.com/sysadminsmedia/homebox/backend/internal/sys/config"
 )
 
 func TestItemService_AddAttachment(t *testing.T) {
@@ -52,11 +53,61 @@ func TestItemService_AddAttachment(t *testing.T) {
 	// Check that the file exists
 	storedPath := afterAttachment.Attachments[0].Path
 
-	// {root}/{group}/{item}/{attachment}
-	assert.Equal(t, path.Join("/", tGroup.ID.String(), "documents"), path.Dir(storedPath))
+	// path should now be relative: {group}/{documents}
+	assert.Equal(t, path.Join(tGroup.ID.String(), "documents"), path.Dir(storedPath))
 
 	// Check that the file contents are correct
 	bts, err := os.ReadFile(path.Join(os.TempDir(), storedPath))
 	require.NoError(t, err)
 	assert.Equal(t, contents, string(bts))
 }
+
+func TestItemService_AddAttachment_InvalidStorage(t *testing.T) {
+	// Create a service with an invalid storage path to simulate the issue
+	svc := &ItemService{
+		repo:     tRepos,
+		filepath: "/nonexistent/path/that/should/not/exist",
+	}
+
+	// Create a temporary repo with invalid storage config
+	invalidRepos := repo.New(tClient, tbus, config.Storage{
+		PrefixPath: "/",
+		ConnString: "file:///nonexistent/directory/that/does/not/exist",
+	}, "mem://{{ .Topic }}", config.Thumbnail{
+		Enabled: false,
+		Width:   0,
+		Height:  0,
+	})
+
+	svc.repo = invalidRepos
+
+	loc, err := invalidRepos.Locations.Create(context.Background(), tGroup.ID, repo.LocationCreate{
+		Description: "test",
+		Name:        "test-invalid",
+	})
+	require.NoError(t, err)
+	assert.NotNil(t, loc)
+
+	itmC := repo.ItemCreate{
+		Name:        fk.Str(10),
+		Description: fk.Str(10),
+		LocationID:  loc.ID,
+	}
+
+	itm, err := invalidRepos.Items.Create(context.Background(), tGroup.ID, itmC)
+	require.NoError(t, err)
+	assert.NotNil(t, itm)
+	t.Cleanup(func() {
+		err := invalidRepos.Items.Delete(context.Background(), itm.ID)
+		require.NoError(t, err)
+	})
+
+	contents := fk.Str(1000)
+	reader := strings.NewReader(contents)
+
+	// Attempt to add attachment with invalid storage - should return an error
+	_, err = svc.AttachmentAdd(tCtx, itm.ID, "testfile.txt", "attachment", false, reader)
+
+	// This should return an error now (after the fix)
+	assert.Error(t, err, "AttachmentAdd should return an error when storage is invalid")
+}

backend/internal/core/services/service_user.go

@@ -3,20 +3,21 @@ package services
 import (
 	"context"
 	"errors"
+	"strings"
 	"time"
 
 	"github.com/google/uuid"
 	"github.com/rs/zerolog/log"
+	"github.com/sysadminsmedia/homebox/backend/internal/data/ent"
 	"github.com/sysadminsmedia/homebox/backend/internal/data/ent/authroles"
 	"github.com/sysadminsmedia/homebox/backend/internal/data/repo"
 	"github.com/sysadminsmedia/homebox/backend/pkgs/hasher"
 )
 
 var (
-	oneWeek              = time.Hour * 24 * 7
-	ErrorInvalidLogin    = errors.New("invalid username or password")
-	ErrorInvalidToken    = errors.New("invalid token")
-	ErrorTokenIDMismatch = errors.New("token id mismatch")
+	oneWeek           = time.Hour * 24 * 7
+	ErrorInvalidLogin = errors.New("invalid username or password")
+	ErrorInvalidToken = errors.New("invalid token")
 )
 
 type UserService struct {
@@ -82,7 +83,7 @@ func (svc *UserService) RegisterUser(ctx context.Context, data UserRegistration)
 	usrCreate := repo.UserCreate{
 		Name:        data.Name,
 		Email:       data.Email,
-		Password:    hashed,
+		Password:    &hashed,
 		IsSuperuser: false,
 		GroupID:     group.ID,
 		IsOwner:     creatingGroup,
@@ -190,6 +191,14 @@ func (svc *UserService) Login(ctx context.Context, username, password string, ex
 		return UserAuthTokenDetail{}, ErrorInvalidLogin
 	}
 
+	// SECURITY: Deny login for users with null or empty password (OIDC users)
+	if usr.PasswordHash == "" {
+		log.Warn().Str("email", username).Msg("Login attempt blocked for user with null password (likely OIDC user)")
+		// SECURITY: Perform hash to ensure response times are the same
+		hasher.CheckPasswordHash("not-a-real-password", "not-a-real-password")
+		return UserAuthTokenDetail{}, ErrorInvalidLogin
+	}
+
 	check, rehash := hasher.CheckPasswordHash(password, usr.PasswordHash)
 
 	if !check {
@@ -210,6 +219,106 @@ func (svc *UserService) Login(ctx context.Context, username, password string, ex
 	return svc.createSessionToken(ctx, usr.ID, extendedSession)
 }
 
+// LoginOIDC creates a session token for a user authenticated via OIDC.
+// It now uses issuer + subject for identity association (OIDC spec compliance).
+// If the user doesn't exist, it will create one.
+func (svc *UserService) LoginOIDC(ctx context.Context, issuer, subject, email, name string) (UserAuthTokenDetail, error) {
+	issuer = strings.TrimSpace(issuer)
+	subject = strings.TrimSpace(subject)
+	email = strings.ToLower(strings.TrimSpace(email))
+	name = strings.TrimSpace(name)
+
+	if issuer == "" || subject == "" {
+		log.Warn().Str("issuer", issuer).Str("subject", subject).Msg("OIDC login missing issuer or subject")
+		return UserAuthTokenDetail{}, ErrorInvalidLogin
+	}
+
+	// Try to get existing user by OIDC identity
+	usr, err := svc.repos.Users.GetOneOIDC(ctx, issuer, subject)
+	if err != nil {
+		if !ent.IsNotFound(err) {
+			log.Err(err).Str("issuer", issuer).Str("subject", subject).Msg("failed to lookup user by OIDC identity")
+			return UserAuthTokenDetail{}, err
+		}
+		// Not found: attempt migration path by email (legacy) if email provided
+		if email != "" {
+			legacyUsr, lerr := svc.repos.Users.GetOneEmail(ctx, email)
+			if lerr == nil {
+				log.Info().Str("email", email).Str("issuer", issuer).Str("subject", subject).Msg("migrating legacy email-based OIDC user to issuer+subject")
+				// Update user with OIDC identity fields
+				if uerr := svc.repos.Users.SetOIDCIdentity(ctx, legacyUsr.ID, issuer, subject); uerr == nil {
+					usr = legacyUsr
+				} else {
+					log.Err(uerr).Str("email", email).Msg("failed to set OIDC identity on legacy user")
+				}
+			}
+		}
+	}
+
+	// Create user if still not resolved
+	if usr.ID == uuid.Nil {
+		log.Debug().Str("issuer", issuer).Str("subject", subject).Msg("OIDC user not found, creating new user")
+		usr, err = svc.registerOIDCUser(ctx, issuer, subject, email, name)
+		if err != nil {
+			if ent.IsConstraintError(err) {
+				if usr2, gerr := svc.repos.Users.GetOneOIDC(ctx, issuer, subject); gerr == nil {
+					log.Info().Str("issuer", issuer).Str("subject", subject).Msg("OIDC user created concurrently; proceeding")
+					usr = usr2
+				} else {
+					log.Err(gerr).Str("issuer", issuer).Str("subject", subject).Msg("failed to fetch user after constraint error")
+					return UserAuthTokenDetail{}, gerr
+				}
+			} else {
+				log.Err(err).Str("issuer", issuer).Str("subject", subject).Msg("failed to create OIDC user")
+				return UserAuthTokenDetail{}, err
+			}
+		}
+	}
+
+	return svc.createSessionToken(ctx, usr.ID, true)
+}
+
+// registerOIDCUser creates a new user for OIDC authentication with issuer+subject identity.
+func (svc *UserService) registerOIDCUser(ctx context.Context, issuer, subject, email, name string) (repo.UserOut, error) {
+	group, err := svc.repos.Groups.GroupCreate(ctx, "Home")
+	if err != nil {
+		log.Err(err).Msg("Failed to create group for OIDC user")
+		return repo.UserOut{}, err
+	}
+
+	usrCreate := repo.UserCreate{
+		Name:        name,
+		Email:       email,
+		Password:    nil,
+		IsSuperuser: false,
+		GroupID:     group.ID,
+		IsOwner:     true,
+	}
+
+	entUser, err := svc.repos.Users.CreateWithOIDC(ctx, usrCreate, issuer, subject)
+	if err != nil {
+		return repo.UserOut{}, err
+	}
+
+	log.Debug().Str("issuer", issuer).Str("subject", subject).Msg("creating default labels for OIDC user")
+	for _, label := range defaultLabels() {
+		_, err := svc.repos.Labels.Create(ctx, group.ID, label)
+		if err != nil {
+			log.Err(err).Msg("Failed to create default label")
+		}
+	}
+
+	log.Debug().Str("issuer", issuer).Str("subject", subject).Msg("creating default locations for OIDC user")
+	for _, location := range defaultLocations() {
+		_, err := svc.repos.Locations.Create(ctx, group.ID, location)
+		if err != nil {
+			log.Err(err).Msg("Failed to create default location")
+		}
+	}
+
+	return entUser, nil
+}
+
 func (svc *UserService) Logout(ctx context.Context, token string) error {
 	hash := hasher.HashToken(token)
 	err := svc.repos.AuthTokens.DeleteToken(ctx, hash)

backend/internal/data/ent/attachment.go

@@ -100,7 +100,7 @@ func (*Attachment) scanValues(columns []string) ([]any, error) {
 
 // assignValues assigns the values that were returned from sql.Rows (after scanning)
 // to the Attachment fields.
-func (a *Attachment) assignValues(columns []string, values []any) error {
+func (_m *Attachment) assignValues(columns []string, values []any) error {
 	if m, n := len(values), len(columns); m < n {
 		return fmt.Errorf("mismatch number of scan values: %d != %d", m, n)
 	}
@@ -110,66 +110,66 @@ func (a *Attachment) assignValues(columns []string, values []any) error {
 			if value, ok := values[i].(*uuid.UUID); !ok {
 				return fmt.Errorf("unexpected type %T for field id", values[i])
 			} else if value != nil {
-				a.ID = *value
+				_m.ID = *value
 			}
 		case attachment.FieldCreatedAt:
 			if value, ok := values[i].(*sql.NullTime); !ok {
 				return fmt.Errorf("unexpected type %T for field created_at", values[i])
 			} else if value.Valid {
-				a.CreatedAt = value.Time
+				_m.CreatedAt = value.Time
 			}
 		case attachment.FieldUpdatedAt:
 			if value, ok := values[i].(*sql.NullTime); !ok {
 				return fmt.Errorf("unexpected type %T for field updated_at", values[i])
 			} else if value.Valid {
-				a.UpdatedAt = value.Time
+				_m.UpdatedAt = value.Time
 			}
 		case attachment.FieldType:
 			if value, ok := values[i].(*sql.NullString); !ok {
 				return fmt.Errorf("unexpected type %T for field type", values[i])
 			} else if value.Valid {
-				a.Type = attachment.Type(value.String)
+				_m.Type = attachment.Type(value.String)
 			}
 		case attachment.FieldPrimary:
 			if value, ok := values[i].(*sql.NullBool); !ok {
 				return fmt.Errorf("unexpected type %T for field primary", values[i])
 			} else if value.Valid {
-				a.Primary = value.Bool
+				_m.Primary = value.Bool
 			}
 		case attachment.FieldTitle:
 			if value, ok := values[i].(*sql.NullString); !ok {
 				return fmt.Errorf("unexpected type %T for field title", values[i])
 			} else if value.Valid {
-				a.Title = value.String
+				_m.Title = value.String
 			}
 		case attachment.FieldPath:
 			if value, ok := values[i].(*sql.NullString); !ok {
 				return fmt.Errorf("unexpected type %T for field path", values[i])
 			} else if value.Valid {
-				a.Path = value.String
+				_m.Path = value.String
 			}
 		case attachment.FieldMimeType:
 			if value, ok := values[i].(*sql.NullString); !ok {
 				return fmt.Errorf("unexpected type %T for field mime_type", values[i])
 			} else if value.Valid {
-				a.MimeType = value.String
+				_m.MimeType = value.String
 			}
 		case attachment.ForeignKeys[0]:
 			if value, ok := values[i].(*sql.NullScanner); !ok {
 				return fmt.Errorf("unexpected type %T for field attachment_thumbnail", values[i])
 			} else if value.Valid {
-				a.attachment_thumbnail = new(uuid.UUID)
-				*a.attachment_thumbnail = *value.S.(*uuid.UUID)
+				_m.attachment_thumbnail = new(uuid.UUID)
+				*_m.attachment_thumbnail = *value.S.(*uuid.UUID)
 			}
 		case attachment.ForeignKeys[1]:
 			if value, ok := values[i].(*sql.NullScanner); !ok {
 				return fmt.Errorf("unexpected type %T for field item_attachments", values[i])
 			} else if value.Valid {
-				a.item_attachments = new(uuid.UUID)
-				*a.item_attachments = *value.S.(*uuid.UUID)
+				_m.item_attachments = new(uuid.UUID)
+				*_m.item_attachments = *value.S.(*uuid.UUID)
 			}
 		default:
-			a.selectValues.Set(columns[i], values[i])
+			_m.selectValues.Set(columns[i], values[i])
 		}
 	}
 	return nil
@@ -177,63 +177,63 @@ func (a *Attachment) assignValues(columns []string, values []any) error {
 
 // Value returns the ent.Value that was dynamically selected and assigned to the Attachment.
 // This includes values selected through modifiers, order, etc.
-func (a *Attachment) Value(name string) (ent.Value, error) {
-	return a.selectValues.Get(name)
+func (_m *Attachment) Value(name string) (ent.Value, error) {
+	return _m.selectValues.Get(name)
 }
 
 // QueryItem queries the "item" edge of the Attachment entity.
-func (a *Attachment) QueryItem() *ItemQuery {
-	return NewAttachmentClient(a.config).QueryItem(a)
+func (_m *Attachment) QueryItem() *ItemQuery {
+	return NewAttachmentClient(_m.config).QueryItem(_m)
 }
 
 // QueryThumbnail queries the "thumbnail" edge of the Attachment entity.
-func (a *Attachment) QueryThumbnail() *AttachmentQuery {
-	return NewAttachmentClient(a.config).QueryThumbnail(a)
+func (_m *Attachment) QueryThumbnail() *AttachmentQuery {
+	return NewAttachmentClient(_m.config).QueryThumbnail(_m)
 }
 
 // Update returns a builder for updating this Attachment.
 // Note that you need to call Attachment.Unwrap() before calling this method if this Attachment
 // was returned from a transaction, and the transaction was committed or rolled back.
-func (a *Attachment) Update() *AttachmentUpdateOne {
-	return NewAttachmentClient(a.config).UpdateOne(a)
+func (_m *Attachment) Update() *AttachmentUpdateOne {
+	return NewAttachmentClient(_m.config).UpdateOne(_m)
 }
 
 // Unwrap unwraps the Attachment entity that was returned from a transaction after it was closed,
 // so that all future queries will be executed through the driver which created the transaction.
-func (a *Attachment) Unwrap() *Attachment {
-	_tx, ok := a.config.driver.(*txDriver)
+func (_m *Attachment) Unwrap() *Attachment {
+	_tx, ok := _m.config.driver.(*txDriver)
 	if !ok {
 		panic("ent: Attachment is not a transactional entity")
 	}
-	a.config.driver = _tx.drv
-	return a
+	_m.config.driver = _tx.drv
+	return _m
 }
 
 // String implements the fmt.Stringer.
-func (a *Attachment) String() string {
+func (_m *Attachment) String() string {
 	var builder strings.Builder
 	builder.WriteString("Attachment(")
-	builder.WriteString(fmt.Sprintf("id=%v, ", a.ID))
+	builder.WriteString(fmt.Sprintf("id=%v, ", _m.ID))
 	builder.WriteString("created_at=")
-	builder.WriteString(a.CreatedAt.Format(time.ANSIC))
+	builder.WriteString(_m.CreatedAt.Format(time.ANSIC))
 	builder.WriteString(", ")
 	builder.WriteString("updated_at=")
-	builder.WriteString(a.UpdatedAt.Format(time.ANSIC))
+	builder.WriteString(_m.UpdatedAt.Format(time.ANSIC))
 	builder.WriteString(", ")
 	builder.WriteString("type=")
-	builder.WriteString(fmt.Sprintf("%v", a.Type))
+	builder.WriteString(fmt.Sprintf("%v", _m.Type))
 	builder.WriteString(", ")
 	builder.WriteString("primary=")
-	builder.WriteString(fmt.Sprintf("%v", a.Primary))
+	builder.WriteString(fmt.Sprintf("%v", _m.Primary))
 	builder.WriteString(", ")
 	builder.WriteString("title=")
-	builder.WriteString(a.Title)
+	builder.WriteString(_m.Title)
 	builder.WriteString(", ")
 	builder.WriteString("path=")
-	builder.WriteString(a.Path)
+	builder.WriteString(_m.Path)
 	builder.WriteString(", ")
 	builder.WriteString("mime_type=")
-	builder.WriteString(a.MimeType)
+	builder.WriteString(_m.MimeType)
 	builder.WriteByte(')')
 	return builder.String()
 }

backend/internal/data/ent/attachment_create.go

@@ -23,169 +23,169 @@ type AttachmentCreate struct {
 }
 
 // SetCreatedAt sets the "created_at" field.
-func (ac *AttachmentCreate) SetCreatedAt(t time.Time) *AttachmentCreate {
-	ac.mutation.SetCreatedAt(t)
-	return ac
+func (_c *AttachmentCreate) SetCreatedAt(v time.Time) *AttachmentCreate {
+	_c.mutation.SetCreatedAt(v)
+	return _c
 }
 
 // SetNillableCreatedAt sets the "created_at" field if the given value is not nil.
-func (ac *AttachmentCreate) SetNillableCreatedAt(t *time.Time) *AttachmentCreate {
-	if t != nil {
-		ac.SetCreatedAt(*t)
+func (_c *AttachmentCreate) SetNillableCreatedAt(v *time.Time) *AttachmentCreate {
+	if v != nil {
+		_c.SetCreatedAt(*v)
 	}
-	return ac
+	return _c
 }
 
 // SetUpdatedAt sets the "updated_at" field.
-func (ac *AttachmentCreate) SetUpdatedAt(t time.Time) *AttachmentCreate {
-	ac.mutation.SetUpdatedAt(t)
-	return ac
+func (_c *AttachmentCreate) SetUpdatedAt(v time.Time) *AttachmentCreate {
+	_c.mutation.SetUpdatedAt(v)
+	return _c
 }
 
 // SetNillableUpdatedAt sets the "updated_at" field if the given value is not nil.
-func (ac *AttachmentCreate) SetNillableUpdatedAt(t *time.Time) *AttachmentCreate {
-	if t != nil {
-		ac.SetUpdatedAt(*t)
+func (_c *AttachmentCreate) SetNillableUpdatedAt(v *time.Time) *AttachmentCreate {
+	if v != nil {
+		_c.SetUpdatedAt(*v)
 	}
-	return ac
+	return _c
 }
 
 // SetType sets the "type" field.
-func (ac *AttachmentCreate) SetType(a attachment.Type) *AttachmentCreate {
-	ac.mutation.SetType(a)
-	return ac
+func (_c *AttachmentCreate) SetType(v attachment.Type) *AttachmentCreate {
+	_c.mutation.SetType(v)
+	return _c
 }
 
 // SetNillableType sets the "type" field if the given value is not nil.
-func (ac *AttachmentCreate) SetNillableType(a *attachment.Type) *AttachmentCreate {
-	if a != nil {
-		ac.SetType(*a)
+func (_c *AttachmentCreate) SetNillableType(v *attachment.Type) *AttachmentCreate {
+	if v != nil {
+		_c.SetType(*v)
 	}
-	return ac
+	return _c
 }
 
 // SetPrimary sets the "primary" field.
-func (ac *AttachmentCreate) SetPrimary(b bool) *AttachmentCreate {
-	ac.mutation.SetPrimary(b)
-	return ac
+func (_c *AttachmentCreate) SetPrimary(v bool) *AttachmentCreate {
+	_c.mutation.SetPrimary(v)
+	return _c
 }
 
 // SetNillablePrimary sets the "primary" field if the given value is not nil.
-func (ac *AttachmentCreate) SetNillablePrimary(b *bool) *AttachmentCreate {
-	if b != nil {
-		ac.SetPrimary(*b)
+func (_c *AttachmentCreate) SetNillablePrimary(v *bool) *AttachmentCreate {
+	if v != nil {
+		_c.SetPrimary(*v)
 	}
-	return ac
+	return _c
 }
 
 // SetTitle sets the "title" field.
-func (ac *AttachmentCreate) SetTitle(s string) *AttachmentCreate {
-	ac.mutation.SetTitle(s)
-	return ac
+func (_c *AttachmentCreate) SetTitle(v string) *AttachmentCreate {
+	_c.mutation.SetTitle(v)
+	return _c
 }
 
 // SetNillableTitle sets the "title" field if the given value is not nil.
-func (ac *AttachmentCreate) SetNillableTitle(s *string) *AttachmentCreate {
-	if s != nil {
-		ac.SetTitle(*s)
+func (_c *AttachmentCreate) SetNillableTitle(v *string) *AttachmentCreate {
+	if v != nil {
+		_c.SetTitle(*v)
 	}
-	return ac
+	return _c
 }
 
 // SetPath sets the "path" field.
-func (ac *AttachmentCreate) SetPath(s string) *AttachmentCreate {
-	ac.mutation.SetPath(s)
-	return ac
+func (_c *AttachmentCreate) SetPath(v string) *AttachmentCreate {
+	_c.mutation.SetPath(v)
+	return _c
 }
 
 // SetNillablePath sets the "path" field if the given value is not nil.
-func (ac *AttachmentCreate) SetNillablePath(s *string) *AttachmentCreate {
-	if s != nil {
-		ac.SetPath(*s)
+func (_c *AttachmentCreate) SetNillablePath(v *string) *AttachmentCreate {
+	if v != nil {
+		_c.SetPath(*v)
 	}
-	return ac
+	return _c
 }
 
 // SetMimeType sets the "mime_type" field.
-func (ac *AttachmentCreate) SetMimeType(s string) *AttachmentCreate {
-	ac.mutation.SetMimeType(s)
-	return ac
+func (_c *AttachmentCreate) SetMimeType(v string) *AttachmentCreate {
+	_c.mutation.SetMimeType(v)
+	return _c
 }
 
 // SetNillableMimeType sets the "mime_type" field if the given value is not nil.
-func (ac *AttachmentCreate) SetNillableMimeType(s *string) *AttachmentCreate {
-	if s != nil {
-		ac.SetMimeType(*s)
+func (_c *AttachmentCreate) SetNillableMimeType(v *string) *AttachmentCreate {
+	if v != nil {
+		_c.SetMimeType(*v)
 	}
-	return ac
+	return _c
 }
 
 // SetID sets the "id" field.
-func (ac *AttachmentCreate) SetID(u uuid.UUID) *AttachmentCreate {
-	ac.mutation.SetID(u)
-	return ac
+func (_c *AttachmentCreate) SetID(v uuid.UUID) *AttachmentCreate {
+	_c.mutation.SetID(v)
+	return _c
 }
 
 // SetNillableID sets the "id" field if the given value is not nil.
-func (ac *AttachmentCreate) SetNillableID(u *uuid.UUID) *AttachmentCreate {
-	if u != nil {
-		ac.SetID(*u)
+func (_c *AttachmentCreate) SetNillableID(v *uuid.UUID) *AttachmentCreate {
+	if v != nil {
+		_c.SetID(*v)
 	}
-	return ac
+	return _c
 }
 
 // SetItemID sets the "item" edge to the Item entity by ID.
-func (ac *AttachmentCreate) SetItemID(id uuid.UUID) *AttachmentCreate {
-	ac.mutation.SetItemID(id)
-	return ac
+func (_c *AttachmentCreate) SetItemID(id uuid.UUID) *AttachmentCreate {
+	_c.mutation.SetItemID(id)
+	return _c
 }
 
 // SetNillableItemID sets the "item" edge to the Item entity by ID if the given value is not nil.
-func (ac *AttachmentCreate) SetNillableItemID(id *uuid.UUID) *AttachmentCreate {
+func (_c *AttachmentCreate) SetNillableItemID(id *uuid.UUID) *AttachmentCreate {
 	if id != nil {
-		ac = ac.SetItemID(*id)
+		_c = _c.SetItemID(*id)
 	}
-	return ac
+	return _c
 }
 
 // SetItem sets the "item" edge to the Item entity.
-func (ac *AttachmentCreate) SetItem(i *Item) *AttachmentCreate {
-	return ac.SetItemID(i.ID)
+func (_c *AttachmentCreate) SetItem(v *Item) *AttachmentCreate {
+	return _c.SetItemID(v.ID)
 }
 
 // SetThumbnailID sets the "thumbnail" edge to the Attachment entity by ID.
-func (ac *AttachmentCreate) SetThumbnailID(id uuid.UUID) *AttachmentCreate {
-	ac.mutation.SetThumbnailID(id)
-	return ac
+func (_c *AttachmentCreate) SetThumbnailID(id uuid.UUID) *AttachmentCreate {
+	_c.mutation.SetThumbnailID(id)
+	return _c
 }
 
 // SetNillableThumbnailID sets the "thumbnail" edge to the Attachment entity by ID if the given value is not nil.
-func (ac *AttachmentCreate) SetNillableThumbnailID(id *uuid.UUID) *AttachmentCreate {
+func (_c *AttachmentCreate) SetNillableThumbnailID(id *uuid.UUID) *AttachmentCreate {
 	if id != nil {
-		ac = ac.SetThumbnailID(*id)
+		_c = _c.SetThumbnailID(*id)
 	}
-	return ac
+	return _c
 }
 
 // SetThumbnail sets the "thumbnail" edge to the Attachment entity.
-func (ac *AttachmentCreate) SetThumbnail(a *Attachment) *AttachmentCreate {
-	return ac.SetThumbnailID(a.ID)
+func (_c *AttachmentCreate) SetThumbnail(v *Attachment) *AttachmentCreate {
+	return _c.SetThumbnailID(v.ID)
 }
 
 // Mutation returns the AttachmentMutation object of the builder.
-func (ac *AttachmentCreate) Mutation() *AttachmentMutation {
-	return ac.mutation
+func (_c *AttachmentCreate) Mutation() *AttachmentMutation {
+	return _c.mutation
 }
 
 // Save creates the Attachment in the database.
-func (ac *AttachmentCreate) Save(ctx context.Context) (*Attachment, error) {
-	ac.defaults()
-	return withHooks(ctx, ac.sqlSave, ac.mutation, ac.hooks)
+func (_c *AttachmentCreate) Save(ctx context.Context) (*Attachment, error) {
+	_c.defaults()
+	return withHooks(ctx, _c.sqlSave, _c.mutation, _c.hooks)
 }
 
 // SaveX calls Save and panics if Save returns an error.
-func (ac *AttachmentCreate) SaveX(ctx context.Context) *Attachment {
-	v, err := ac.Save(ctx)
+func (_c *AttachmentCreate) SaveX(ctx context.Context) *Attachment {
+	v, err := _c.Save(ctx)
 	if err != nil {
 		panic(err)
 	}
@@ -193,91 +193,91 @@ func (ac *AttachmentCreate) SaveX(ctx context.Context) *Attachment {
 }
 
 // Exec executes the query.
-func (ac *AttachmentCreate) Exec(ctx context.Context) error {
-	_, err := ac.Save(ctx)
+func (_c *AttachmentCreate) Exec(ctx context.Context) error {
+	_, err := _c.Save(ctx)
 	return err
 }
 
 // ExecX is like Exec, but panics if an error occurs.
-func (ac *AttachmentCreate) ExecX(ctx context.Context) {
-	if err := ac.Exec(ctx); err != nil {
+func (_c *AttachmentCreate) ExecX(ctx context.Context) {
+	if err := _c.Exec(ctx); err != nil {
 		panic(err)
 	}
 }
 
 // defaults sets the default values of the builder before save.
-func (ac *AttachmentCreate) defaults() {
-	if _, ok := ac.mutation.CreatedAt(); !ok {
+func (_c *AttachmentCreate) defaults() {
+	if _, ok := _c.mutation.CreatedAt(); !ok {
 		v := attachment.DefaultCreatedAt()
-		ac.mutation.SetCreatedAt(v)
+		_c.mutation.SetCreatedAt(v)
 	}
-	if _, ok := ac.mutation.UpdatedAt(); !ok {
+	if _, ok := _c.mutation.UpdatedAt(); !ok {
 		v := attachment.DefaultUpdatedAt()
-		ac.mutation.SetUpdatedAt(v)
+		_c.mutation.SetUpdatedAt(v)
 	}
-	if _, ok := ac.mutation.GetType(); !ok {
+	if _, ok := _c.mutation.GetType(); !ok {
 		v := attachment.DefaultType
-		ac.mutation.SetType(v)
+		_c.mutation.SetType(v)
 	}
-	if _, ok := ac.mutation.Primary(); !ok {
+	if _, ok := _c.mutation.Primary(); !ok {
 		v := attachment.DefaultPrimary
-		ac.mutation.SetPrimary(v)
+		_c.mutation.SetPrimary(v)
 	}
-	if _, ok := ac.mutation.Title(); !ok {
+	if _, ok := _c.mutation.Title(); !ok {
 		v := attachment.DefaultTitle
-		ac.mutation.SetTitle(v)
+		_c.mutation.SetTitle(v)
 	}
-	if _, ok := ac.mutation.Path(); !ok {
+	if _, ok := _c.mutation.Path(); !ok {
 		v := attachment.DefaultPath
-		ac.mutation.SetPath(v)
+		_c.mutation.SetPath(v)
 	}
-	if _, ok := ac.mutation.MimeType(); !ok {
+	if _, ok := _c.mutation.MimeType(); !ok {
 		v := attachment.DefaultMimeType
-		ac.mutation.SetMimeType(v)
+		_c.mutation.SetMimeType(v)
 	}
-	if _, ok := ac.mutation.ID(); !ok {
+	if _, ok := _c.mutation.ID(); !ok {
 		v := attachment.DefaultID()
-		ac.mutation.SetID(v)
+		_c.mutation.SetID(v)
 	}
 }
 
 // check runs all checks and user-defined validators on the builder.
-func (ac *AttachmentCreate) check() error {
-	if _, ok := ac.mutation.CreatedAt(); !ok {
+func (_c *AttachmentCreate) check() error {
+	if _, ok := _c.mutation.CreatedAt(); !ok {
 		return &ValidationError{Name: "created_at", err: errors.New(`ent: missing required field "Attachment.created_at"`)}
 	}
-	if _, ok := ac.mutation.UpdatedAt(); !ok {
+	if _, ok := _c.mutation.UpdatedAt(); !ok {
 		return &ValidationError{Name: "updated_at", err: errors.New(`ent: missing required field "Attachment.updated_at"`)}
 	}
-	if _, ok := ac.mutation.GetType(); !ok {
+	if _, ok := _c.mutation.GetType(); !ok {
 		return &ValidationError{Name: "type", err: errors.New(`ent: missing required field "Attachment.type"`)}
 	}
-	if v, ok := ac.mutation.GetType(); ok {
+	if v, ok := _c.mutation.GetType(); ok {
 		if err := attachment.TypeValidator(v); err != nil {
 			return &ValidationError{Name: "type", err: fmt.Errorf(`ent: validator failed for field "Attachment.type": %w`, err)}
 		}
 	}
-	if _, ok := ac.mutation.Primary(); !ok {
+	if _, ok := _c.mutation.Primary(); !ok {
 		return &ValidationError{Name: "primary", err: errors.New(`ent: missing required field "Attachment.primary"`)}
 	}
-	if _, ok := ac.mutation.Title(); !ok {
+	if _, ok := _c.mutation.Title(); !ok {
 		return &ValidationError{Name: "title", err: errors.New(`ent: missing required field "Attachment.title"`)}
 	}
-	if _, ok := ac.mutation.Path(); !ok {
+	if _, ok := _c.mutation.Path(); !ok {
 		return &ValidationError{Name: "path", err: errors.New(`ent: missing required field "Attachment.path"`)}
 	}
-	if _, ok := ac.mutation.MimeType(); !ok {
+	if _, ok := _c.mutation.MimeType(); !ok {
 		return &ValidationError{Name: "mime_type", err: errors.New(`ent: missing required field "Attachment.mime_type"`)}
 	}
 	return nil
 }
 
-func (ac *AttachmentCreate) sqlSave(ctx context.Context) (*Attachment, error) {
-	if err := ac.check(); err != nil {
+func (_c *AttachmentCreate) sqlSave(ctx context.Context) (*Attachment, error) {
+	if err := _c.check(); err != nil {
 		return nil, err
 	}
-	_node, _spec := ac.createSpec()
-	if err := sqlgraph.CreateNode(ctx, ac.driver, _spec); err != nil {
+	_node, _spec := _c.createSpec()
+	if err := sqlgraph.CreateNode(ctx, _c.driver, _spec); err != nil {
 		if sqlgraph.IsConstraintError(err) {
 			err = &ConstraintError{msg: err.Error(), wrap: err}
 		}
@@ -290,49 +290,49 @@ func (ac *AttachmentCreate) sqlSave(ctx context.Context) (*Attachment, error) {
 			return nil, err
 		}
 	}
-	ac.mutation.id = &_node.ID
-	ac.mutation.done = true
+	_c.mutation.id = &_node.ID
+	_c.mutation.done = true
 	return _node, nil
 }
 
-func (ac *AttachmentCreate) createSpec() (*Attachment, *sqlgraph.CreateSpec) {
+func (_c *AttachmentCreate) createSpec() (*Attachment, *sqlgraph.CreateSpec) {
 	var (
-		_node = &Attachment{config: ac.config}
+		_node = &Attachment{config: _c.config}
 		_spec = sqlgraph.NewCreateSpec(attachment.Table, sqlgraph.NewFieldSpec(attachment.FieldID, field.TypeUUID))
 	)
-	if id, ok := ac.mutation.ID(); ok {
+	if id, ok := _c.mutation.ID(); ok {
 		_node.ID = id
 		_spec.ID.Value = &id
 	}
-	if value, ok := ac.mutation.CreatedAt(); ok {
+	if value, ok := _c.mutation.CreatedAt(); ok {
 		_spec.SetField(attachment.FieldCreatedAt, field.TypeTime, value)
 		_node.CreatedAt = value
 	}
-	if value, ok := ac.mutation.UpdatedAt(); ok {
+	if value, ok := _c.mutation.UpdatedAt(); ok {
 		_spec.SetField(attachment.FieldUpdatedAt, field.TypeTime, value)
 		_node.UpdatedAt = value
 	}
-	if value, ok := ac.mutation.GetType(); ok {
+	if value, ok := _c.mutation.GetType(); ok {
 		_spec.SetField(attachment.FieldType, field.TypeEnum, value)
 		_node.Type = value
 	}
-	if value, ok := ac.mutation.Primary(); ok {
+	if value, ok := _c.mutation.Primary(); ok {
 		_spec.SetField(attachment.FieldPrimary, field.TypeBool, value)
 		_node.Primary = value
 	}
-	if value, ok := ac.mutation.Title(); ok {
+	if value, ok := _c.mutation.Title(); ok {
 		_spec.SetField(attachment.FieldTitle, field.TypeString, value)
 		_node.Title = value
 	}
-	if value, ok := ac.mutation.Path(); ok {
+	if value, ok := _c.mutation.Path(); ok {
 		_spec.SetField(attachment.FieldPath, field.TypeString, value)
 		_node.Path = value
 	}
-	if value, ok := ac.mutation.MimeType(); ok {
+	if value, ok := _c.mutation.MimeType(); ok {
 		_spec.SetField(attachment.FieldMimeType, field.TypeString, value)
 		_node.MimeType = value
 	}
-	if nodes := ac.mutation.ItemIDs(); len(nodes) > 0 {
+	if nodes := _c.mutation.ItemIDs(); len(nodes) > 0 {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.M2O,
 			Inverse: true,
@@ -349,7 +349,7 @@ func (ac *AttachmentCreate) createSpec() (*Attachment, *sqlgraph.CreateSpec) {
 		_node.item_attachments = &nodes[0]
 		_spec.Edges = append(_spec.Edges, edge)
 	}
-	if nodes := ac.mutation.ThumbnailIDs(); len(nodes) > 0 {
+	if nodes := _c.mutation.ThumbnailIDs(); len(nodes) > 0 {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.O2O,
 			Inverse: false,
@@ -377,16 +377,16 @@ type AttachmentCreateBulk struct {
 }
 
 // Save creates the Attachment entities in the database.
-func (acb *AttachmentCreateBulk) Save(ctx context.Context) ([]*Attachment, error) {
-	if acb.err != nil {
-		return nil, acb.err
+func (_c *AttachmentCreateBulk) Save(ctx context.Context) ([]*Attachment, error) {
+	if _c.err != nil {
+		return nil, _c.err
 	}
-	specs := make([]*sqlgraph.CreateSpec, len(acb.builders))
-	nodes := make([]*Attachment, len(acb.builders))
-	mutators := make([]Mutator, len(acb.builders))
-	for i := range acb.builders {
+	specs := make([]*sqlgraph.CreateSpec, len(_c.builders))
+	nodes := make([]*Attachment, len(_c.builders))
+	mutators := make([]Mutator, len(_c.builders))
+	for i := range _c.builders {
 		func(i int, root context.Context) {
-			builder := acb.builders[i]
+			builder := _c.builders[i]
 			builder.defaults()
 			var mut Mutator = MutateFunc(func(ctx context.Context, m Mutation) (Value, error) {
 				mutation, ok := m.(*AttachmentMutation)
@@ -400,11 +400,11 @@ func (acb *AttachmentCreateBulk) Save(ctx context.Context) ([]*Attachment, error
 				var err error
 				nodes[i], specs[i] = builder.createSpec()
 				if i < len(mutators)-1 {
-					_, err = mutators[i+1].Mutate(root, acb.builders[i+1].mutation)
+					_, err = mutators[i+1].Mutate(root, _c.builders[i+1].mutation)
 				} else {
 					spec := &sqlgraph.BatchCreateSpec{Nodes: specs}
 					// Invoke the actual operation on the latest mutation in the chain.
-					if err = sqlgraph.BatchCreate(ctx, acb.driver, spec); err != nil {
+					if err = sqlgraph.BatchCreate(ctx, _c.driver, spec); err != nil {
 						if sqlgraph.IsConstraintError(err) {
 							err = &ConstraintError{msg: err.Error(), wrap: err}
 						}
@@ -424,7 +424,7 @@ func (acb *AttachmentCreateBulk) Save(ctx context.Context) ([]*Attachment, error
 		}(i, ctx)
 	}
 	if len(mutators) > 0 {
-		if _, err := mutators[0].Mutate(ctx, acb.builders[0].mutation); err != nil {
+		if _, err := mutators[0].Mutate(ctx, _c.builders[0].mutation); err != nil {
 			return nil, err
 		}
 	}
@@ -432,8 +432,8 @@ func (acb *AttachmentCreateBulk) Save(ctx context.Context) ([]*Attachment, error
 }
 
 // SaveX is like Save, but panics if an error occurs.
-func (acb *AttachmentCreateBulk) SaveX(ctx context.Context) []*Attachment {
-	v, err := acb.Save(ctx)
+func (_c *AttachmentCreateBulk) SaveX(ctx context.Context) []*Attachment {
+	v, err := _c.Save(ctx)
 	if err != nil {
 		panic(err)
 	}
@@ -441,14 +441,14 @@ func (acb *AttachmentCreateBulk) SaveX(ctx context.Context) []*Attachment {
 }
 
 // Exec executes the query.
-func (acb *AttachmentCreateBulk) Exec(ctx context.Context) error {
-	_, err := acb.Save(ctx)
+func (_c *AttachmentCreateBulk) Exec(ctx context.Context) error {
+	_, err := _c.Save(ctx)
 	return err
 }
 
 // ExecX is like Exec, but panics if an error occurs.
-func (acb *AttachmentCreateBulk) ExecX(ctx context.Context) {
-	if err := acb.Exec(ctx); err != nil {
+func (_c *AttachmentCreateBulk) ExecX(ctx context.Context) {
+	if err := _c.Exec(ctx); err != nil {
 		panic(err)
 	}
 }

backend/internal/data/ent/attachment_delete.go

@@ -20,56 +20,56 @@ type AttachmentDelete struct {
 }
 
 // Where appends a list predicates to the AttachmentDelete builder.
-func (ad *AttachmentDelete) Where(ps ...predicate.Attachment) *AttachmentDelete {
-	ad.mutation.Where(ps...)
-	return ad
+func (_d *AttachmentDelete) Where(ps ...predicate.Attachment) *AttachmentDelete {
+	_d.mutation.Where(ps...)
+	return _d
 }
 
 // Exec executes the deletion query and returns how many vertices were deleted.
-func (ad *AttachmentDelete) Exec(ctx context.Context) (int, error) {
-	return withHooks(ctx, ad.sqlExec, ad.mutation, ad.hooks)
+func (_d *AttachmentDelete) Exec(ctx context.Context) (int, error) {
+	return withHooks(ctx, _d.sqlExec, _d.mutation, _d.hooks)
 }
 
 // ExecX is like Exec, but panics if an error occurs.
-func (ad *AttachmentDelete) ExecX(ctx context.Context) int {
-	n, err := ad.Exec(ctx)
+func (_d *AttachmentDelete) ExecX(ctx context.Context) int {
+	n, err := _d.Exec(ctx)
 	if err != nil {
 		panic(err)
 	}
 	return n
 }
 
-func (ad *AttachmentDelete) sqlExec(ctx context.Context) (int, error) {
+func (_d *AttachmentDelete) sqlExec(ctx context.Context) (int, error) {
 	_spec := sqlgraph.NewDeleteSpec(attachment.Table, sqlgraph.NewFieldSpec(attachment.FieldID, field.TypeUUID))
-	if ps := ad.mutation.predicates; len(ps) > 0 {
+	if ps := _d.mutation.predicates; len(ps) > 0 {
 		_spec.Predicate = func(selector *sql.Selector) {
 			for i := range ps {
 				ps[i](selector)
 			}
 		}
 	}
-	affected, err := sqlgraph.DeleteNodes(ctx, ad.driver, _spec)
+	affected, err := sqlgraph.DeleteNodes(ctx, _d.driver, _spec)
 	if err != nil && sqlgraph.IsConstraintError(err) {
 		err = &ConstraintError{msg: err.Error(), wrap: err}
 	}
-	ad.mutation.done = true
+	_d.mutation.done = true
 	return affected, err
 }
 
 // AttachmentDeleteOne is the builder for deleting a single Attachment entity.
 type AttachmentDeleteOne struct {
-	ad *AttachmentDelete
+	_d *AttachmentDelete
 }
 
 // Where appends a list predicates to the AttachmentDelete builder.
-func (ado *AttachmentDeleteOne) Where(ps ...predicate.Attachment) *AttachmentDeleteOne {
-	ado.ad.mutation.Where(ps...)
-	return ado
+func (_d *AttachmentDeleteOne) Where(ps ...predicate.Attachment) *AttachmentDeleteOne {
+	_d._d.mutation.Where(ps...)
+	return _d
 }
 
 // Exec executes the deletion query.
-func (ado *AttachmentDeleteOne) Exec(ctx context.Context) error {
-	n, err := ado.ad.Exec(ctx)
+func (_d *AttachmentDeleteOne) Exec(ctx context.Context) error {
+	n, err := _d._d.Exec(ctx)
 	switch {
 	case err != nil:
 		return err
@@ -81,8 +81,8 @@ func (ado *AttachmentDeleteOne) Exec(ctx context.Context) error {
 }
 
 // ExecX is like Exec, but panics if an error occurs.
-func (ado *AttachmentDeleteOne) ExecX(ctx context.Context) {
-	if err := ado.Exec(ctx); err != nil {
+func (_d *AttachmentDeleteOne) ExecX(ctx context.Context) {
+	if err := _d.Exec(ctx); err != nil {
 		panic(err)
 	}
 }

backend/internal/data/ent/attachment_query.go

@@ -33,44 +33,44 @@ type AttachmentQuery struct {
 }
 
 // Where adds a new predicate for the AttachmentQuery builder.
-func (aq *AttachmentQuery) Where(ps ...predicate.Attachment) *AttachmentQuery {
-	aq.predicates = append(aq.predicates, ps...)
-	return aq
+func (_q *AttachmentQuery) Where(ps ...predicate.Attachment) *AttachmentQuery {
+	_q.predicates = append(_q.predicates, ps...)
+	return _q
 }
 
 // Limit the number of records to be returned by this query.
-func (aq *AttachmentQuery) Limit(limit int) *AttachmentQuery {
-	aq.ctx.Limit = &limit
-	return aq
+func (_q *AttachmentQuery) Limit(limit int) *AttachmentQuery {
+	_q.ctx.Limit = &limit
+	return _q
 }
 
 // Offset to start from.
-func (aq *AttachmentQuery) Offset(offset int) *AttachmentQuery {
-	aq.ctx.Offset = &offset
-	return aq
+func (_q *AttachmentQuery) Offset(offset int) *AttachmentQuery {
+	_q.ctx.Offset = &offset
+	return _q
 }
 
 // Unique configures the query builder to filter duplicate records on query.
 // By default, unique is set to true, and can be disabled using this method.
-func (aq *AttachmentQuery) Unique(unique bool) *AttachmentQuery {
-	aq.ctx.Unique = &unique
-	return aq
+func (_q *AttachmentQuery) Unique(unique bool) *AttachmentQuery {
+	_q.ctx.Unique = &unique
+	return _q
 }
 
 // Order specifies how the records should be ordered.
-func (aq *AttachmentQuery) Order(o ...attachment.OrderOption) *AttachmentQuery {
-	aq.order = append(aq.order, o...)
-	return aq
+func (_q *AttachmentQuery) Order(o ...attachment.OrderOption) *AttachmentQuery {
+	_q.order = append(_q.order, o...)
+	return _q
 }
 
 // QueryItem chains the current query on the "item" edge.
-func (aq *AttachmentQuery) QueryItem() *ItemQuery {
-	query := (&ItemClient{config: aq.config}).Query()
+func (_q *AttachmentQuery) QueryItem() *ItemQuery {
+	query := (&ItemClient{config: _q.config}).Query()
 	query.path = func(ctx context.Context) (fromU *sql.Selector, err error) {
-		if err := aq.prepareQuery(ctx); err != nil {
+		if err := _q.prepareQuery(ctx); err != nil {
 			return nil, err
 		}
-		selector := aq.sqlQuery(ctx)
+		selector := _q.sqlQuery(ctx)
 		if err := selector.Err(); err != nil {
 			return nil, err
 		}
@@ -79,20 +79,20 @@ func (aq *AttachmentQuery) QueryItem() *ItemQuery {
 			sqlgraph.To(item.Table, item.FieldID),
 			sqlgraph.Edge(sqlgraph.M2O, true, attachment.ItemTable, attachment.ItemColumn),
 		)
-		fromU = sqlgraph.SetNeighbors(aq.driver.Dialect(), step)
+		fromU = sqlgraph.SetNeighbors(_q.driver.Dialect(), step)
 		return fromU, nil
 	}
 	return query
 }
 
 // QueryThumbnail chains the current query on the "thumbnail" edge.
-func (aq *AttachmentQuery) QueryThumbnail() *AttachmentQuery {
-	query := (&AttachmentClient{config: aq.config}).Query()
+func (_q *AttachmentQuery) QueryThumbnail() *AttachmentQuery {
+	query := (&AttachmentClient{config: _q.config}).Query()
 	query.path = func(ctx context.Context) (fromU *sql.Selector, err error) {
-		if err := aq.prepareQuery(ctx); err != nil {
+		if err := _q.prepareQuery(ctx); err != nil {
 			return nil, err
 		}
-		selector := aq.sqlQuery(ctx)
+		selector := _q.sqlQuery(ctx)
 		if err := selector.Err(); err != nil {
 			return nil, err
 		}
@@ -101,7 +101,7 @@ func (aq *AttachmentQuery) QueryThumbnail() *AttachmentQuery {
 			sqlgraph.To(attachment.Table, attachment.FieldID),
 			sqlgraph.Edge(sqlgraph.O2O, false, attachment.ThumbnailTable, attachment.ThumbnailColumn),
 		)
-		fromU = sqlgraph.SetNeighbors(aq.driver.Dialect(), step)
+		fromU = sqlgraph.SetNeighbors(_q.driver.Dialect(), step)
 		return fromU, nil
 	}
 	return query
@@ -109,8 +109,8 @@ func (aq *AttachmentQuery) QueryThumbnail() *AttachmentQuery {
 
 // First returns the first Attachment entity from the query.
 // Returns a *NotFoundError when no Attachment was found.
-func (aq *AttachmentQuery) First(ctx context.Context) (*Attachment, error) {
-	nodes, err := aq.Limit(1).All(setContextOp(ctx, aq.ctx, ent.OpQueryFirst))
+func (_q *AttachmentQuery) First(ctx context.Context) (*Attachment, error) {
+	nodes, err := _q.Limit(1).All(setContextOp(ctx, _q.ctx, ent.OpQueryFirst))
 	if err != nil {
 		return nil, err
 	}
@@ -121,8 +121,8 @@ func (aq *AttachmentQuery) First(ctx context.Context) (*Attachment, error) {
 }
 
 // FirstX is like First, but panics if an error occurs.
-func (aq *AttachmentQuery) FirstX(ctx context.Context) *Attachment {
-	node, err := aq.First(ctx)
+func (_q *AttachmentQuery) FirstX(ctx context.Context) *Attachment {
+	node, err := _q.First(ctx)
 	if err != nil && !IsNotFound(err) {
 		panic(err)
 	}
@@ -131,9 +131,9 @@ func (aq *AttachmentQuery) FirstX(ctx context.Context) *Attachment {
 
 // FirstID returns the first Attachment ID from the query.
 // Returns a *NotFoundError when no Attachment ID was found.
-func (aq *AttachmentQuery) FirstID(ctx context.Context) (id uuid.UUID, err error) {
+func (_q *AttachmentQuery) FirstID(ctx context.Context) (id uuid.UUID, err error) {
 	var ids []uuid.UUID
-	if ids, err = aq.Limit(1).IDs(setContextOp(ctx, aq.ctx, ent.OpQueryFirstID)); err != nil {
+	if ids, err = _q.Limit(1).IDs(setContextOp(ctx, _q.ctx, ent.OpQueryFirstID)); err != nil {
 		return
 	}
 	if len(ids) == 0 {
@@ -144,8 +144,8 @@ func (aq *AttachmentQuery) FirstID(ctx context.Context) (id uuid.UUID, err error
 }
 
 // FirstIDX is like FirstID, but panics if an error occurs.
-func (aq *AttachmentQuery) FirstIDX(ctx context.Context) uuid.UUID {
-	id, err := aq.FirstID(ctx)
+func (_q *AttachmentQuery) FirstIDX(ctx context.Context) uuid.UUID {
+	id, err := _q.FirstID(ctx)
 	if err != nil && !IsNotFound(err) {
 		panic(err)
 	}
@@ -155,8 +155,8 @@ func (aq *AttachmentQuery) FirstIDX(ctx context.Context) uuid.UUID {
 // Only returns a single Attachment entity found by the query, ensuring it only returns one.
 // Returns a *NotSingularError when more than one Attachment entity is found.
 // Returns a *NotFoundError when no Attachment entities are found.
-func (aq *AttachmentQuery) Only(ctx context.Context) (*Attachment, error) {
-	nodes, err := aq.Limit(2).All(setContextOp(ctx, aq.ctx, ent.OpQueryOnly))
+func (_q *AttachmentQuery) Only(ctx context.Context) (*Attachment, error) {
+	nodes, err := _q.Limit(2).All(setContextOp(ctx, _q.ctx, ent.OpQueryOnly))
 	if err != nil {
 		return nil, err
 	}
@@ -171,8 +171,8 @@ func (aq *AttachmentQuery) Only(ctx context.Context) (*Attachment, error) {
 }
 
 // OnlyX is like Only, but panics if an error occurs.
-func (aq *AttachmentQuery) OnlyX(ctx context.Context) *Attachment {
-	node, err := aq.Only(ctx)
+func (_q *AttachmentQuery) OnlyX(ctx context.Context) *Attachment {
+	node, err := _q.Only(ctx)
 	if err != nil {
 		panic(err)
 	}
@@ -182,9 +182,9 @@ func (aq *AttachmentQuery) OnlyX(ctx context.Context) *Attachment {
 // OnlyID is like Only, but returns the only Attachment ID in the query.
 // Returns a *NotSingularError when more than one Attachment ID is found.
 // Returns a *NotFoundError when no entities are found.
-func (aq *AttachmentQuery) OnlyID(ctx context.Context) (id uuid.UUID, err error) {
+func (_q *AttachmentQuery) OnlyID(ctx context.Context) (id uuid.UUID, err error) {
 	var ids []uuid.UUID
-	if ids, err = aq.Limit(2).IDs(setContextOp(ctx, aq.ctx, ent.OpQueryOnlyID)); err != nil {
+	if ids, err = _q.Limit(2).IDs(setContextOp(ctx, _q.ctx, ent.OpQueryOnlyID)); err != nil {
 		return
 	}
 	switch len(ids) {
@@ -199,8 +199,8 @@ func (aq *AttachmentQuery) OnlyID(ctx context.Context) (id uuid.UUID, err error)
 }
 
 // OnlyIDX is like OnlyID, but panics if an error occurs.
-func (aq *AttachmentQuery) OnlyIDX(ctx context.Context) uuid.UUID {
-	id, err := aq.OnlyID(ctx)
+func (_q *AttachmentQuery) OnlyIDX(ctx context.Context) uuid.UUID {
+	id, err := _q.OnlyID(ctx)
 	if err != nil {
 		panic(err)
 	}
@@ -208,18 +208,18 @@ func (aq *AttachmentQuery) OnlyIDX(ctx context.Context) uuid.UUID {
 }
 
 // All executes the query and returns a list of Attachments.
-func (aq *AttachmentQuery) All(ctx context.Context) ([]*Attachment, error) {
-	ctx = setContextOp(ctx, aq.ctx, ent.OpQueryAll)
-	if err := aq.prepareQuery(ctx); err != nil {
+func (_q *AttachmentQuery) All(ctx context.Context) ([]*Attachment, error) {
+	ctx = setContextOp(ctx, _q.ctx, ent.OpQueryAll)
+	if err := _q.prepareQuery(ctx); err != nil {
 		return nil, err
 	}
 	qr := querierAll[[]*Attachment, *AttachmentQuery]()
-	return withInterceptors[[]*Attachment](ctx, aq, qr, aq.inters)
+	return withInterceptors[[]*Attachment](ctx, _q, qr, _q.inters)
 }
 
 // AllX is like All, but panics if an error occurs.
-func (aq *AttachmentQuery) AllX(ctx context.Context) []*Attachment {
-	nodes, err := aq.All(ctx)
+func (_q *AttachmentQuery) AllX(ctx context.Context) []*Attachment {
+	nodes, err := _q.All(ctx)
 	if err != nil {
 		panic(err)
 	}
@@ -227,20 +227,20 @@ func (aq *AttachmentQuery) AllX(ctx context.Context) []*Attachment {
 }
 
 // IDs executes the query and returns a list of Attachment IDs.
-func (aq *AttachmentQuery) IDs(ctx context.Context) (ids []uuid.UUID, err error) {
-	if aq.ctx.Unique == nil && aq.path != nil {
-		aq.Unique(true)
+func (_q *AttachmentQuery) IDs(ctx context.Context) (ids []uuid.UUID, err error) {
+	if _q.ctx.Unique == nil && _q.path != nil {
+		_q.Unique(true)
 	}
-	ctx = setContextOp(ctx, aq.ctx, ent.OpQueryIDs)
-	if err = aq.Select(attachment.FieldID).Scan(ctx, &ids); err != nil {
+	ctx = setContextOp(ctx, _q.ctx, ent.OpQueryIDs)
+	if err = _q.Select(attachment.FieldID).Scan(ctx, &ids); err != nil {
 		return nil, err
 	}
 	return ids, nil
 }
 
 // IDsX is like IDs, but panics if an error occurs.
-func (aq *AttachmentQuery) IDsX(ctx context.Context) []uuid.UUID {
-	ids, err := aq.IDs(ctx)
+func (_q *AttachmentQuery) IDsX(ctx context.Context) []uuid.UUID {
+	ids, err := _q.IDs(ctx)
 	if err != nil {
 		panic(err)
 	}
@@ -248,17 +248,17 @@ func (aq *AttachmentQuery) IDsX(ctx context.Context) []uuid.UUID {
 }
 
 // Count returns the count of the given query.
-func (aq *AttachmentQuery) Count(ctx context.Context) (int, error) {
-	ctx = setContextOp(ctx, aq.ctx, ent.OpQueryCount)
-	if err := aq.prepareQuery(ctx); err != nil {
+func (_q *AttachmentQuery) Count(ctx context.Context) (int, error) {
+	ctx = setContextOp(ctx, _q.ctx, ent.OpQueryCount)
+	if err := _q.prepareQuery(ctx); err != nil {
 		return 0, err
 	}
-	return withInterceptors[int](ctx, aq, querierCount[*AttachmentQuery](), aq.inters)
+	return withInterceptors[int](ctx, _q, querierCount[*AttachmentQuery](), _q.inters)
 }
 
 // CountX is like Count, but panics if an error occurs.
-func (aq *AttachmentQuery) CountX(ctx context.Context) int {
-	count, err := aq.Count(ctx)
+func (_q *AttachmentQuery) CountX(ctx context.Context) int {
+	count, err := _q.Count(ctx)
 	if err != nil {
 		panic(err)
 	}
@@ -266,9 +266,9 @@ func (aq *AttachmentQuery) CountX(ctx context.Context) int {
 }
 
 // Exist returns true if the query has elements in the graph.
-func (aq *AttachmentQuery) Exist(ctx context.Context) (bool, error) {
-	ctx = setContextOp(ctx, aq.ctx, ent.OpQueryExist)
-	switch _, err := aq.FirstID(ctx); {
+func (_q *AttachmentQuery) Exist(ctx context.Context) (bool, error) {
+	ctx = setContextOp(ctx, _q.ctx, ent.OpQueryExist)
+	switch _, err := _q.FirstID(ctx); {
 	case IsNotFound(err):
 		return false, nil
 	case err != nil:
@@ -279,8 +279,8 @@ func (aq *AttachmentQuery) Exist(ctx context.Context) (bool, error) {
 }
 
 // ExistX is like Exist, but panics if an error occurs.
-func (aq *AttachmentQuery) ExistX(ctx context.Context) bool {
-	exist, err := aq.Exist(ctx)
+func (_q *AttachmentQuery) ExistX(ctx context.Context) bool {
+	exist, err := _q.Exist(ctx)
 	if err != nil {
 		panic(err)
 	}
@@ -289,44 +289,44 @@ func (aq *AttachmentQuery) ExistX(ctx context.Context) bool {
 
 // Clone returns a duplicate of the AttachmentQuery builder, including all associated steps. It can be
 // used to prepare common query builders and use them differently after the clone is made.
-func (aq *AttachmentQuery) Clone() *AttachmentQuery {
-	if aq == nil {
+func (_q *AttachmentQuery) Clone() *AttachmentQuery {
+	if _q == nil {
 		return nil
 	}
 	return &AttachmentQuery{
-		config:        aq.config,
-		ctx:           aq.ctx.Clone(),
-		order:         append([]attachment.OrderOption{}, aq.order...),
-		inters:        append([]Interceptor{}, aq.inters...),
-		predicates:    append([]predicate.Attachment{}, aq.predicates...),
-		withItem:      aq.withItem.Clone(),
-		withThumbnail: aq.withThumbnail.Clone(),
+		config:        _q.config,
+		ctx:           _q.ctx.Clone(),
+		order:         append([]attachment.OrderOption{}, _q.order...),
+		inters:        append([]Interceptor{}, _q.inters...),
+		predicates:    append([]predicate.Attachment{}, _q.predicates...),
+		withItem:      _q.withItem.Clone(),
+		withThumbnail: _q.withThumbnail.Clone(),
 		// clone intermediate query.
-		sql:  aq.sql.Clone(),
-		path: aq.path,
+		sql:  _q.sql.Clone(),
+		path: _q.path,
 	}
 }
 
 // WithItem tells the query-builder to eager-load the nodes that are connected to
 // the "item" edge. The optional arguments are used to configure the query builder of the edge.
-func (aq *AttachmentQuery) WithItem(opts ...func(*ItemQuery)) *AttachmentQuery {
-	query := (&ItemClient{config: aq.config}).Query()
+func (_q *AttachmentQuery) WithItem(opts ...func(*ItemQuery)) *AttachmentQuery {
+	query := (&ItemClient{config: _q.config}).Query()
 	for _, opt := range opts {
 		opt(query)
 	}
-	aq.withItem = query
-	return aq
+	_q.withItem = query
+	return _q
 }
 
 // WithThumbnail tells the query-builder to eager-load the nodes that are connected to
 // the "thumbnail" edge. The optional arguments are used to configure the query builder of the edge.
-func (aq *AttachmentQuery) WithThumbnail(opts ...func(*AttachmentQuery)) *AttachmentQuery {
-	query := (&AttachmentClient{config: aq.config}).Query()
+func (_q *AttachmentQuery) WithThumbnail(opts ...func(*AttachmentQuery)) *AttachmentQuery {
+	query := (&AttachmentClient{config: _q.config}).Query()
 	for _, opt := range opts {
 		opt(query)
 	}
-	aq.withThumbnail = query
-	return aq
+	_q.withThumbnail = query
+	return _q
 }
 
 // GroupBy is used to group vertices by one or more fields/columns.
@@ -343,10 +343,10 @@ func (aq *AttachmentQuery) WithThumbnail(opts ...func(*AttachmentQuery)) *Attach
 //		GroupBy(attachment.FieldCreatedAt).
 //		Aggregate(ent.Count()).
 //		Scan(ctx, &v)
-func (aq *AttachmentQuery) GroupBy(field string, fields ...string) *AttachmentGroupBy {
-	aq.ctx.Fields = append([]string{field}, fields...)
-	grbuild := &AttachmentGroupBy{build: aq}
-	grbuild.flds = &aq.ctx.Fields
+func (_q *AttachmentQuery) GroupBy(field string, fields ...string) *AttachmentGroupBy {
+	_q.ctx.Fields = append([]string{field}, fields...)
+	grbuild := &AttachmentGroupBy{build: _q}
+	grbuild.flds = &_q.ctx.Fields
 	grbuild.label = attachment.Label
 	grbuild.scan = grbuild.Scan
 	return grbuild
@@ -364,56 +364,56 @@ func (aq *AttachmentQuery) GroupBy(field string, fields ...string) *AttachmentGr
 //	client.Attachment.Query().
 //		Select(attachment.FieldCreatedAt).
 //		Scan(ctx, &v)
-func (aq *AttachmentQuery) Select(fields ...string) *AttachmentSelect {
-	aq.ctx.Fields = append(aq.ctx.Fields, fields...)
-	sbuild := &AttachmentSelect{AttachmentQuery: aq}
+func (_q *AttachmentQuery) Select(fields ...string) *AttachmentSelect {
+	_q.ctx.Fields = append(_q.ctx.Fields, fields...)
+	sbuild := &AttachmentSelect{AttachmentQuery: _q}
 	sbuild.label = attachment.Label
-	sbuild.flds, sbuild.scan = &aq.ctx.Fields, sbuild.Scan
+	sbuild.flds, sbuild.scan = &_q.ctx.Fields, sbuild.Scan
 	return sbuild
 }
 
 // Aggregate returns a AttachmentSelect configured with the given aggregations.
-func (aq *AttachmentQuery) Aggregate(fns ...AggregateFunc) *AttachmentSelect {
-	return aq.Select().Aggregate(fns...)
+func (_q *AttachmentQuery) Aggregate(fns ...AggregateFunc) *AttachmentSelect {
+	return _q.Select().Aggregate(fns...)
 }
 
-func (aq *AttachmentQuery) prepareQuery(ctx context.Context) error {
-	for _, inter := range aq.inters {
+func (_q *AttachmentQuery) prepareQuery(ctx context.Context) error {
+	for _, inter := range _q.inters {
 		if inter == nil {
 			return fmt.Errorf("ent: uninitialized interceptor (forgotten import ent/runtime?)")
 		}
 		if trv, ok := inter.(Traverser); ok {
-			if err := trv.Traverse(ctx, aq); err != nil {
+			if err := trv.Traverse(ctx, _q); err != nil {
 				return err
 			}
 		}
 	}
-	for _, f := range aq.ctx.Fields {
+	for _, f := range _q.ctx.Fields {
 		if !attachment.ValidColumn(f) {
 			return &ValidationError{Name: f, err: fmt.Errorf("ent: invalid field %q for query", f)}
 		}
 	}
-	if aq.path != nil {
-		prev, err := aq.path(ctx)
+	if _q.path != nil {
+		prev, err := _q.path(ctx)
 		if err != nil {
 			return err
 		}
-		aq.sql = prev
+		_q.sql = prev
 	}
 	return nil
 }
 
-func (aq *AttachmentQuery) sqlAll(ctx context.Context, hooks ...queryHook) ([]*Attachment, error) {
+func (_q *AttachmentQuery) sqlAll(ctx context.Context, hooks ...queryHook) ([]*Attachment, error) {
 	var (
 		nodes       = []*Attachment{}
-		withFKs     = aq.withFKs
-		_spec       = aq.querySpec()
+		withFKs     = _q.withFKs
+		_spec       = _q.querySpec()
 		loadedTypes = [2]bool{
-			aq.withItem != nil,
-			aq.withThumbnail != nil,
+			_q.withItem != nil,
+			_q.withThumbnail != nil,
 		}
 	)
-	if aq.withItem != nil || aq.withThumbnail != nil {
+	if _q.withItem != nil || _q.withThumbnail != nil {
 		withFKs = true
 	}
 	if withFKs {
@@ -423,7 +423,7 @@ func (aq *AttachmentQuery) sqlAll(ctx context.Context, hooks ...queryHook) ([]*A
 		return (*Attachment).scanValues(nil, columns)
 	}
 	_spec.Assign = func(columns []string, values []any) error {
-		node := &Attachment{config: aq.config}
+		node := &Attachment{config: _q.config}
 		nodes = append(nodes, node)
 		node.Edges.loadedTypes = loadedTypes
 		return node.assignValues(columns, values)
@@ -431,20 +431,20 @@ func (aq *AttachmentQuery) sqlAll(ctx context.Context, hooks ...queryHook) ([]*A
 	for i := range hooks {
 		hooks[i](ctx, _spec)
 	}
-	if err := sqlgraph.QueryNodes(ctx, aq.driver, _spec); err != nil {
+	if err := sqlgraph.QueryNodes(ctx, _q.driver, _spec); err != nil {
 		return nil, err
 	}
 	if len(nodes) == 0 {
 		return nodes, nil
 	}
-	if query := aq.withItem; query != nil {
-		if err := aq.loadItem(ctx, query, nodes, nil,
+	if query := _q.withItem; query != nil {
+		if err := _q.loadItem(ctx, query, nodes, nil,
 			func(n *Attachment, e *Item) { n.Edges.Item = e }); err != nil {
 			return nil, err
 		}
 	}
-	if query := aq.withThumbnail; query != nil {
-		if err := aq.loadThumbnail(ctx, query, nodes, nil,
+	if query := _q.withThumbnail; query != nil {
+		if err := _q.loadThumbnail(ctx, query, nodes, nil,
 			func(n *Attachment, e *Attachment) { n.Edges.Thumbnail = e }); err != nil {
 			return nil, err
 		}
@@ -452,7 +452,7 @@ func (aq *AttachmentQuery) sqlAll(ctx context.Context, hooks ...queryHook) ([]*A
 	return nodes, nil
 }
 
-func (aq *AttachmentQuery) loadItem(ctx context.Context, query *ItemQuery, nodes []*Attachment, init func(*Attachment), assign func(*Attachment, *Item)) error {
+func (_q *AttachmentQuery) loadItem(ctx context.Context, query *ItemQuery, nodes []*Attachment, init func(*Attachment), assign func(*Attachment, *Item)) error {
 	ids := make([]uuid.UUID, 0, len(nodes))
 	nodeids := make(map[uuid.UUID][]*Attachment)
 	for i := range nodes {
@@ -484,7 +484,7 @@ func (aq *AttachmentQuery) loadItem(ctx context.Context, query *ItemQuery, nodes
 	}
 	return nil
 }
-func (aq *AttachmentQuery) loadThumbnail(ctx context.Context, query *AttachmentQuery, nodes []*Attachment, init func(*Attachment), assign func(*Attachment, *Attachment)) error {
+func (_q *AttachmentQuery) loadThumbnail(ctx context.Context, query *AttachmentQuery, nodes []*Attachment, init func(*Attachment), assign func(*Attachment, *Attachment)) error {
 	ids := make([]uuid.UUID, 0, len(nodes))
 	nodeids := make(map[uuid.UUID][]*Attachment)
 	for i := range nodes {
@@ -517,24 +517,24 @@ func (aq *AttachmentQuery) loadThumbnail(ctx context.Context, query *AttachmentQ
 	return nil
 }
 
-func (aq *AttachmentQuery) sqlCount(ctx context.Context) (int, error) {
-	_spec := aq.querySpec()
-	_spec.Node.Columns = aq.ctx.Fields
-	if len(aq.ctx.Fields) > 0 {
-		_spec.Unique = aq.ctx.Unique != nil && *aq.ctx.Unique
+func (_q *AttachmentQuery) sqlCount(ctx context.Context) (int, error) {
+	_spec := _q.querySpec()
+	_spec.Node.Columns = _q.ctx.Fields
+	if len(_q.ctx.Fields) > 0 {
+		_spec.Unique = _q.ctx.Unique != nil && *_q.ctx.Unique
 	}
-	return sqlgraph.CountNodes(ctx, aq.driver, _spec)
+	return sqlgraph.CountNodes(ctx, _q.driver, _spec)
 }
 
-func (aq *AttachmentQuery) querySpec() *sqlgraph.QuerySpec {
+func (_q *AttachmentQuery) querySpec() *sqlgraph.QuerySpec {
 	_spec := sqlgraph.NewQuerySpec(attachment.Table, attachment.Columns, sqlgraph.NewFieldSpec(attachment.FieldID, field.TypeUUID))
-	_spec.From = aq.sql
-	if unique := aq.ctx.Unique; unique != nil {
+	_spec.From = _q.sql
+	if unique := _q.ctx.Unique; unique != nil {
 		_spec.Unique = *unique
-	} else if aq.path != nil {
+	} else if _q.path != nil {
 		_spec.Unique = true
 	}
-	if fields := aq.ctx.Fields; len(fields) > 0 {
+	if fields := _q.ctx.Fields; len(fields) > 0 {
 		_spec.Node.Columns = make([]string, 0, len(fields))
 		_spec.Node.Columns = append(_spec.Node.Columns, attachment.FieldID)
 		for i := range fields {
@@ -543,20 +543,20 @@ func (aq *AttachmentQuery) querySpec() *sqlgraph.QuerySpec {
 			}
 		}
 	}
-	if ps := aq.predicates; len(ps) > 0 {
+	if ps := _q.predicates; len(ps) > 0 {
 		_spec.Predicate = func(selector *sql.Selector) {
 			for i := range ps {
 				ps[i](selector)
 			}
 		}
 	}
-	if limit := aq.ctx.Limit; limit != nil {
+	if limit := _q.ctx.Limit; limit != nil {
 		_spec.Limit = *limit
 	}
-	if offset := aq.ctx.Offset; offset != nil {
+	if offset := _q.ctx.Offset; offset != nil {
 		_spec.Offset = *offset
 	}
-	if ps := aq.order; len(ps) > 0 {
+	if ps := _q.order; len(ps) > 0 {
 		_spec.Order = func(selector *sql.Selector) {
 			for i := range ps {
 				ps[i](selector)
@@ -566,33 +566,33 @@ func (aq *AttachmentQuery) querySpec() *sqlgraph.QuerySpec {
 	return _spec
 }
 
-func (aq *AttachmentQuery) sqlQuery(ctx context.Context) *sql.Selector {
-	builder := sql.Dialect(aq.driver.Dialect())
+func (_q *AttachmentQuery) sqlQuery(ctx context.Context) *sql.Selector {
+	builder := sql.Dialect(_q.driver.Dialect())
 	t1 := builder.Table(attachment.Table)
-	columns := aq.ctx.Fields
+	columns := _q.ctx.Fields
 	if len(columns) == 0 {
 		columns = attachment.Columns
 	}
 	selector := builder.Select(t1.Columns(columns...)...).From(t1)
-	if aq.sql != nil {
-		selector = aq.sql
+	if _q.sql != nil {
+		selector = _q.sql
 		selector.Select(selector.Columns(columns...)...)
 	}
-	if aq.ctx.Unique != nil && *aq.ctx.Unique {
+	if _q.ctx.Unique != nil && *_q.ctx.Unique {
 		selector.Distinct()
 	}
-	for _, p := range aq.predicates {
+	for _, p := range _q.predicates {
 		p(selector)
 	}
-	for _, p := range aq.order {
+	for _, p := range _q.order {
 		p(selector)
 	}
-	if offset := aq.ctx.Offset; offset != nil {
+	if offset := _q.ctx.Offset; offset != nil {
 		// limit is mandatory for offset clause. We start
 		// with default value, and override it below if needed.
 		selector.Offset(*offset).Limit(math.MaxInt32)
 	}
-	if limit := aq.ctx.Limit; limit != nil {
+	if limit := _q.ctx.Limit; limit != nil {
 		selector.Limit(*limit)
 	}
 	return selector
@@ -605,41 +605,41 @@ type AttachmentGroupBy struct {
 }
 
 // Aggregate adds the given aggregation functions to the group-by query.
-func (agb *AttachmentGroupBy) Aggregate(fns ...AggregateFunc) *AttachmentGroupBy {
-	agb.fns = append(agb.fns, fns...)
-	return agb
+func (_g *AttachmentGroupBy) Aggregate(fns ...AggregateFunc) *AttachmentGroupBy {
+	_g.fns = append(_g.fns, fns...)
+	return _g
 }
 
 // Scan applies the selector query and scans the result into the given value.
-func (agb *AttachmentGroupBy) Scan(ctx context.Context, v any) error {
-	ctx = setContextOp(ctx, agb.build.ctx, ent.OpQueryGroupBy)
-	if err := agb.build.prepareQuery(ctx); err != nil {
+func (_g *AttachmentGroupBy) Scan(ctx context.Context, v any) error {
+	ctx = setContextOp(ctx, _g.build.ctx, ent.OpQueryGroupBy)
+	if err := _g.build.prepareQuery(ctx); err != nil {
 		return err
 	}
-	return scanWithInterceptors[*AttachmentQuery, *AttachmentGroupBy](ctx, agb.build, agb, agb.build.inters, v)
+	return scanWithInterceptors[*AttachmentQuery, *AttachmentGroupBy](ctx, _g.build, _g, _g.build.inters, v)
 }
 
-func (agb *AttachmentGroupBy) sqlScan(ctx context.Context, root *AttachmentQuery, v any) error {
+func (_g *AttachmentGroupBy) sqlScan(ctx context.Context, root *AttachmentQuery, v any) error {
 	selector := root.sqlQuery(ctx).Select()
-	aggregation := make([]string, 0, len(agb.fns))
-	for _, fn := range agb.fns {
+	aggregation := make([]string, 0, len(_g.fns))
+	for _, fn := range _g.fns {
 		aggregation = append(aggregation, fn(selector))
 	}
 	if len(selector.SelectedColumns()) == 0 {
-		columns := make([]string, 0, len(*agb.flds)+len(agb.fns))
-		for _, f := range *agb.flds {
+		columns := make([]string, 0, len(*_g.flds)+len(_g.fns))
+		for _, f := range *_g.flds {
 			columns = append(columns, selector.C(f))
 		}
 		columns = append(columns, aggregation...)
 		selector.Select(columns...)
 	}
-	selector.GroupBy(selector.Columns(*agb.flds...)...)
+	selector.GroupBy(selector.Columns(*_g.flds...)...)
 	if err := selector.Err(); err != nil {
 		return err
 	}
 	rows := &sql.Rows{}
 	query, args := selector.Query()
-	if err := agb.build.driver.Query(ctx, query, args, rows); err != nil {
+	if err := _g.build.driver.Query(ctx, query, args, rows); err != nil {
 		return err
 	}
 	defer rows.Close()
@@ -653,27 +653,27 @@ type AttachmentSelect struct {
 }
 
 // Aggregate adds the given aggregation functions to the selector query.
-func (as *AttachmentSelect) Aggregate(fns ...AggregateFunc) *AttachmentSelect {
-	as.fns = append(as.fns, fns...)
-	return as
+func (_s *AttachmentSelect) Aggregate(fns ...AggregateFunc) *AttachmentSelect {
+	_s.fns = append(_s.fns, fns...)
+	return _s
 }
 
 // Scan applies the selector query and scans the result into the given value.
-func (as *AttachmentSelect) Scan(ctx context.Context, v any) error {
-	ctx = setContextOp(ctx, as.ctx, ent.OpQuerySelect)
-	if err := as.prepareQuery(ctx); err != nil {
+func (_s *AttachmentSelect) Scan(ctx context.Context, v any) error {
+	ctx = setContextOp(ctx, _s.ctx, ent.OpQuerySelect)
+	if err := _s.prepareQuery(ctx); err != nil {
 		return err
 	}
-	return scanWithInterceptors[*AttachmentQuery, *AttachmentSelect](ctx, as.AttachmentQuery, as, as.inters, v)
+	return scanWithInterceptors[*AttachmentQuery, *AttachmentSelect](ctx, _s.AttachmentQuery, _s, _s.inters, v)
 }
 
-func (as *AttachmentSelect) sqlScan(ctx context.Context, root *AttachmentQuery, v any) error {
+func (_s *AttachmentSelect) sqlScan(ctx context.Context, root *AttachmentQuery, v any) error {
 	selector := root.sqlQuery(ctx)
-	aggregation := make([]string, 0, len(as.fns))
-	for _, fn := range as.fns {
+	aggregation := make([]string, 0, len(_s.fns))
+	for _, fn := range _s.fns {
 		aggregation = append(aggregation, fn(selector))
 	}
-	switch n := len(*as.selector.flds); {
+	switch n := len(*_s.selector.flds); {
 	case n == 0 && len(aggregation) > 0:
 		selector.Select(aggregation...)
 	case n != 0 && len(aggregation) > 0:
@@ -681,7 +681,7 @@ func (as *AttachmentSelect) sqlScan(ctx context.Context, root *AttachmentQuery,
 	}
 	rows := &sql.Rows{}
 	query, args := selector.Query()
-	if err := as.driver.Query(ctx, query, args, rows); err != nil {
+	if err := _s.driver.Query(ctx, query, args, rows); err != nil {
 		return err
 	}
 	defer rows.Close()

backend/internal/data/ent/attachment_update.go

@@ -25,151 +25,151 @@ type AttachmentUpdate struct {
 }
 
 // Where appends a list predicates to the AttachmentUpdate builder.
-func (au *AttachmentUpdate) Where(ps ...predicate.Attachment) *AttachmentUpdate {
-	au.mutation.Where(ps...)
-	return au
+func (_u *AttachmentUpdate) Where(ps ...predicate.Attachment) *AttachmentUpdate {
+	_u.mutation.Where(ps...)
+	return _u
 }
 
 // SetUpdatedAt sets the "updated_at" field.
-func (au *AttachmentUpdate) SetUpdatedAt(t time.Time) *AttachmentUpdate {
-	au.mutation.SetUpdatedAt(t)
-	return au
+func (_u *AttachmentUpdate) SetUpdatedAt(v time.Time) *AttachmentUpdate {
+	_u.mutation.SetUpdatedAt(v)
+	return _u
 }
 
 // SetType sets the "type" field.
-func (au *AttachmentUpdate) SetType(a attachment.Type) *AttachmentUpdate {
-	au.mutation.SetType(a)
-	return au
+func (_u *AttachmentUpdate) SetType(v attachment.Type) *AttachmentUpdate {
+	_u.mutation.SetType(v)
+	return _u
 }
 
 // SetNillableType sets the "type" field if the given value is not nil.
-func (au *AttachmentUpdate) SetNillableType(a *attachment.Type) *AttachmentUpdate {
-	if a != nil {
-		au.SetType(*a)
+func (_u *AttachmentUpdate) SetNillableType(v *attachment.Type) *AttachmentUpdate {
+	if v != nil {
+		_u.SetType(*v)
 	}
-	return au
+	return _u
 }
 
 // SetPrimary sets the "primary" field.
-func (au *AttachmentUpdate) SetPrimary(b bool) *AttachmentUpdate {
-	au.mutation.SetPrimary(b)
-	return au
+func (_u *AttachmentUpdate) SetPrimary(v bool) *AttachmentUpdate {
+	_u.mutation.SetPrimary(v)
+	return _u
 }
 
 // SetNillablePrimary sets the "primary" field if the given value is not nil.
-func (au *AttachmentUpdate) SetNillablePrimary(b *bool) *AttachmentUpdate {
-	if b != nil {
-		au.SetPrimary(*b)
+func (_u *AttachmentUpdate) SetNillablePrimary(v *bool) *AttachmentUpdate {
+	if v != nil {
+		_u.SetPrimary(*v)
 	}
-	return au
+	return _u
 }
 
 // SetTitle sets the "title" field.
-func (au *AttachmentUpdate) SetTitle(s string) *AttachmentUpdate {
-	au.mutation.SetTitle(s)
-	return au
+func (_u *AttachmentUpdate) SetTitle(v string) *AttachmentUpdate {
+	_u.mutation.SetTitle(v)
+	return _u
 }
 
 // SetNillableTitle sets the "title" field if the given value is not nil.
-func (au *AttachmentUpdate) SetNillableTitle(s *string) *AttachmentUpdate {
-	if s != nil {
-		au.SetTitle(*s)
+func (_u *AttachmentUpdate) SetNillableTitle(v *string) *AttachmentUpdate {
+	if v != nil {
+		_u.SetTitle(*v)
 	}
-	return au
+	return _u
 }
 
 // SetPath sets the "path" field.
-func (au *AttachmentUpdate) SetPath(s string) *AttachmentUpdate {
-	au.mutation.SetPath(s)
-	return au
+func (_u *AttachmentUpdate) SetPath(v string) *AttachmentUpdate {
+	_u.mutation.SetPath(v)
+	return _u
 }
 
 // SetNillablePath sets the "path" field if the given value is not nil.
-func (au *AttachmentUpdate) SetNillablePath(s *string) *AttachmentUpdate {
-	if s != nil {
-		au.SetPath(*s)
+func (_u *AttachmentUpdate) SetNillablePath(v *string) *AttachmentUpdate {
+	if v != nil {
+		_u.SetPath(*v)
 	}
-	return au
+	return _u
 }
 
 // SetMimeType sets the "mime_type" field.
-func (au *AttachmentUpdate) SetMimeType(s string) *AttachmentUpdate {
-	au.mutation.SetMimeType(s)
-	return au
+func (_u *AttachmentUpdate) SetMimeType(v string) *AttachmentUpdate {
+	_u.mutation.SetMimeType(v)
+	return _u
 }
 
 // SetNillableMimeType sets the "mime_type" field if the given value is not nil.
-func (au *AttachmentUpdate) SetNillableMimeType(s *string) *AttachmentUpdate {
-	if s != nil {
-		au.SetMimeType(*s)
+func (_u *AttachmentUpdate) SetNillableMimeType(v *string) *AttachmentUpdate {
+	if v != nil {
+		_u.SetMimeType(*v)
 	}
-	return au
+	return _u
 }
 
 // SetItemID sets the "item" edge to the Item entity by ID.
-func (au *AttachmentUpdate) SetItemID(id uuid.UUID) *AttachmentUpdate {
-	au.mutation.SetItemID(id)
-	return au
+func (_u *AttachmentUpdate) SetItemID(id uuid.UUID) *AttachmentUpdate {
+	_u.mutation.SetItemID(id)
+	return _u
 }
 
 // SetNillableItemID sets the "item" edge to the Item entity by ID if the given value is not nil.
-func (au *AttachmentUpdate) SetNillableItemID(id *uuid.UUID) *AttachmentUpdate {
+func (_u *AttachmentUpdate) SetNillableItemID(id *uuid.UUID) *AttachmentUpdate {
 	if id != nil {
-		au = au.SetItemID(*id)
+		_u = _u.SetItemID(*id)
 	}
-	return au
+	return _u
 }
 
 // SetItem sets the "item" edge to the Item entity.
-func (au *AttachmentUpdate) SetItem(i *Item) *AttachmentUpdate {
-	return au.SetItemID(i.ID)
+func (_u *AttachmentUpdate) SetItem(v *Item) *AttachmentUpdate {
+	return _u.SetItemID(v.ID)
 }
 
 // SetThumbnailID sets the "thumbnail" edge to the Attachment entity by ID.
-func (au *AttachmentUpdate) SetThumbnailID(id uuid.UUID) *AttachmentUpdate {
-	au.mutation.SetThumbnailID(id)
-	return au
+func (_u *AttachmentUpdate) SetThumbnailID(id uuid.UUID) *AttachmentUpdate {
+	_u.mutation.SetThumbnailID(id)
+	return _u
 }
 
 // SetNillableThumbnailID sets the "thumbnail" edge to the Attachment entity by ID if the given value is not nil.
-func (au *AttachmentUpdate) SetNillableThumbnailID(id *uuid.UUID) *AttachmentUpdate {
+func (_u *AttachmentUpdate) SetNillableThumbnailID(id *uuid.UUID) *AttachmentUpdate {
 	if id != nil {
-		au = au.SetThumbnailID(*id)
+		_u = _u.SetThumbnailID(*id)
 	}
-	return au
+	return _u
 }
 
 // SetThumbnail sets the "thumbnail" edge to the Attachment entity.
-func (au *AttachmentUpdate) SetThumbnail(a *Attachment) *AttachmentUpdate {
-	return au.SetThumbnailID(a.ID)
+func (_u *AttachmentUpdate) SetThumbnail(v *Attachment) *AttachmentUpdate {
+	return _u.SetThumbnailID(v.ID)
 }
 
 // Mutation returns the AttachmentMutation object of the builder.
-func (au *AttachmentUpdate) Mutation() *AttachmentMutation {
-	return au.mutation
+func (_u *AttachmentUpdate) Mutation() *AttachmentMutation {
+	return _u.mutation
 }
 
 // ClearItem clears the "item" edge to the Item entity.
-func (au *AttachmentUpdate) ClearItem() *AttachmentUpdate {
-	au.mutation.ClearItem()
-	return au
+func (_u *AttachmentUpdate) ClearItem() *AttachmentUpdate {
+	_u.mutation.ClearItem()
+	return _u
 }
 
 // ClearThumbnail clears the "thumbnail" edge to the Attachment entity.
-func (au *AttachmentUpdate) ClearThumbnail() *AttachmentUpdate {
-	au.mutation.ClearThumbnail()
-	return au
+func (_u *AttachmentUpdate) ClearThumbnail() *AttachmentUpdate {
+	_u.mutation.ClearThumbnail()
+	return _u
 }
 
 // Save executes the query and returns the number of nodes affected by the update operation.
-func (au *AttachmentUpdate) Save(ctx context.Context) (int, error) {
-	au.defaults()
-	return withHooks(ctx, au.sqlSave, au.mutation, au.hooks)
+func (_u *AttachmentUpdate) Save(ctx context.Context) (int, error) {
+	_u.defaults()
+	return withHooks(ctx, _u.sqlSave, _u.mutation, _u.hooks)
 }
 
 // SaveX is like Save, but panics if an error occurs.
-func (au *AttachmentUpdate) SaveX(ctx context.Context) int {
-	affected, err := au.Save(ctx)
+func (_u *AttachmentUpdate) SaveX(ctx context.Context) int {
+	affected, err := _u.Save(ctx)
 	if err != nil {
 		panic(err)
 	}
@@ -177,29 +177,29 @@ func (au *AttachmentUpdate) SaveX(ctx context.Context) int {
 }
 
 // Exec executes the query.
-func (au *AttachmentUpdate) Exec(ctx context.Context) error {
-	_, err := au.Save(ctx)
+func (_u *AttachmentUpdate) Exec(ctx context.Context) error {
+	_, err := _u.Save(ctx)
 	return err
 }
 
 // ExecX is like Exec, but panics if an error occurs.
-func (au *AttachmentUpdate) ExecX(ctx context.Context) {
-	if err := au.Exec(ctx); err != nil {
+func (_u *AttachmentUpdate) ExecX(ctx context.Context) {
+	if err := _u.Exec(ctx); err != nil {
 		panic(err)
 	}
 }
 
 // defaults sets the default values of the builder before save.
-func (au *AttachmentUpdate) defaults() {
-	if _, ok := au.mutation.UpdatedAt(); !ok {
+func (_u *AttachmentUpdate) defaults() {
+	if _, ok := _u.mutation.UpdatedAt(); !ok {
 		v := attachment.UpdateDefaultUpdatedAt()
-		au.mutation.SetUpdatedAt(v)
+		_u.mutation.SetUpdatedAt(v)
 	}
 }
 
 // check runs all checks and user-defined validators on the builder.
-func (au *AttachmentUpdate) check() error {
-	if v, ok := au.mutation.GetType(); ok {
+func (_u *AttachmentUpdate) check() error {
+	if v, ok := _u.mutation.GetType(); ok {
 		if err := attachment.TypeValidator(v); err != nil {
 			return &ValidationError{Name: "type", err: fmt.Errorf(`ent: validator failed for field "Attachment.type": %w`, err)}
 		}
@@ -207,37 +207,37 @@ func (au *AttachmentUpdate) check() error {
 	return nil
 }
 
-func (au *AttachmentUpdate) sqlSave(ctx context.Context) (n int, err error) {
-	if err := au.check(); err != nil {
-		return n, err
+func (_u *AttachmentUpdate) sqlSave(ctx context.Context) (_node int, err error) {
+	if err := _u.check(); err != nil {
+		return _node, err
 	}
 	_spec := sqlgraph.NewUpdateSpec(attachment.Table, attachment.Columns, sqlgraph.NewFieldSpec(attachment.FieldID, field.TypeUUID))
-	if ps := au.mutation.predicates; len(ps) > 0 {
+	if ps := _u.mutation.predicates; len(ps) > 0 {
 		_spec.Predicate = func(selector *sql.Selector) {
 			for i := range ps {
 				ps[i](selector)
 			}
 		}
 	}
-	if value, ok := au.mutation.UpdatedAt(); ok {
+	if value, ok := _u.mutation.UpdatedAt(); ok {
 		_spec.SetField(attachment.FieldUpdatedAt, field.TypeTime, value)
 	}
-	if value, ok := au.mutation.GetType(); ok {
+	if value, ok := _u.mutation.GetType(); ok {
 		_spec.SetField(attachment.FieldType, field.TypeEnum, value)
 	}
-	if value, ok := au.mutation.Primary(); ok {
+	if value, ok := _u.mutation.Primary(); ok {
 		_spec.SetField(attachment.FieldPrimary, field.TypeBool, value)
 	}
-	if value, ok := au.mutation.Title(); ok {
+	if value, ok := _u.mutation.Title(); ok {
 		_spec.SetField(attachment.FieldTitle, field.TypeString, value)
 	}
-	if value, ok := au.mutation.Path(); ok {
+	if value, ok := _u.mutation.Path(); ok {
 		_spec.SetField(attachment.FieldPath, field.TypeString, value)
 	}
-	if value, ok := au.mutation.MimeType(); ok {
+	if value, ok := _u.mutation.MimeType(); ok {
 		_spec.SetField(attachment.FieldMimeType, field.TypeString, value)
 	}
-	if au.mutation.ItemCleared() {
+	if _u.mutation.ItemCleared() {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.M2O,
 			Inverse: true,
@@ -250,7 +250,7 @@ func (au *AttachmentUpdate) sqlSave(ctx context.Context) (n int, err error) {
 		}
 		_spec.Edges.Clear = append(_spec.Edges.Clear, edge)
 	}
-	if nodes := au.mutation.ItemIDs(); len(nodes) > 0 {
+	if nodes := _u.mutation.ItemIDs(); len(nodes) > 0 {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.M2O,
 			Inverse: true,
@@ -266,7 +266,7 @@ func (au *AttachmentUpdate) sqlSave(ctx context.Context) (n int, err error) {
 		}
 		_spec.Edges.Add = append(_spec.Edges.Add, edge)
 	}
-	if au.mutation.ThumbnailCleared() {
+	if _u.mutation.ThumbnailCleared() {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.O2O,
 			Inverse: false,
@@ -279,7 +279,7 @@ func (au *AttachmentUpdate) sqlSave(ctx context.Context) (n int, err error) {
 		}
 		_spec.Edges.Clear = append(_spec.Edges.Clear, edge)
 	}
-	if nodes := au.mutation.ThumbnailIDs(); len(nodes) > 0 {
+	if nodes := _u.mutation.ThumbnailIDs(); len(nodes) > 0 {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.O2O,
 			Inverse: false,
@@ -295,7 +295,7 @@ func (au *AttachmentUpdate) sqlSave(ctx context.Context) (n int, err error) {
 		}
 		_spec.Edges.Add = append(_spec.Edges.Add, edge)
 	}
-	if n, err = sqlgraph.UpdateNodes(ctx, au.driver, _spec); err != nil {
+	if _node, err = sqlgraph.UpdateNodes(ctx, _u.driver, _spec); err != nil {
 		if _, ok := err.(*sqlgraph.NotFoundError); ok {
 			err = &NotFoundError{attachment.Label}
 		} else if sqlgraph.IsConstraintError(err) {
@@ -303,8 +303,8 @@ func (au *AttachmentUpdate) sqlSave(ctx context.Context) (n int, err error) {
 		}
 		return 0, err
 	}
-	au.mutation.done = true
-	return n, nil
+	_u.mutation.done = true
+	return _node, nil
 }
 
 // AttachmentUpdateOne is the builder for updating a single Attachment entity.
@@ -316,158 +316,158 @@ type AttachmentUpdateOne struct {
 }
 
 // SetUpdatedAt sets the "updated_at" field.
-func (auo *AttachmentUpdateOne) SetUpdatedAt(t time.Time) *AttachmentUpdateOne {
-	auo.mutation.SetUpdatedAt(t)
-	return auo
+func (_u *AttachmentUpdateOne) SetUpdatedAt(v time.Time) *AttachmentUpdateOne {
+	_u.mutation.SetUpdatedAt(v)
+	return _u
 }
 
 // SetType sets the "type" field.
-func (auo *AttachmentUpdateOne) SetType(a attachment.Type) *AttachmentUpdateOne {
-	auo.mutation.SetType(a)
-	return auo
+func (_u *AttachmentUpdateOne) SetType(v attachment.Type) *AttachmentUpdateOne {
+	_u.mutation.SetType(v)
+	return _u
 }
 
 // SetNillableType sets the "type" field if the given value is not nil.
-func (auo *AttachmentUpdateOne) SetNillableType(a *attachment.Type) *AttachmentUpdateOne {
-	if a != nil {
-		auo.SetType(*a)
+func (_u *AttachmentUpdateOne) SetNillableType(v *attachment.Type) *AttachmentUpdateOne {
+	if v != nil {
+		_u.SetType(*v)
 	}
-	return auo
+	return _u
 }
 
 // SetPrimary sets the "primary" field.
-func (auo *AttachmentUpdateOne) SetPrimary(b bool) *AttachmentUpdateOne {
-	auo.mutation.SetPrimary(b)
-	return auo
+func (_u *AttachmentUpdateOne) SetPrimary(v bool) *AttachmentUpdateOne {
+	_u.mutation.SetPrimary(v)
+	return _u
 }
 
 // SetNillablePrimary sets the "primary" field if the given value is not nil.
-func (auo *AttachmentUpdateOne) SetNillablePrimary(b *bool) *AttachmentUpdateOne {
-	if b != nil {
-		auo.SetPrimary(*b)
+func (_u *AttachmentUpdateOne) SetNillablePrimary(v *bool) *AttachmentUpdateOne {
+	if v != nil {
+		_u.SetPrimary(*v)
 	}
-	return auo
+	return _u
 }
 
 // SetTitle sets the "title" field.
-func (auo *AttachmentUpdateOne) SetTitle(s string) *AttachmentUpdateOne {
-	auo.mutation.SetTitle(s)
-	return auo
+func (_u *AttachmentUpdateOne) SetTitle(v string) *AttachmentUpdateOne {
+	_u.mutation.SetTitle(v)
+	return _u
 }
 
 // SetNillableTitle sets the "title" field if the given value is not nil.
-func (auo *AttachmentUpdateOne) SetNillableTitle(s *string) *AttachmentUpdateOne {
-	if s != nil {
-		auo.SetTitle(*s)
+func (_u *AttachmentUpdateOne) SetNillableTitle(v *string) *AttachmentUpdateOne {
+	if v != nil {
+		_u.SetTitle(*v)
 	}
-	return auo
+	return _u
 }
 
 // SetPath sets the "path" field.
-func (auo *AttachmentUpdateOne) SetPath(s string) *AttachmentUpdateOne {
-	auo.mutation.SetPath(s)
-	return auo
+func (_u *AttachmentUpdateOne) SetPath(v string) *AttachmentUpdateOne {
+	_u.mutation.SetPath(v)
+	return _u
 }
 
 // SetNillablePath sets the "path" field if the given value is not nil.
-func (auo *AttachmentUpdateOne) SetNillablePath(s *string) *AttachmentUpdateOne {
-	if s != nil {
-		auo.SetPath(*s)
+func (_u *AttachmentUpdateOne) SetNillablePath(v *string) *AttachmentUpdateOne {
+	if v != nil {
+		_u.SetPath(*v)
 	}
-	return auo
+	return _u
 }
 
 // SetMimeType sets the "mime_type" field.
-func (auo *AttachmentUpdateOne) SetMimeType(s string) *AttachmentUpdateOne {
-	auo.mutation.SetMimeType(s)
-	return auo
+func (_u *AttachmentUpdateOne) SetMimeType(v string) *AttachmentUpdateOne {
+	_u.mutation.SetMimeType(v)
+	return _u
 }
 
 // SetNillableMimeType sets the "mime_type" field if the given value is not nil.
-func (auo *AttachmentUpdateOne) SetNillableMimeType(s *string) *AttachmentUpdateOne {
-	if s != nil {
-		auo.SetMimeType(*s)
+func (_u *AttachmentUpdateOne) SetNillableMimeType(v *string) *AttachmentUpdateOne {
+	if v != nil {
+		_u.SetMimeType(*v)
 	}
-	return auo
+	return _u
 }
 
 // SetItemID sets the "item" edge to the Item entity by ID.
-func (auo *AttachmentUpdateOne) SetItemID(id uuid.UUID) *AttachmentUpdateOne {
-	auo.mutation.SetItemID(id)
-	return auo
+func (_u *AttachmentUpdateOne) SetItemID(id uuid.UUID) *AttachmentUpdateOne {
+	_u.mutation.SetItemID(id)
+	return _u
 }
 
 // SetNillableItemID sets the "item" edge to the Item entity by ID if the given value is not nil.
-func (auo *AttachmentUpdateOne) SetNillableItemID(id *uuid.UUID) *AttachmentUpdateOne {
+func (_u *AttachmentUpdateOne) SetNillableItemID(id *uuid.UUID) *AttachmentUpdateOne {
 	if id != nil {
-		auo = auo.SetItemID(*id)
+		_u = _u.SetItemID(*id)
 	}
-	return auo
+	return _u
 }
 
 // SetItem sets the "item" edge to the Item entity.
-func (auo *AttachmentUpdateOne) SetItem(i *Item) *AttachmentUpdateOne {
-	return auo.SetItemID(i.ID)
+func (_u *AttachmentUpdateOne) SetItem(v *Item) *AttachmentUpdateOne {
+	return _u.SetItemID(v.ID)
 }
 
 // SetThumbnailID sets the "thumbnail" edge to the Attachment entity by ID.
-func (auo *AttachmentUpdateOne) SetThumbnailID(id uuid.UUID) *AttachmentUpdateOne {
-	auo.mutation.SetThumbnailID(id)
-	return auo
+func (_u *AttachmentUpdateOne) SetThumbnailID(id uuid.UUID) *AttachmentUpdateOne {
+	_u.mutation.SetThumbnailID(id)
+	return _u
 }
 
 // SetNillableThumbnailID sets the "thumbnail" edge to the Attachment entity by ID if the given value is not nil.
-func (auo *AttachmentUpdateOne) SetNillableThumbnailID(id *uuid.UUID) *AttachmentUpdateOne {
+func (_u *AttachmentUpdateOne) SetNillableThumbnailID(id *uuid.UUID) *AttachmentUpdateOne {
 	if id != nil {
-		auo = auo.SetThumbnailID(*id)
+		_u = _u.SetThumbnailID(*id)
 	}
-	return auo
+	return _u
 }
 
 // SetThumbnail sets the "thumbnail" edge to the Attachment entity.
-func (auo *AttachmentUpdateOne) SetThumbnail(a *Attachment) *AttachmentUpdateOne {
-	return auo.SetThumbnailID(a.ID)
+func (_u *AttachmentUpdateOne) SetThumbnail(v *Attachment) *AttachmentUpdateOne {
+	return _u.SetThumbnailID(v.ID)
 }
 
 // Mutation returns the AttachmentMutation object of the builder.
-func (auo *AttachmentUpdateOne) Mutation() *AttachmentMutation {
-	return auo.mutation
+func (_u *AttachmentUpdateOne) Mutation() *AttachmentMutation {
+	return _u.mutation
 }
 
 // ClearItem clears the "item" edge to the Item entity.
-func (auo *AttachmentUpdateOne) ClearItem() *AttachmentUpdateOne {
-	auo.mutation.ClearItem()
-	return auo
+func (_u *AttachmentUpdateOne) ClearItem() *AttachmentUpdateOne {
+	_u.mutation.ClearItem()
+	return _u
 }
 
 // ClearThumbnail clears the "thumbnail" edge to the Attachment entity.
-func (auo *AttachmentUpdateOne) ClearThumbnail() *AttachmentUpdateOne {
-	auo.mutation.ClearThumbnail()
-	return auo
+func (_u *AttachmentUpdateOne) ClearThumbnail() *AttachmentUpdateOne {
+	_u.mutation.ClearThumbnail()
+	return _u
 }
 
 // Where appends a list predicates to the AttachmentUpdate builder.
-func (auo *AttachmentUpdateOne) Where(ps ...predicate.Attachment) *AttachmentUpdateOne {
-	auo.mutation.Where(ps...)
-	return auo
+func (_u *AttachmentUpdateOne) Where(ps ...predicate.Attachment) *AttachmentUpdateOne {
+	_u.mutation.Where(ps...)
+	return _u
 }
 
 // Select allows selecting one or more fields (columns) of the returned entity.
 // The default is selecting all fields defined in the entity schema.
-func (auo *AttachmentUpdateOne) Select(field string, fields ...string) *AttachmentUpdateOne {
-	auo.fields = append([]string{field}, fields...)
-	return auo
+func (_u *AttachmentUpdateOne) Select(field string, fields ...string) *AttachmentUpdateOne {
+	_u.fields = append([]string{field}, fields...)
+	return _u
 }
 
 // Save executes the query and returns the updated Attachment entity.
-func (auo *AttachmentUpdateOne) Save(ctx context.Context) (*Attachment, error) {
-	auo.defaults()
-	return withHooks(ctx, auo.sqlSave, auo.mutation, auo.hooks)
+func (_u *AttachmentUpdateOne) Save(ctx context.Context) (*Attachment, error) {
+	_u.defaults()
+	return withHooks(ctx, _u.sqlSave, _u.mutation, _u.hooks)
 }
 
 // SaveX is like Save, but panics if an error occurs.
-func (auo *AttachmentUpdateOne) SaveX(ctx context.Context) *Attachment {
-	node, err := auo.Save(ctx)
+func (_u *AttachmentUpdateOne) SaveX(ctx context.Context) *Attachment {
+	node, err := _u.Save(ctx)
 	if err != nil {
 		panic(err)
 	}
@@ -475,29 +475,29 @@ func (auo *AttachmentUpdateOne) SaveX(ctx context.Context) *Attachment {
 }
 
 // Exec executes the query on the entity.
-func (auo *AttachmentUpdateOne) Exec(ctx context.Context) error {
-	_, err := auo.Save(ctx)
+func (_u *AttachmentUpdateOne) Exec(ctx context.Context) error {
+	_, err := _u.Save(ctx)
 	return err
 }
 
 // ExecX is like Exec, but panics if an error occurs.
-func (auo *AttachmentUpdateOne) ExecX(ctx context.Context) {
-	if err := auo.Exec(ctx); err != nil {
+func (_u *AttachmentUpdateOne) ExecX(ctx context.Context) {
+	if err := _u.Exec(ctx); err != nil {
 		panic(err)
 	}
 }
 
 // defaults sets the default values of the builder before save.
-func (auo *AttachmentUpdateOne) defaults() {
-	if _, ok := auo.mutation.UpdatedAt(); !ok {
+func (_u *AttachmentUpdateOne) defaults() {
+	if _, ok := _u.mutation.UpdatedAt(); !ok {
 		v := attachment.UpdateDefaultUpdatedAt()
-		auo.mutation.SetUpdatedAt(v)
+		_u.mutation.SetUpdatedAt(v)
 	}
 }
 
 // check runs all checks and user-defined validators on the builder.
-func (auo *AttachmentUpdateOne) check() error {
-	if v, ok := auo.mutation.GetType(); ok {
+func (_u *AttachmentUpdateOne) check() error {
+	if v, ok := _u.mutation.GetType(); ok {
 		if err := attachment.TypeValidator(v); err != nil {
 			return &ValidationError{Name: "type", err: fmt.Errorf(`ent: validator failed for field "Attachment.type": %w`, err)}
 		}
@@ -505,17 +505,17 @@ func (auo *AttachmentUpdateOne) check() error {
 	return nil
 }
 
-func (auo *AttachmentUpdateOne) sqlSave(ctx context.Context) (_node *Attachment, err error) {
-	if err := auo.check(); err != nil {
+func (_u *AttachmentUpdateOne) sqlSave(ctx context.Context) (_node *Attachment, err error) {
+	if err := _u.check(); err != nil {
 		return _node, err
 	}
 	_spec := sqlgraph.NewUpdateSpec(attachment.Table, attachment.Columns, sqlgraph.NewFieldSpec(attachment.FieldID, field.TypeUUID))
-	id, ok := auo.mutation.ID()
+	id, ok := _u.mutation.ID()
 	if !ok {
 		return nil, &ValidationError{Name: "id", err: errors.New(`ent: missing "Attachment.id" for update`)}
 	}
 	_spec.Node.ID.Value = id
-	if fields := auo.fields; len(fields) > 0 {
+	if fields := _u.fields; len(fields) > 0 {
 		_spec.Node.Columns = make([]string, 0, len(fields))
 		_spec.Node.Columns = append(_spec.Node.Columns, attachment.FieldID)
 		for _, f := range fields {
@@ -527,32 +527,32 @@ func (auo *AttachmentUpdateOne) sqlSave(ctx context.Context) (_node *Attachment,
 			}
 		}
 	}
-	if ps := auo.mutation.predicates; len(ps) > 0 {
+	if ps := _u.mutation.predicates; len(ps) > 0 {
 		_spec.Predicate = func(selector *sql.Selector) {
 			for i := range ps {
 				ps[i](selector)
 			}
 		}
 	}
-	if value, ok := auo.mutation.UpdatedAt(); ok {
+	if value, ok := _u.mutation.UpdatedAt(); ok {
 		_spec.SetField(attachment.FieldUpdatedAt, field.TypeTime, value)
 	}
-	if value, ok := auo.mutation.GetType(); ok {
+	if value, ok := _u.mutation.GetType(); ok {
 		_spec.SetField(attachment.FieldType, field.TypeEnum, value)
 	}
-	if value, ok := auo.mutation.Primary(); ok {
+	if value, ok := _u.mutation.Primary(); ok {
 		_spec.SetField(attachment.FieldPrimary, field.TypeBool, value)
 	}
-	if value, ok := auo.mutation.Title(); ok {
+	if value, ok := _u.mutation.Title(); ok {
 		_spec.SetField(attachment.FieldTitle, field.TypeString, value)
 	}
-	if value, ok := auo.mutation.Path(); ok {
+	if value, ok := _u.mutation.Path(); ok {
 		_spec.SetField(attachment.FieldPath, field.TypeString, value)
 	}
-	if value, ok := auo.mutation.MimeType(); ok {
+	if value, ok := _u.mutation.MimeType(); ok {
 		_spec.SetField(attachment.FieldMimeType, field.TypeString, value)
 	}
-	if auo.mutation.ItemCleared() {
+	if _u.mutation.ItemCleared() {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.M2O,
 			Inverse: true,
@@ -565,7 +565,7 @@ func (auo *AttachmentUpdateOne) sqlSave(ctx context.Context) (_node *Attachment,
 		}
 		_spec.Edges.Clear = append(_spec.Edges.Clear, edge)
 	}
-	if nodes := auo.mutation.ItemIDs(); len(nodes) > 0 {
+	if nodes := _u.mutation.ItemIDs(); len(nodes) > 0 {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.M2O,
 			Inverse: true,
@@ -581,7 +581,7 @@ func (auo *AttachmentUpdateOne) sqlSave(ctx context.Context) (_node *Attachment,
 		}
 		_spec.Edges.Add = append(_spec.Edges.Add, edge)
 	}
-	if auo.mutation.ThumbnailCleared() {
+	if _u.mutation.ThumbnailCleared() {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.O2O,
 			Inverse: false,
@@ -594,7 +594,7 @@ func (auo *AttachmentUpdateOne) sqlSave(ctx context.Context) (_node *Attachment,
 		}
 		_spec.Edges.Clear = append(_spec.Edges.Clear, edge)
 	}
-	if nodes := auo.mutation.ThumbnailIDs(); len(nodes) > 0 {
+	if nodes := _u.mutation.ThumbnailIDs(); len(nodes) > 0 {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.O2O,
 			Inverse: false,
@@ -610,10 +610,10 @@ func (auo *AttachmentUpdateOne) sqlSave(ctx context.Context) (_node *Attachment,
 		}
 		_spec.Edges.Add = append(_spec.Edges.Add, edge)
 	}
-	_node = &Attachment{config: auo.config}
+	_node = &Attachment{config: _u.config}
 	_spec.Assign = _node.assignValues
 	_spec.ScanValues = _node.scanValues
-	if err = sqlgraph.UpdateNode(ctx, auo.driver, _spec); err != nil {
+	if err = sqlgraph.UpdateNode(ctx, _u.driver, _spec); err != nil {
 		if _, ok := err.(*sqlgraph.NotFoundError); ok {
 			err = &NotFoundError{attachment.Label}
 		} else if sqlgraph.IsConstraintError(err) {
@@ -621,6 +621,6 @@ func (auo *AttachmentUpdateOne) sqlSave(ctx context.Context) (_node *Attachment,
 		}
 		return nil, err
 	}
-	auo.mutation.done = true
+	_u.mutation.done = true
 	return _node, nil
 }

backend/internal/data/ent/authroles.go

@@ -67,7 +67,7 @@ func (*AuthRoles) scanValues(columns []string) ([]any, error) {
 
 // assignValues assigns the values that were returned from sql.Rows (after scanning)
 // to the AuthRoles fields.
-func (ar *AuthRoles) assignValues(columns []string, values []any) error {
+func (_m *AuthRoles) assignValues(columns []string, values []any) error {
 	if m, n := len(values), len(columns); m < n {
 		return fmt.Errorf("mismatch number of scan values: %d != %d", m, n)
 	}
@@ -78,22 +78,22 @@ func (ar *AuthRoles) assignValues(columns []string, values []any) error {
 			if !ok {
 				return fmt.Errorf("unexpected type %T for field id", value)
 			}
-			ar.ID = int(value.Int64)
+			_m.ID = int(value.Int64)
 		case authroles.FieldRole:
 			if value, ok := values[i].(*sql.NullString); !ok {
 				return fmt.Errorf("unexpected type %T for field role", values[i])
 			} else if value.Valid {
-				ar.Role = authroles.Role(value.String)
+				_m.Role = authroles.Role(value.String)
 			}
 		case authroles.ForeignKeys[0]:
 			if value, ok := values[i].(*sql.NullScanner); !ok {
 				return fmt.Errorf("unexpected type %T for field auth_tokens_roles", values[i])
 			} else if value.Valid {
-				ar.auth_tokens_roles = new(uuid.UUID)
-				*ar.auth_tokens_roles = *value.S.(*uuid.UUID)
+				_m.auth_tokens_roles = new(uuid.UUID)
+				*_m.auth_tokens_roles = *value.S.(*uuid.UUID)
 			}
 		default:
-			ar.selectValues.Set(columns[i], values[i])
+			_m.selectValues.Set(columns[i], values[i])
 		}
 	}
 	return nil
@@ -101,40 +101,40 @@ func (ar *AuthRoles) assignValues(columns []string, values []any) error {
 
 // Value returns the ent.Value that was dynamically selected and assigned to the AuthRoles.
 // This includes values selected through modifiers, order, etc.
-func (ar *AuthRoles) Value(name string) (ent.Value, error) {
-	return ar.selectValues.Get(name)
+func (_m *AuthRoles) Value(name string) (ent.Value, error) {
+	return _m.selectValues.Get(name)
 }
 
 // QueryToken queries the "token" edge of the AuthRoles entity.
-func (ar *AuthRoles) QueryToken() *AuthTokensQuery {
-	return NewAuthRolesClient(ar.config).QueryToken(ar)
+func (_m *AuthRoles) QueryToken() *AuthTokensQuery {
+	return NewAuthRolesClient(_m.config).QueryToken(_m)
 }
 
 // Update returns a builder for updating this AuthRoles.
 // Note that you need to call AuthRoles.Unwrap() before calling this method if this AuthRoles
 // was returned from a transaction, and the transaction was committed or rolled back.
-func (ar *AuthRoles) Update() *AuthRolesUpdateOne {
-	return NewAuthRolesClient(ar.config).UpdateOne(ar)
+func (_m *AuthRoles) Update() *AuthRolesUpdateOne {
+	return NewAuthRolesClient(_m.config).UpdateOne(_m)
 }
 
 // Unwrap unwraps the AuthRoles entity that was returned from a transaction after it was closed,
 // so that all future queries will be executed through the driver which created the transaction.
-func (ar *AuthRoles) Unwrap() *AuthRoles {
-	_tx, ok := ar.config.driver.(*txDriver)
+func (_m *AuthRoles) Unwrap() *AuthRoles {
+	_tx, ok := _m.config.driver.(*txDriver)
 	if !ok {
 		panic("ent: AuthRoles is not a transactional entity")
 	}
-	ar.config.driver = _tx.drv
-	return ar
+	_m.config.driver = _tx.drv
+	return _m
 }
 
 // String implements the fmt.Stringer.
-func (ar *AuthRoles) String() string {
+func (_m *AuthRoles) String() string {
 	var builder strings.Builder
 	builder.WriteString("AuthRoles(")
-	builder.WriteString(fmt.Sprintf("id=%v, ", ar.ID))
+	builder.WriteString(fmt.Sprintf("id=%v, ", _m.ID))
 	builder.WriteString("role=")
-	builder.WriteString(fmt.Sprintf("%v", ar.Role))
+	builder.WriteString(fmt.Sprintf("%v", _m.Role))
 	builder.WriteByte(')')
 	return builder.String()
 }

backend/internal/data/ent/authroles_create.go

@@ -22,52 +22,52 @@ type AuthRolesCreate struct {
 }
 
 // SetRole sets the "role" field.
-func (arc *AuthRolesCreate) SetRole(a authroles.Role) *AuthRolesCreate {
-	arc.mutation.SetRole(a)
-	return arc
+func (_c *AuthRolesCreate) SetRole(v authroles.Role) *AuthRolesCreate {
+	_c.mutation.SetRole(v)
+	return _c
 }
 
 // SetNillableRole sets the "role" field if the given value is not nil.
-func (arc *AuthRolesCreate) SetNillableRole(a *authroles.Role) *AuthRolesCreate {
-	if a != nil {
-		arc.SetRole(*a)
+func (_c *AuthRolesCreate) SetNillableRole(v *authroles.Role) *AuthRolesCreate {
+	if v != nil {
+		_c.SetRole(*v)
 	}
-	return arc
+	return _c
 }
 
 // SetTokenID sets the "token" edge to the AuthTokens entity by ID.
-func (arc *AuthRolesCreate) SetTokenID(id uuid.UUID) *AuthRolesCreate {
-	arc.mutation.SetTokenID(id)
-	return arc
+func (_c *AuthRolesCreate) SetTokenID(id uuid.UUID) *AuthRolesCreate {
+	_c.mutation.SetTokenID(id)
+	return _c
 }
 
 // SetNillableTokenID sets the "token" edge to the AuthTokens entity by ID if the given value is not nil.
-func (arc *AuthRolesCreate) SetNillableTokenID(id *uuid.UUID) *AuthRolesCreate {
+func (_c *AuthRolesCreate) SetNillableTokenID(id *uuid.UUID) *AuthRolesCreate {
 	if id != nil {
-		arc = arc.SetTokenID(*id)
+		_c = _c.SetTokenID(*id)
 	}
-	return arc
+	return _c
 }
 
 // SetToken sets the "token" edge to the AuthTokens entity.
-func (arc *AuthRolesCreate) SetToken(a *AuthTokens) *AuthRolesCreate {
-	return arc.SetTokenID(a.ID)
+func (_c *AuthRolesCreate) SetToken(v *AuthTokens) *AuthRolesCreate {
+	return _c.SetTokenID(v.ID)
 }
 
 // Mutation returns the AuthRolesMutation object of the builder.
-func (arc *AuthRolesCreate) Mutation() *AuthRolesMutation {
-	return arc.mutation
+func (_c *AuthRolesCreate) Mutation() *AuthRolesMutation {
+	return _c.mutation
 }
 
 // Save creates the AuthRoles in the database.
-func (arc *AuthRolesCreate) Save(ctx context.Context) (*AuthRoles, error) {
-	arc.defaults()
-	return withHooks(ctx, arc.sqlSave, arc.mutation, arc.hooks)
+func (_c *AuthRolesCreate) Save(ctx context.Context) (*AuthRoles, error) {
+	_c.defaults()
+	return withHooks(ctx, _c.sqlSave, _c.mutation, _c.hooks)
 }
 
 // SaveX calls Save and panics if Save returns an error.
-func (arc *AuthRolesCreate) SaveX(ctx context.Context) *AuthRoles {
-	v, err := arc.Save(ctx)
+func (_c *AuthRolesCreate) SaveX(ctx context.Context) *AuthRoles {
+	v, err := _c.Save(ctx)
 	if err != nil {
 		panic(err)
 	}
@@ -75,32 +75,32 @@ func (arc *AuthRolesCreate) SaveX(ctx context.Context) *AuthRoles {
 }
 
 // Exec executes the query.
-func (arc *AuthRolesCreate) Exec(ctx context.Context) error {
-	_, err := arc.Save(ctx)
+func (_c *AuthRolesCreate) Exec(ctx context.Context) error {
+	_, err := _c.Save(ctx)
 	return err
 }
 
 // ExecX is like Exec, but panics if an error occurs.
-func (arc *AuthRolesCreate) ExecX(ctx context.Context) {
-	if err := arc.Exec(ctx); err != nil {
+func (_c *AuthRolesCreate) ExecX(ctx context.Context) {
+	if err := _c.Exec(ctx); err != nil {
 		panic(err)
 	}
 }
 
 // defaults sets the default values of the builder before save.
-func (arc *AuthRolesCreate) defaults() {
-	if _, ok := arc.mutation.Role(); !ok {
+func (_c *AuthRolesCreate) defaults() {
+	if _, ok := _c.mutation.Role(); !ok {
 		v := authroles.DefaultRole
-		arc.mutation.SetRole(v)
+		_c.mutation.SetRole(v)
 	}
 }
 
 // check runs all checks and user-defined validators on the builder.
-func (arc *AuthRolesCreate) check() error {
-	if _, ok := arc.mutation.Role(); !ok {
+func (_c *AuthRolesCreate) check() error {
+	if _, ok := _c.mutation.Role(); !ok {
 		return &ValidationError{Name: "role", err: errors.New(`ent: missing required field "AuthRoles.role"`)}
 	}
-	if v, ok := arc.mutation.Role(); ok {
+	if v, ok := _c.mutation.Role(); ok {
 		if err := authroles.RoleValidator(v); err != nil {
 			return &ValidationError{Name: "role", err: fmt.Errorf(`ent: validator failed for field "AuthRoles.role": %w`, err)}
 		}
@@ -108,12 +108,12 @@ func (arc *AuthRolesCreate) check() error {
 	return nil
 }
 
-func (arc *AuthRolesCreate) sqlSave(ctx context.Context) (*AuthRoles, error) {
-	if err := arc.check(); err != nil {
+func (_c *AuthRolesCreate) sqlSave(ctx context.Context) (*AuthRoles, error) {
+	if err := _c.check(); err != nil {
 		return nil, err
 	}
-	_node, _spec := arc.createSpec()
-	if err := sqlgraph.CreateNode(ctx, arc.driver, _spec); err != nil {
+	_node, _spec := _c.createSpec()
+	if err := sqlgraph.CreateNode(ctx, _c.driver, _spec); err != nil {
 		if sqlgraph.IsConstraintError(err) {
 			err = &ConstraintError{msg: err.Error(), wrap: err}
 		}
@@ -121,21 +121,21 @@ func (arc *AuthRolesCreate) sqlSave(ctx context.Context) (*AuthRoles, error) {
 	}
 	id := _spec.ID.Value.(int64)
 	_node.ID = int(id)
-	arc.mutation.id = &_node.ID
-	arc.mutation.done = true
+	_c.mutation.id = &_node.ID
+	_c.mutation.done = true
 	return _node, nil
 }
 
-func (arc *AuthRolesCreate) createSpec() (*AuthRoles, *sqlgraph.CreateSpec) {
+func (_c *AuthRolesCreate) createSpec() (*AuthRoles, *sqlgraph.CreateSpec) {
 	var (
-		_node = &AuthRoles{config: arc.config}
+		_node = &AuthRoles{config: _c.config}
 		_spec = sqlgraph.NewCreateSpec(authroles.Table, sqlgraph.NewFieldSpec(authroles.FieldID, field.TypeInt))
 	)
-	if value, ok := arc.mutation.Role(); ok {
+	if value, ok := _c.mutation.Role(); ok {
 		_spec.SetField(authroles.FieldRole, field.TypeEnum, value)
 		_node.Role = value
 	}
-	if nodes := arc.mutation.TokenIDs(); len(nodes) > 0 {
+	if nodes := _c.mutation.TokenIDs(); len(nodes) > 0 {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.O2O,
 			Inverse: true,
@@ -163,16 +163,16 @@ type AuthRolesCreateBulk struct {
 }
 
 // Save creates the AuthRoles entities in the database.
-func (arcb *AuthRolesCreateBulk) Save(ctx context.Context) ([]*AuthRoles, error) {
-	if arcb.err != nil {
-		return nil, arcb.err
+func (_c *AuthRolesCreateBulk) Save(ctx context.Context) ([]*AuthRoles, error) {
+	if _c.err != nil {
+		return nil, _c.err
 	}
-	specs := make([]*sqlgraph.CreateSpec, len(arcb.builders))
-	nodes := make([]*AuthRoles, len(arcb.builders))
-	mutators := make([]Mutator, len(arcb.builders))
-	for i := range arcb.builders {
+	specs := make([]*sqlgraph.CreateSpec, len(_c.builders))
+	nodes := make([]*AuthRoles, len(_c.builders))
+	mutators := make([]Mutator, len(_c.builders))
+	for i := range _c.builders {
 		func(i int, root context.Context) {
-			builder := arcb.builders[i]
+			builder := _c.builders[i]
 			builder.defaults()
 			var mut Mutator = MutateFunc(func(ctx context.Context, m Mutation) (Value, error) {
 				mutation, ok := m.(*AuthRolesMutation)
@@ -186,11 +186,11 @@ func (arcb *AuthRolesCreateBulk) Save(ctx context.Context) ([]*AuthRoles, error)
 				var err error
 				nodes[i], specs[i] = builder.createSpec()
 				if i < len(mutators)-1 {
-					_, err = mutators[i+1].Mutate(root, arcb.builders[i+1].mutation)
+					_, err = mutators[i+1].Mutate(root, _c.builders[i+1].mutation)
 				} else {
 					spec := &sqlgraph.BatchCreateSpec{Nodes: specs}
 					// Invoke the actual operation on the latest mutation in the chain.
-					if err = sqlgraph.BatchCreate(ctx, arcb.driver, spec); err != nil {
+					if err = sqlgraph.BatchCreate(ctx, _c.driver, spec); err != nil {
 						if sqlgraph.IsConstraintError(err) {
 							err = &ConstraintError{msg: err.Error(), wrap: err}
 						}
@@ -214,7 +214,7 @@ func (arcb *AuthRolesCreateBulk) Save(ctx context.Context) ([]*AuthRoles, error)
 		}(i, ctx)
 	}
 	if len(mutators) > 0 {
-		if _, err := mutators[0].Mutate(ctx, arcb.builders[0].mutation); err != nil {
+		if _, err := mutators[0].Mutate(ctx, _c.builders[0].mutation); err != nil {
 			return nil, err
 		}
 	}
@@ -222,8 +222,8 @@ func (arcb *AuthRolesCreateBulk) Save(ctx context.Context) ([]*AuthRoles, error)
 }
 
 // SaveX is like Save, but panics if an error occurs.
-func (arcb *AuthRolesCreateBulk) SaveX(ctx context.Context) []*AuthRoles {
-	v, err := arcb.Save(ctx)
+func (_c *AuthRolesCreateBulk) SaveX(ctx context.Context) []*AuthRoles {
+	v, err := _c.Save(ctx)
 	if err != nil {
 		panic(err)
 	}
@@ -231,14 +231,14 @@ func (arcb *AuthRolesCreateBulk) SaveX(ctx context.Context) []*AuthRoles {
 }
 
 // Exec executes the query.
-func (arcb *AuthRolesCreateBulk) Exec(ctx context.Context) error {
-	_, err := arcb.Save(ctx)
+func (_c *AuthRolesCreateBulk) Exec(ctx context.Context) error {
+	_, err := _c.Save(ctx)
 	return err
 }
 
 // ExecX is like Exec, but panics if an error occurs.
-func (arcb *AuthRolesCreateBulk) ExecX(ctx context.Context) {
-	if err := arcb.Exec(ctx); err != nil {
+func (_c *AuthRolesCreateBulk) ExecX(ctx context.Context) {
+	if err := _c.Exec(ctx); err != nil {
 		panic(err)
 	}
 }

backend/internal/data/ent/authroles_delete.go

@@ -20,56 +20,56 @@ type AuthRolesDelete struct {
 }
 
 // Where appends a list predicates to the AuthRolesDelete builder.
-func (ard *AuthRolesDelete) Where(ps ...predicate.AuthRoles) *AuthRolesDelete {
-	ard.mutation.Where(ps...)
-	return ard
+func (_d *AuthRolesDelete) Where(ps ...predicate.AuthRoles) *AuthRolesDelete {
+	_d.mutation.Where(ps...)
+	return _d
 }
 
 // Exec executes the deletion query and returns how many vertices were deleted.
-func (ard *AuthRolesDelete) Exec(ctx context.Context) (int, error) {
-	return withHooks(ctx, ard.sqlExec, ard.mutation, ard.hooks)
+func (_d *AuthRolesDelete) Exec(ctx context.Context) (int, error) {
+	return withHooks(ctx, _d.sqlExec, _d.mutation, _d.hooks)
 }
 
 // ExecX is like Exec, but panics if an error occurs.
-func (ard *AuthRolesDelete) ExecX(ctx context.Context) int {
-	n, err := ard.Exec(ctx)
+func (_d *AuthRolesDelete) ExecX(ctx context.Context) int {
+	n, err := _d.Exec(ctx)
 	if err != nil {
 		panic(err)
 	}
 	return n
 }
 
-func (ard *AuthRolesDelete) sqlExec(ctx context.Context) (int, error) {
+func (_d *AuthRolesDelete) sqlExec(ctx context.Context) (int, error) {
 	_spec := sqlgraph.NewDeleteSpec(authroles.Table, sqlgraph.NewFieldSpec(authroles.FieldID, field.TypeInt))
-	if ps := ard.mutation.predicates; len(ps) > 0 {
+	if ps := _d.mutation.predicates; len(ps) > 0 {
 		_spec.Predicate = func(selector *sql.Selector) {
 			for i := range ps {
 				ps[i](selector)
 			}
 		}
 	}
-	affected, err := sqlgraph.DeleteNodes(ctx, ard.driver, _spec)
+	affected, err := sqlgraph.DeleteNodes(ctx, _d.driver, _spec)
 	if err != nil && sqlgraph.IsConstraintError(err) {
 		err = &ConstraintError{msg: err.Error(), wrap: err}
 	}
-	ard.mutation.done = true
+	_d.mutation.done = true
 	return affected, err
 }
 
 // AuthRolesDeleteOne is the builder for deleting a single AuthRoles entity.
 type AuthRolesDeleteOne struct {
-	ard *AuthRolesDelete
+	_d *AuthRolesDelete
 }
 
 // Where appends a list predicates to the AuthRolesDelete builder.
-func (ardo *AuthRolesDeleteOne) Where(ps ...predicate.AuthRoles) *AuthRolesDeleteOne {
-	ardo.ard.mutation.Where(ps...)
-	return ardo
+func (_d *AuthRolesDeleteOne) Where(ps ...predicate.AuthRoles) *AuthRolesDeleteOne {
+	_d._d.mutation.Where(ps...)
+	return _d
 }
 
 // Exec executes the deletion query.
-func (ardo *AuthRolesDeleteOne) Exec(ctx context.Context) error {
-	n, err := ardo.ard.Exec(ctx)
+func (_d *AuthRolesDeleteOne) Exec(ctx context.Context) error {
+	n, err := _d._d.Exec(ctx)
 	switch {
 	case err != nil:
 		return err
@@ -81,8 +81,8 @@ func (ardo *AuthRolesDeleteOne) Exec(ctx context.Context) error {
 }
 
 // ExecX is like Exec, but panics if an error occurs.
-func (ardo *AuthRolesDeleteOne) ExecX(ctx context.Context) {
-	if err := ardo.Exec(ctx); err != nil {
+func (_d *AuthRolesDeleteOne) ExecX(ctx context.Context) {
+	if err := _d.Exec(ctx); err != nil {
 		panic(err)
 	}
 }

backend/internal/data/ent/authroles_query.go

@@ -32,44 +32,44 @@ type AuthRolesQuery struct {
 }
 
 // Where adds a new predicate for the AuthRolesQuery builder.
-func (arq *AuthRolesQuery) Where(ps ...predicate.AuthRoles) *AuthRolesQuery {
-	arq.predicates = append(arq.predicates, ps...)
-	return arq
+func (_q *AuthRolesQuery) Where(ps ...predicate.AuthRoles) *AuthRolesQuery {
+	_q.predicates = append(_q.predicates, ps...)
+	return _q
 }
 
 // Limit the number of records to be returned by this query.
-func (arq *AuthRolesQuery) Limit(limit int) *AuthRolesQuery {
-	arq.ctx.Limit = &limit
-	return arq
+func (_q *AuthRolesQuery) Limit(limit int) *AuthRolesQuery {
+	_q.ctx.Limit = &limit
+	return _q
 }
 
 // Offset to start from.
-func (arq *AuthRolesQuery) Offset(offset int) *AuthRolesQuery {
-	arq.ctx.Offset = &offset
-	return arq
+func (_q *AuthRolesQuery) Offset(offset int) *AuthRolesQuery {
+	_q.ctx.Offset = &offset
+	return _q
 }
 
 // Unique configures the query builder to filter duplicate records on query.
 // By default, unique is set to true, and can be disabled using this method.
-func (arq *AuthRolesQuery) Unique(unique bool) *AuthRolesQuery {
-	arq.ctx.Unique = &unique
-	return arq
+func (_q *AuthRolesQuery) Unique(unique bool) *AuthRolesQuery {
+	_q.ctx.Unique = &unique
+	return _q
 }
 
 // Order specifies how the records should be ordered.
-func (arq *AuthRolesQuery) Order(o ...authroles.OrderOption) *AuthRolesQuery {
-	arq.order = append(arq.order, o...)
-	return arq
+func (_q *AuthRolesQuery) Order(o ...authroles.OrderOption) *AuthRolesQuery {
+	_q.order = append(_q.order, o...)
+	return _q
 }
 
 // QueryToken chains the current query on the "token" edge.
-func (arq *AuthRolesQuery) QueryToken() *AuthTokensQuery {
-	query := (&AuthTokensClient{config: arq.config}).Query()
+func (_q *AuthRolesQuery) QueryToken() *AuthTokensQuery {
+	query := (&AuthTokensClient{config: _q.config}).Query()
 	query.path = func(ctx context.Context) (fromU *sql.Selector, err error) {
-		if err := arq.prepareQuery(ctx); err != nil {
+		if err := _q.prepareQuery(ctx); err != nil {
 			return nil, err
 		}
-		selector := arq.sqlQuery(ctx)
+		selector := _q.sqlQuery(ctx)
 		if err := selector.Err(); err != nil {
 			return nil, err
 		}
@@ -78,7 +78,7 @@ func (arq *AuthRolesQuery) QueryToken() *AuthTokensQuery {
 			sqlgraph.To(authtokens.Table, authtokens.FieldID),
 			sqlgraph.Edge(sqlgraph.O2O, true, authroles.TokenTable, authroles.TokenColumn),
 		)
-		fromU = sqlgraph.SetNeighbors(arq.driver.Dialect(), step)
+		fromU = sqlgraph.SetNeighbors(_q.driver.Dialect(), step)
 		return fromU, nil
 	}
 	return query
@@ -86,8 +86,8 @@ func (arq *AuthRolesQuery) QueryToken() *AuthTokensQuery {
 
 // First returns the first AuthRoles entity from the query.
 // Returns a *NotFoundError when no AuthRoles was found.
-func (arq *AuthRolesQuery) First(ctx context.Context) (*AuthRoles, error) {
-	nodes, err := arq.Limit(1).All(setContextOp(ctx, arq.ctx, ent.OpQueryFirst))
+func (_q *AuthRolesQuery) First(ctx context.Context) (*AuthRoles, error) {
+	nodes, err := _q.Limit(1).All(setContextOp(ctx, _q.ctx, ent.OpQueryFirst))
 	if err != nil {
 		return nil, err
 	}
@@ -98,8 +98,8 @@ func (arq *AuthRolesQuery) First(ctx context.Context) (*AuthRoles, error) {
 }
 
 // FirstX is like First, but panics if an error occurs.
-func (arq *AuthRolesQuery) FirstX(ctx context.Context) *AuthRoles {
-	node, err := arq.First(ctx)
+func (_q *AuthRolesQuery) FirstX(ctx context.Context) *AuthRoles {
+	node, err := _q.First(ctx)
 	if err != nil && !IsNotFound(err) {
 		panic(err)
 	}
@@ -108,9 +108,9 @@ func (arq *AuthRolesQuery) FirstX(ctx context.Context) *AuthRoles {
 
 // FirstID returns the first AuthRoles ID from the query.
 // Returns a *NotFoundError when no AuthRoles ID was found.
-func (arq *AuthRolesQuery) FirstID(ctx context.Context) (id int, err error) {
+func (_q *AuthRolesQuery) FirstID(ctx context.Context) (id int, err error) {
 	var ids []int
-	if ids, err = arq.Limit(1).IDs(setContextOp(ctx, arq.ctx, ent.OpQueryFirstID)); err != nil {
+	if ids, err = _q.Limit(1).IDs(setContextOp(ctx, _q.ctx, ent.OpQueryFirstID)); err != nil {
 		return
 	}
 	if len(ids) == 0 {
@@ -121,8 +121,8 @@ func (arq *AuthRolesQuery) FirstID(ctx context.Context) (id int, err error) {
 }
 
 // FirstIDX is like FirstID, but panics if an error occurs.
-func (arq *AuthRolesQuery) FirstIDX(ctx context.Context) int {
-	id, err := arq.FirstID(ctx)
+func (_q *AuthRolesQuery) FirstIDX(ctx context.Context) int {
+	id, err := _q.FirstID(ctx)
 	if err != nil && !IsNotFound(err) {
 		panic(err)
 	}
@@ -132,8 +132,8 @@ func (arq *AuthRolesQuery) FirstIDX(ctx context.Context) int {
 // Only returns a single AuthRoles entity found by the query, ensuring it only returns one.
 // Returns a *NotSingularError when more than one AuthRoles entity is found.
 // Returns a *NotFoundError when no AuthRoles entities are found.
-func (arq *AuthRolesQuery) Only(ctx context.Context) (*AuthRoles, error) {
-	nodes, err := arq.Limit(2).All(setContextOp(ctx, arq.ctx, ent.OpQueryOnly))
+func (_q *AuthRolesQuery) Only(ctx context.Context) (*AuthRoles, error) {
+	nodes, err := _q.Limit(2).All(setContextOp(ctx, _q.ctx, ent.OpQueryOnly))
 	if err != nil {
 		return nil, err
 	}
@@ -148,8 +148,8 @@ func (arq *AuthRolesQuery) Only(ctx context.Context) (*AuthRoles, error) {
 }
 
 // OnlyX is like Only, but panics if an error occurs.
-func (arq *AuthRolesQuery) OnlyX(ctx context.Context) *AuthRoles {
-	node, err := arq.Only(ctx)
+func (_q *AuthRolesQuery) OnlyX(ctx context.Context) *AuthRoles {
+	node, err := _q.Only(ctx)
 	if err != nil {
 		panic(err)
 	}
@@ -159,9 +159,9 @@ func (arq *AuthRolesQuery) OnlyX(ctx context.Context) *AuthRoles {
 // OnlyID is like Only, but returns the only AuthRoles ID in the query.
 // Returns a *NotSingularError when more than one AuthRoles ID is found.
 // Returns a *NotFoundError when no entities are found.
-func (arq *AuthRolesQuery) OnlyID(ctx context.Context) (id int, err error) {
+func (_q *AuthRolesQuery) OnlyID(ctx context.Context) (id int, err error) {
 	var ids []int
-	if ids, err = arq.Limit(2).IDs(setContextOp(ctx, arq.ctx, ent.OpQueryOnlyID)); err != nil {
+	if ids, err = _q.Limit(2).IDs(setContextOp(ctx, _q.ctx, ent.OpQueryOnlyID)); err != nil {
 		return
 	}
 	switch len(ids) {
@@ -176,8 +176,8 @@ func (arq *AuthRolesQuery) OnlyID(ctx context.Context) (id int, err error) {
 }
 
 // OnlyIDX is like OnlyID, but panics if an error occurs.
-func (arq *AuthRolesQuery) OnlyIDX(ctx context.Context) int {
-	id, err := arq.OnlyID(ctx)
+func (_q *AuthRolesQuery) OnlyIDX(ctx context.Context) int {
+	id, err := _q.OnlyID(ctx)
 	if err != nil {
 		panic(err)
 	}
@@ -185,18 +185,18 @@ func (arq *AuthRolesQuery) OnlyIDX(ctx context.Context) int {
 }
 
 // All executes the query and returns a list of AuthRolesSlice.
-func (arq *AuthRolesQuery) All(ctx context.Context) ([]*AuthRoles, error) {
-	ctx = setContextOp(ctx, arq.ctx, ent.OpQueryAll)
-	if err := arq.prepareQuery(ctx); err != nil {
+func (_q *AuthRolesQuery) All(ctx context.Context) ([]*AuthRoles, error) {
+	ctx = setContextOp(ctx, _q.ctx, ent.OpQueryAll)
+	if err := _q.prepareQuery(ctx); err != nil {
 		return nil, err
 	}
 	qr := querierAll[[]*AuthRoles, *AuthRolesQuery]()
-	return withInterceptors[[]*AuthRoles](ctx, arq, qr, arq.inters)
+	return withInterceptors[[]*AuthRoles](ctx, _q, qr, _q.inters)
 }
 
 // AllX is like All, but panics if an error occurs.
-func (arq *AuthRolesQuery) AllX(ctx context.Context) []*AuthRoles {
-	nodes, err := arq.All(ctx)
+func (_q *AuthRolesQuery) AllX(ctx context.Context) []*AuthRoles {
+	nodes, err := _q.All(ctx)
 	if err != nil {
 		panic(err)
 	}
@@ -204,20 +204,20 @@ func (arq *AuthRolesQuery) AllX(ctx context.Context) []*AuthRoles {
 }
 
 // IDs executes the query and returns a list of AuthRoles IDs.
-func (arq *AuthRolesQuery) IDs(ctx context.Context) (ids []int, err error) {
-	if arq.ctx.Unique == nil && arq.path != nil {
-		arq.Unique(true)
+func (_q *AuthRolesQuery) IDs(ctx context.Context) (ids []int, err error) {
+	if _q.ctx.Unique == nil && _q.path != nil {
+		_q.Unique(true)
 	}
-	ctx = setContextOp(ctx, arq.ctx, ent.OpQueryIDs)
-	if err = arq.Select(authroles.FieldID).Scan(ctx, &ids); err != nil {
+	ctx = setContextOp(ctx, _q.ctx, ent.OpQueryIDs)
+	if err = _q.Select(authroles.FieldID).Scan(ctx, &ids); err != nil {
 		return nil, err
 	}
 	return ids, nil
 }
 
 // IDsX is like IDs, but panics if an error occurs.
-func (arq *AuthRolesQuery) IDsX(ctx context.Context) []int {
-	ids, err := arq.IDs(ctx)
+func (_q *AuthRolesQuery) IDsX(ctx context.Context) []int {
+	ids, err := _q.IDs(ctx)
 	if err != nil {
 		panic(err)
 	}
@@ -225,17 +225,17 @@ func (arq *AuthRolesQuery) IDsX(ctx context.Context) []int {
 }
 
 // Count returns the count of the given query.
-func (arq *AuthRolesQuery) Count(ctx context.Context) (int, error) {
-	ctx = setContextOp(ctx, arq.ctx, ent.OpQueryCount)
-	if err := arq.prepareQuery(ctx); err != nil {
+func (_q *AuthRolesQuery) Count(ctx context.Context) (int, error) {
+	ctx = setContextOp(ctx, _q.ctx, ent.OpQueryCount)
+	if err := _q.prepareQuery(ctx); err != nil {
 		return 0, err
 	}
-	return withInterceptors[int](ctx, arq, querierCount[*AuthRolesQuery](), arq.inters)
+	return withInterceptors[int](ctx, _q, querierCount[*AuthRolesQuery](), _q.inters)
 }
 
 // CountX is like Count, but panics if an error occurs.
-func (arq *AuthRolesQuery) CountX(ctx context.Context) int {
-	count, err := arq.Count(ctx)
+func (_q *AuthRolesQuery) CountX(ctx context.Context) int {
+	count, err := _q.Count(ctx)
 	if err != nil {
 		panic(err)
 	}
@@ -243,9 +243,9 @@ func (arq *AuthRolesQuery) CountX(ctx context.Context) int {
 }
 
 // Exist returns true if the query has elements in the graph.
-func (arq *AuthRolesQuery) Exist(ctx context.Context) (bool, error) {
-	ctx = setContextOp(ctx, arq.ctx, ent.OpQueryExist)
-	switch _, err := arq.FirstID(ctx); {
+func (_q *AuthRolesQuery) Exist(ctx context.Context) (bool, error) {
+	ctx = setContextOp(ctx, _q.ctx, ent.OpQueryExist)
+	switch _, err := _q.FirstID(ctx); {
 	case IsNotFound(err):
 		return false, nil
 	case err != nil:
@@ -256,8 +256,8 @@ func (arq *AuthRolesQuery) Exist(ctx context.Context) (bool, error) {
 }
 
 // ExistX is like Exist, but panics if an error occurs.
-func (arq *AuthRolesQuery) ExistX(ctx context.Context) bool {
-	exist, err := arq.Exist(ctx)
+func (_q *AuthRolesQuery) ExistX(ctx context.Context) bool {
+	exist, err := _q.Exist(ctx)
 	if err != nil {
 		panic(err)
 	}
@@ -266,32 +266,32 @@ func (arq *AuthRolesQuery) ExistX(ctx context.Context) bool {
 
 // Clone returns a duplicate of the AuthRolesQuery builder, including all associated steps. It can be
 // used to prepare common query builders and use them differently after the clone is made.
-func (arq *AuthRolesQuery) Clone() *AuthRolesQuery {
-	if arq == nil {
+func (_q *AuthRolesQuery) Clone() *AuthRolesQuery {
+	if _q == nil {
 		return nil
 	}
 	return &AuthRolesQuery{
-		config:     arq.config,
-		ctx:        arq.ctx.Clone(),
-		order:      append([]authroles.OrderOption{}, arq.order...),
-		inters:     append([]Interceptor{}, arq.inters...),
-		predicates: append([]predicate.AuthRoles{}, arq.predicates...),
-		withToken:  arq.withToken.Clone(),
+		config:     _q.config,
+		ctx:        _q.ctx.Clone(),
+		order:      append([]authroles.OrderOption{}, _q.order...),
+		inters:     append([]Interceptor{}, _q.inters...),
+		predicates: append([]predicate.AuthRoles{}, _q.predicates...),
+		withToken:  _q.withToken.Clone(),
 		// clone intermediate query.
-		sql:  arq.sql.Clone(),
-		path: arq.path,
+		sql:  _q.sql.Clone(),
+		path: _q.path,
 	}
 }
 
 // WithToken tells the query-builder to eager-load the nodes that are connected to
 // the "token" edge. The optional arguments are used to configure the query builder of the edge.
-func (arq *AuthRolesQuery) WithToken(opts ...func(*AuthTokensQuery)) *AuthRolesQuery {
-	query := (&AuthTokensClient{config: arq.config}).Query()
+func (_q *AuthRolesQuery) WithToken(opts ...func(*AuthTokensQuery)) *AuthRolesQuery {
+	query := (&AuthTokensClient{config: _q.config}).Query()
 	for _, opt := range opts {
 		opt(query)
 	}
-	arq.withToken = query
-	return arq
+	_q.withToken = query
+	return _q
 }
 
 // GroupBy is used to group vertices by one or more fields/columns.
@@ -308,10 +308,10 @@ func (arq *AuthRolesQuery) WithToken(opts ...func(*AuthTokensQuery)) *AuthRolesQ
 //		GroupBy(authroles.FieldRole).
 //		Aggregate(ent.Count()).
 //		Scan(ctx, &v)
-func (arq *AuthRolesQuery) GroupBy(field string, fields ...string) *AuthRolesGroupBy {
-	arq.ctx.Fields = append([]string{field}, fields...)
-	grbuild := &AuthRolesGroupBy{build: arq}
-	grbuild.flds = &arq.ctx.Fields
+func (_q *AuthRolesQuery) GroupBy(field string, fields ...string) *AuthRolesGroupBy {
+	_q.ctx.Fields = append([]string{field}, fields...)
+	grbuild := &AuthRolesGroupBy{build: _q}
+	grbuild.flds = &_q.ctx.Fields
 	grbuild.label = authroles.Label
 	grbuild.scan = grbuild.Scan
 	return grbuild
@@ -329,55 +329,55 @@ func (arq *AuthRolesQuery) GroupBy(field string, fields ...string) *AuthRolesGro
 //	client.AuthRoles.Query().
 //		Select(authroles.FieldRole).
 //		Scan(ctx, &v)
-func (arq *AuthRolesQuery) Select(fields ...string) *AuthRolesSelect {
-	arq.ctx.Fields = append(arq.ctx.Fields, fields...)
-	sbuild := &AuthRolesSelect{AuthRolesQuery: arq}
+func (_q *AuthRolesQuery) Select(fields ...string) *AuthRolesSelect {
+	_q.ctx.Fields = append(_q.ctx.Fields, fields...)
+	sbuild := &AuthRolesSelect{AuthRolesQuery: _q}
 	sbuild.label = authroles.Label
-	sbuild.flds, sbuild.scan = &arq.ctx.Fields, sbuild.Scan
+	sbuild.flds, sbuild.scan = &_q.ctx.Fields, sbuild.Scan
 	return sbuild
 }
 
 // Aggregate returns a AuthRolesSelect configured with the given aggregations.
-func (arq *AuthRolesQuery) Aggregate(fns ...AggregateFunc) *AuthRolesSelect {
-	return arq.Select().Aggregate(fns...)
+func (_q *AuthRolesQuery) Aggregate(fns ...AggregateFunc) *AuthRolesSelect {
+	return _q.Select().Aggregate(fns...)
 }
 
-func (arq *AuthRolesQuery) prepareQuery(ctx context.Context) error {
-	for _, inter := range arq.inters {
+func (_q *AuthRolesQuery) prepareQuery(ctx context.Context) error {
+	for _, inter := range _q.inters {
 		if inter == nil {
 			return fmt.Errorf("ent: uninitialized interceptor (forgotten import ent/runtime?)")
 		}
 		if trv, ok := inter.(Traverser); ok {
-			if err := trv.Traverse(ctx, arq); err != nil {
+			if err := trv.Traverse(ctx, _q); err != nil {
 				return err
 			}
 		}
 	}
-	for _, f := range arq.ctx.Fields {
+	for _, f := range _q.ctx.Fields {
 		if !authroles.ValidColumn(f) {
 			return &ValidationError{Name: f, err: fmt.Errorf("ent: invalid field %q for query", f)}
 		}
 	}
-	if arq.path != nil {
-		prev, err := arq.path(ctx)
+	if _q.path != nil {
+		prev, err := _q.path(ctx)
 		if err != nil {
 			return err
 		}
-		arq.sql = prev
+		_q.sql = prev
 	}
 	return nil
 }
 
-func (arq *AuthRolesQuery) sqlAll(ctx context.Context, hooks ...queryHook) ([]*AuthRoles, error) {
+func (_q *AuthRolesQuery) sqlAll(ctx context.Context, hooks ...queryHook) ([]*AuthRoles, error) {
 	var (
 		nodes       = []*AuthRoles{}
-		withFKs     = arq.withFKs
-		_spec       = arq.querySpec()
+		withFKs     = _q.withFKs
+		_spec       = _q.querySpec()
 		loadedTypes = [1]bool{
-			arq.withToken != nil,
+			_q.withToken != nil,
 		}
 	)
-	if arq.withToken != nil {
+	if _q.withToken != nil {
 		withFKs = true
 	}
 	if withFKs {
@@ -387,7 +387,7 @@ func (arq *AuthRolesQuery) sqlAll(ctx context.Context, hooks ...queryHook) ([]*A
 		return (*AuthRoles).scanValues(nil, columns)
 	}
 	_spec.Assign = func(columns []string, values []any) error {
-		node := &AuthRoles{config: arq.config}
+		node := &AuthRoles{config: _q.config}
 		nodes = append(nodes, node)
 		node.Edges.loadedTypes = loadedTypes
 		return node.assignValues(columns, values)
@@ -395,14 +395,14 @@ func (arq *AuthRolesQuery) sqlAll(ctx context.Context, hooks ...queryHook) ([]*A
 	for i := range hooks {
 		hooks[i](ctx, _spec)
 	}
-	if err := sqlgraph.QueryNodes(ctx, arq.driver, _spec); err != nil {
+	if err := sqlgraph.QueryNodes(ctx, _q.driver, _spec); err != nil {
 		return nil, err
 	}
 	if len(nodes) == 0 {
 		return nodes, nil
 	}
-	if query := arq.withToken; query != nil {
-		if err := arq.loadToken(ctx, query, nodes, nil,
+	if query := _q.withToken; query != nil {
+		if err := _q.loadToken(ctx, query, nodes, nil,
 			func(n *AuthRoles, e *AuthTokens) { n.Edges.Token = e }); err != nil {
 			return nil, err
 		}
@@ -410,7 +410,7 @@ func (arq *AuthRolesQuery) sqlAll(ctx context.Context, hooks ...queryHook) ([]*A
 	return nodes, nil
 }
 
-func (arq *AuthRolesQuery) loadToken(ctx context.Context, query *AuthTokensQuery, nodes []*AuthRoles, init func(*AuthRoles), assign func(*AuthRoles, *AuthTokens)) error {
+func (_q *AuthRolesQuery) loadToken(ctx context.Context, query *AuthTokensQuery, nodes []*AuthRoles, init func(*AuthRoles), assign func(*AuthRoles, *AuthTokens)) error {
 	ids := make([]uuid.UUID, 0, len(nodes))
 	nodeids := make(map[uuid.UUID][]*AuthRoles)
 	for i := range nodes {
@@ -443,24 +443,24 @@ func (arq *AuthRolesQuery) loadToken(ctx context.Context, query *AuthTokensQuery
 	return nil
 }
 
-func (arq *AuthRolesQuery) sqlCount(ctx context.Context) (int, error) {
-	_spec := arq.querySpec()
-	_spec.Node.Columns = arq.ctx.Fields
-	if len(arq.ctx.Fields) > 0 {
-		_spec.Unique = arq.ctx.Unique != nil && *arq.ctx.Unique
+func (_q *AuthRolesQuery) sqlCount(ctx context.Context) (int, error) {
+	_spec := _q.querySpec()
+	_spec.Node.Columns = _q.ctx.Fields
+	if len(_q.ctx.Fields) > 0 {
+		_spec.Unique = _q.ctx.Unique != nil && *_q.ctx.Unique
 	}
-	return sqlgraph.CountNodes(ctx, arq.driver, _spec)
+	return sqlgraph.CountNodes(ctx, _q.driver, _spec)
 }
 
-func (arq *AuthRolesQuery) querySpec() *sqlgraph.QuerySpec {
+func (_q *AuthRolesQuery) querySpec() *sqlgraph.QuerySpec {
 	_spec := sqlgraph.NewQuerySpec(authroles.Table, authroles.Columns, sqlgraph.NewFieldSpec(authroles.FieldID, field.TypeInt))
-	_spec.From = arq.sql
-	if unique := arq.ctx.Unique; unique != nil {
+	_spec.From = _q.sql
+	if unique := _q.ctx.Unique; unique != nil {
 		_spec.Unique = *unique
-	} else if arq.path != nil {
+	} else if _q.path != nil {
 		_spec.Unique = true
 	}
-	if fields := arq.ctx.Fields; len(fields) > 0 {
+	if fields := _q.ctx.Fields; len(fields) > 0 {
 		_spec.Node.Columns = make([]string, 0, len(fields))
 		_spec.Node.Columns = append(_spec.Node.Columns, authroles.FieldID)
 		for i := range fields {
@@ -469,20 +469,20 @@ func (arq *AuthRolesQuery) querySpec() *sqlgraph.QuerySpec {
 			}
 		}
 	}
-	if ps := arq.predicates; len(ps) > 0 {
+	if ps := _q.predicates; len(ps) > 0 {
 		_spec.Predicate = func(selector *sql.Selector) {
 			for i := range ps {
 				ps[i](selector)
 			}
 		}
 	}
-	if limit := arq.ctx.Limit; limit != nil {
+	if limit := _q.ctx.Limit; limit != nil {
 		_spec.Limit = *limit
 	}
-	if offset := arq.ctx.Offset; offset != nil {
+	if offset := _q.ctx.Offset; offset != nil {
 		_spec.Offset = *offset
 	}
-	if ps := arq.order; len(ps) > 0 {
+	if ps := _q.order; len(ps) > 0 {
 		_spec.Order = func(selector *sql.Selector) {
 			for i := range ps {
 				ps[i](selector)
@@ -492,33 +492,33 @@ func (arq *AuthRolesQuery) querySpec() *sqlgraph.QuerySpec {
 	return _spec
 }
 
-func (arq *AuthRolesQuery) sqlQuery(ctx context.Context) *sql.Selector {
-	builder := sql.Dialect(arq.driver.Dialect())
+func (_q *AuthRolesQuery) sqlQuery(ctx context.Context) *sql.Selector {
+	builder := sql.Dialect(_q.driver.Dialect())
 	t1 := builder.Table(authroles.Table)
-	columns := arq.ctx.Fields
+	columns := _q.ctx.Fields
 	if len(columns) == 0 {
 		columns = authroles.Columns
 	}
 	selector := builder.Select(t1.Columns(columns...)...).From(t1)
-	if arq.sql != nil {
-		selector = arq.sql
+	if _q.sql != nil {
+		selector = _q.sql
 		selector.Select(selector.Columns(columns...)...)
 	}
-	if arq.ctx.Unique != nil && *arq.ctx.Unique {
+	if _q.ctx.Unique != nil && *_q.ctx.Unique {
 		selector.Distinct()
 	}
-	for _, p := range arq.predicates {
+	for _, p := range _q.predicates {
 		p(selector)
 	}
-	for _, p := range arq.order {
+	for _, p := range _q.order {
 		p(selector)
 	}
-	if offset := arq.ctx.Offset; offset != nil {
+	if offset := _q.ctx.Offset; offset != nil {
 		// limit is mandatory for offset clause. We start
 		// with default value, and override it below if needed.
 		selector.Offset(*offset).Limit(math.MaxInt32)
 	}
-	if limit := arq.ctx.Limit; limit != nil {
+	if limit := _q.ctx.Limit; limit != nil {
 		selector.Limit(*limit)
 	}
 	return selector
@@ -531,41 +531,41 @@ type AuthRolesGroupBy struct {
 }
 
 // Aggregate adds the given aggregation functions to the group-by query.
-func (argb *AuthRolesGroupBy) Aggregate(fns ...AggregateFunc) *AuthRolesGroupBy {
-	argb.fns = append(argb.fns, fns...)
-	return argb
+func (_g *AuthRolesGroupBy) Aggregate(fns ...AggregateFunc) *AuthRolesGroupBy {
+	_g.fns = append(_g.fns, fns...)
+	return _g
 }
 
 // Scan applies the selector query and scans the result into the given value.
-func (argb *AuthRolesGroupBy) Scan(ctx context.Context, v any) error {
-	ctx = setContextOp(ctx, argb.build.ctx, ent.OpQueryGroupBy)
-	if err := argb.build.prepareQuery(ctx); err != nil {
+func (_g *AuthRolesGroupBy) Scan(ctx context.Context, v any) error {
+	ctx = setContextOp(ctx, _g.build.ctx, ent.OpQueryGroupBy)
+	if err := _g.build.prepareQuery(ctx); err != nil {
 		return err
 	}
-	return scanWithInterceptors[*AuthRolesQuery, *AuthRolesGroupBy](ctx, argb.build, argb, argb.build.inters, v)
+	return scanWithInterceptors[*AuthRolesQuery, *AuthRolesGroupBy](ctx, _g.build, _g, _g.build.inters, v)
 }
 
-func (argb *AuthRolesGroupBy) sqlScan(ctx context.Context, root *AuthRolesQuery, v any) error {
+func (_g *AuthRolesGroupBy) sqlScan(ctx context.Context, root *AuthRolesQuery, v any) error {
 	selector := root.sqlQuery(ctx).Select()
-	aggregation := make([]string, 0, len(argb.fns))
-	for _, fn := range argb.fns {
+	aggregation := make([]string, 0, len(_g.fns))
+	for _, fn := range _g.fns {
 		aggregation = append(aggregation, fn(selector))
 	}
 	if len(selector.SelectedColumns()) == 0 {
-		columns := make([]string, 0, len(*argb.flds)+len(argb.fns))
-		for _, f := range *argb.flds {
+		columns := make([]string, 0, len(*_g.flds)+len(_g.fns))
+		for _, f := range *_g.flds {
 			columns = append(columns, selector.C(f))
 		}
 		columns = append(columns, aggregation...)
 		selector.Select(columns...)
 	}
-	selector.GroupBy(selector.Columns(*argb.flds...)...)
+	selector.GroupBy(selector.Columns(*_g.flds...)...)
 	if err := selector.Err(); err != nil {
 		return err
 	}
 	rows := &sql.Rows{}
 	query, args := selector.Query()
-	if err := argb.build.driver.Query(ctx, query, args, rows); err != nil {
+	if err := _g.build.driver.Query(ctx, query, args, rows); err != nil {
 		return err
 	}
 	defer rows.Close()
@@ -579,27 +579,27 @@ type AuthRolesSelect struct {
 }
 
 // Aggregate adds the given aggregation functions to the selector query.
-func (ars *AuthRolesSelect) Aggregate(fns ...AggregateFunc) *AuthRolesSelect {
-	ars.fns = append(ars.fns, fns...)
-	return ars
+func (_s *AuthRolesSelect) Aggregate(fns ...AggregateFunc) *AuthRolesSelect {
+	_s.fns = append(_s.fns, fns...)
+	return _s
 }
 
 // Scan applies the selector query and scans the result into the given value.
-func (ars *AuthRolesSelect) Scan(ctx context.Context, v any) error {
-	ctx = setContextOp(ctx, ars.ctx, ent.OpQuerySelect)
-	if err := ars.prepareQuery(ctx); err != nil {
+func (_s *AuthRolesSelect) Scan(ctx context.Context, v any) error {
+	ctx = setContextOp(ctx, _s.ctx, ent.OpQuerySelect)
+	if err := _s.prepareQuery(ctx); err != nil {
 		return err
 	}
-	return scanWithInterceptors[*AuthRolesQuery, *AuthRolesSelect](ctx, ars.AuthRolesQuery, ars, ars.inters, v)
+	return scanWithInterceptors[*AuthRolesQuery, *AuthRolesSelect](ctx, _s.AuthRolesQuery, _s, _s.inters, v)
 }
 
-func (ars *AuthRolesSelect) sqlScan(ctx context.Context, root *AuthRolesQuery, v any) error {
+func (_s *AuthRolesSelect) sqlScan(ctx context.Context, root *AuthRolesQuery, v any) error {
 	selector := root.sqlQuery(ctx)
-	aggregation := make([]string, 0, len(ars.fns))
-	for _, fn := range ars.fns {
+	aggregation := make([]string, 0, len(_s.fns))
+	for _, fn := range _s.fns {
 		aggregation = append(aggregation, fn(selector))
 	}
-	switch n := len(*ars.selector.flds); {
+	switch n := len(*_s.selector.flds); {
 	case n == 0 && len(aggregation) > 0:
 		selector.Select(aggregation...)
 	case n != 0 && len(aggregation) > 0:
@@ -607,7 +607,7 @@ func (ars *AuthRolesSelect) sqlScan(ctx context.Context, root *AuthRolesQuery, v
 	}
 	rows := &sql.Rows{}
 	query, args := selector.Query()
-	if err := ars.driver.Query(ctx, query, args, rows); err != nil {
+	if err := _s.driver.Query(ctx, query, args, rows); err != nil {
 		return err
 	}
 	defer rows.Close()

backend/internal/data/ent/authroles_update.go

@@ -24,63 +24,63 @@ type AuthRolesUpdate struct {
 }
 
 // Where appends a list predicates to the AuthRolesUpdate builder.
-func (aru *AuthRolesUpdate) Where(ps ...predicate.AuthRoles) *AuthRolesUpdate {
-	aru.mutation.Where(ps...)
-	return aru
+func (_u *AuthRolesUpdate) Where(ps ...predicate.AuthRoles) *AuthRolesUpdate {
+	_u.mutation.Where(ps...)
+	return _u
 }
 
 // SetRole sets the "role" field.
-func (aru *AuthRolesUpdate) SetRole(a authroles.Role) *AuthRolesUpdate {
-	aru.mutation.SetRole(a)
-	return aru
+func (_u *AuthRolesUpdate) SetRole(v authroles.Role) *AuthRolesUpdate {
+	_u.mutation.SetRole(v)
+	return _u
 }
 
 // SetNillableRole sets the "role" field if the given value is not nil.
-func (aru *AuthRolesUpdate) SetNillableRole(a *authroles.Role) *AuthRolesUpdate {
-	if a != nil {
-		aru.SetRole(*a)
+func (_u *AuthRolesUpdate) SetNillableRole(v *authroles.Role) *AuthRolesUpdate {
+	if v != nil {
+		_u.SetRole(*v)
 	}
-	return aru
+	return _u
 }
 
 // SetTokenID sets the "token" edge to the AuthTokens entity by ID.
-func (aru *AuthRolesUpdate) SetTokenID(id uuid.UUID) *AuthRolesUpdate {
-	aru.mutation.SetTokenID(id)
-	return aru
+func (_u *AuthRolesUpdate) SetTokenID(id uuid.UUID) *AuthRolesUpdate {
+	_u.mutation.SetTokenID(id)
+	return _u
 }
 
 // SetNillableTokenID sets the "token" edge to the AuthTokens entity by ID if the given value is not nil.
-func (aru *AuthRolesUpdate) SetNillableTokenID(id *uuid.UUID) *AuthRolesUpdate {
+func (_u *AuthRolesUpdate) SetNillableTokenID(id *uuid.UUID) *AuthRolesUpdate {
 	if id != nil {
-		aru = aru.SetTokenID(*id)
+		_u = _u.SetTokenID(*id)
 	}
-	return aru
+	return _u
 }
 
 // SetToken sets the "token" edge to the AuthTokens entity.
-func (aru *AuthRolesUpdate) SetToken(a *AuthTokens) *AuthRolesUpdate {
-	return aru.SetTokenID(a.ID)
+func (_u *AuthRolesUpdate) SetToken(v *AuthTokens) *AuthRolesUpdate {
+	return _u.SetTokenID(v.ID)
 }
 
 // Mutation returns the AuthRolesMutation object of the builder.
-func (aru *AuthRolesUpdate) Mutation() *AuthRolesMutation {
-	return aru.mutation
+func (_u *AuthRolesUpdate) Mutation() *AuthRolesMutation {
+	return _u.mutation
 }
 
 // ClearToken clears the "token" edge to the AuthTokens entity.
-func (aru *AuthRolesUpdate) ClearToken() *AuthRolesUpdate {
-	aru.mutation.ClearToken()
-	return aru
+func (_u *AuthRolesUpdate) ClearToken() *AuthRolesUpdate {
+	_u.mutation.ClearToken()
+	return _u
 }
 
 // Save executes the query and returns the number of nodes affected by the update operation.
-func (aru *AuthRolesUpdate) Save(ctx context.Context) (int, error) {
-	return withHooks(ctx, aru.sqlSave, aru.mutation, aru.hooks)
+func (_u *AuthRolesUpdate) Save(ctx context.Context) (int, error) {
+	return withHooks(ctx, _u.sqlSave, _u.mutation, _u.hooks)
 }
 
 // SaveX is like Save, but panics if an error occurs.
-func (aru *AuthRolesUpdate) SaveX(ctx context.Context) int {
-	affected, err := aru.Save(ctx)
+func (_u *AuthRolesUpdate) SaveX(ctx context.Context) int {
+	affected, err := _u.Save(ctx)
 	if err != nil {
 		panic(err)
 	}
@@ -88,21 +88,21 @@ func (aru *AuthRolesUpdate) SaveX(ctx context.Context) int {
 }
 
 // Exec executes the query.
-func (aru *AuthRolesUpdate) Exec(ctx context.Context) error {
-	_, err := aru.Save(ctx)
+func (_u *AuthRolesUpdate) Exec(ctx context.Context) error {
+	_, err := _u.Save(ctx)
 	return err
 }
 
 // ExecX is like Exec, but panics if an error occurs.
-func (aru *AuthRolesUpdate) ExecX(ctx context.Context) {
-	if err := aru.Exec(ctx); err != nil {
+func (_u *AuthRolesUpdate) ExecX(ctx context.Context) {
+	if err := _u.Exec(ctx); err != nil {
 		panic(err)
 	}
 }
 
 // check runs all checks and user-defined validators on the builder.
-func (aru *AuthRolesUpdate) check() error {
-	if v, ok := aru.mutation.Role(); ok {
+func (_u *AuthRolesUpdate) check() error {
+	if v, ok := _u.mutation.Role(); ok {
 		if err := authroles.RoleValidator(v); err != nil {
 			return &ValidationError{Name: "role", err: fmt.Errorf(`ent: validator failed for field "AuthRoles.role": %w`, err)}
 		}
@@ -110,22 +110,22 @@ func (aru *AuthRolesUpdate) check() error {
 	return nil
 }
 
-func (aru *AuthRolesUpdate) sqlSave(ctx context.Context) (n int, err error) {
-	if err := aru.check(); err != nil {
-		return n, err
+func (_u *AuthRolesUpdate) sqlSave(ctx context.Context) (_node int, err error) {
+	if err := _u.check(); err != nil {
+		return _node, err
 	}
 	_spec := sqlgraph.NewUpdateSpec(authroles.Table, authroles.Columns, sqlgraph.NewFieldSpec(authroles.FieldID, field.TypeInt))
-	if ps := aru.mutation.predicates; len(ps) > 0 {
+	if ps := _u.mutation.predicates; len(ps) > 0 {
 		_spec.Predicate = func(selector *sql.Selector) {
 			for i := range ps {
 				ps[i](selector)
 			}
 		}
 	}
-	if value, ok := aru.mutation.Role(); ok {
+	if value, ok := _u.mutation.Role(); ok {
 		_spec.SetField(authroles.FieldRole, field.TypeEnum, value)
 	}
-	if aru.mutation.TokenCleared() {
+	if _u.mutation.TokenCleared() {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.O2O,
 			Inverse: true,
@@ -138,7 +138,7 @@ func (aru *AuthRolesUpdate) sqlSave(ctx context.Context) (n int, err error) {
 		}
 		_spec.Edges.Clear = append(_spec.Edges.Clear, edge)
 	}
-	if nodes := aru.mutation.TokenIDs(); len(nodes) > 0 {
+	if nodes := _u.mutation.TokenIDs(); len(nodes) > 0 {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.O2O,
 			Inverse: true,
@@ -154,7 +154,7 @@ func (aru *AuthRolesUpdate) sqlSave(ctx context.Context) (n int, err error) {
 		}
 		_spec.Edges.Add = append(_spec.Edges.Add, edge)
 	}
-	if n, err = sqlgraph.UpdateNodes(ctx, aru.driver, _spec); err != nil {
+	if _node, err = sqlgraph.UpdateNodes(ctx, _u.driver, _spec); err != nil {
 		if _, ok := err.(*sqlgraph.NotFoundError); ok {
 			err = &NotFoundError{authroles.Label}
 		} else if sqlgraph.IsConstraintError(err) {
@@ -162,8 +162,8 @@ func (aru *AuthRolesUpdate) sqlSave(ctx context.Context) (n int, err error) {
 		}
 		return 0, err
 	}
-	aru.mutation.done = true
-	return n, nil
+	_u.mutation.done = true
+	return _node, nil
 }
 
 // AuthRolesUpdateOne is the builder for updating a single AuthRoles entity.
@@ -175,70 +175,70 @@ type AuthRolesUpdateOne struct {
 }
 
 // SetRole sets the "role" field.
-func (aruo *AuthRolesUpdateOne) SetRole(a authroles.Role) *AuthRolesUpdateOne {
-	aruo.mutation.SetRole(a)
-	return aruo
+func (_u *AuthRolesUpdateOne) SetRole(v authroles.Role) *AuthRolesUpdateOne {
+	_u.mutation.SetRole(v)
+	return _u
 }
 
 // SetNillableRole sets the "role" field if the given value is not nil.
-func (aruo *AuthRolesUpdateOne) SetNillableRole(a *authroles.Role) *AuthRolesUpdateOne {
-	if a != nil {
-		aruo.SetRole(*a)
+func (_u *AuthRolesUpdateOne) SetNillableRole(v *authroles.Role) *AuthRolesUpdateOne {
+	if v != nil {
+		_u.SetRole(*v)
 	}
-	return aruo
+	return _u
 }
 
 // SetTokenID sets the "token" edge to the AuthTokens entity by ID.
-func (aruo *AuthRolesUpdateOne) SetTokenID(id uuid.UUID) *AuthRolesUpdateOne {
-	aruo.mutation.SetTokenID(id)
-	return aruo
+func (_u *AuthRolesUpdateOne) SetTokenID(id uuid.UUID) *AuthRolesUpdateOne {
+	_u.mutation.SetTokenID(id)
+	return _u
 }
 
 // SetNillableTokenID sets the "token" edge to the AuthTokens entity by ID if the given value is not nil.
-func (aruo *AuthRolesUpdateOne) SetNillableTokenID(id *uuid.UUID) *AuthRolesUpdateOne {
+func (_u *AuthRolesUpdateOne) SetNillableTokenID(id *uuid.UUID) *AuthRolesUpdateOne {
 	if id != nil {
-		aruo = aruo.SetTokenID(*id)
+		_u = _u.SetTokenID(*id)
 	}
-	return aruo
+	return _u
 }
 
 // SetToken sets the "token" edge to the AuthTokens entity.
-func (aruo *AuthRolesUpdateOne) SetToken(a *AuthTokens) *AuthRolesUpdateOne {
-	return aruo.SetTokenID(a.ID)
+func (_u *AuthRolesUpdateOne) SetToken(v *AuthTokens) *AuthRolesUpdateOne {
+	return _u.SetTokenID(v.ID)
 }
 
 // Mutation returns the AuthRolesMutation object of the builder.
-func (aruo *AuthRolesUpdateOne) Mutation() *AuthRolesMutation {
-	return aruo.mutation
+func (_u *AuthRolesUpdateOne) Mutation() *AuthRolesMutation {
+	return _u.mutation
 }
 
 // ClearToken clears the "token" edge to the AuthTokens entity.
-func (aruo *AuthRolesUpdateOne) ClearToken() *AuthRolesUpdateOne {
-	aruo.mutation.ClearToken()
-	return aruo
+func (_u *AuthRolesUpdateOne) ClearToken() *AuthRolesUpdateOne {
+	_u.mutation.ClearToken()
+	return _u
 }
 
 // Where appends a list predicates to the AuthRolesUpdate builder.
-func (aruo *AuthRolesUpdateOne) Where(ps ...predicate.AuthRoles) *AuthRolesUpdateOne {
-	aruo.mutation.Where(ps...)
-	return aruo
+func (_u *AuthRolesUpdateOne) Where(ps ...predicate.AuthRoles) *AuthRolesUpdateOne {
+	_u.mutation.Where(ps...)
+	return _u
 }
 
 // Select allows selecting one or more fields (columns) of the returned entity.
 // The default is selecting all fields defined in the entity schema.
-func (aruo *AuthRolesUpdateOne) Select(field string, fields ...string) *AuthRolesUpdateOne {
-	aruo.fields = append([]string{field}, fields...)
-	return aruo
+func (_u *AuthRolesUpdateOne) Select(field string, fields ...string) *AuthRolesUpdateOne {
+	_u.fields = append([]string{field}, fields...)
+	return _u
 }
 
 // Save executes the query and returns the updated AuthRoles entity.
-func (aruo *AuthRolesUpdateOne) Save(ctx context.Context) (*AuthRoles, error) {
-	return withHooks(ctx, aruo.sqlSave, aruo.mutation, aruo.hooks)
+func (_u *AuthRolesUpdateOne) Save(ctx context.Context) (*AuthRoles, error) {
+	return withHooks(ctx, _u.sqlSave, _u.mutation, _u.hooks)
 }
 
 // SaveX is like Save, but panics if an error occurs.
-func (aruo *AuthRolesUpdateOne) SaveX(ctx context.Context) *AuthRoles {
-	node, err := aruo.Save(ctx)
+func (_u *AuthRolesUpdateOne) SaveX(ctx context.Context) *AuthRoles {
+	node, err := _u.Save(ctx)
 	if err != nil {
 		panic(err)
 	}
@@ -246,21 +246,21 @@ func (aruo *AuthRolesUpdateOne) SaveX(ctx context.Context) *AuthRoles {
 }
 
 // Exec executes the query on the entity.
-func (aruo *AuthRolesUpdateOne) Exec(ctx context.Context) error {
-	_, err := aruo.Save(ctx)
+func (_u *AuthRolesUpdateOne) Exec(ctx context.Context) error {
+	_, err := _u.Save(ctx)
 	return err
 }
 
 // ExecX is like Exec, but panics if an error occurs.
-func (aruo *AuthRolesUpdateOne) ExecX(ctx context.Context) {
-	if err := aruo.Exec(ctx); err != nil {
+func (_u *AuthRolesUpdateOne) ExecX(ctx context.Context) {
+	if err := _u.Exec(ctx); err != nil {
 		panic(err)
 	}
 }
 
 // check runs all checks and user-defined validators on the builder.
-func (aruo *AuthRolesUpdateOne) check() error {
-	if v, ok := aruo.mutation.Role(); ok {
+func (_u *AuthRolesUpdateOne) check() error {
+	if v, ok := _u.mutation.Role(); ok {
 		if err := authroles.RoleValidator(v); err != nil {
 			return &ValidationError{Name: "role", err: fmt.Errorf(`ent: validator failed for field "AuthRoles.role": %w`, err)}
 		}
@@ -268,17 +268,17 @@ func (aruo *AuthRolesUpdateOne) check() error {
 	return nil
 }
 
-func (aruo *AuthRolesUpdateOne) sqlSave(ctx context.Context) (_node *AuthRoles, err error) {
-	if err := aruo.check(); err != nil {
+func (_u *AuthRolesUpdateOne) sqlSave(ctx context.Context) (_node *AuthRoles, err error) {
+	if err := _u.check(); err != nil {
 		return _node, err
 	}
 	_spec := sqlgraph.NewUpdateSpec(authroles.Table, authroles.Columns, sqlgraph.NewFieldSpec(authroles.FieldID, field.TypeInt))
-	id, ok := aruo.mutation.ID()
+	id, ok := _u.mutation.ID()
 	if !ok {
 		return nil, &ValidationError{Name: "id", err: errors.New(`ent: missing "AuthRoles.id" for update`)}
 	}
 	_spec.Node.ID.Value = id
-	if fields := aruo.fields; len(fields) > 0 {
+	if fields := _u.fields; len(fields) > 0 {
 		_spec.Node.Columns = make([]string, 0, len(fields))
 		_spec.Node.Columns = append(_spec.Node.Columns, authroles.FieldID)
 		for _, f := range fields {
@@ -290,17 +290,17 @@ func (aruo *AuthRolesUpdateOne) sqlSave(ctx context.Context) (_node *AuthRoles,
 			}
 		}
 	}
-	if ps := aruo.mutation.predicates; len(ps) > 0 {
+	if ps := _u.mutation.predicates; len(ps) > 0 {
 		_spec.Predicate = func(selector *sql.Selector) {
 			for i := range ps {
 				ps[i](selector)
 			}
 		}
 	}
-	if value, ok := aruo.mutation.Role(); ok {
+	if value, ok := _u.mutation.Role(); ok {
 		_spec.SetField(authroles.FieldRole, field.TypeEnum, value)
 	}
-	if aruo.mutation.TokenCleared() {
+	if _u.mutation.TokenCleared() {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.O2O,
 			Inverse: true,
@@ -313,7 +313,7 @@ func (aruo *AuthRolesUpdateOne) sqlSave(ctx context.Context) (_node *AuthRoles,
 		}
 		_spec.Edges.Clear = append(_spec.Edges.Clear, edge)
 	}
-	if nodes := aruo.mutation.TokenIDs(); len(nodes) > 0 {
+	if nodes := _u.mutation.TokenIDs(); len(nodes) > 0 {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.O2O,
 			Inverse: true,
@@ -329,10 +329,10 @@ func (aruo *AuthRolesUpdateOne) sqlSave(ctx context.Context) (_node *AuthRoles,
 		}
 		_spec.Edges.Add = append(_spec.Edges.Add, edge)
 	}
-	_node = &AuthRoles{config: aruo.config}
+	_node = &AuthRoles{config: _u.config}
 	_spec.Assign = _node.assignValues
 	_spec.ScanValues = _node.scanValues
-	if err = sqlgraph.UpdateNode(ctx, aruo.driver, _spec); err != nil {
+	if err = sqlgraph.UpdateNode(ctx, _u.driver, _spec); err != nil {
 		if _, ok := err.(*sqlgraph.NotFoundError); ok {
 			err = &NotFoundError{authroles.Label}
 		} else if sqlgraph.IsConstraintError(err) {
@@ -340,6 +340,6 @@ func (aruo *AuthRolesUpdateOne) sqlSave(ctx context.Context) (_node *AuthRoles,
 		}
 		return nil, err
 	}
-	aruo.mutation.done = true
+	_u.mutation.done = true
 	return _node, nil
 }

backend/internal/data/ent/authtokens.go

@@ -90,7 +90,7 @@ func (*AuthTokens) scanValues(columns []string) ([]any, error) {
 
 // assignValues assigns the values that were returned from sql.Rows (after scanning)
 // to the AuthTokens fields.
-func (at *AuthTokens) assignValues(columns []string, values []any) error {
+func (_m *AuthTokens) assignValues(columns []string, values []any) error {
 	if m, n := len(values), len(columns); m < n {
 		return fmt.Errorf("mismatch number of scan values: %d != %d", m, n)
 	}
@@ -100,41 +100,41 @@ func (at *AuthTokens) assignValues(columns []string, values []any) error {
 			if value, ok := values[i].(*uuid.UUID); !ok {
 				return fmt.Errorf("unexpected type %T for field id", values[i])
 			} else if value != nil {
-				at.ID = *value
+				_m.ID = *value
 			}
 		case authtokens.FieldCreatedAt:
 			if value, ok := values[i].(*sql.NullTime); !ok {
 				return fmt.Errorf("unexpected type %T for field created_at", values[i])
 			} else if value.Valid {
-				at.CreatedAt = value.Time
+				_m.CreatedAt = value.Time
 			}
 		case authtokens.FieldUpdatedAt:
 			if value, ok := values[i].(*sql.NullTime); !ok {
 				return fmt.Errorf("unexpected type %T for field updated_at", values[i])
 			} else if value.Valid {
-				at.UpdatedAt = value.Time
+				_m.UpdatedAt = value.Time
 			}
 		case authtokens.FieldToken:
 			if value, ok := values[i].(*[]byte); !ok {
 				return fmt.Errorf("unexpected type %T for field token", values[i])
 			} else if value != nil {
-				at.Token = *value
+				_m.Token = *value
 			}
 		case authtokens.FieldExpiresAt:
 			if value, ok := values[i].(*sql.NullTime); !ok {
 				return fmt.Errorf("unexpected type %T for field expires_at", values[i])
 			} else if value.Valid {
-				at.ExpiresAt = value.Time
+				_m.ExpiresAt = value.Time
 			}
 		case authtokens.ForeignKeys[0]:
 			if value, ok := values[i].(*sql.NullScanner); !ok {
 				return fmt.Errorf("unexpected type %T for field user_auth_tokens", values[i])
 			} else if value.Valid {
-				at.user_auth_tokens = new(uuid.UUID)
-				*at.user_auth_tokens = *value.S.(*uuid.UUID)
+				_m.user_auth_tokens = new(uuid.UUID)
+				*_m.user_auth_tokens = *value.S.(*uuid.UUID)
 			}
 		default:
-			at.selectValues.Set(columns[i], values[i])
+			_m.selectValues.Set(columns[i], values[i])
 		}
 	}
 	return nil
@@ -142,54 +142,54 @@ func (at *AuthTokens) assignValues(columns []string, values []any) error {
 
 // Value returns the ent.Value that was dynamically selected and assigned to the AuthTokens.
 // This includes values selected through modifiers, order, etc.
-func (at *AuthTokens) Value(name string) (ent.Value, error) {
-	return at.selectValues.Get(name)
+func (_m *AuthTokens) Value(name string) (ent.Value, error) {
+	return _m.selectValues.Get(name)
 }
 
 // QueryUser queries the "user" edge of the AuthTokens entity.
-func (at *AuthTokens) QueryUser() *UserQuery {
-	return NewAuthTokensClient(at.config).QueryUser(at)
+func (_m *AuthTokens) QueryUser() *UserQuery {
+	return NewAuthTokensClient(_m.config).QueryUser(_m)
 }
 
 // QueryRoles queries the "roles" edge of the AuthTokens entity.
-func (at *AuthTokens) QueryRoles() *AuthRolesQuery {
-	return NewAuthTokensClient(at.config).QueryRoles(at)
+func (_m *AuthTokens) QueryRoles() *AuthRolesQuery {
+	return NewAuthTokensClient(_m.config).QueryRoles(_m)
 }
 
 // Update returns a builder for updating this AuthTokens.
 // Note that you need to call AuthTokens.Unwrap() before calling this method if this AuthTokens
 // was returned from a transaction, and the transaction was committed or rolled back.
-func (at *AuthTokens) Update() *AuthTokensUpdateOne {
-	return NewAuthTokensClient(at.config).UpdateOne(at)
+func (_m *AuthTokens) Update() *AuthTokensUpdateOne {
+	return NewAuthTokensClient(_m.config).UpdateOne(_m)
 }
 
 // Unwrap unwraps the AuthTokens entity that was returned from a transaction after it was closed,
 // so that all future queries will be executed through the driver which created the transaction.
-func (at *AuthTokens) Unwrap() *AuthTokens {
-	_tx, ok := at.config.driver.(*txDriver)
+func (_m *AuthTokens) Unwrap() *AuthTokens {
+	_tx, ok := _m.config.driver.(*txDriver)
 	if !ok {
 		panic("ent: AuthTokens is not a transactional entity")
 	}
-	at.config.driver = _tx.drv
-	return at
+	_m.config.driver = _tx.drv
+	return _m
 }
 
 // String implements the fmt.Stringer.
-func (at *AuthTokens) String() string {
+func (_m *AuthTokens) String() string {
 	var builder strings.Builder
 	builder.WriteString("AuthTokens(")
-	builder.WriteString(fmt.Sprintf("id=%v, ", at.ID))
+	builder.WriteString(fmt.Sprintf("id=%v, ", _m.ID))
 	builder.WriteString("created_at=")
-	builder.WriteString(at.CreatedAt.Format(time.ANSIC))
+	builder.WriteString(_m.CreatedAt.Format(time.ANSIC))
 	builder.WriteString(", ")
 	builder.WriteString("updated_at=")
-	builder.WriteString(at.UpdatedAt.Format(time.ANSIC))
+	builder.WriteString(_m.UpdatedAt.Format(time.ANSIC))
 	builder.WriteString(", ")
 	builder.WriteString("token=")
-	builder.WriteString(fmt.Sprintf("%v", at.Token))
+	builder.WriteString(fmt.Sprintf("%v", _m.Token))
 	builder.WriteString(", ")
 	builder.WriteString("expires_at=")
-	builder.WriteString(at.ExpiresAt.Format(time.ANSIC))
+	builder.WriteString(_m.ExpiresAt.Format(time.ANSIC))
 	builder.WriteByte(')')
 	return builder.String()
 }

backend/internal/data/ent/authtokens_create.go

@@ -24,119 +24,119 @@ type AuthTokensCreate struct {
 }
 
 // SetCreatedAt sets the "created_at" field.
-func (atc *AuthTokensCreate) SetCreatedAt(t time.Time) *AuthTokensCreate {
-	atc.mutation.SetCreatedAt(t)
-	return atc
+func (_c *AuthTokensCreate) SetCreatedAt(v time.Time) *AuthTokensCreate {
+	_c.mutation.SetCreatedAt(v)
+	return _c
 }
 
 // SetNillableCreatedAt sets the "created_at" field if the given value is not nil.
-func (atc *AuthTokensCreate) SetNillableCreatedAt(t *time.Time) *AuthTokensCreate {
-	if t != nil {
-		atc.SetCreatedAt(*t)
+func (_c *AuthTokensCreate) SetNillableCreatedAt(v *time.Time) *AuthTokensCreate {
+	if v != nil {
+		_c.SetCreatedAt(*v)
 	}
-	return atc
+	return _c
 }
 
 // SetUpdatedAt sets the "updated_at" field.
-func (atc *AuthTokensCreate) SetUpdatedAt(t time.Time) *AuthTokensCreate {
-	atc.mutation.SetUpdatedAt(t)
-	return atc
+func (_c *AuthTokensCreate) SetUpdatedAt(v time.Time) *AuthTokensCreate {
+	_c.mutation.SetUpdatedAt(v)
+	return _c
 }
 
 // SetNillableUpdatedAt sets the "updated_at" field if the given value is not nil.
-func (atc *AuthTokensCreate) SetNillableUpdatedAt(t *time.Time) *AuthTokensCreate {
-	if t != nil {
-		atc.SetUpdatedAt(*t)
+func (_c *AuthTokensCreate) SetNillableUpdatedAt(v *time.Time) *AuthTokensCreate {
+	if v != nil {
+		_c.SetUpdatedAt(*v)
 	}
-	return atc
+	return _c
 }
 
 // SetToken sets the "token" field.
-func (atc *AuthTokensCreate) SetToken(b []byte) *AuthTokensCreate {
-	atc.mutation.SetToken(b)
-	return atc
+func (_c *AuthTokensCreate) SetToken(v []byte) *AuthTokensCreate {
+	_c.mutation.SetToken(v)
+	return _c
 }
 
 // SetExpiresAt sets the "expires_at" field.
-func (atc *AuthTokensCreate) SetExpiresAt(t time.Time) *AuthTokensCreate {
-	atc.mutation.SetExpiresAt(t)
-	return atc
+func (_c *AuthTokensCreate) SetExpiresAt(v time.Time) *AuthTokensCreate {
+	_c.mutation.SetExpiresAt(v)
+	return _c
 }
 
 // SetNillableExpiresAt sets the "expires_at" field if the given value is not nil.
-func (atc *AuthTokensCreate) SetNillableExpiresAt(t *time.Time) *AuthTokensCreate {
-	if t != nil {
-		atc.SetExpiresAt(*t)
+func (_c *AuthTokensCreate) SetNillableExpiresAt(v *time.Time) *AuthTokensCreate {
+	if v != nil {
+		_c.SetExpiresAt(*v)
 	}
-	return atc
+	return _c
 }
 
 // SetID sets the "id" field.
-func (atc *AuthTokensCreate) SetID(u uuid.UUID) *AuthTokensCreate {
-	atc.mutation.SetID(u)
-	return atc
+func (_c *AuthTokensCreate) SetID(v uuid.UUID) *AuthTokensCreate {
+	_c.mutation.SetID(v)
+	return _c
 }
 
 // SetNillableID sets the "id" field if the given value is not nil.
-func (atc *AuthTokensCreate) SetNillableID(u *uuid.UUID) *AuthTokensCreate {
-	if u != nil {
-		atc.SetID(*u)
+func (_c *AuthTokensCreate) SetNillableID(v *uuid.UUID) *AuthTokensCreate {
+	if v != nil {
+		_c.SetID(*v)
 	}
-	return atc
+	return _c
 }
 
 // SetUserID sets the "user" edge to the User entity by ID.
-func (atc *AuthTokensCreate) SetUserID(id uuid.UUID) *AuthTokensCreate {
-	atc.mutation.SetUserID(id)
-	return atc
+func (_c *AuthTokensCreate) SetUserID(id uuid.UUID) *AuthTokensCreate {
+	_c.mutation.SetUserID(id)
+	return _c
 }
 
 // SetNillableUserID sets the "user" edge to the User entity by ID if the given value is not nil.
-func (atc *AuthTokensCreate) SetNillableUserID(id *uuid.UUID) *AuthTokensCreate {
+func (_c *AuthTokensCreate) SetNillableUserID(id *uuid.UUID) *AuthTokensCreate {
 	if id != nil {
-		atc = atc.SetUserID(*id)
+		_c = _c.SetUserID(*id)
 	}
-	return atc
+	return _c
 }
 
 // SetUser sets the "user" edge to the User entity.
-func (atc *AuthTokensCreate) SetUser(u *User) *AuthTokensCreate {
-	return atc.SetUserID(u.ID)
+func (_c *AuthTokensCreate) SetUser(v *User) *AuthTokensCreate {
+	return _c.SetUserID(v.ID)
 }
 
 // SetRolesID sets the "roles" edge to the AuthRoles entity by ID.
-func (atc *AuthTokensCreate) SetRolesID(id int) *AuthTokensCreate {
-	atc.mutation.SetRolesID(id)
-	return atc
+func (_c *AuthTokensCreate) SetRolesID(id int) *AuthTokensCreate {
+	_c.mutation.SetRolesID(id)
+	return _c
 }
 
 // SetNillableRolesID sets the "roles" edge to the AuthRoles entity by ID if the given value is not nil.
-func (atc *AuthTokensCreate) SetNillableRolesID(id *int) *AuthTokensCreate {
+func (_c *AuthTokensCreate) SetNillableRolesID(id *int) *AuthTokensCreate {
 	if id != nil {
-		atc = atc.SetRolesID(*id)
+		_c = _c.SetRolesID(*id)
 	}
-	return atc
+	return _c
 }
 
 // SetRoles sets the "roles" edge to the AuthRoles entity.
-func (atc *AuthTokensCreate) SetRoles(a *AuthRoles) *AuthTokensCreate {
-	return atc.SetRolesID(a.ID)
+func (_c *AuthTokensCreate) SetRoles(v *AuthRoles) *AuthTokensCreate {
+	return _c.SetRolesID(v.ID)
 }
 
 // Mutation returns the AuthTokensMutation object of the builder.
-func (atc *AuthTokensCreate) Mutation() *AuthTokensMutation {
-	return atc.mutation
+func (_c *AuthTokensCreate) Mutation() *AuthTokensMutation {
+	return _c.mutation
 }
 
 // Save creates the AuthTokens in the database.
-func (atc *AuthTokensCreate) Save(ctx context.Context) (*AuthTokens, error) {
-	atc.defaults()
-	return withHooks(ctx, atc.sqlSave, atc.mutation, atc.hooks)
+func (_c *AuthTokensCreate) Save(ctx context.Context) (*AuthTokens, error) {
+	_c.defaults()
+	return withHooks(ctx, _c.sqlSave, _c.mutation, _c.hooks)
 }
 
 // SaveX calls Save and panics if Save returns an error.
-func (atc *AuthTokensCreate) SaveX(ctx context.Context) *AuthTokens {
-	v, err := atc.Save(ctx)
+func (_c *AuthTokensCreate) SaveX(ctx context.Context) *AuthTokens {
+	v, err := _c.Save(ctx)
 	if err != nil {
 		panic(err)
 	}
@@ -144,61 +144,61 @@ func (atc *AuthTokensCreate) SaveX(ctx context.Context) *AuthTokens {
 }
 
 // Exec executes the query.
-func (atc *AuthTokensCreate) Exec(ctx context.Context) error {
-	_, err := atc.Save(ctx)
+func (_c *AuthTokensCreate) Exec(ctx context.Context) error {
+	_, err := _c.Save(ctx)
 	return err
 }
 
 // ExecX is like Exec, but panics if an error occurs.
-func (atc *AuthTokensCreate) ExecX(ctx context.Context) {
-	if err := atc.Exec(ctx); err != nil {
+func (_c *AuthTokensCreate) ExecX(ctx context.Context) {
+	if err := _c.Exec(ctx); err != nil {
 		panic(err)
 	}
 }
 
 // defaults sets the default values of the builder before save.
-func (atc *AuthTokensCreate) defaults() {
-	if _, ok := atc.mutation.CreatedAt(); !ok {
+func (_c *AuthTokensCreate) defaults() {
+	if _, ok := _c.mutation.CreatedAt(); !ok {
 		v := authtokens.DefaultCreatedAt()
-		atc.mutation.SetCreatedAt(v)
+		_c.mutation.SetCreatedAt(v)
 	}
-	if _, ok := atc.mutation.UpdatedAt(); !ok {
+	if _, ok := _c.mutation.UpdatedAt(); !ok {
 		v := authtokens.DefaultUpdatedAt()
-		atc.mutation.SetUpdatedAt(v)
+		_c.mutation.SetUpdatedAt(v)
 	}
-	if _, ok := atc.mutation.ExpiresAt(); !ok {
+	if _, ok := _c.mutation.ExpiresAt(); !ok {
 		v := authtokens.DefaultExpiresAt()
-		atc.mutation.SetExpiresAt(v)
+		_c.mutation.SetExpiresAt(v)
 	}
-	if _, ok := atc.mutation.ID(); !ok {
+	if _, ok := _c.mutation.ID(); !ok {
 		v := authtokens.DefaultID()
-		atc.mutation.SetID(v)
+		_c.mutation.SetID(v)
 	}
 }
 
 // check runs all checks and user-defined validators on the builder.
-func (atc *AuthTokensCreate) check() error {
-	if _, ok := atc.mutation.CreatedAt(); !ok {
+func (_c *AuthTokensCreate) check() error {
+	if _, ok := _c.mutation.CreatedAt(); !ok {
 		return &ValidationError{Name: "created_at", err: errors.New(`ent: missing required field "AuthTokens.created_at"`)}
 	}
-	if _, ok := atc.mutation.UpdatedAt(); !ok {
+	if _, ok := _c.mutation.UpdatedAt(); !ok {
 		return &ValidationError{Name: "updated_at", err: errors.New(`ent: missing required field "AuthTokens.updated_at"`)}
 	}
-	if _, ok := atc.mutation.Token(); !ok {
+	if _, ok := _c.mutation.Token(); !ok {
 		return &ValidationError{Name: "token", err: errors.New(`ent: missing required field "AuthTokens.token"`)}
 	}
-	if _, ok := atc.mutation.ExpiresAt(); !ok {
+	if _, ok := _c.mutation.ExpiresAt(); !ok {
 		return &ValidationError{Name: "expires_at", err: errors.New(`ent: missing required field "AuthTokens.expires_at"`)}
 	}
 	return nil
 }
 
-func (atc *AuthTokensCreate) sqlSave(ctx context.Context) (*AuthTokens, error) {
-	if err := atc.check(); err != nil {
+func (_c *AuthTokensCreate) sqlSave(ctx context.Context) (*AuthTokens, error) {
+	if err := _c.check(); err != nil {
 		return nil, err
 	}
-	_node, _spec := atc.createSpec()
-	if err := sqlgraph.CreateNode(ctx, atc.driver, _spec); err != nil {
+	_node, _spec := _c.createSpec()
+	if err := sqlgraph.CreateNode(ctx, _c.driver, _spec); err != nil {
 		if sqlgraph.IsConstraintError(err) {
 			err = &ConstraintError{msg: err.Error(), wrap: err}
 		}
@@ -211,37 +211,37 @@ func (atc *AuthTokensCreate) sqlSave(ctx context.Context) (*AuthTokens, error) {
 			return nil, err
 		}
 	}
-	atc.mutation.id = &_node.ID
-	atc.mutation.done = true
+	_c.mutation.id = &_node.ID
+	_c.mutation.done = true
 	return _node, nil
 }
 
-func (atc *AuthTokensCreate) createSpec() (*AuthTokens, *sqlgraph.CreateSpec) {
+func (_c *AuthTokensCreate) createSpec() (*AuthTokens, *sqlgraph.CreateSpec) {
 	var (
-		_node = &AuthTokens{config: atc.config}
+		_node = &AuthTokens{config: _c.config}
 		_spec = sqlgraph.NewCreateSpec(authtokens.Table, sqlgraph.NewFieldSpec(authtokens.FieldID, field.TypeUUID))
 	)
-	if id, ok := atc.mutation.ID(); ok {
+	if id, ok := _c.mutation.ID(); ok {
 		_node.ID = id
 		_spec.ID.Value = &id
 	}
-	if value, ok := atc.mutation.CreatedAt(); ok {
+	if value, ok := _c.mutation.CreatedAt(); ok {
 		_spec.SetField(authtokens.FieldCreatedAt, field.TypeTime, value)
 		_node.CreatedAt = value
 	}
-	if value, ok := atc.mutation.UpdatedAt(); ok {
+	if value, ok := _c.mutation.UpdatedAt(); ok {
 		_spec.SetField(authtokens.FieldUpdatedAt, field.TypeTime, value)
 		_node.UpdatedAt = value
 	}
-	if value, ok := atc.mutation.Token(); ok {
+	if value, ok := _c.mutation.Token(); ok {
 		_spec.SetField(authtokens.FieldToken, field.TypeBytes, value)
 		_node.Token = value
 	}
-	if value, ok := atc.mutation.ExpiresAt(); ok {
+	if value, ok := _c.mutation.ExpiresAt(); ok {
 		_spec.SetField(authtokens.FieldExpiresAt, field.TypeTime, value)
 		_node.ExpiresAt = value
 	}
-	if nodes := atc.mutation.UserIDs(); len(nodes) > 0 {
+	if nodes := _c.mutation.UserIDs(); len(nodes) > 0 {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.M2O,
 			Inverse: true,
@@ -258,7 +258,7 @@ func (atc *AuthTokensCreate) createSpec() (*AuthTokens, *sqlgraph.CreateSpec) {
 		_node.user_auth_tokens = &nodes[0]
 		_spec.Edges = append(_spec.Edges, edge)
 	}
-	if nodes := atc.mutation.RolesIDs(); len(nodes) > 0 {
+	if nodes := _c.mutation.RolesIDs(); len(nodes) > 0 {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.O2O,
 			Inverse: false,
@@ -285,16 +285,16 @@ type AuthTokensCreateBulk struct {
 }
 
 // Save creates the AuthTokens entities in the database.
-func (atcb *AuthTokensCreateBulk) Save(ctx context.Context) ([]*AuthTokens, error) {
-	if atcb.err != nil {
-		return nil, atcb.err
+func (_c *AuthTokensCreateBulk) Save(ctx context.Context) ([]*AuthTokens, error) {
+	if _c.err != nil {
+		return nil, _c.err
 	}
-	specs := make([]*sqlgraph.CreateSpec, len(atcb.builders))
-	nodes := make([]*AuthTokens, len(atcb.builders))
-	mutators := make([]Mutator, len(atcb.builders))
-	for i := range atcb.builders {
+	specs := make([]*sqlgraph.CreateSpec, len(_c.builders))
+	nodes := make([]*AuthTokens, len(_c.builders))
+	mutators := make([]Mutator, len(_c.builders))
+	for i := range _c.builders {
 		func(i int, root context.Context) {
-			builder := atcb.builders[i]
+			builder := _c.builders[i]
 			builder.defaults()
 			var mut Mutator = MutateFunc(func(ctx context.Context, m Mutation) (Value, error) {
 				mutation, ok := m.(*AuthTokensMutation)
@@ -308,11 +308,11 @@ func (atcb *AuthTokensCreateBulk) Save(ctx context.Context) ([]*AuthTokens, erro
 				var err error
 				nodes[i], specs[i] = builder.createSpec()
 				if i < len(mutators)-1 {
-					_, err = mutators[i+1].Mutate(root, atcb.builders[i+1].mutation)
+					_, err = mutators[i+1].Mutate(root, _c.builders[i+1].mutation)
 				} else {
 					spec := &sqlgraph.BatchCreateSpec{Nodes: specs}
 					// Invoke the actual operation on the latest mutation in the chain.
-					if err = sqlgraph.BatchCreate(ctx, atcb.driver, spec); err != nil {
+					if err = sqlgraph.BatchCreate(ctx, _c.driver, spec); err != nil {
 						if sqlgraph.IsConstraintError(err) {
 							err = &ConstraintError{msg: err.Error(), wrap: err}
 						}
@@ -332,7 +332,7 @@ func (atcb *AuthTokensCreateBulk) Save(ctx context.Context) ([]*AuthTokens, erro
 		}(i, ctx)
 	}
 	if len(mutators) > 0 {
-		if _, err := mutators[0].Mutate(ctx, atcb.builders[0].mutation); err != nil {
+		if _, err := mutators[0].Mutate(ctx, _c.builders[0].mutation); err != nil {
 			return nil, err
 		}
 	}
@@ -340,8 +340,8 @@ func (atcb *AuthTokensCreateBulk) Save(ctx context.Context) ([]*AuthTokens, erro
 }
 
 // SaveX is like Save, but panics if an error occurs.
-func (atcb *AuthTokensCreateBulk) SaveX(ctx context.Context) []*AuthTokens {
-	v, err := atcb.Save(ctx)
+func (_c *AuthTokensCreateBulk) SaveX(ctx context.Context) []*AuthTokens {
+	v, err := _c.Save(ctx)
 	if err != nil {
 		panic(err)
 	}
@@ -349,14 +349,14 @@ func (atcb *AuthTokensCreateBulk) SaveX(ctx context.Context) []*AuthTokens {
 }
 
 // Exec executes the query.
-func (atcb *AuthTokensCreateBulk) Exec(ctx context.Context) error {
-	_, err := atcb.Save(ctx)
+func (_c *AuthTokensCreateBulk) Exec(ctx context.Context) error {
+	_, err := _c.Save(ctx)
 	return err
 }
 
 // ExecX is like Exec, but panics if an error occurs.
-func (atcb *AuthTokensCreateBulk) ExecX(ctx context.Context) {
-	if err := atcb.Exec(ctx); err != nil {
+func (_c *AuthTokensCreateBulk) ExecX(ctx context.Context) {
+	if err := _c.Exec(ctx); err != nil {
 		panic(err)
 	}
 }

backend/internal/data/ent/authtokens_delete.go

@@ -20,56 +20,56 @@ type AuthTokensDelete struct {
 }
 
 // Where appends a list predicates to the AuthTokensDelete builder.
-func (atd *AuthTokensDelete) Where(ps ...predicate.AuthTokens) *AuthTokensDelete {
-	atd.mutation.Where(ps...)
-	return atd
+func (_d *AuthTokensDelete) Where(ps ...predicate.AuthTokens) *AuthTokensDelete {
+	_d.mutation.Where(ps...)
+	return _d
 }
 
 // Exec executes the deletion query and returns how many vertices were deleted.
-func (atd *AuthTokensDelete) Exec(ctx context.Context) (int, error) {
-	return withHooks(ctx, atd.sqlExec, atd.mutation, atd.hooks)
+func (_d *AuthTokensDelete) Exec(ctx context.Context) (int, error) {
+	return withHooks(ctx, _d.sqlExec, _d.mutation, _d.hooks)
 }
 
 // ExecX is like Exec, but panics if an error occurs.
-func (atd *AuthTokensDelete) ExecX(ctx context.Context) int {
-	n, err := atd.Exec(ctx)
+func (_d *AuthTokensDelete) ExecX(ctx context.Context) int {
+	n, err := _d.Exec(ctx)
 	if err != nil {
 		panic(err)
 	}
 	return n
 }
 
-func (atd *AuthTokensDelete) sqlExec(ctx context.Context) (int, error) {
+func (_d *AuthTokensDelete) sqlExec(ctx context.Context) (int, error) {
 	_spec := sqlgraph.NewDeleteSpec(authtokens.Table, sqlgraph.NewFieldSpec(authtokens.FieldID, field.TypeUUID))
-	if ps := atd.mutation.predicates; len(ps) > 0 {
+	if ps := _d.mutation.predicates; len(ps) > 0 {
 		_spec.Predicate = func(selector *sql.Selector) {
 			for i := range ps {
 				ps[i](selector)
 			}
 		}
 	}
-	affected, err := sqlgraph.DeleteNodes(ctx, atd.driver, _spec)
+	affected, err := sqlgraph.DeleteNodes(ctx, _d.driver, _spec)
 	if err != nil && sqlgraph.IsConstraintError(err) {
 		err = &ConstraintError{msg: err.Error(), wrap: err}
 	}
-	atd.mutation.done = true
+	_d.mutation.done = true
 	return affected, err
 }
 
 // AuthTokensDeleteOne is the builder for deleting a single AuthTokens entity.
 type AuthTokensDeleteOne struct {
-	atd *AuthTokensDelete
+	_d *AuthTokensDelete
 }
 
 // Where appends a list predicates to the AuthTokensDelete builder.
-func (atdo *AuthTokensDeleteOne) Where(ps ...predicate.AuthTokens) *AuthTokensDeleteOne {
-	atdo.atd.mutation.Where(ps...)
-	return atdo
+func (_d *AuthTokensDeleteOne) Where(ps ...predicate.AuthTokens) *AuthTokensDeleteOne {
+	_d._d.mutation.Where(ps...)
+	return _d
 }
 
 // Exec executes the deletion query.
-func (atdo *AuthTokensDeleteOne) Exec(ctx context.Context) error {
-	n, err := atdo.atd.Exec(ctx)
+func (_d *AuthTokensDeleteOne) Exec(ctx context.Context) error {
+	n, err := _d._d.Exec(ctx)
 	switch {
 	case err != nil:
 		return err
@@ -81,8 +81,8 @@ func (atdo *AuthTokensDeleteOne) Exec(ctx context.Context) error {
 }
 
 // ExecX is like Exec, but panics if an error occurs.
-func (atdo *AuthTokensDeleteOne) ExecX(ctx context.Context) {
-	if err := atdo.Exec(ctx); err != nil {
+func (_d *AuthTokensDeleteOne) ExecX(ctx context.Context) {
+	if err := _d.Exec(ctx); err != nil {
 		panic(err)
 	}
 }

backend/internal/data/ent/authtokens_query.go

@@ -35,44 +35,44 @@ type AuthTokensQuery struct {
 }
 
 // Where adds a new predicate for the AuthTokensQuery builder.
-func (atq *AuthTokensQuery) Where(ps ...predicate.AuthTokens) *AuthTokensQuery {
-	atq.predicates = append(atq.predicates, ps...)
-	return atq
+func (_q *AuthTokensQuery) Where(ps ...predicate.AuthTokens) *AuthTokensQuery {
+	_q.predicates = append(_q.predicates, ps...)
+	return _q
 }
 
 // Limit the number of records to be returned by this query.
-func (atq *AuthTokensQuery) Limit(limit int) *AuthTokensQuery {
-	atq.ctx.Limit = &limit
-	return atq
+func (_q *AuthTokensQuery) Limit(limit int) *AuthTokensQuery {
+	_q.ctx.Limit = &limit
+	return _q
 }
 
 // Offset to start from.
-func (atq *AuthTokensQuery) Offset(offset int) *AuthTokensQuery {
-	atq.ctx.Offset = &offset
-	return atq
+func (_q *AuthTokensQuery) Offset(offset int) *AuthTokensQuery {
+	_q.ctx.Offset = &offset
+	return _q
 }
 
 // Unique configures the query builder to filter duplicate records on query.
 // By default, unique is set to true, and can be disabled using this method.
-func (atq *AuthTokensQuery) Unique(unique bool) *AuthTokensQuery {
-	atq.ctx.Unique = &unique
-	return atq
+func (_q *AuthTokensQuery) Unique(unique bool) *AuthTokensQuery {
+	_q.ctx.Unique = &unique
+	return _q
 }
 
 // Order specifies how the records should be ordered.
-func (atq *AuthTokensQuery) Order(o ...authtokens.OrderOption) *AuthTokensQuery {
-	atq.order = append(atq.order, o...)
-	return atq
+func (_q *AuthTokensQuery) Order(o ...authtokens.OrderOption) *AuthTokensQuery {
+	_q.order = append(_q.order, o...)
+	return _q
 }
 
 // QueryUser chains the current query on the "user" edge.
-func (atq *AuthTokensQuery) QueryUser() *UserQuery {
-	query := (&UserClient{config: atq.config}).Query()
+func (_q *AuthTokensQuery) QueryUser() *UserQuery {
+	query := (&UserClient{config: _q.config}).Query()
 	query.path = func(ctx context.Context) (fromU *sql.Selector, err error) {
-		if err := atq.prepareQuery(ctx); err != nil {
+		if err := _q.prepareQuery(ctx); err != nil {
 			return nil, err
 		}
-		selector := atq.sqlQuery(ctx)
+		selector := _q.sqlQuery(ctx)
 		if err := selector.Err(); err != nil {
 			return nil, err
 		}
@@ -81,20 +81,20 @@ func (atq *AuthTokensQuery) QueryUser() *UserQuery {
 			sqlgraph.To(user.Table, user.FieldID),
 			sqlgraph.Edge(sqlgraph.M2O, true, authtokens.UserTable, authtokens.UserColumn),
 		)
-		fromU = sqlgraph.SetNeighbors(atq.driver.Dialect(), step)
+		fromU = sqlgraph.SetNeighbors(_q.driver.Dialect(), step)
 		return fromU, nil
 	}
 	return query
 }
 
 // QueryRoles chains the current query on the "roles" edge.
-func (atq *AuthTokensQuery) QueryRoles() *AuthRolesQuery {
-	query := (&AuthRolesClient{config: atq.config}).Query()
+func (_q *AuthTokensQuery) QueryRoles() *AuthRolesQuery {
+	query := (&AuthRolesClient{config: _q.config}).Query()
 	query.path = func(ctx context.Context) (fromU *sql.Selector, err error) {
-		if err := atq.prepareQuery(ctx); err != nil {
+		if err := _q.prepareQuery(ctx); err != nil {
 			return nil, err
 		}
-		selector := atq.sqlQuery(ctx)
+		selector := _q.sqlQuery(ctx)
 		if err := selector.Err(); err != nil {
 			return nil, err
 		}
@@ -103,7 +103,7 @@ func (atq *AuthTokensQuery) QueryRoles() *AuthRolesQuery {
 			sqlgraph.To(authroles.Table, authroles.FieldID),
 			sqlgraph.Edge(sqlgraph.O2O, false, authtokens.RolesTable, authtokens.RolesColumn),
 		)
-		fromU = sqlgraph.SetNeighbors(atq.driver.Dialect(), step)
+		fromU = sqlgraph.SetNeighbors(_q.driver.Dialect(), step)
 		return fromU, nil
 	}
 	return query
@@ -111,8 +111,8 @@ func (atq *AuthTokensQuery) QueryRoles() *AuthRolesQuery {
 
 // First returns the first AuthTokens entity from the query.
 // Returns a *NotFoundError when no AuthTokens was found.
-func (atq *AuthTokensQuery) First(ctx context.Context) (*AuthTokens, error) {
-	nodes, err := atq.Limit(1).All(setContextOp(ctx, atq.ctx, ent.OpQueryFirst))
+func (_q *AuthTokensQuery) First(ctx context.Context) (*AuthTokens, error) {
+	nodes, err := _q.Limit(1).All(setContextOp(ctx, _q.ctx, ent.OpQueryFirst))
 	if err != nil {
 		return nil, err
 	}
@@ -123,8 +123,8 @@ func (atq *AuthTokensQuery) First(ctx context.Context) (*AuthTokens, error) {
 }
 
 // FirstX is like First, but panics if an error occurs.
-func (atq *AuthTokensQuery) FirstX(ctx context.Context) *AuthTokens {
-	node, err := atq.First(ctx)
+func (_q *AuthTokensQuery) FirstX(ctx context.Context) *AuthTokens {
+	node, err := _q.First(ctx)
 	if err != nil && !IsNotFound(err) {
 		panic(err)
 	}
@@ -133,9 +133,9 @@ func (atq *AuthTokensQuery) FirstX(ctx context.Context) *AuthTokens {
 
 // FirstID returns the first AuthTokens ID from the query.
 // Returns a *NotFoundError when no AuthTokens ID was found.
-func (atq *AuthTokensQuery) FirstID(ctx context.Context) (id uuid.UUID, err error) {
+func (_q *AuthTokensQuery) FirstID(ctx context.Context) (id uuid.UUID, err error) {
 	var ids []uuid.UUID
-	if ids, err = atq.Limit(1).IDs(setContextOp(ctx, atq.ctx, ent.OpQueryFirstID)); err != nil {
+	if ids, err = _q.Limit(1).IDs(setContextOp(ctx, _q.ctx, ent.OpQueryFirstID)); err != nil {
 		return
 	}
 	if len(ids) == 0 {
@@ -146,8 +146,8 @@ func (atq *AuthTokensQuery) FirstID(ctx context.Context) (id uuid.UUID, err erro
 }
 
 // FirstIDX is like FirstID, but panics if an error occurs.
-func (atq *AuthTokensQuery) FirstIDX(ctx context.Context) uuid.UUID {
-	id, err := atq.FirstID(ctx)
+func (_q *AuthTokensQuery) FirstIDX(ctx context.Context) uuid.UUID {
+	id, err := _q.FirstID(ctx)
 	if err != nil && !IsNotFound(err) {
 		panic(err)
 	}
@@ -157,8 +157,8 @@ func (atq *AuthTokensQuery) FirstIDX(ctx context.Context) uuid.UUID {
 // Only returns a single AuthTokens entity found by the query, ensuring it only returns one.
 // Returns a *NotSingularError when more than one AuthTokens entity is found.
 // Returns a *NotFoundError when no AuthTokens entities are found.
-func (atq *AuthTokensQuery) Only(ctx context.Context) (*AuthTokens, error) {
-	nodes, err := atq.Limit(2).All(setContextOp(ctx, atq.ctx, ent.OpQueryOnly))
+func (_q *AuthTokensQuery) Only(ctx context.Context) (*AuthTokens, error) {
+	nodes, err := _q.Limit(2).All(setContextOp(ctx, _q.ctx, ent.OpQueryOnly))
 	if err != nil {
 		return nil, err
 	}
@@ -173,8 +173,8 @@ func (atq *AuthTokensQuery) Only(ctx context.Context) (*AuthTokens, error) {
 }
 
 // OnlyX is like Only, but panics if an error occurs.
-func (atq *AuthTokensQuery) OnlyX(ctx context.Context) *AuthTokens {
-	node, err := atq.Only(ctx)
+func (_q *AuthTokensQuery) OnlyX(ctx context.Context) *AuthTokens {
+	node, err := _q.Only(ctx)
 	if err != nil {
 		panic(err)
 	}
@@ -184,9 +184,9 @@ func (atq *AuthTokensQuery) OnlyX(ctx context.Context) *AuthTokens {
 // OnlyID is like Only, but returns the only AuthTokens ID in the query.
 // Returns a *NotSingularError when more than one AuthTokens ID is found.
 // Returns a *NotFoundError when no entities are found.
-func (atq *AuthTokensQuery) OnlyID(ctx context.Context) (id uuid.UUID, err error) {
+func (_q *AuthTokensQuery) OnlyID(ctx context.Context) (id uuid.UUID, err error) {
 	var ids []uuid.UUID
-	if ids, err = atq.Limit(2).IDs(setContextOp(ctx, atq.ctx, ent.OpQueryOnlyID)); err != nil {
+	if ids, err = _q.Limit(2).IDs(setContextOp(ctx, _q.ctx, ent.OpQueryOnlyID)); err != nil {
 		return
 	}
 	switch len(ids) {
@@ -201,8 +201,8 @@ func (atq *AuthTokensQuery) OnlyID(ctx context.Context) (id uuid.UUID, err error
 }
 
 // OnlyIDX is like OnlyID, but panics if an error occurs.
-func (atq *AuthTokensQuery) OnlyIDX(ctx context.Context) uuid.UUID {
-	id, err := atq.OnlyID(ctx)
+func (_q *AuthTokensQuery) OnlyIDX(ctx context.Context) uuid.UUID {
+	id, err := _q.OnlyID(ctx)
 	if err != nil {
 		panic(err)
 	}
@@ -210,18 +210,18 @@ func (atq *AuthTokensQuery) OnlyIDX(ctx context.Context) uuid.UUID {
 }
 
 // All executes the query and returns a list of AuthTokensSlice.
-func (atq *AuthTokensQuery) All(ctx context.Context) ([]*AuthTokens, error) {
-	ctx = setContextOp(ctx, atq.ctx, ent.OpQueryAll)
-	if err := atq.prepareQuery(ctx); err != nil {
+func (_q *AuthTokensQuery) All(ctx context.Context) ([]*AuthTokens, error) {
+	ctx = setContextOp(ctx, _q.ctx, ent.OpQueryAll)
+	if err := _q.prepareQuery(ctx); err != nil {
 		return nil, err
 	}
 	qr := querierAll[[]*AuthTokens, *AuthTokensQuery]()
-	return withInterceptors[[]*AuthTokens](ctx, atq, qr, atq.inters)
+	return withInterceptors[[]*AuthTokens](ctx, _q, qr, _q.inters)
 }
 
 // AllX is like All, but panics if an error occurs.
-func (atq *AuthTokensQuery) AllX(ctx context.Context) []*AuthTokens {
-	nodes, err := atq.All(ctx)
+func (_q *AuthTokensQuery) AllX(ctx context.Context) []*AuthTokens {
+	nodes, err := _q.All(ctx)
 	if err != nil {
 		panic(err)
 	}
@@ -229,20 +229,20 @@ func (atq *AuthTokensQuery) AllX(ctx context.Context) []*AuthTokens {
 }
 
 // IDs executes the query and returns a list of AuthTokens IDs.
-func (atq *AuthTokensQuery) IDs(ctx context.Context) (ids []uuid.UUID, err error) {
-	if atq.ctx.Unique == nil && atq.path != nil {
-		atq.Unique(true)
+func (_q *AuthTokensQuery) IDs(ctx context.Context) (ids []uuid.UUID, err error) {
+	if _q.ctx.Unique == nil && _q.path != nil {
+		_q.Unique(true)
 	}
-	ctx = setContextOp(ctx, atq.ctx, ent.OpQueryIDs)
-	if err = atq.Select(authtokens.FieldID).Scan(ctx, &ids); err != nil {
+	ctx = setContextOp(ctx, _q.ctx, ent.OpQueryIDs)
+	if err = _q.Select(authtokens.FieldID).Scan(ctx, &ids); err != nil {
 		return nil, err
 	}
 	return ids, nil
 }
 
 // IDsX is like IDs, but panics if an error occurs.
-func (atq *AuthTokensQuery) IDsX(ctx context.Context) []uuid.UUID {
-	ids, err := atq.IDs(ctx)
+func (_q *AuthTokensQuery) IDsX(ctx context.Context) []uuid.UUID {
+	ids, err := _q.IDs(ctx)
 	if err != nil {
 		panic(err)
 	}
@@ -250,17 +250,17 @@ func (atq *AuthTokensQuery) IDsX(ctx context.Context) []uuid.UUID {
 }
 
 // Count returns the count of the given query.
-func (atq *AuthTokensQuery) Count(ctx context.Context) (int, error) {
-	ctx = setContextOp(ctx, atq.ctx, ent.OpQueryCount)
-	if err := atq.prepareQuery(ctx); err != nil {
+func (_q *AuthTokensQuery) Count(ctx context.Context) (int, error) {
+	ctx = setContextOp(ctx, _q.ctx, ent.OpQueryCount)
+	if err := _q.prepareQuery(ctx); err != nil {
 		return 0, err
 	}
-	return withInterceptors[int](ctx, atq, querierCount[*AuthTokensQuery](), atq.inters)
+	return withInterceptors[int](ctx, _q, querierCount[*AuthTokensQuery](), _q.inters)
 }
 
 // CountX is like Count, but panics if an error occurs.
-func (atq *AuthTokensQuery) CountX(ctx context.Context) int {
-	count, err := atq.Count(ctx)
+func (_q *AuthTokensQuery) CountX(ctx context.Context) int {
+	count, err := _q.Count(ctx)
 	if err != nil {
 		panic(err)
 	}
@@ -268,9 +268,9 @@ func (atq *AuthTokensQuery) CountX(ctx context.Context) int {
 }
 
 // Exist returns true if the query has elements in the graph.
-func (atq *AuthTokensQuery) Exist(ctx context.Context) (bool, error) {
-	ctx = setContextOp(ctx, atq.ctx, ent.OpQueryExist)
-	switch _, err := atq.FirstID(ctx); {
+func (_q *AuthTokensQuery) Exist(ctx context.Context) (bool, error) {
+	ctx = setContextOp(ctx, _q.ctx, ent.OpQueryExist)
+	switch _, err := _q.FirstID(ctx); {
 	case IsNotFound(err):
 		return false, nil
 	case err != nil:
@@ -281,8 +281,8 @@ func (atq *AuthTokensQuery) Exist(ctx context.Context) (bool, error) {
 }
 
 // ExistX is like Exist, but panics if an error occurs.
-func (atq *AuthTokensQuery) ExistX(ctx context.Context) bool {
-	exist, err := atq.Exist(ctx)
+func (_q *AuthTokensQuery) ExistX(ctx context.Context) bool {
+	exist, err := _q.Exist(ctx)
 	if err != nil {
 		panic(err)
 	}
@@ -291,44 +291,44 @@ func (atq *AuthTokensQuery) ExistX(ctx context.Context) bool {
 
 // Clone returns a duplicate of the AuthTokensQuery builder, including all associated steps. It can be
 // used to prepare common query builders and use them differently after the clone is made.
-func (atq *AuthTokensQuery) Clone() *AuthTokensQuery {
-	if atq == nil {
+func (_q *AuthTokensQuery) Clone() *AuthTokensQuery {
+	if _q == nil {
 		return nil
 	}
 	return &AuthTokensQuery{
-		config:     atq.config,
-		ctx:        atq.ctx.Clone(),
-		order:      append([]authtokens.OrderOption{}, atq.order...),
-		inters:     append([]Interceptor{}, atq.inters...),
-		predicates: append([]predicate.AuthTokens{}, atq.predicates...),
-		withUser:   atq.withUser.Clone(),
-		withRoles:  atq.withRoles.Clone(),
+		config:     _q.config,
+		ctx:        _q.ctx.Clone(),
+		order:      append([]authtokens.OrderOption{}, _q.order...),
+		inters:     append([]Interceptor{}, _q.inters...),
+		predicates: append([]predicate.AuthTokens{}, _q.predicates...),
+		withUser:   _q.withUser.Clone(),
+		withRoles:  _q.withRoles.Clone(),
 		// clone intermediate query.
-		sql:  atq.sql.Clone(),
-		path: atq.path,
+		sql:  _q.sql.Clone(),
+		path: _q.path,
 	}
 }
 
 // WithUser tells the query-builder to eager-load the nodes that are connected to
 // the "user" edge. The optional arguments are used to configure the query builder of the edge.
-func (atq *AuthTokensQuery) WithUser(opts ...func(*UserQuery)) *AuthTokensQuery {
-	query := (&UserClient{config: atq.config}).Query()
+func (_q *AuthTokensQuery) WithUser(opts ...func(*UserQuery)) *AuthTokensQuery {
+	query := (&UserClient{config: _q.config}).Query()
 	for _, opt := range opts {
 		opt(query)
 	}
-	atq.withUser = query
-	return atq
+	_q.withUser = query
+	return _q
 }
 
 // WithRoles tells the query-builder to eager-load the nodes that are connected to
 // the "roles" edge. The optional arguments are used to configure the query builder of the edge.
-func (atq *AuthTokensQuery) WithRoles(opts ...func(*AuthRolesQuery)) *AuthTokensQuery {
-	query := (&AuthRolesClient{config: atq.config}).Query()
+func (_q *AuthTokensQuery) WithRoles(opts ...func(*AuthRolesQuery)) *AuthTokensQuery {
+	query := (&AuthRolesClient{config: _q.config}).Query()
 	for _, opt := range opts {
 		opt(query)
 	}
-	atq.withRoles = query
-	return atq
+	_q.withRoles = query
+	return _q
 }
 
 // GroupBy is used to group vertices by one or more fields/columns.
@@ -345,10 +345,10 @@ func (atq *AuthTokensQuery) WithRoles(opts ...func(*AuthRolesQuery)) *AuthTokens
 //		GroupBy(authtokens.FieldCreatedAt).
 //		Aggregate(ent.Count()).
 //		Scan(ctx, &v)
-func (atq *AuthTokensQuery) GroupBy(field string, fields ...string) *AuthTokensGroupBy {
-	atq.ctx.Fields = append([]string{field}, fields...)
-	grbuild := &AuthTokensGroupBy{build: atq}
-	grbuild.flds = &atq.ctx.Fields
+func (_q *AuthTokensQuery) GroupBy(field string, fields ...string) *AuthTokensGroupBy {
+	_q.ctx.Fields = append([]string{field}, fields...)
+	grbuild := &AuthTokensGroupBy{build: _q}
+	grbuild.flds = &_q.ctx.Fields
 	grbuild.label = authtokens.Label
 	grbuild.scan = grbuild.Scan
 	return grbuild
@@ -366,56 +366,56 @@ func (atq *AuthTokensQuery) GroupBy(field string, fields ...string) *AuthTokensG
 //	client.AuthTokens.Query().
 //		Select(authtokens.FieldCreatedAt).
 //		Scan(ctx, &v)
-func (atq *AuthTokensQuery) Select(fields ...string) *AuthTokensSelect {
-	atq.ctx.Fields = append(atq.ctx.Fields, fields...)
-	sbuild := &AuthTokensSelect{AuthTokensQuery: atq}
+func (_q *AuthTokensQuery) Select(fields ...string) *AuthTokensSelect {
+	_q.ctx.Fields = append(_q.ctx.Fields, fields...)
+	sbuild := &AuthTokensSelect{AuthTokensQuery: _q}
 	sbuild.label = authtokens.Label
-	sbuild.flds, sbuild.scan = &atq.ctx.Fields, sbuild.Scan
+	sbuild.flds, sbuild.scan = &_q.ctx.Fields, sbuild.Scan
 	return sbuild
 }
 
 // Aggregate returns a AuthTokensSelect configured with the given aggregations.
-func (atq *AuthTokensQuery) Aggregate(fns ...AggregateFunc) *AuthTokensSelect {
-	return atq.Select().Aggregate(fns...)
+func (_q *AuthTokensQuery) Aggregate(fns ...AggregateFunc) *AuthTokensSelect {
+	return _q.Select().Aggregate(fns...)
 }
 
-func (atq *AuthTokensQuery) prepareQuery(ctx context.Context) error {
-	for _, inter := range atq.inters {
+func (_q *AuthTokensQuery) prepareQuery(ctx context.Context) error {
+	for _, inter := range _q.inters {
 		if inter == nil {
 			return fmt.Errorf("ent: uninitialized interceptor (forgotten import ent/runtime?)")
 		}
 		if trv, ok := inter.(Traverser); ok {
-			if err := trv.Traverse(ctx, atq); err != nil {
+			if err := trv.Traverse(ctx, _q); err != nil {
 				return err
 			}
 		}
 	}
-	for _, f := range atq.ctx.Fields {
+	for _, f := range _q.ctx.Fields {
 		if !authtokens.ValidColumn(f) {
 			return &ValidationError{Name: f, err: fmt.Errorf("ent: invalid field %q for query", f)}
 		}
 	}
-	if atq.path != nil {
-		prev, err := atq.path(ctx)
+	if _q.path != nil {
+		prev, err := _q.path(ctx)
 		if err != nil {
 			return err
 		}
-		atq.sql = prev
+		_q.sql = prev
 	}
 	return nil
 }
 
-func (atq *AuthTokensQuery) sqlAll(ctx context.Context, hooks ...queryHook) ([]*AuthTokens, error) {
+func (_q *AuthTokensQuery) sqlAll(ctx context.Context, hooks ...queryHook) ([]*AuthTokens, error) {
 	var (
 		nodes       = []*AuthTokens{}
-		withFKs     = atq.withFKs
-		_spec       = atq.querySpec()
+		withFKs     = _q.withFKs
+		_spec       = _q.querySpec()
 		loadedTypes = [2]bool{
-			atq.withUser != nil,
-			atq.withRoles != nil,
+			_q.withUser != nil,
+			_q.withRoles != nil,
 		}
 	)
-	if atq.withUser != nil {
+	if _q.withUser != nil {
 		withFKs = true
 	}
 	if withFKs {
@@ -425,7 +425,7 @@ func (atq *AuthTokensQuery) sqlAll(ctx context.Context, hooks ...queryHook) ([]*
 		return (*AuthTokens).scanValues(nil, columns)
 	}
 	_spec.Assign = func(columns []string, values []any) error {
-		node := &AuthTokens{config: atq.config}
+		node := &AuthTokens{config: _q.config}
 		nodes = append(nodes, node)
 		node.Edges.loadedTypes = loadedTypes
 		return node.assignValues(columns, values)
@@ -433,20 +433,20 @@ func (atq *AuthTokensQuery) sqlAll(ctx context.Context, hooks ...queryHook) ([]*
 	for i := range hooks {
 		hooks[i](ctx, _spec)
 	}
-	if err := sqlgraph.QueryNodes(ctx, atq.driver, _spec); err != nil {
+	if err := sqlgraph.QueryNodes(ctx, _q.driver, _spec); err != nil {
 		return nil, err
 	}
 	if len(nodes) == 0 {
 		return nodes, nil
 	}
-	if query := atq.withUser; query != nil {
-		if err := atq.loadUser(ctx, query, nodes, nil,
+	if query := _q.withUser; query != nil {
+		if err := _q.loadUser(ctx, query, nodes, nil,
 			func(n *AuthTokens, e *User) { n.Edges.User = e }); err != nil {
 			return nil, err
 		}
 	}
-	if query := atq.withRoles; query != nil {
-		if err := atq.loadRoles(ctx, query, nodes, nil,
+	if query := _q.withRoles; query != nil {
+		if err := _q.loadRoles(ctx, query, nodes, nil,
 			func(n *AuthTokens, e *AuthRoles) { n.Edges.Roles = e }); err != nil {
 			return nil, err
 		}
@@ -454,7 +454,7 @@ func (atq *AuthTokensQuery) sqlAll(ctx context.Context, hooks ...queryHook) ([]*
 	return nodes, nil
 }
 
-func (atq *AuthTokensQuery) loadUser(ctx context.Context, query *UserQuery, nodes []*AuthTokens, init func(*AuthTokens), assign func(*AuthTokens, *User)) error {
+func (_q *AuthTokensQuery) loadUser(ctx context.Context, query *UserQuery, nodes []*AuthTokens, init func(*AuthTokens), assign func(*AuthTokens, *User)) error {
 	ids := make([]uuid.UUID, 0, len(nodes))
 	nodeids := make(map[uuid.UUID][]*AuthTokens)
 	for i := range nodes {
@@ -486,7 +486,7 @@ func (atq *AuthTokensQuery) loadUser(ctx context.Context, query *UserQuery, node
 	}
 	return nil
 }
-func (atq *AuthTokensQuery) loadRoles(ctx context.Context, query *AuthRolesQuery, nodes []*AuthTokens, init func(*AuthTokens), assign func(*AuthTokens, *AuthRoles)) error {
+func (_q *AuthTokensQuery) loadRoles(ctx context.Context, query *AuthRolesQuery, nodes []*AuthTokens, init func(*AuthTokens), assign func(*AuthTokens, *AuthRoles)) error {
 	fks := make([]driver.Value, 0, len(nodes))
 	nodeids := make(map[uuid.UUID]*AuthTokens)
 	for i := range nodes {
@@ -515,24 +515,24 @@ func (atq *AuthTokensQuery) loadRoles(ctx context.Context, query *AuthRolesQuery
 	return nil
 }
 
-func (atq *AuthTokensQuery) sqlCount(ctx context.Context) (int, error) {
-	_spec := atq.querySpec()
-	_spec.Node.Columns = atq.ctx.Fields
-	if len(atq.ctx.Fields) > 0 {
-		_spec.Unique = atq.ctx.Unique != nil && *atq.ctx.Unique
+func (_q *AuthTokensQuery) sqlCount(ctx context.Context) (int, error) {
+	_spec := _q.querySpec()
+	_spec.Node.Columns = _q.ctx.Fields
+	if len(_q.ctx.Fields) > 0 {
+		_spec.Unique = _q.ctx.Unique != nil && *_q.ctx.Unique
 	}
-	return sqlgraph.CountNodes(ctx, atq.driver, _spec)
+	return sqlgraph.CountNodes(ctx, _q.driver, _spec)
 }
 
-func (atq *AuthTokensQuery) querySpec() *sqlgraph.QuerySpec {
+func (_q *AuthTokensQuery) querySpec() *sqlgraph.QuerySpec {
 	_spec := sqlgraph.NewQuerySpec(authtokens.Table, authtokens.Columns, sqlgraph.NewFieldSpec(authtokens.FieldID, field.TypeUUID))
-	_spec.From = atq.sql
-	if unique := atq.ctx.Unique; unique != nil {
+	_spec.From = _q.sql
+	if unique := _q.ctx.Unique; unique != nil {
 		_spec.Unique = *unique
-	} else if atq.path != nil {
+	} else if _q.path != nil {
 		_spec.Unique = true
 	}
-	if fields := atq.ctx.Fields; len(fields) > 0 {
+	if fields := _q.ctx.Fields; len(fields) > 0 {
 		_spec.Node.Columns = make([]string, 0, len(fields))
 		_spec.Node.Columns = append(_spec.Node.Columns, authtokens.FieldID)
 		for i := range fields {
@@ -541,20 +541,20 @@ func (atq *AuthTokensQuery) querySpec() *sqlgraph.QuerySpec {
 			}
 		}
 	}
-	if ps := atq.predicates; len(ps) > 0 {
+	if ps := _q.predicates; len(ps) > 0 {
 		_spec.Predicate = func(selector *sql.Selector) {
 			for i := range ps {
 				ps[i](selector)
 			}
 		}
 	}
-	if limit := atq.ctx.Limit; limit != nil {
+	if limit := _q.ctx.Limit; limit != nil {
 		_spec.Limit = *limit
 	}
-	if offset := atq.ctx.Offset; offset != nil {
+	if offset := _q.ctx.Offset; offset != nil {
 		_spec.Offset = *offset
 	}
-	if ps := atq.order; len(ps) > 0 {
+	if ps := _q.order; len(ps) > 0 {
 		_spec.Order = func(selector *sql.Selector) {
 			for i := range ps {
 				ps[i](selector)
@@ -564,33 +564,33 @@ func (atq *AuthTokensQuery) querySpec() *sqlgraph.QuerySpec {
 	return _spec
 }
 
-func (atq *AuthTokensQuery) sqlQuery(ctx context.Context) *sql.Selector {
-	builder := sql.Dialect(atq.driver.Dialect())
+func (_q *AuthTokensQuery) sqlQuery(ctx context.Context) *sql.Selector {
+	builder := sql.Dialect(_q.driver.Dialect())
 	t1 := builder.Table(authtokens.Table)
-	columns := atq.ctx.Fields
+	columns := _q.ctx.Fields
 	if len(columns) == 0 {
 		columns = authtokens.Columns
 	}
 	selector := builder.Select(t1.Columns(columns...)...).From(t1)
-	if atq.sql != nil {
-		selector = atq.sql
+	if _q.sql != nil {
+		selector = _q.sql
 		selector.Select(selector.Columns(columns...)...)
 	}
-	if atq.ctx.Unique != nil && *atq.ctx.Unique {
+	if _q.ctx.Unique != nil && *_q.ctx.Unique {
 		selector.Distinct()
 	}
-	for _, p := range atq.predicates {
+	for _, p := range _q.predicates {
 		p(selector)
 	}
-	for _, p := range atq.order {
+	for _, p := range _q.order {
 		p(selector)
 	}
-	if offset := atq.ctx.Offset; offset != nil {
+	if offset := _q.ctx.Offset; offset != nil {
 		// limit is mandatory for offset clause. We start
 		// with default value, and override it below if needed.
 		selector.Offset(*offset).Limit(math.MaxInt32)
 	}
-	if limit := atq.ctx.Limit; limit != nil {
+	if limit := _q.ctx.Limit; limit != nil {
 		selector.Limit(*limit)
 	}
 	return selector
@@ -603,41 +603,41 @@ type AuthTokensGroupBy struct {
 }
 
 // Aggregate adds the given aggregation functions to the group-by query.
-func (atgb *AuthTokensGroupBy) Aggregate(fns ...AggregateFunc) *AuthTokensGroupBy {
-	atgb.fns = append(atgb.fns, fns...)
-	return atgb
+func (_g *AuthTokensGroupBy) Aggregate(fns ...AggregateFunc) *AuthTokensGroupBy {
+	_g.fns = append(_g.fns, fns...)
+	return _g
 }
 
 // Scan applies the selector query and scans the result into the given value.
-func (atgb *AuthTokensGroupBy) Scan(ctx context.Context, v any) error {
-	ctx = setContextOp(ctx, atgb.build.ctx, ent.OpQueryGroupBy)
-	if err := atgb.build.prepareQuery(ctx); err != nil {
+func (_g *AuthTokensGroupBy) Scan(ctx context.Context, v any) error {
+	ctx = setContextOp(ctx, _g.build.ctx, ent.OpQueryGroupBy)
+	if err := _g.build.prepareQuery(ctx); err != nil {
 		return err
 	}
-	return scanWithInterceptors[*AuthTokensQuery, *AuthTokensGroupBy](ctx, atgb.build, atgb, atgb.build.inters, v)
+	return scanWithInterceptors[*AuthTokensQuery, *AuthTokensGroupBy](ctx, _g.build, _g, _g.build.inters, v)
 }
 
-func (atgb *AuthTokensGroupBy) sqlScan(ctx context.Context, root *AuthTokensQuery, v any) error {
+func (_g *AuthTokensGroupBy) sqlScan(ctx context.Context, root *AuthTokensQuery, v any) error {
 	selector := root.sqlQuery(ctx).Select()
-	aggregation := make([]string, 0, len(atgb.fns))
-	for _, fn := range atgb.fns {
+	aggregation := make([]string, 0, len(_g.fns))
+	for _, fn := range _g.fns {
 		aggregation = append(aggregation, fn(selector))
 	}
 	if len(selector.SelectedColumns()) == 0 {
-		columns := make([]string, 0, len(*atgb.flds)+len(atgb.fns))
-		for _, f := range *atgb.flds {
+		columns := make([]string, 0, len(*_g.flds)+len(_g.fns))
+		for _, f := range *_g.flds {
 			columns = append(columns, selector.C(f))
 		}
 		columns = append(columns, aggregation...)
 		selector.Select(columns...)
 	}
-	selector.GroupBy(selector.Columns(*atgb.flds...)...)
+	selector.GroupBy(selector.Columns(*_g.flds...)...)
 	if err := selector.Err(); err != nil {
 		return err
 	}
 	rows := &sql.Rows{}
 	query, args := selector.Query()
-	if err := atgb.build.driver.Query(ctx, query, args, rows); err != nil {
+	if err := _g.build.driver.Query(ctx, query, args, rows); err != nil {
 		return err
 	}
 	defer rows.Close()
@@ -651,27 +651,27 @@ type AuthTokensSelect struct {
 }
 
 // Aggregate adds the given aggregation functions to the selector query.
-func (ats *AuthTokensSelect) Aggregate(fns ...AggregateFunc) *AuthTokensSelect {
-	ats.fns = append(ats.fns, fns...)
-	return ats
+func (_s *AuthTokensSelect) Aggregate(fns ...AggregateFunc) *AuthTokensSelect {
+	_s.fns = append(_s.fns, fns...)
+	return _s
 }
 
 // Scan applies the selector query and scans the result into the given value.
-func (ats *AuthTokensSelect) Scan(ctx context.Context, v any) error {
-	ctx = setContextOp(ctx, ats.ctx, ent.OpQuerySelect)
-	if err := ats.prepareQuery(ctx); err != nil {
+func (_s *AuthTokensSelect) Scan(ctx context.Context, v any) error {
+	ctx = setContextOp(ctx, _s.ctx, ent.OpQuerySelect)
+	if err := _s.prepareQuery(ctx); err != nil {
 		return err
 	}
-	return scanWithInterceptors[*AuthTokensQuery, *AuthTokensSelect](ctx, ats.AuthTokensQuery, ats, ats.inters, v)
+	return scanWithInterceptors[*AuthTokensQuery, *AuthTokensSelect](ctx, _s.AuthTokensQuery, _s, _s.inters, v)
 }
 
-func (ats *AuthTokensSelect) sqlScan(ctx context.Context, root *AuthTokensQuery, v any) error {
+func (_s *AuthTokensSelect) sqlScan(ctx context.Context, root *AuthTokensQuery, v any) error {
 	selector := root.sqlQuery(ctx)
-	aggregation := make([]string, 0, len(ats.fns))
-	for _, fn := range ats.fns {
+	aggregation := make([]string, 0, len(_s.fns))
+	for _, fn := range _s.fns {
 		aggregation = append(aggregation, fn(selector))
 	}
-	switch n := len(*ats.selector.flds); {
+	switch n := len(*_s.selector.flds); {
 	case n == 0 && len(aggregation) > 0:
 		selector.Select(aggregation...)
 	case n != 0 && len(aggregation) > 0:
@@ -679,7 +679,7 @@ func (ats *AuthTokensSelect) sqlScan(ctx context.Context, root *AuthTokensQuery,
 	}
 	rows := &sql.Rows{}
 	query, args := selector.Query()
-	if err := ats.driver.Query(ctx, query, args, rows); err != nil {
+	if err := _s.driver.Query(ctx, query, args, rows); err != nil {
 		return err
 	}
 	defer rows.Close()

backend/internal/data/ent/authtokens_update.go

@@ -26,101 +26,101 @@ type AuthTokensUpdate struct {
 }
 
 // Where appends a list predicates to the AuthTokensUpdate builder.
-func (atu *AuthTokensUpdate) Where(ps ...predicate.AuthTokens) *AuthTokensUpdate {
-	atu.mutation.Where(ps...)
-	return atu
+func (_u *AuthTokensUpdate) Where(ps ...predicate.AuthTokens) *AuthTokensUpdate {
+	_u.mutation.Where(ps...)
+	return _u
 }
 
 // SetUpdatedAt sets the "updated_at" field.
-func (atu *AuthTokensUpdate) SetUpdatedAt(t time.Time) *AuthTokensUpdate {
-	atu.mutation.SetUpdatedAt(t)
-	return atu
+func (_u *AuthTokensUpdate) SetUpdatedAt(v time.Time) *AuthTokensUpdate {
+	_u.mutation.SetUpdatedAt(v)
+	return _u
 }
 
 // SetToken sets the "token" field.
-func (atu *AuthTokensUpdate) SetToken(b []byte) *AuthTokensUpdate {
-	atu.mutation.SetToken(b)
-	return atu
+func (_u *AuthTokensUpdate) SetToken(v []byte) *AuthTokensUpdate {
+	_u.mutation.SetToken(v)
+	return _u
 }
 
 // SetExpiresAt sets the "expires_at" field.
-func (atu *AuthTokensUpdate) SetExpiresAt(t time.Time) *AuthTokensUpdate {
-	atu.mutation.SetExpiresAt(t)
-	return atu
+func (_u *AuthTokensUpdate) SetExpiresAt(v time.Time) *AuthTokensUpdate {
+	_u.mutation.SetExpiresAt(v)
+	return _u
 }
 
 // SetNillableExpiresAt sets the "expires_at" field if the given value is not nil.
-func (atu *AuthTokensUpdate) SetNillableExpiresAt(t *time.Time) *AuthTokensUpdate {
-	if t != nil {
-		atu.SetExpiresAt(*t)
+func (_u *AuthTokensUpdate) SetNillableExpiresAt(v *time.Time) *AuthTokensUpdate {
+	if v != nil {
+		_u.SetExpiresAt(*v)
 	}
-	return atu
+	return _u
 }
 
 // SetUserID sets the "user" edge to the User entity by ID.
-func (atu *AuthTokensUpdate) SetUserID(id uuid.UUID) *AuthTokensUpdate {
-	atu.mutation.SetUserID(id)
-	return atu
+func (_u *AuthTokensUpdate) SetUserID(id uuid.UUID) *AuthTokensUpdate {
+	_u.mutation.SetUserID(id)
+	return _u
 }
 
 // SetNillableUserID sets the "user" edge to the User entity by ID if the given value is not nil.
-func (atu *AuthTokensUpdate) SetNillableUserID(id *uuid.UUID) *AuthTokensUpdate {
+func (_u *AuthTokensUpdate) SetNillableUserID(id *uuid.UUID) *AuthTokensUpdate {
 	if id != nil {
-		atu = atu.SetUserID(*id)
+		_u = _u.SetUserID(*id)
 	}
-	return atu
+	return _u
 }
 
 // SetUser sets the "user" edge to the User entity.
-func (atu *AuthTokensUpdate) SetUser(u *User) *AuthTokensUpdate {
-	return atu.SetUserID(u.ID)
+func (_u *AuthTokensUpdate) SetUser(v *User) *AuthTokensUpdate {
+	return _u.SetUserID(v.ID)
 }
 
 // SetRolesID sets the "roles" edge to the AuthRoles entity by ID.
-func (atu *AuthTokensUpdate) SetRolesID(id int) *AuthTokensUpdate {
-	atu.mutation.SetRolesID(id)
-	return atu
+func (_u *AuthTokensUpdate) SetRolesID(id int) *AuthTokensUpdate {
+	_u.mutation.SetRolesID(id)
+	return _u
 }
 
 // SetNillableRolesID sets the "roles" edge to the AuthRoles entity by ID if the given value is not nil.
-func (atu *AuthTokensUpdate) SetNillableRolesID(id *int) *AuthTokensUpdate {
+func (_u *AuthTokensUpdate) SetNillableRolesID(id *int) *AuthTokensUpdate {
 	if id != nil {
-		atu = atu.SetRolesID(*id)
+		_u = _u.SetRolesID(*id)
 	}
-	return atu
+	return _u
 }
 
 // SetRoles sets the "roles" edge to the AuthRoles entity.
-func (atu *AuthTokensUpdate) SetRoles(a *AuthRoles) *AuthTokensUpdate {
-	return atu.SetRolesID(a.ID)
+func (_u *AuthTokensUpdate) SetRoles(v *AuthRoles) *AuthTokensUpdate {
+	return _u.SetRolesID(v.ID)
 }
 
 // Mutation returns the AuthTokensMutation object of the builder.
-func (atu *AuthTokensUpdate) Mutation() *AuthTokensMutation {
-	return atu.mutation
+func (_u *AuthTokensUpdate) Mutation() *AuthTokensMutation {
+	return _u.mutation
 }
 
 // ClearUser clears the "user" edge to the User entity.
-func (atu *AuthTokensUpdate) ClearUser() *AuthTokensUpdate {
-	atu.mutation.ClearUser()
-	return atu
+func (_u *AuthTokensUpdate) ClearUser() *AuthTokensUpdate {
+	_u.mutation.ClearUser()
+	return _u
 }
 
 // ClearRoles clears the "roles" edge to the AuthRoles entity.
-func (atu *AuthTokensUpdate) ClearRoles() *AuthTokensUpdate {
-	atu.mutation.ClearRoles()
-	return atu
+func (_u *AuthTokensUpdate) ClearRoles() *AuthTokensUpdate {
+	_u.mutation.ClearRoles()
+	return _u
 }
 
 // Save executes the query and returns the number of nodes affected by the update operation.
-func (atu *AuthTokensUpdate) Save(ctx context.Context) (int, error) {
-	atu.defaults()
-	return withHooks(ctx, atu.sqlSave, atu.mutation, atu.hooks)
+func (_u *AuthTokensUpdate) Save(ctx context.Context) (int, error) {
+	_u.defaults()
+	return withHooks(ctx, _u.sqlSave, _u.mutation, _u.hooks)
 }
 
 // SaveX is like Save, but panics if an error occurs.
-func (atu *AuthTokensUpdate) SaveX(ctx context.Context) int {
-	affected, err := atu.Save(ctx)
+func (_u *AuthTokensUpdate) SaveX(ctx context.Context) int {
+	affected, err := _u.Save(ctx)
 	if err != nil {
 		panic(err)
 	}
@@ -128,45 +128,45 @@ func (atu *AuthTokensUpdate) SaveX(ctx context.Context) int {
 }
 
 // Exec executes the query.
-func (atu *AuthTokensUpdate) Exec(ctx context.Context) error {
-	_, err := atu.Save(ctx)
+func (_u *AuthTokensUpdate) Exec(ctx context.Context) error {
+	_, err := _u.Save(ctx)
 	return err
 }
 
 // ExecX is like Exec, but panics if an error occurs.
-func (atu *AuthTokensUpdate) ExecX(ctx context.Context) {
-	if err := atu.Exec(ctx); err != nil {
+func (_u *AuthTokensUpdate) ExecX(ctx context.Context) {
+	if err := _u.Exec(ctx); err != nil {
 		panic(err)
 	}
 }
 
 // defaults sets the default values of the builder before save.
-func (atu *AuthTokensUpdate) defaults() {
-	if _, ok := atu.mutation.UpdatedAt(); !ok {
+func (_u *AuthTokensUpdate) defaults() {
+	if _, ok := _u.mutation.UpdatedAt(); !ok {
 		v := authtokens.UpdateDefaultUpdatedAt()
-		atu.mutation.SetUpdatedAt(v)
+		_u.mutation.SetUpdatedAt(v)
 	}
 }
 
-func (atu *AuthTokensUpdate) sqlSave(ctx context.Context) (n int, err error) {
+func (_u *AuthTokensUpdate) sqlSave(ctx context.Context) (_node int, err error) {
 	_spec := sqlgraph.NewUpdateSpec(authtokens.Table, authtokens.Columns, sqlgraph.NewFieldSpec(authtokens.FieldID, field.TypeUUID))
-	if ps := atu.mutation.predicates; len(ps) > 0 {
+	if ps := _u.mutation.predicates; len(ps) > 0 {
 		_spec.Predicate = func(selector *sql.Selector) {
 			for i := range ps {
 				ps[i](selector)
 			}
 		}
 	}
-	if value, ok := atu.mutation.UpdatedAt(); ok {
+	if value, ok := _u.mutation.UpdatedAt(); ok {
 		_spec.SetField(authtokens.FieldUpdatedAt, field.TypeTime, value)
 	}
-	if value, ok := atu.mutation.Token(); ok {
+	if value, ok := _u.mutation.Token(); ok {
 		_spec.SetField(authtokens.FieldToken, field.TypeBytes, value)
 	}
-	if value, ok := atu.mutation.ExpiresAt(); ok {
+	if value, ok := _u.mutation.ExpiresAt(); ok {
 		_spec.SetField(authtokens.FieldExpiresAt, field.TypeTime, value)
 	}
-	if atu.mutation.UserCleared() {
+	if _u.mutation.UserCleared() {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.M2O,
 			Inverse: true,
@@ -179,7 +179,7 @@ func (atu *AuthTokensUpdate) sqlSave(ctx context.Context) (n int, err error) {
 		}
 		_spec.Edges.Clear = append(_spec.Edges.Clear, edge)
 	}
-	if nodes := atu.mutation.UserIDs(); len(nodes) > 0 {
+	if nodes := _u.mutation.UserIDs(); len(nodes) > 0 {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.M2O,
 			Inverse: true,
@@ -195,7 +195,7 @@ func (atu *AuthTokensUpdate) sqlSave(ctx context.Context) (n int, err error) {
 		}
 		_spec.Edges.Add = append(_spec.Edges.Add, edge)
 	}
-	if atu.mutation.RolesCleared() {
+	if _u.mutation.RolesCleared() {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.O2O,
 			Inverse: false,
@@ -208,7 +208,7 @@ func (atu *AuthTokensUpdate) sqlSave(ctx context.Context) (n int, err error) {
 		}
 		_spec.Edges.Clear = append(_spec.Edges.Clear, edge)
 	}
-	if nodes := atu.mutation.RolesIDs(); len(nodes) > 0 {
+	if nodes := _u.mutation.RolesIDs(); len(nodes) > 0 {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.O2O,
 			Inverse: false,
@@ -224,7 +224,7 @@ func (atu *AuthTokensUpdate) sqlSave(ctx context.Context) (n int, err error) {
 		}
 		_spec.Edges.Add = append(_spec.Edges.Add, edge)
 	}
-	if n, err = sqlgraph.UpdateNodes(ctx, atu.driver, _spec); err != nil {
+	if _node, err = sqlgraph.UpdateNodes(ctx, _u.driver, _spec); err != nil {
 		if _, ok := err.(*sqlgraph.NotFoundError); ok {
 			err = &NotFoundError{authtokens.Label}
 		} else if sqlgraph.IsConstraintError(err) {
@@ -232,8 +232,8 @@ func (atu *AuthTokensUpdate) sqlSave(ctx context.Context) (n int, err error) {
 		}
 		return 0, err
 	}
-	atu.mutation.done = true
-	return n, nil
+	_u.mutation.done = true
+	return _node, nil
 }
 
 // AuthTokensUpdateOne is the builder for updating a single AuthTokens entity.
@@ -245,108 +245,108 @@ type AuthTokensUpdateOne struct {
 }
 
 // SetUpdatedAt sets the "updated_at" field.
-func (atuo *AuthTokensUpdateOne) SetUpdatedAt(t time.Time) *AuthTokensUpdateOne {
-	atuo.mutation.SetUpdatedAt(t)
-	return atuo
+func (_u *AuthTokensUpdateOne) SetUpdatedAt(v time.Time) *AuthTokensUpdateOne {
+	_u.mutation.SetUpdatedAt(v)
+	return _u
 }
 
 // SetToken sets the "token" field.
-func (atuo *AuthTokensUpdateOne) SetToken(b []byte) *AuthTokensUpdateOne {
-	atuo.mutation.SetToken(b)
-	return atuo
+func (_u *AuthTokensUpdateOne) SetToken(v []byte) *AuthTokensUpdateOne {
+	_u.mutation.SetToken(v)
+	return _u
 }
 
 // SetExpiresAt sets the "expires_at" field.
-func (atuo *AuthTokensUpdateOne) SetExpiresAt(t time.Time) *AuthTokensUpdateOne {
-	atuo.mutation.SetExpiresAt(t)
-	return atuo
+func (_u *AuthTokensUpdateOne) SetExpiresAt(v time.Time) *AuthTokensUpdateOne {
+	_u.mutation.SetExpiresAt(v)
+	return _u
 }
 
 // SetNillableExpiresAt sets the "expires_at" field if the given value is not nil.
-func (atuo *AuthTokensUpdateOne) SetNillableExpiresAt(t *time.Time) *AuthTokensUpdateOne {
-	if t != nil {
-		atuo.SetExpiresAt(*t)
+func (_u *AuthTokensUpdateOne) SetNillableExpiresAt(v *time.Time) *AuthTokensUpdateOne {
+	if v != nil {
+		_u.SetExpiresAt(*v)
 	}
-	return atuo
+	return _u
 }
 
 // SetUserID sets the "user" edge to the User entity by ID.
-func (atuo *AuthTokensUpdateOne) SetUserID(id uuid.UUID) *AuthTokensUpdateOne {
-	atuo.mutation.SetUserID(id)
-	return atuo
+func (_u *AuthTokensUpdateOne) SetUserID(id uuid.UUID) *AuthTokensUpdateOne {
+	_u.mutation.SetUserID(id)
+	return _u
 }
 
 // SetNillableUserID sets the "user" edge to the User entity by ID if the given value is not nil.
-func (atuo *AuthTokensUpdateOne) SetNillableUserID(id *uuid.UUID) *AuthTokensUpdateOne {
+func (_u *AuthTokensUpdateOne) SetNillableUserID(id *uuid.UUID) *AuthTokensUpdateOne {
 	if id != nil {
-		atuo = atuo.SetUserID(*id)
+		_u = _u.SetUserID(*id)
 	}
-	return atuo
+	return _u
 }
 
 // SetUser sets the "user" edge to the User entity.
-func (atuo *AuthTokensUpdateOne) SetUser(u *User) *AuthTokensUpdateOne {
-	return atuo.SetUserID(u.ID)
+func (_u *AuthTokensUpdateOne) SetUser(v *User) *AuthTokensUpdateOne {
+	return _u.SetUserID(v.ID)
 }
 
 // SetRolesID sets the "roles" edge to the AuthRoles entity by ID.
-func (atuo *AuthTokensUpdateOne) SetRolesID(id int) *AuthTokensUpdateOne {
-	atuo.mutation.SetRolesID(id)
-	return atuo
+func (_u *AuthTokensUpdateOne) SetRolesID(id int) *AuthTokensUpdateOne {
+	_u.mutation.SetRolesID(id)
+	return _u
 }
 
 // SetNillableRolesID sets the "roles" edge to the AuthRoles entity by ID if the given value is not nil.
-func (atuo *AuthTokensUpdateOne) SetNillableRolesID(id *int) *AuthTokensUpdateOne {
+func (_u *AuthTokensUpdateOne) SetNillableRolesID(id *int) *AuthTokensUpdateOne {
 	if id != nil {
-		atuo = atuo.SetRolesID(*id)
+		_u = _u.SetRolesID(*id)
 	}
-	return atuo
+	return _u
 }
 
 // SetRoles sets the "roles" edge to the AuthRoles entity.
-func (atuo *AuthTokensUpdateOne) SetRoles(a *AuthRoles) *AuthTokensUpdateOne {
-	return atuo.SetRolesID(a.ID)
+func (_u *AuthTokensUpdateOne) SetRoles(v *AuthRoles) *AuthTokensUpdateOne {
+	return _u.SetRolesID(v.ID)
 }
 
 // Mutation returns the AuthTokensMutation object of the builder.
-func (atuo *AuthTokensUpdateOne) Mutation() *AuthTokensMutation {
-	return atuo.mutation
+func (_u *AuthTokensUpdateOne) Mutation() *AuthTokensMutation {
+	return _u.mutation
 }
 
 // ClearUser clears the "user" edge to the User entity.
-func (atuo *AuthTokensUpdateOne) ClearUser() *AuthTokensUpdateOne {
-	atuo.mutation.ClearUser()
-	return atuo
+func (_u *AuthTokensUpdateOne) ClearUser() *AuthTokensUpdateOne {
+	_u.mutation.ClearUser()
+	return _u
 }
 
 // ClearRoles clears the "roles" edge to the AuthRoles entity.
-func (atuo *AuthTokensUpdateOne) ClearRoles() *AuthTokensUpdateOne {
-	atuo.mutation.ClearRoles()
-	return atuo
+func (_u *AuthTokensUpdateOne) ClearRoles() *AuthTokensUpdateOne {
+	_u.mutation.ClearRoles()
+	return _u
 }
 
 // Where appends a list predicates to the AuthTokensUpdate builder.
-func (atuo *AuthTokensUpdateOne) Where(ps ...predicate.AuthTokens) *AuthTokensUpdateOne {
-	atuo.mutation.Where(ps...)
-	return atuo
+func (_u *AuthTokensUpdateOne) Where(ps ...predicate.AuthTokens) *AuthTokensUpdateOne {
+	_u.mutation.Where(ps...)
+	return _u
 }
 
 // Select allows selecting one or more fields (columns) of the returned entity.
 // The default is selecting all fields defined in the entity schema.
-func (atuo *AuthTokensUpdateOne) Select(field string, fields ...string) *AuthTokensUpdateOne {
-	atuo.fields = append([]string{field}, fields...)
-	return atuo
+func (_u *AuthTokensUpdateOne) Select(field string, fields ...string) *AuthTokensUpdateOne {
+	_u.fields = append([]string{field}, fields...)
+	return _u
 }
 
 // Save executes the query and returns the updated AuthTokens entity.
-func (atuo *AuthTokensUpdateOne) Save(ctx context.Context) (*AuthTokens, error) {
-	atuo.defaults()
-	return withHooks(ctx, atuo.sqlSave, atuo.mutation, atuo.hooks)
+func (_u *AuthTokensUpdateOne) Save(ctx context.Context) (*AuthTokens, error) {
+	_u.defaults()
+	return withHooks(ctx, _u.sqlSave, _u.mutation, _u.hooks)
 }
 
 // SaveX is like Save, but panics if an error occurs.
-func (atuo *AuthTokensUpdateOne) SaveX(ctx context.Context) *AuthTokens {
-	node, err := atuo.Save(ctx)
+func (_u *AuthTokensUpdateOne) SaveX(ctx context.Context) *AuthTokens {
+	node, err := _u.Save(ctx)
 	if err != nil {
 		panic(err)
 	}
@@ -354,34 +354,34 @@ func (atuo *AuthTokensUpdateOne) SaveX(ctx context.Context) *AuthTokens {
 }
 
 // Exec executes the query on the entity.
-func (atuo *AuthTokensUpdateOne) Exec(ctx context.Context) error {
-	_, err := atuo.Save(ctx)
+func (_u *AuthTokensUpdateOne) Exec(ctx context.Context) error {
+	_, err := _u.Save(ctx)
 	return err
 }
 
 // ExecX is like Exec, but panics if an error occurs.
-func (atuo *AuthTokensUpdateOne) ExecX(ctx context.Context) {
-	if err := atuo.Exec(ctx); err != nil {
+func (_u *AuthTokensUpdateOne) ExecX(ctx context.Context) {
+	if err := _u.Exec(ctx); err != nil {
 		panic(err)
 	}
 }
 
 // defaults sets the default values of the builder before save.
-func (atuo *AuthTokensUpdateOne) defaults() {
-	if _, ok := atuo.mutation.UpdatedAt(); !ok {
+func (_u *AuthTokensUpdateOne) defaults() {
+	if _, ok := _u.mutation.UpdatedAt(); !ok {
 		v := authtokens.UpdateDefaultUpdatedAt()
-		atuo.mutation.SetUpdatedAt(v)
+		_u.mutation.SetUpdatedAt(v)
 	}
 }
 
-func (atuo *AuthTokensUpdateOne) sqlSave(ctx context.Context) (_node *AuthTokens, err error) {
+func (_u *AuthTokensUpdateOne) sqlSave(ctx context.Context) (_node *AuthTokens, err error) {
 	_spec := sqlgraph.NewUpdateSpec(authtokens.Table, authtokens.Columns, sqlgraph.NewFieldSpec(authtokens.FieldID, field.TypeUUID))
-	id, ok := atuo.mutation.ID()
+	id, ok := _u.mutation.ID()
 	if !ok {
 		return nil, &ValidationError{Name: "id", err: errors.New(`ent: missing "AuthTokens.id" for update`)}
 	}
 	_spec.Node.ID.Value = id
-	if fields := atuo.fields; len(fields) > 0 {
+	if fields := _u.fields; len(fields) > 0 {
 		_spec.Node.Columns = make([]string, 0, len(fields))
 		_spec.Node.Columns = append(_spec.Node.Columns, authtokens.FieldID)
 		for _, f := range fields {
@@ -393,23 +393,23 @@ func (atuo *AuthTokensUpdateOne) sqlSave(ctx context.Context) (_node *AuthTokens
 			}
 		}
 	}
-	if ps := atuo.mutation.predicates; len(ps) > 0 {
+	if ps := _u.mutation.predicates; len(ps) > 0 {
 		_spec.Predicate = func(selector *sql.Selector) {
 			for i := range ps {
 				ps[i](selector)
 			}
 		}
 	}
-	if value, ok := atuo.mutation.UpdatedAt(); ok {
+	if value, ok := _u.mutation.UpdatedAt(); ok {
 		_spec.SetField(authtokens.FieldUpdatedAt, field.TypeTime, value)
 	}
-	if value, ok := atuo.mutation.Token(); ok {
+	if value, ok := _u.mutation.Token(); ok {
 		_spec.SetField(authtokens.FieldToken, field.TypeBytes, value)
 	}
-	if value, ok := atuo.mutation.ExpiresAt(); ok {
+	if value, ok := _u.mutation.ExpiresAt(); ok {
 		_spec.SetField(authtokens.FieldExpiresAt, field.TypeTime, value)
 	}
-	if atuo.mutation.UserCleared() {
+	if _u.mutation.UserCleared() {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.M2O,
 			Inverse: true,
@@ -422,7 +422,7 @@ func (atuo *AuthTokensUpdateOne) sqlSave(ctx context.Context) (_node *AuthTokens
 		}
 		_spec.Edges.Clear = append(_spec.Edges.Clear, edge)
 	}
-	if nodes := atuo.mutation.UserIDs(); len(nodes) > 0 {
+	if nodes := _u.mutation.UserIDs(); len(nodes) > 0 {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.M2O,
 			Inverse: true,
@@ -438,7 +438,7 @@ func (atuo *AuthTokensUpdateOne) sqlSave(ctx context.Context) (_node *AuthTokens
 		}
 		_spec.Edges.Add = append(_spec.Edges.Add, edge)
 	}
-	if atuo.mutation.RolesCleared() {
+	if _u.mutation.RolesCleared() {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.O2O,
 			Inverse: false,
@@ -451,7 +451,7 @@ func (atuo *AuthTokensUpdateOne) sqlSave(ctx context.Context) (_node *AuthTokens
 		}
 		_spec.Edges.Clear = append(_spec.Edges.Clear, edge)
 	}
-	if nodes := atuo.mutation.RolesIDs(); len(nodes) > 0 {
+	if nodes := _u.mutation.RolesIDs(); len(nodes) > 0 {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.O2O,
 			Inverse: false,
@@ -467,10 +467,10 @@ func (atuo *AuthTokensUpdateOne) sqlSave(ctx context.Context) (_node *AuthTokens
 		}
 		_spec.Edges.Add = append(_spec.Edges.Add, edge)
 	}
-	_node = &AuthTokens{config: atuo.config}
+	_node = &AuthTokens{config: _u.config}
 	_spec.Assign = _node.assignValues
 	_spec.ScanValues = _node.scanValues
-	if err = sqlgraph.UpdateNode(ctx, atuo.driver, _spec); err != nil {
+	if err = sqlgraph.UpdateNode(ctx, _u.driver, _spec); err != nil {
 		if _, ok := err.(*sqlgraph.NotFoundError); ok {
 			err = &NotFoundError{authtokens.Label}
 		} else if sqlgraph.IsConstraintError(err) {
@@ -478,6 +478,6 @@ func (atuo *AuthTokensUpdateOne) sqlSave(ctx context.Context) (_node *AuthTokens
 		}
 		return nil, err
 	}
-	atuo.mutation.done = true
+	_u.mutation.done = true
 	return _node, nil
 }

backend/internal/data/ent/ent.go

@@ -19,10 +19,12 @@ import (
 	"github.com/sysadminsmedia/homebox/backend/internal/data/ent/groupinvitationtoken"
 	"github.com/sysadminsmedia/homebox/backend/internal/data/ent/item"
 	"github.com/sysadminsmedia/homebox/backend/internal/data/ent/itemfield"
+	"github.com/sysadminsmedia/homebox/backend/internal/data/ent/itemtemplate"
 	"github.com/sysadminsmedia/homebox/backend/internal/data/ent/label"
 	"github.com/sysadminsmedia/homebox/backend/internal/data/ent/location"
 	"github.com/sysadminsmedia/homebox/backend/internal/data/ent/maintenanceentry"
 	"github.com/sysadminsmedia/homebox/backend/internal/data/ent/notifier"
+	"github.com/sysadminsmedia/homebox/backend/internal/data/ent/templatefield"
 	"github.com/sysadminsmedia/homebox/backend/internal/data/ent/user"
 )
 
@@ -81,7 +83,7 @@ var (
 )
 
 // checkColumn checks if the column exists in the given table.
-func checkColumn(table, column string) error {
+func checkColumn(t, c string) error {
 	initCheck.Do(func() {
 		columnCheck = sql.NewColumnCheck(map[string]func(string) bool{
 			attachment.Table:           attachment.ValidColumn,
@@ -91,14 +93,16 @@ func checkColumn(table, column string) error {
 			groupinvitationtoken.Table: groupinvitationtoken.ValidColumn,
 			item.Table:                 item.ValidColumn,
 			itemfield.Table:            itemfield.ValidColumn,
+			itemtemplate.Table:         itemtemplate.ValidColumn,
 			label.Table:                label.ValidColumn,
 			location.Table:             location.ValidColumn,
 			maintenanceentry.Table:     maintenanceentry.ValidColumn,
 			notifier.Table:             notifier.ValidColumn,
+			templatefield.Table:        templatefield.ValidColumn,
 			user.Table:                 user.ValidColumn,
 		})
 	})
-	return columnCheck(table, column)
+	return columnCheck(t, c)
 }
 
 // Asc applies the given fields in ASC order.

backend/internal/data/ent/group.go

@@ -46,9 +46,11 @@ type GroupEdges struct {
 	InvitationTokens []*GroupInvitationToken `json:"invitation_tokens,omitempty"`
 	// Notifiers holds the value of the notifiers edge.
 	Notifiers []*Notifier `json:"notifiers,omitempty"`
+	// ItemTemplates holds the value of the item_templates edge.
+	ItemTemplates []*ItemTemplate `json:"item_templates,omitempty"`
 	// loadedTypes holds the information for reporting if a
 	// type was loaded (or requested) in eager-loading or not.
-	loadedTypes [6]bool
+	loadedTypes [7]bool
 }
 
 // UsersOrErr returns the Users value or an error if the edge
@@ -105,6 +107,15 @@ func (e GroupEdges) NotifiersOrErr() ([]*Notifier, error) {
 	return nil, &NotLoadedError{edge: "notifiers"}
 }
 
+// ItemTemplatesOrErr returns the ItemTemplates value or an error if the edge
+// was not loaded in eager-loading.
+func (e GroupEdges) ItemTemplatesOrErr() ([]*ItemTemplate, error) {
+	if e.loadedTypes[6] {
+		return e.ItemTemplates, nil
+	}
+	return nil, &NotLoadedError{edge: "item_templates"}
+}
+
 // scanValues returns the types for scanning values from sql.Rows.
 func (*Group) scanValues(columns []string) ([]any, error) {
 	values := make([]any, len(columns))
@@ -125,7 +136,7 @@ func (*Group) scanValues(columns []string) ([]any, error) {
 
 // assignValues assigns the values that were returned from sql.Rows (after scanning)
 // to the Group fields.
-func (gr *Group) assignValues(columns []string, values []any) error {
+func (_m *Group) assignValues(columns []string, values []any) error {
 	if m, n := len(values), len(columns); m < n {
 		return fmt.Errorf("mismatch number of scan values: %d != %d", m, n)
 	}
@@ -135,34 +146,34 @@ func (gr *Group) assignValues(columns []string, values []any) error {
 			if value, ok := values[i].(*uuid.UUID); !ok {
 				return fmt.Errorf("unexpected type %T for field id", values[i])
 			} else if value != nil {
-				gr.ID = *value
+				_m.ID = *value
 			}
 		case group.FieldCreatedAt:
 			if value, ok := values[i].(*sql.NullTime); !ok {
 				return fmt.Errorf("unexpected type %T for field created_at", values[i])
 			} else if value.Valid {
-				gr.CreatedAt = value.Time
+				_m.CreatedAt = value.Time
 			}
 		case group.FieldUpdatedAt:
 			if value, ok := values[i].(*sql.NullTime); !ok {
 				return fmt.Errorf("unexpected type %T for field updated_at", values[i])
 			} else if value.Valid {
-				gr.UpdatedAt = value.Time
+				_m.UpdatedAt = value.Time
 			}
 		case group.FieldName:
 			if value, ok := values[i].(*sql.NullString); !ok {
 				return fmt.Errorf("unexpected type %T for field name", values[i])
 			} else if value.Valid {
-				gr.Name = value.String
+				_m.Name = value.String
 			}
 		case group.FieldCurrency:
 			if value, ok := values[i].(*sql.NullString); !ok {
 				return fmt.Errorf("unexpected type %T for field currency", values[i])
 			} else if value.Valid {
-				gr.Currency = value.String
+				_m.Currency = value.String
 			}
 		default:
-			gr.selectValues.Set(columns[i], values[i])
+			_m.selectValues.Set(columns[i], values[i])
 		}
 	}
 	return nil
@@ -170,74 +181,79 @@ func (gr *Group) assignValues(columns []string, values []any) error {
 
 // Value returns the ent.Value that was dynamically selected and assigned to the Group.
 // This includes values selected through modifiers, order, etc.
-func (gr *Group) Value(name string) (ent.Value, error) {
-	return gr.selectValues.Get(name)
+func (_m *Group) Value(name string) (ent.Value, error) {
+	return _m.selectValues.Get(name)
 }
 
 // QueryUsers queries the "users" edge of the Group entity.
-func (gr *Group) QueryUsers() *UserQuery {
-	return NewGroupClient(gr.config).QueryUsers(gr)
+func (_m *Group) QueryUsers() *UserQuery {
+	return NewGroupClient(_m.config).QueryUsers(_m)
 }
 
 // QueryLocations queries the "locations" edge of the Group entity.
-func (gr *Group) QueryLocations() *LocationQuery {
-	return NewGroupClient(gr.config).QueryLocations(gr)
+func (_m *Group) QueryLocations() *LocationQuery {
+	return NewGroupClient(_m.config).QueryLocations(_m)
 }
 
 // QueryItems queries the "items" edge of the Group entity.
-func (gr *Group) QueryItems() *ItemQuery {
-	return NewGroupClient(gr.config).QueryItems(gr)
+func (_m *Group) QueryItems() *ItemQuery {
+	return NewGroupClient(_m.config).QueryItems(_m)
 }
 
 // QueryLabels queries the "labels" edge of the Group entity.
-func (gr *Group) QueryLabels() *LabelQuery {
-	return NewGroupClient(gr.config).QueryLabels(gr)
+func (_m *Group) QueryLabels() *LabelQuery {
+	return NewGroupClient(_m.config).QueryLabels(_m)
 }
 
 // QueryInvitationTokens queries the "invitation_tokens" edge of the Group entity.
-func (gr *Group) QueryInvitationTokens() *GroupInvitationTokenQuery {
-	return NewGroupClient(gr.config).QueryInvitationTokens(gr)
+func (_m *Group) QueryInvitationTokens() *GroupInvitationTokenQuery {
+	return NewGroupClient(_m.config).QueryInvitationTokens(_m)
 }
 
 // QueryNotifiers queries the "notifiers" edge of the Group entity.
-func (gr *Group) QueryNotifiers() *NotifierQuery {
-	return NewGroupClient(gr.config).QueryNotifiers(gr)
+func (_m *Group) QueryNotifiers() *NotifierQuery {
+	return NewGroupClient(_m.config).QueryNotifiers(_m)
+}
+
+// QueryItemTemplates queries the "item_templates" edge of the Group entity.
+func (_m *Group) QueryItemTemplates() *ItemTemplateQuery {
+	return NewGroupClient(_m.config).QueryItemTemplates(_m)
 }
 
 // Update returns a builder for updating this Group.
 // Note that you need to call Group.Unwrap() before calling this method if this Group
 // was returned from a transaction, and the transaction was committed or rolled back.
-func (gr *Group) Update() *GroupUpdateOne {
-	return NewGroupClient(gr.config).UpdateOne(gr)
+func (_m *Group) Update() *GroupUpdateOne {
+	return NewGroupClient(_m.config).UpdateOne(_m)
 }
 
 // Unwrap unwraps the Group entity that was returned from a transaction after it was closed,
 // so that all future queries will be executed through the driver which created the transaction.
-func (gr *Group) Unwrap() *Group {
-	_tx, ok := gr.config.driver.(*txDriver)
+func (_m *Group) Unwrap() *Group {
+	_tx, ok := _m.config.driver.(*txDriver)
 	if !ok {
 		panic("ent: Group is not a transactional entity")
 	}
-	gr.config.driver = _tx.drv
-	return gr
+	_m.config.driver = _tx.drv
+	return _m
 }
 
 // String implements the fmt.Stringer.
-func (gr *Group) String() string {
+func (_m *Group) String() string {
 	var builder strings.Builder
 	builder.WriteString("Group(")
-	builder.WriteString(fmt.Sprintf("id=%v, ", gr.ID))
+	builder.WriteString(fmt.Sprintf("id=%v, ", _m.ID))
 	builder.WriteString("created_at=")
-	builder.WriteString(gr.CreatedAt.Format(time.ANSIC))
+	builder.WriteString(_m.CreatedAt.Format(time.ANSIC))
 	builder.WriteString(", ")
 	builder.WriteString("updated_at=")
-	builder.WriteString(gr.UpdatedAt.Format(time.ANSIC))
+	builder.WriteString(_m.UpdatedAt.Format(time.ANSIC))
 	builder.WriteString(", ")
 	builder.WriteString("name=")
-	builder.WriteString(gr.Name)
+	builder.WriteString(_m.Name)
 	builder.WriteString(", ")
 	builder.WriteString("currency=")
-	builder.WriteString(gr.Currency)
+	builder.WriteString(_m.Currency)
 	builder.WriteByte(')')
 	return builder.String()
 }

backend/internal/data/ent/group/group.go

@@ -35,6 +35,8 @@ const (
 	EdgeInvitationTokens = "invitation_tokens"
 	// EdgeNotifiers holds the string denoting the notifiers edge name in mutations.
 	EdgeNotifiers = "notifiers"
+	// EdgeItemTemplates holds the string denoting the item_templates edge name in mutations.
+	EdgeItemTemplates = "item_templates"
 	// Table holds the table name of the group in the database.
 	Table = "groups"
 	// UsersTable is the table that holds the users relation/edge.
@@ -79,6 +81,13 @@ const (
 	NotifiersInverseTable = "notifiers"
 	// NotifiersColumn is the table column denoting the notifiers relation/edge.
 	NotifiersColumn = "group_id"
+	// ItemTemplatesTable is the table that holds the item_templates relation/edge.
+	ItemTemplatesTable = "item_templates"
+	// ItemTemplatesInverseTable is the table name for the ItemTemplate entity.
+	// It exists in this package in order to avoid circular dependency with the "itemtemplate" package.
+	ItemTemplatesInverseTable = "item_templates"
+	// ItemTemplatesColumn is the table column denoting the item_templates relation/edge.
+	ItemTemplatesColumn = "group_item_templates"
 )
 
 // Columns holds all SQL columns for group fields.
@@ -226,6 +235,20 @@ func ByNotifiers(term sql.OrderTerm, terms ...sql.OrderTerm) OrderOption {
 		sqlgraph.OrderByNeighborTerms(s, newNotifiersStep(), append([]sql.OrderTerm{term}, terms...)...)
 	}
 }
+
+// ByItemTemplatesCount orders the results by item_templates count.
+func ByItemTemplatesCount(opts ...sql.OrderTermOption) OrderOption {
+	return func(s *sql.Selector) {
+		sqlgraph.OrderByNeighborsCount(s, newItemTemplatesStep(), opts...)
+	}
+}
+
+// ByItemTemplates orders the results by item_templates terms.
+func ByItemTemplates(term sql.OrderTerm, terms ...sql.OrderTerm) OrderOption {
+	return func(s *sql.Selector) {
+		sqlgraph.OrderByNeighborTerms(s, newItemTemplatesStep(), append([]sql.OrderTerm{term}, terms...)...)
+	}
+}
 func newUsersStep() *sqlgraph.Step {
 	return sqlgraph.NewStep(
 		sqlgraph.From(Table, FieldID),
@@ -268,3 +291,10 @@ func newNotifiersStep() *sqlgraph.Step {
 		sqlgraph.Edge(sqlgraph.O2M, false, NotifiersTable, NotifiersColumn),
 	)
 }
+func newItemTemplatesStep() *sqlgraph.Step {
+	return sqlgraph.NewStep(
+		sqlgraph.From(Table, FieldID),
+		sqlgraph.To(ItemTemplatesInverseTable, FieldID),
+		sqlgraph.Edge(sqlgraph.O2M, false, ItemTemplatesTable, ItemTemplatesColumn),
+	)
+}

backend/internal/data/ent/group/where.go

@@ -424,6 +424,29 @@ func HasNotifiersWith(preds ...predicate.Notifier) predicate.Group {
 	})
 }
 
+// HasItemTemplates applies the HasEdge predicate on the "item_templates" edge.
+func HasItemTemplates() predicate.Group {
+	return predicate.Group(func(s *sql.Selector) {
+		step := sqlgraph.NewStep(
+			sqlgraph.From(Table, FieldID),
+			sqlgraph.Edge(sqlgraph.O2M, false, ItemTemplatesTable, ItemTemplatesColumn),
+		)
+		sqlgraph.HasNeighbors(s, step)
+	})
+}
+
+// HasItemTemplatesWith applies the HasEdge predicate on the "item_templates" edge with a given conditions (other predicates).
+func HasItemTemplatesWith(preds ...predicate.ItemTemplate) predicate.Group {
+	return predicate.Group(func(s *sql.Selector) {
+		step := newItemTemplatesStep()
+		sqlgraph.HasNeighborsWith(s, step, func(s *sql.Selector) {
+			for _, p := range preds {
+				p(s)
+			}
+		})
+	})
+}
+
 // And groups predicates with the AND operator between them.
 func And(predicates ...predicate.Group) predicate.Group {
 	return predicate.Group(sql.AndPredicates(predicates...))

backend/internal/data/ent/group_create.go

@@ -14,6 +14,7 @@ import (
 	"github.com/sysadminsmedia/homebox/backend/internal/data/ent/group"
 	"github.com/sysadminsmedia/homebox/backend/internal/data/ent/groupinvitationtoken"
 	"github.com/sysadminsmedia/homebox/backend/internal/data/ent/item"
+	"github.com/sysadminsmedia/homebox/backend/internal/data/ent/itemtemplate"
 	"github.com/sysadminsmedia/homebox/backend/internal/data/ent/label"
 	"github.com/sysadminsmedia/homebox/backend/internal/data/ent/location"
 	"github.com/sysadminsmedia/homebox/backend/internal/data/ent/notifier"
@@ -28,171 +29,186 @@ type GroupCreate struct {
 }
 
 // SetCreatedAt sets the "created_at" field.
-func (gc *GroupCreate) SetCreatedAt(t time.Time) *GroupCreate {
-	gc.mutation.SetCreatedAt(t)
-	return gc
+func (_c *GroupCreate) SetCreatedAt(v time.Time) *GroupCreate {
+	_c.mutation.SetCreatedAt(v)
+	return _c
 }
 
 // SetNillableCreatedAt sets the "created_at" field if the given value is not nil.
-func (gc *GroupCreate) SetNillableCreatedAt(t *time.Time) *GroupCreate {
-	if t != nil {
-		gc.SetCreatedAt(*t)
+func (_c *GroupCreate) SetNillableCreatedAt(v *time.Time) *GroupCreate {
+	if v != nil {
+		_c.SetCreatedAt(*v)
 	}
-	return gc
+	return _c
 }
 
 // SetUpdatedAt sets the "updated_at" field.
-func (gc *GroupCreate) SetUpdatedAt(t time.Time) *GroupCreate {
-	gc.mutation.SetUpdatedAt(t)
-	return gc
+func (_c *GroupCreate) SetUpdatedAt(v time.Time) *GroupCreate {
+	_c.mutation.SetUpdatedAt(v)
+	return _c
 }
 
 // SetNillableUpdatedAt sets the "updated_at" field if the given value is not nil.
-func (gc *GroupCreate) SetNillableUpdatedAt(t *time.Time) *GroupCreate {
-	if t != nil {
-		gc.SetUpdatedAt(*t)
+func (_c *GroupCreate) SetNillableUpdatedAt(v *time.Time) *GroupCreate {
+	if v != nil {
+		_c.SetUpdatedAt(*v)
 	}
-	return gc
+	return _c
 }
 
 // SetName sets the "name" field.
-func (gc *GroupCreate) SetName(s string) *GroupCreate {
-	gc.mutation.SetName(s)
-	return gc
+func (_c *GroupCreate) SetName(v string) *GroupCreate {
+	_c.mutation.SetName(v)
+	return _c
 }
 
 // SetCurrency sets the "currency" field.
-func (gc *GroupCreate) SetCurrency(s string) *GroupCreate {
-	gc.mutation.SetCurrency(s)
-	return gc
+func (_c *GroupCreate) SetCurrency(v string) *GroupCreate {
+	_c.mutation.SetCurrency(v)
+	return _c
 }
 
 // SetNillableCurrency sets the "currency" field if the given value is not nil.
-func (gc *GroupCreate) SetNillableCurrency(s *string) *GroupCreate {
-	if s != nil {
-		gc.SetCurrency(*s)
+func (_c *GroupCreate) SetNillableCurrency(v *string) *GroupCreate {
+	if v != nil {
+		_c.SetCurrency(*v)
 	}
-	return gc
+	return _c
 }
 
 // SetID sets the "id" field.
-func (gc *GroupCreate) SetID(u uuid.UUID) *GroupCreate {
-	gc.mutation.SetID(u)
-	return gc
+func (_c *GroupCreate) SetID(v uuid.UUID) *GroupCreate {
+	_c.mutation.SetID(v)
+	return _c
 }
 
 // SetNillableID sets the "id" field if the given value is not nil.
-func (gc *GroupCreate) SetNillableID(u *uuid.UUID) *GroupCreate {
-	if u != nil {
-		gc.SetID(*u)
+func (_c *GroupCreate) SetNillableID(v *uuid.UUID) *GroupCreate {
+	if v != nil {
+		_c.SetID(*v)
 	}
-	return gc
+	return _c
 }
 
 // AddUserIDs adds the "users" edge to the User entity by IDs.
-func (gc *GroupCreate) AddUserIDs(ids ...uuid.UUID) *GroupCreate {
-	gc.mutation.AddUserIDs(ids...)
-	return gc
+func (_c *GroupCreate) AddUserIDs(ids ...uuid.UUID) *GroupCreate {
+	_c.mutation.AddUserIDs(ids...)
+	return _c
 }
 
 // AddUsers adds the "users" edges to the User entity.
-func (gc *GroupCreate) AddUsers(u ...*User) *GroupCreate {
-	ids := make([]uuid.UUID, len(u))
-	for i := range u {
-		ids[i] = u[i].ID
+func (_c *GroupCreate) AddUsers(v ...*User) *GroupCreate {
+	ids := make([]uuid.UUID, len(v))
+	for i := range v {
+		ids[i] = v[i].ID
 	}
-	return gc.AddUserIDs(ids...)
+	return _c.AddUserIDs(ids...)
 }
 
 // AddLocationIDs adds the "locations" edge to the Location entity by IDs.
-func (gc *GroupCreate) AddLocationIDs(ids ...uuid.UUID) *GroupCreate {
-	gc.mutation.AddLocationIDs(ids...)
-	return gc
+func (_c *GroupCreate) AddLocationIDs(ids ...uuid.UUID) *GroupCreate {
+	_c.mutation.AddLocationIDs(ids...)
+	return _c
 }
 
 // AddLocations adds the "locations" edges to the Location entity.
-func (gc *GroupCreate) AddLocations(l ...*Location) *GroupCreate {
-	ids := make([]uuid.UUID, len(l))
-	for i := range l {
-		ids[i] = l[i].ID
+func (_c *GroupCreate) AddLocations(v ...*Location) *GroupCreate {
+	ids := make([]uuid.UUID, len(v))
+	for i := range v {
+		ids[i] = v[i].ID
 	}
-	return gc.AddLocationIDs(ids...)
+	return _c.AddLocationIDs(ids...)
 }
 
 // AddItemIDs adds the "items" edge to the Item entity by IDs.
-func (gc *GroupCreate) AddItemIDs(ids ...uuid.UUID) *GroupCreate {
-	gc.mutation.AddItemIDs(ids...)
-	return gc
+func (_c *GroupCreate) AddItemIDs(ids ...uuid.UUID) *GroupCreate {
+	_c.mutation.AddItemIDs(ids...)
+	return _c
 }
 
 // AddItems adds the "items" edges to the Item entity.
-func (gc *GroupCreate) AddItems(i ...*Item) *GroupCreate {
-	ids := make([]uuid.UUID, len(i))
-	for j := range i {
-		ids[j] = i[j].ID
+func (_c *GroupCreate) AddItems(v ...*Item) *GroupCreate {
+	ids := make([]uuid.UUID, len(v))
+	for i := range v {
+		ids[i] = v[i].ID
 	}
-	return gc.AddItemIDs(ids...)
+	return _c.AddItemIDs(ids...)
 }
 
 // AddLabelIDs adds the "labels" edge to the Label entity by IDs.
-func (gc *GroupCreate) AddLabelIDs(ids ...uuid.UUID) *GroupCreate {
-	gc.mutation.AddLabelIDs(ids...)
-	return gc
+func (_c *GroupCreate) AddLabelIDs(ids ...uuid.UUID) *GroupCreate {
+	_c.mutation.AddLabelIDs(ids...)
+	return _c
 }
 
 // AddLabels adds the "labels" edges to the Label entity.
-func (gc *GroupCreate) AddLabels(l ...*Label) *GroupCreate {
-	ids := make([]uuid.UUID, len(l))
-	for i := range l {
-		ids[i] = l[i].ID
+func (_c *GroupCreate) AddLabels(v ...*Label) *GroupCreate {
+	ids := make([]uuid.UUID, len(v))
+	for i := range v {
+		ids[i] = v[i].ID
 	}
-	return gc.AddLabelIDs(ids...)
+	return _c.AddLabelIDs(ids...)
 }
 
 // AddInvitationTokenIDs adds the "invitation_tokens" edge to the GroupInvitationToken entity by IDs.
-func (gc *GroupCreate) AddInvitationTokenIDs(ids ...uuid.UUID) *GroupCreate {
-	gc.mutation.AddInvitationTokenIDs(ids...)
-	return gc
+func (_c *GroupCreate) AddInvitationTokenIDs(ids ...uuid.UUID) *GroupCreate {
+	_c.mutation.AddInvitationTokenIDs(ids...)
+	return _c
 }
 
 // AddInvitationTokens adds the "invitation_tokens" edges to the GroupInvitationToken entity.
-func (gc *GroupCreate) AddInvitationTokens(g ...*GroupInvitationToken) *GroupCreate {
-	ids := make([]uuid.UUID, len(g))
-	for i := range g {
-		ids[i] = g[i].ID
+func (_c *GroupCreate) AddInvitationTokens(v ...*GroupInvitationToken) *GroupCreate {
+	ids := make([]uuid.UUID, len(v))
+	for i := range v {
+		ids[i] = v[i].ID
 	}
-	return gc.AddInvitationTokenIDs(ids...)
+	return _c.AddInvitationTokenIDs(ids...)
 }
 
 // AddNotifierIDs adds the "notifiers" edge to the Notifier entity by IDs.
-func (gc *GroupCreate) AddNotifierIDs(ids ...uuid.UUID) *GroupCreate {
-	gc.mutation.AddNotifierIDs(ids...)
-	return gc
+func (_c *GroupCreate) AddNotifierIDs(ids ...uuid.UUID) *GroupCreate {
+	_c.mutation.AddNotifierIDs(ids...)
+	return _c
 }
 
 // AddNotifiers adds the "notifiers" edges to the Notifier entity.
-func (gc *GroupCreate) AddNotifiers(n ...*Notifier) *GroupCreate {
-	ids := make([]uuid.UUID, len(n))
-	for i := range n {
-		ids[i] = n[i].ID
+func (_c *GroupCreate) AddNotifiers(v ...*Notifier) *GroupCreate {
+	ids := make([]uuid.UUID, len(v))
+	for i := range v {
+		ids[i] = v[i].ID
 	}
-	return gc.AddNotifierIDs(ids...)
+	return _c.AddNotifierIDs(ids...)
+}
+
+// AddItemTemplateIDs adds the "item_templates" edge to the ItemTemplate entity by IDs.
+func (_c *GroupCreate) AddItemTemplateIDs(ids ...uuid.UUID) *GroupCreate {
+	_c.mutation.AddItemTemplateIDs(ids...)
+	return _c
+}
+
+// AddItemTemplates adds the "item_templates" edges to the ItemTemplate entity.
+func (_c *GroupCreate) AddItemTemplates(v ...*ItemTemplate) *GroupCreate {
+	ids := make([]uuid.UUID, len(v))
+	for i := range v {
+		ids[i] = v[i].ID
+	}
+	return _c.AddItemTemplateIDs(ids...)
 }
 
 // Mutation returns the GroupMutation object of the builder.
-func (gc *GroupCreate) Mutation() *GroupMutation {
-	return gc.mutation
+func (_c *GroupCreate) Mutation() *GroupMutation {
+	return _c.mutation
 }
 
 // Save creates the Group in the database.
-func (gc *GroupCreate) Save(ctx context.Context) (*Group, error) {
-	gc.defaults()
-	return withHooks(ctx, gc.sqlSave, gc.mutation, gc.hooks)
+func (_c *GroupCreate) Save(ctx context.Context) (*Group, error) {
+	_c.defaults()
+	return withHooks(ctx, _c.sqlSave, _c.mutation, _c.hooks)
 }
 
 // SaveX calls Save and panics if Save returns an error.
-func (gc *GroupCreate) SaveX(ctx context.Context) *Group {
-	v, err := gc.Save(ctx)
+func (_c *GroupCreate) SaveX(ctx context.Context) *Group {
+	v, err := _c.Save(ctx)
 	if err != nil {
 		panic(err)
 	}
@@ -200,66 +216,66 @@ func (gc *GroupCreate) SaveX(ctx context.Context) *Group {
 }
 
 // Exec executes the query.
-func (gc *GroupCreate) Exec(ctx context.Context) error {
-	_, err := gc.Save(ctx)
+func (_c *GroupCreate) Exec(ctx context.Context) error {
+	_, err := _c.Save(ctx)
 	return err
 }
 
 // ExecX is like Exec, but panics if an error occurs.
-func (gc *GroupCreate) ExecX(ctx context.Context) {
-	if err := gc.Exec(ctx); err != nil {
+func (_c *GroupCreate) ExecX(ctx context.Context) {
+	if err := _c.Exec(ctx); err != nil {
 		panic(err)
 	}
 }
 
 // defaults sets the default values of the builder before save.
-func (gc *GroupCreate) defaults() {
-	if _, ok := gc.mutation.CreatedAt(); !ok {
+func (_c *GroupCreate) defaults() {
+	if _, ok := _c.mutation.CreatedAt(); !ok {
 		v := group.DefaultCreatedAt()
-		gc.mutation.SetCreatedAt(v)
+		_c.mutation.SetCreatedAt(v)
 	}
-	if _, ok := gc.mutation.UpdatedAt(); !ok {
+	if _, ok := _c.mutation.UpdatedAt(); !ok {
 		v := group.DefaultUpdatedAt()
-		gc.mutation.SetUpdatedAt(v)
+		_c.mutation.SetUpdatedAt(v)
 	}
-	if _, ok := gc.mutation.Currency(); !ok {
+	if _, ok := _c.mutation.Currency(); !ok {
 		v := group.DefaultCurrency
-		gc.mutation.SetCurrency(v)
+		_c.mutation.SetCurrency(v)
 	}
-	if _, ok := gc.mutation.ID(); !ok {
+	if _, ok := _c.mutation.ID(); !ok {
 		v := group.DefaultID()
-		gc.mutation.SetID(v)
+		_c.mutation.SetID(v)
 	}
 }
 
 // check runs all checks and user-defined validators on the builder.
-func (gc *GroupCreate) check() error {
-	if _, ok := gc.mutation.CreatedAt(); !ok {
+func (_c *GroupCreate) check() error {
+	if _, ok := _c.mutation.CreatedAt(); !ok {
 		return &ValidationError{Name: "created_at", err: errors.New(`ent: missing required field "Group.created_at"`)}
 	}
-	if _, ok := gc.mutation.UpdatedAt(); !ok {
+	if _, ok := _c.mutation.UpdatedAt(); !ok {
 		return &ValidationError{Name: "updated_at", err: errors.New(`ent: missing required field "Group.updated_at"`)}
 	}
-	if _, ok := gc.mutation.Name(); !ok {
+	if _, ok := _c.mutation.Name(); !ok {
 		return &ValidationError{Name: "name", err: errors.New(`ent: missing required field "Group.name"`)}
 	}
-	if v, ok := gc.mutation.Name(); ok {
+	if v, ok := _c.mutation.Name(); ok {
 		if err := group.NameValidator(v); err != nil {
 			return &ValidationError{Name: "name", err: fmt.Errorf(`ent: validator failed for field "Group.name": %w`, err)}
 		}
 	}
-	if _, ok := gc.mutation.Currency(); !ok {
+	if _, ok := _c.mutation.Currency(); !ok {
 		return &ValidationError{Name: "currency", err: errors.New(`ent: missing required field "Group.currency"`)}
 	}
 	return nil
 }
 
-func (gc *GroupCreate) sqlSave(ctx context.Context) (*Group, error) {
-	if err := gc.check(); err != nil {
+func (_c *GroupCreate) sqlSave(ctx context.Context) (*Group, error) {
+	if err := _c.check(); err != nil {
 		return nil, err
 	}
-	_node, _spec := gc.createSpec()
-	if err := sqlgraph.CreateNode(ctx, gc.driver, _spec); err != nil {
+	_node, _spec := _c.createSpec()
+	if err := sqlgraph.CreateNode(ctx, _c.driver, _spec); err != nil {
 		if sqlgraph.IsConstraintError(err) {
 			err = &ConstraintError{msg: err.Error(), wrap: err}
 		}
@@ -272,37 +288,37 @@ func (gc *GroupCreate) sqlSave(ctx context.Context) (*Group, error) {
 			return nil, err
 		}
 	}
-	gc.mutation.id = &_node.ID
-	gc.mutation.done = true
+	_c.mutation.id = &_node.ID
+	_c.mutation.done = true
 	return _node, nil
 }
 
-func (gc *GroupCreate) createSpec() (*Group, *sqlgraph.CreateSpec) {
+func (_c *GroupCreate) createSpec() (*Group, *sqlgraph.CreateSpec) {
 	var (
-		_node = &Group{config: gc.config}
+		_node = &Group{config: _c.config}
 		_spec = sqlgraph.NewCreateSpec(group.Table, sqlgraph.NewFieldSpec(group.FieldID, field.TypeUUID))
 	)
-	if id, ok := gc.mutation.ID(); ok {
+	if id, ok := _c.mutation.ID(); ok {
 		_node.ID = id
 		_spec.ID.Value = &id
 	}
-	if value, ok := gc.mutation.CreatedAt(); ok {
+	if value, ok := _c.mutation.CreatedAt(); ok {
 		_spec.SetField(group.FieldCreatedAt, field.TypeTime, value)
 		_node.CreatedAt = value
 	}
-	if value, ok := gc.mutation.UpdatedAt(); ok {
+	if value, ok := _c.mutation.UpdatedAt(); ok {
 		_spec.SetField(group.FieldUpdatedAt, field.TypeTime, value)
 		_node.UpdatedAt = value
 	}
-	if value, ok := gc.mutation.Name(); ok {
+	if value, ok := _c.mutation.Name(); ok {
 		_spec.SetField(group.FieldName, field.TypeString, value)
 		_node.Name = value
 	}
-	if value, ok := gc.mutation.Currency(); ok {
+	if value, ok := _c.mutation.Currency(); ok {
 		_spec.SetField(group.FieldCurrency, field.TypeString, value)
 		_node.Currency = value
 	}
-	if nodes := gc.mutation.UsersIDs(); len(nodes) > 0 {
+	if nodes := _c.mutation.UsersIDs(); len(nodes) > 0 {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.O2M,
 			Inverse: false,
@@ -318,7 +334,7 @@ func (gc *GroupCreate) createSpec() (*Group, *sqlgraph.CreateSpec) {
 		}
 		_spec.Edges = append(_spec.Edges, edge)
 	}
-	if nodes := gc.mutation.LocationsIDs(); len(nodes) > 0 {
+	if nodes := _c.mutation.LocationsIDs(); len(nodes) > 0 {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.O2M,
 			Inverse: false,
@@ -334,7 +350,7 @@ func (gc *GroupCreate) createSpec() (*Group, *sqlgraph.CreateSpec) {
 		}
 		_spec.Edges = append(_spec.Edges, edge)
 	}
-	if nodes := gc.mutation.ItemsIDs(); len(nodes) > 0 {
+	if nodes := _c.mutation.ItemsIDs(); len(nodes) > 0 {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.O2M,
 			Inverse: false,
@@ -350,7 +366,7 @@ func (gc *GroupCreate) createSpec() (*Group, *sqlgraph.CreateSpec) {
 		}
 		_spec.Edges = append(_spec.Edges, edge)
 	}
-	if nodes := gc.mutation.LabelsIDs(); len(nodes) > 0 {
+	if nodes := _c.mutation.LabelsIDs(); len(nodes) > 0 {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.O2M,
 			Inverse: false,
@@ -366,7 +382,7 @@ func (gc *GroupCreate) createSpec() (*Group, *sqlgraph.CreateSpec) {
 		}
 		_spec.Edges = append(_spec.Edges, edge)
 	}
-	if nodes := gc.mutation.InvitationTokensIDs(); len(nodes) > 0 {
+	if nodes := _c.mutation.InvitationTokensIDs(); len(nodes) > 0 {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.O2M,
 			Inverse: false,
@@ -382,7 +398,7 @@ func (gc *GroupCreate) createSpec() (*Group, *sqlgraph.CreateSpec) {
 		}
 		_spec.Edges = append(_spec.Edges, edge)
 	}
-	if nodes := gc.mutation.NotifiersIDs(); len(nodes) > 0 {
+	if nodes := _c.mutation.NotifiersIDs(); len(nodes) > 0 {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.O2M,
 			Inverse: false,
@@ -398,6 +414,22 @@ func (gc *GroupCreate) createSpec() (*Group, *sqlgraph.CreateSpec) {
 		}
 		_spec.Edges = append(_spec.Edges, edge)
 	}
+	if nodes := _c.mutation.ItemTemplatesIDs(); len(nodes) > 0 {
+		edge := &sqlgraph.EdgeSpec{
+			Rel:     sqlgraph.O2M,
+			Inverse: false,
+			Table:   group.ItemTemplatesTable,
+			Columns: []string{group.ItemTemplatesColumn},
+			Bidi:    false,
+			Target: &sqlgraph.EdgeTarget{
+				IDSpec: sqlgraph.NewFieldSpec(itemtemplate.FieldID, field.TypeUUID),
+			},
+		}
+		for _, k := range nodes {
+			edge.Target.Nodes = append(edge.Target.Nodes, k)
+		}
+		_spec.Edges = append(_spec.Edges, edge)
+	}
 	return _node, _spec
 }
 
@@ -409,16 +441,16 @@ type GroupCreateBulk struct {
 }
 
 // Save creates the Group entities in the database.
-func (gcb *GroupCreateBulk) Save(ctx context.Context) ([]*Group, error) {
-	if gcb.err != nil {
-		return nil, gcb.err
+func (_c *GroupCreateBulk) Save(ctx context.Context) ([]*Group, error) {
+	if _c.err != nil {
+		return nil, _c.err
 	}
-	specs := make([]*sqlgraph.CreateSpec, len(gcb.builders))
-	nodes := make([]*Group, len(gcb.builders))
-	mutators := make([]Mutator, len(gcb.builders))
-	for i := range gcb.builders {
+	specs := make([]*sqlgraph.CreateSpec, len(_c.builders))
+	nodes := make([]*Group, len(_c.builders))
+	mutators := make([]Mutator, len(_c.builders))
+	for i := range _c.builders {
 		func(i int, root context.Context) {
-			builder := gcb.builders[i]
+			builder := _c.builders[i]
 			builder.defaults()
 			var mut Mutator = MutateFunc(func(ctx context.Context, m Mutation) (Value, error) {
 				mutation, ok := m.(*GroupMutation)
@@ -432,11 +464,11 @@ func (gcb *GroupCreateBulk) Save(ctx context.Context) ([]*Group, error) {
 				var err error
 				nodes[i], specs[i] = builder.createSpec()
 				if i < len(mutators)-1 {
-					_, err = mutators[i+1].Mutate(root, gcb.builders[i+1].mutation)
+					_, err = mutators[i+1].Mutate(root, _c.builders[i+1].mutation)
 				} else {
 					spec := &sqlgraph.BatchCreateSpec{Nodes: specs}
 					// Invoke the actual operation on the latest mutation in the chain.
-					if err = sqlgraph.BatchCreate(ctx, gcb.driver, spec); err != nil {
+					if err = sqlgraph.BatchCreate(ctx, _c.driver, spec); err != nil {
 						if sqlgraph.IsConstraintError(err) {
 							err = &ConstraintError{msg: err.Error(), wrap: err}
 						}
@@ -456,7 +488,7 @@ func (gcb *GroupCreateBulk) Save(ctx context.Context) ([]*Group, error) {
 		}(i, ctx)
 	}
 	if len(mutators) > 0 {
-		if _, err := mutators[0].Mutate(ctx, gcb.builders[0].mutation); err != nil {
+		if _, err := mutators[0].Mutate(ctx, _c.builders[0].mutation); err != nil {
 			return nil, err
 		}
 	}
@@ -464,8 +496,8 @@ func (gcb *GroupCreateBulk) Save(ctx context.Context) ([]*Group, error) {
 }
 
 // SaveX is like Save, but panics if an error occurs.
-func (gcb *GroupCreateBulk) SaveX(ctx context.Context) []*Group {
-	v, err := gcb.Save(ctx)
+func (_c *GroupCreateBulk) SaveX(ctx context.Context) []*Group {
+	v, err := _c.Save(ctx)
 	if err != nil {
 		panic(err)
 	}
@@ -473,14 +505,14 @@ func (gcb *GroupCreateBulk) SaveX(ctx context.Context) []*Group {
 }
 
 // Exec executes the query.
-func (gcb *GroupCreateBulk) Exec(ctx context.Context) error {
-	_, err := gcb.Save(ctx)
+func (_c *GroupCreateBulk) Exec(ctx context.Context) error {
+	_, err := _c.Save(ctx)
 	return err
 }
 
 // ExecX is like Exec, but panics if an error occurs.
-func (gcb *GroupCreateBulk) ExecX(ctx context.Context) {
-	if err := gcb.Exec(ctx); err != nil {
+func (_c *GroupCreateBulk) ExecX(ctx context.Context) {
+	if err := _c.Exec(ctx); err != nil {
 		panic(err)
 	}
 }

backend/internal/data/ent/group_delete.go

@@ -20,56 +20,56 @@ type GroupDelete struct {
 }
 
 // Where appends a list predicates to the GroupDelete builder.
-func (gd *GroupDelete) Where(ps ...predicate.Group) *GroupDelete {
-	gd.mutation.Where(ps...)
-	return gd
+func (_d *GroupDelete) Where(ps ...predicate.Group) *GroupDelete {
+	_d.mutation.Where(ps...)
+	return _d
 }
 
 // Exec executes the deletion query and returns how many vertices were deleted.
-func (gd *GroupDelete) Exec(ctx context.Context) (int, error) {
-	return withHooks(ctx, gd.sqlExec, gd.mutation, gd.hooks)
+func (_d *GroupDelete) Exec(ctx context.Context) (int, error) {
+	return withHooks(ctx, _d.sqlExec, _d.mutation, _d.hooks)
 }
 
 // ExecX is like Exec, but panics if an error occurs.
-func (gd *GroupDelete) ExecX(ctx context.Context) int {
-	n, err := gd.Exec(ctx)
+func (_d *GroupDelete) ExecX(ctx context.Context) int {
+	n, err := _d.Exec(ctx)
 	if err != nil {
 		panic(err)
 	}
 	return n
 }
 
-func (gd *GroupDelete) sqlExec(ctx context.Context) (int, error) {
+func (_d *GroupDelete) sqlExec(ctx context.Context) (int, error) {
 	_spec := sqlgraph.NewDeleteSpec(group.Table, sqlgraph.NewFieldSpec(group.FieldID, field.TypeUUID))
-	if ps := gd.mutation.predicates; len(ps) > 0 {
+	if ps := _d.mutation.predicates; len(ps) > 0 {
 		_spec.Predicate = func(selector *sql.Selector) {
 			for i := range ps {
 				ps[i](selector)
 			}
 		}
 	}
-	affected, err := sqlgraph.DeleteNodes(ctx, gd.driver, _spec)
+	affected, err := sqlgraph.DeleteNodes(ctx, _d.driver, _spec)
 	if err != nil && sqlgraph.IsConstraintError(err) {
 		err = &ConstraintError{msg: err.Error(), wrap: err}
 	}
-	gd.mutation.done = true
+	_d.mutation.done = true
 	return affected, err
 }
 
 // GroupDeleteOne is the builder for deleting a single Group entity.
 type GroupDeleteOne struct {
-	gd *GroupDelete
+	_d *GroupDelete
 }
 
 // Where appends a list predicates to the GroupDelete builder.
-func (gdo *GroupDeleteOne) Where(ps ...predicate.Group) *GroupDeleteOne {
-	gdo.gd.mutation.Where(ps...)
-	return gdo
+func (_d *GroupDeleteOne) Where(ps ...predicate.Group) *GroupDeleteOne {
+	_d._d.mutation.Where(ps...)
+	return _d
 }
 
 // Exec executes the deletion query.
-func (gdo *GroupDeleteOne) Exec(ctx context.Context) error {
-	n, err := gdo.gd.Exec(ctx)
+func (_d *GroupDeleteOne) Exec(ctx context.Context) error {
+	n, err := _d._d.Exec(ctx)
 	switch {
 	case err != nil:
 		return err
@@ -81,8 +81,8 @@ func (gdo *GroupDeleteOne) Exec(ctx context.Context) error {
 }
 
 // ExecX is like Exec, but panics if an error occurs.
-func (gdo *GroupDeleteOne) ExecX(ctx context.Context) {
-	if err := gdo.Exec(ctx); err != nil {
+func (_d *GroupDeleteOne) ExecX(ctx context.Context) {
+	if err := _d.Exec(ctx); err != nil {
 		panic(err)
 	}
 }

backend/internal/data/ent/groupinvitationtoken.go

@@ -80,7 +80,7 @@ func (*GroupInvitationToken) scanValues(columns []string) ([]any, error) {
 
 // assignValues assigns the values that were returned from sql.Rows (after scanning)
 // to the GroupInvitationToken fields.
-func (git *GroupInvitationToken) assignValues(columns []string, values []any) error {
+func (_m *GroupInvitationToken) assignValues(columns []string, values []any) error {
 	if m, n := len(values), len(columns); m < n {
 		return fmt.Errorf("mismatch number of scan values: %d != %d", m, n)
 	}
@@ -90,47 +90,47 @@ func (git *GroupInvitationToken) assignValues(columns []string, values []any) er
 			if value, ok := values[i].(*uuid.UUID); !ok {
 				return fmt.Errorf("unexpected type %T for field id", values[i])
 			} else if value != nil {
-				git.ID = *value
+				_m.ID = *value
 			}
 		case groupinvitationtoken.FieldCreatedAt:
 			if value, ok := values[i].(*sql.NullTime); !ok {
 				return fmt.Errorf("unexpected type %T for field created_at", values[i])
 			} else if value.Valid {
-				git.CreatedAt = value.Time
+				_m.CreatedAt = value.Time
 			}
 		case groupinvitationtoken.FieldUpdatedAt:
 			if value, ok := values[i].(*sql.NullTime); !ok {
 				return fmt.Errorf("unexpected type %T for field updated_at", values[i])
 			} else if value.Valid {
-				git.UpdatedAt = value.Time
+				_m.UpdatedAt = value.Time
 			}
 		case groupinvitationtoken.FieldToken:
 			if value, ok := values[i].(*[]byte); !ok {
 				return fmt.Errorf("unexpected type %T for field token", values[i])
 			} else if value != nil {
-				git.Token = *value
+				_m.Token = *value
 			}
 		case groupinvitationtoken.FieldExpiresAt:
 			if value, ok := values[i].(*sql.NullTime); !ok {
 				return fmt.Errorf("unexpected type %T for field expires_at", values[i])
 			} else if value.Valid {
-				git.ExpiresAt = value.Time
+				_m.ExpiresAt = value.Time
 			}
 		case groupinvitationtoken.FieldUses:
 			if value, ok := values[i].(*sql.NullInt64); !ok {
 				return fmt.Errorf("unexpected type %T for field uses", values[i])
 			} else if value.Valid {
-				git.Uses = int(value.Int64)
+				_m.Uses = int(value.Int64)
 			}
 		case groupinvitationtoken.ForeignKeys[0]:
 			if value, ok := values[i].(*sql.NullScanner); !ok {
 				return fmt.Errorf("unexpected type %T for field group_invitation_tokens", values[i])
 			} else if value.Valid {
-				git.group_invitation_tokens = new(uuid.UUID)
-				*git.group_invitation_tokens = *value.S.(*uuid.UUID)
+				_m.group_invitation_tokens = new(uuid.UUID)
+				*_m.group_invitation_tokens = *value.S.(*uuid.UUID)
 			}
 		default:
-			git.selectValues.Set(columns[i], values[i])
+			_m.selectValues.Set(columns[i], values[i])
 		}
 	}
 	return nil
@@ -138,52 +138,52 @@ func (git *GroupInvitationToken) assignValues(columns []string, values []any) er
 
 // Value returns the ent.Value that was dynamically selected and assigned to the GroupInvitationToken.
 // This includes values selected through modifiers, order, etc.
-func (git *GroupInvitationToken) Value(name string) (ent.Value, error) {
-	return git.selectValues.Get(name)
+func (_m *GroupInvitationToken) Value(name string) (ent.Value, error) {
+	return _m.selectValues.Get(name)
 }
 
 // QueryGroup queries the "group" edge of the GroupInvitationToken entity.
-func (git *GroupInvitationToken) QueryGroup() *GroupQuery {
-	return NewGroupInvitationTokenClient(git.config).QueryGroup(git)
+func (_m *GroupInvitationToken) QueryGroup() *GroupQuery {
+	return NewGroupInvitationTokenClient(_m.config).QueryGroup(_m)
 }
 
 // Update returns a builder for updating this GroupInvitationToken.
 // Note that you need to call GroupInvitationToken.Unwrap() before calling this method if this GroupInvitationToken
 // was returned from a transaction, and the transaction was committed or rolled back.
-func (git *GroupInvitationToken) Update() *GroupInvitationTokenUpdateOne {
-	return NewGroupInvitationTokenClient(git.config).UpdateOne(git)
+func (_m *GroupInvitationToken) Update() *GroupInvitationTokenUpdateOne {
+	return NewGroupInvitationTokenClient(_m.config).UpdateOne(_m)
 }
 
 // Unwrap unwraps the GroupInvitationToken entity that was returned from a transaction after it was closed,
 // so that all future queries will be executed through the driver which created the transaction.
-func (git *GroupInvitationToken) Unwrap() *GroupInvitationToken {
-	_tx, ok := git.config.driver.(*txDriver)
+func (_m *GroupInvitationToken) Unwrap() *GroupInvitationToken {
+	_tx, ok := _m.config.driver.(*txDriver)
 	if !ok {
 		panic("ent: GroupInvitationToken is not a transactional entity")
 	}
-	git.config.driver = _tx.drv
-	return git
+	_m.config.driver = _tx.drv
+	return _m
 }
 
 // String implements the fmt.Stringer.
-func (git *GroupInvitationToken) String() string {
+func (_m *GroupInvitationToken) String() string {
 	var builder strings.Builder
 	builder.WriteString("GroupInvitationToken(")
-	builder.WriteString(fmt.Sprintf("id=%v, ", git.ID))
+	builder.WriteString(fmt.Sprintf("id=%v, ", _m.ID))
 	builder.WriteString("created_at=")
-	builder.WriteString(git.CreatedAt.Format(time.ANSIC))
+	builder.WriteString(_m.CreatedAt.Format(time.ANSIC))
 	builder.WriteString(", ")
 	builder.WriteString("updated_at=")
-	builder.WriteString(git.UpdatedAt.Format(time.ANSIC))
+	builder.WriteString(_m.UpdatedAt.Format(time.ANSIC))
 	builder.WriteString(", ")
 	builder.WriteString("token=")
-	builder.WriteString(fmt.Sprintf("%v", git.Token))
+	builder.WriteString(fmt.Sprintf("%v", _m.Token))
 	builder.WriteString(", ")
 	builder.WriteString("expires_at=")
-	builder.WriteString(git.ExpiresAt.Format(time.ANSIC))
+	builder.WriteString(_m.ExpiresAt.Format(time.ANSIC))
 	builder.WriteString(", ")
 	builder.WriteString("uses=")
-	builder.WriteString(fmt.Sprintf("%v", git.Uses))
+	builder.WriteString(fmt.Sprintf("%v", _m.Uses))
 	builder.WriteByte(')')
 	return builder.String()
 }

backend/internal/data/ent/groupinvitationtoken_create.go

@@ -23,114 +23,114 @@ type GroupInvitationTokenCreate struct {
 }
 
 // SetCreatedAt sets the "created_at" field.
-func (gitc *GroupInvitationTokenCreate) SetCreatedAt(t time.Time) *GroupInvitationTokenCreate {
-	gitc.mutation.SetCreatedAt(t)
-	return gitc
+func (_c *GroupInvitationTokenCreate) SetCreatedAt(v time.Time) *GroupInvitationTokenCreate {
+	_c.mutation.SetCreatedAt(v)
+	return _c
 }
 
 // SetNillableCreatedAt sets the "created_at" field if the given value is not nil.
-func (gitc *GroupInvitationTokenCreate) SetNillableCreatedAt(t *time.Time) *GroupInvitationTokenCreate {
-	if t != nil {
-		gitc.SetCreatedAt(*t)
+func (_c *GroupInvitationTokenCreate) SetNillableCreatedAt(v *time.Time) *GroupInvitationTokenCreate {
+	if v != nil {
+		_c.SetCreatedAt(*v)
 	}
-	return gitc
+	return _c
 }
 
 // SetUpdatedAt sets the "updated_at" field.
-func (gitc *GroupInvitationTokenCreate) SetUpdatedAt(t time.Time) *GroupInvitationTokenCreate {
-	gitc.mutation.SetUpdatedAt(t)
-	return gitc
+func (_c *GroupInvitationTokenCreate) SetUpdatedAt(v time.Time) *GroupInvitationTokenCreate {
+	_c.mutation.SetUpdatedAt(v)
+	return _c
 }
 
 // SetNillableUpdatedAt sets the "updated_at" field if the given value is not nil.
-func (gitc *GroupInvitationTokenCreate) SetNillableUpdatedAt(t *time.Time) *GroupInvitationTokenCreate {
-	if t != nil {
-		gitc.SetUpdatedAt(*t)
+func (_c *GroupInvitationTokenCreate) SetNillableUpdatedAt(v *time.Time) *GroupInvitationTokenCreate {
+	if v != nil {
+		_c.SetUpdatedAt(*v)
 	}
-	return gitc
+	return _c
 }
 
 // SetToken sets the "token" field.
-func (gitc *GroupInvitationTokenCreate) SetToken(b []byte) *GroupInvitationTokenCreate {
-	gitc.mutation.SetToken(b)
-	return gitc
+func (_c *GroupInvitationTokenCreate) SetToken(v []byte) *GroupInvitationTokenCreate {
+	_c.mutation.SetToken(v)
+	return _c
 }
 
 // SetExpiresAt sets the "expires_at" field.
-func (gitc *GroupInvitationTokenCreate) SetExpiresAt(t time.Time) *GroupInvitationTokenCreate {
-	gitc.mutation.SetExpiresAt(t)
-	return gitc
+func (_c *GroupInvitationTokenCreate) SetExpiresAt(v time.Time) *GroupInvitationTokenCreate {
+	_c.mutation.SetExpiresAt(v)
+	return _c
 }
 
 // SetNillableExpiresAt sets the "expires_at" field if the given value is not nil.
-func (gitc *GroupInvitationTokenCreate) SetNillableExpiresAt(t *time.Time) *GroupInvitationTokenCreate {
-	if t != nil {
-		gitc.SetExpiresAt(*t)
+func (_c *GroupInvitationTokenCreate) SetNillableExpiresAt(v *time.Time) *GroupInvitationTokenCreate {
+	if v != nil {
+		_c.SetExpiresAt(*v)
 	}
-	return gitc
+	return _c
 }
 
 // SetUses sets the "uses" field.
-func (gitc *GroupInvitationTokenCreate) SetUses(i int) *GroupInvitationTokenCreate {
-	gitc.mutation.SetUses(i)
-	return gitc
+func (_c *GroupInvitationTokenCreate) SetUses(v int) *GroupInvitationTokenCreate {
+	_c.mutation.SetUses(v)
+	return _c
 }
 
 // SetNillableUses sets the "uses" field if the given value is not nil.
-func (gitc *GroupInvitationTokenCreate) SetNillableUses(i *int) *GroupInvitationTokenCreate {
-	if i != nil {
-		gitc.SetUses(*i)
+func (_c *GroupInvitationTokenCreate) SetNillableUses(v *int) *GroupInvitationTokenCreate {
+	if v != nil {
+		_c.SetUses(*v)
 	}
-	return gitc
+	return _c
 }
 
 // SetID sets the "id" field.
-func (gitc *GroupInvitationTokenCreate) SetID(u uuid.UUID) *GroupInvitationTokenCreate {
-	gitc.mutation.SetID(u)
-	return gitc
+func (_c *GroupInvitationTokenCreate) SetID(v uuid.UUID) *GroupInvitationTokenCreate {
+	_c.mutation.SetID(v)
+	return _c
 }
 
 // SetNillableID sets the "id" field if the given value is not nil.
-func (gitc *GroupInvitationTokenCreate) SetNillableID(u *uuid.UUID) *GroupInvitationTokenCreate {
-	if u != nil {
-		gitc.SetID(*u)
+func (_c *GroupInvitationTokenCreate) SetNillableID(v *uuid.UUID) *GroupInvitationTokenCreate {
+	if v != nil {
+		_c.SetID(*v)
 	}
-	return gitc
+	return _c
 }
 
 // SetGroupID sets the "group" edge to the Group entity by ID.
-func (gitc *GroupInvitationTokenCreate) SetGroupID(id uuid.UUID) *GroupInvitationTokenCreate {
-	gitc.mutation.SetGroupID(id)
-	return gitc
+func (_c *GroupInvitationTokenCreate) SetGroupID(id uuid.UUID) *GroupInvitationTokenCreate {
+	_c.mutation.SetGroupID(id)
+	return _c
 }
 
 // SetNillableGroupID sets the "group" edge to the Group entity by ID if the given value is not nil.
-func (gitc *GroupInvitationTokenCreate) SetNillableGroupID(id *uuid.UUID) *GroupInvitationTokenCreate {
+func (_c *GroupInvitationTokenCreate) SetNillableGroupID(id *uuid.UUID) *GroupInvitationTokenCreate {
 	if id != nil {
-		gitc = gitc.SetGroupID(*id)
+		_c = _c.SetGroupID(*id)
 	}
-	return gitc
+	return _c
 }
 
 // SetGroup sets the "group" edge to the Group entity.
-func (gitc *GroupInvitationTokenCreate) SetGroup(g *Group) *GroupInvitationTokenCreate {
-	return gitc.SetGroupID(g.ID)
+func (_c *GroupInvitationTokenCreate) SetGroup(v *Group) *GroupInvitationTokenCreate {
+	return _c.SetGroupID(v.ID)
 }
 
 // Mutation returns the GroupInvitationTokenMutation object of the builder.
-func (gitc *GroupInvitationTokenCreate) Mutation() *GroupInvitationTokenMutation {
-	return gitc.mutation
+func (_c *GroupInvitationTokenCreate) Mutation() *GroupInvitationTokenMutation {
+	return _c.mutation
 }
 
 // Save creates the GroupInvitationToken in the database.
-func (gitc *GroupInvitationTokenCreate) Save(ctx context.Context) (*GroupInvitationToken, error) {
-	gitc.defaults()
-	return withHooks(ctx, gitc.sqlSave, gitc.mutation, gitc.hooks)
+func (_c *GroupInvitationTokenCreate) Save(ctx context.Context) (*GroupInvitationToken, error) {
+	_c.defaults()
+	return withHooks(ctx, _c.sqlSave, _c.mutation, _c.hooks)
 }
 
 // SaveX calls Save and panics if Save returns an error.
-func (gitc *GroupInvitationTokenCreate) SaveX(ctx context.Context) *GroupInvitationToken {
-	v, err := gitc.Save(ctx)
+func (_c *GroupInvitationTokenCreate) SaveX(ctx context.Context) *GroupInvitationToken {
+	v, err := _c.Save(ctx)
 	if err != nil {
 		panic(err)
 	}
@@ -138,68 +138,68 @@ func (gitc *GroupInvitationTokenCreate) SaveX(ctx context.Context) *GroupInvitat
 }
 
 // Exec executes the query.
-func (gitc *GroupInvitationTokenCreate) Exec(ctx context.Context) error {
-	_, err := gitc.Save(ctx)
+func (_c *GroupInvitationTokenCreate) Exec(ctx context.Context) error {
+	_, err := _c.Save(ctx)
 	return err
 }
 
 // ExecX is like Exec, but panics if an error occurs.
-func (gitc *GroupInvitationTokenCreate) ExecX(ctx context.Context) {
-	if err := gitc.Exec(ctx); err != nil {
+func (_c *GroupInvitationTokenCreate) ExecX(ctx context.Context) {
+	if err := _c.Exec(ctx); err != nil {
 		panic(err)
 	}
 }
 
 // defaults sets the default values of the builder before save.
-func (gitc *GroupInvitationTokenCreate) defaults() {
-	if _, ok := gitc.mutation.CreatedAt(); !ok {
+func (_c *GroupInvitationTokenCreate) defaults() {
+	if _, ok := _c.mutation.CreatedAt(); !ok {
 		v := groupinvitationtoken.DefaultCreatedAt()
-		gitc.mutation.SetCreatedAt(v)
+		_c.mutation.SetCreatedAt(v)
 	}
-	if _, ok := gitc.mutation.UpdatedAt(); !ok {
+	if _, ok := _c.mutation.UpdatedAt(); !ok {
 		v := groupinvitationtoken.DefaultUpdatedAt()
-		gitc.mutation.SetUpdatedAt(v)
+		_c.mutation.SetUpdatedAt(v)
 	}
-	if _, ok := gitc.mutation.ExpiresAt(); !ok {
+	if _, ok := _c.mutation.ExpiresAt(); !ok {
 		v := groupinvitationtoken.DefaultExpiresAt()
-		gitc.mutation.SetExpiresAt(v)
+		_c.mutation.SetExpiresAt(v)
 	}
-	if _, ok := gitc.mutation.Uses(); !ok {
+	if _, ok := _c.mutation.Uses(); !ok {
 		v := groupinvitationtoken.DefaultUses
-		gitc.mutation.SetUses(v)
+		_c.mutation.SetUses(v)
 	}
-	if _, ok := gitc.mutation.ID(); !ok {
+	if _, ok := _c.mutation.ID(); !ok {
 		v := groupinvitationtoken.DefaultID()
-		gitc.mutation.SetID(v)
+		_c.mutation.SetID(v)
 	}
 }
 
 // check runs all checks and user-defined validators on the builder.
-func (gitc *GroupInvitationTokenCreate) check() error {
-	if _, ok := gitc.mutation.CreatedAt(); !ok {
+func (_c *GroupInvitationTokenCreate) check() error {
+	if _, ok := _c.mutation.CreatedAt(); !ok {
 		return &ValidationError{Name: "created_at", err: errors.New(`ent: missing required field "GroupInvitationToken.created_at"`)}
 	}
-	if _, ok := gitc.mutation.UpdatedAt(); !ok {
+	if _, ok := _c.mutation.UpdatedAt(); !ok {
 		return &ValidationError{Name: "updated_at", err: errors.New(`ent: missing required field "GroupInvitationToken.updated_at"`)}
 	}
-	if _, ok := gitc.mutation.Token(); !ok {
+	if _, ok := _c.mutation.Token(); !ok {
 		return &ValidationError{Name: "token", err: errors.New(`ent: missing required field "GroupInvitationToken.token"`)}
 	}
-	if _, ok := gitc.mutation.ExpiresAt(); !ok {
+	if _, ok := _c.mutation.ExpiresAt(); !ok {
 		return &ValidationError{Name: "expires_at", err: errors.New(`ent: missing required field "GroupInvitationToken.expires_at"`)}
 	}
-	if _, ok := gitc.mutation.Uses(); !ok {
+	if _, ok := _c.mutation.Uses(); !ok {
 		return &ValidationError{Name: "uses", err: errors.New(`ent: missing required field "GroupInvitationToken.uses"`)}
 	}
 	return nil
 }
 
-func (gitc *GroupInvitationTokenCreate) sqlSave(ctx context.Context) (*GroupInvitationToken, error) {
-	if err := gitc.check(); err != nil {
+func (_c *GroupInvitationTokenCreate) sqlSave(ctx context.Context) (*GroupInvitationToken, error) {
+	if err := _c.check(); err != nil {
 		return nil, err
 	}
-	_node, _spec := gitc.createSpec()
-	if err := sqlgraph.CreateNode(ctx, gitc.driver, _spec); err != nil {
+	_node, _spec := _c.createSpec()
+	if err := sqlgraph.CreateNode(ctx, _c.driver, _spec); err != nil {
 		if sqlgraph.IsConstraintError(err) {
 			err = &ConstraintError{msg: err.Error(), wrap: err}
 		}
@@ -212,41 +212,41 @@ func (gitc *GroupInvitationTokenCreate) sqlSave(ctx context.Context) (*GroupInvi
 			return nil, err
 		}
 	}
-	gitc.mutation.id = &_node.ID
-	gitc.mutation.done = true
+	_c.mutation.id = &_node.ID
+	_c.mutation.done = true
 	return _node, nil
 }
 
-func (gitc *GroupInvitationTokenCreate) createSpec() (*GroupInvitationToken, *sqlgraph.CreateSpec) {
+func (_c *GroupInvitationTokenCreate) createSpec() (*GroupInvitationToken, *sqlgraph.CreateSpec) {
 	var (
-		_node = &GroupInvitationToken{config: gitc.config}
+		_node = &GroupInvitationToken{config: _c.config}
 		_spec = sqlgraph.NewCreateSpec(groupinvitationtoken.Table, sqlgraph.NewFieldSpec(groupinvitationtoken.FieldID, field.TypeUUID))
 	)
-	if id, ok := gitc.mutation.ID(); ok {
+	if id, ok := _c.mutation.ID(); ok {
 		_node.ID = id
 		_spec.ID.Value = &id
 	}
-	if value, ok := gitc.mutation.CreatedAt(); ok {
+	if value, ok := _c.mutation.CreatedAt(); ok {
 		_spec.SetField(groupinvitationtoken.FieldCreatedAt, field.TypeTime, value)
 		_node.CreatedAt = value
 	}
-	if value, ok := gitc.mutation.UpdatedAt(); ok {
+	if value, ok := _c.mutation.UpdatedAt(); ok {
 		_spec.SetField(groupinvitationtoken.FieldUpdatedAt, field.TypeTime, value)
 		_node.UpdatedAt = value
 	}
-	if value, ok := gitc.mutation.Token(); ok {
+	if value, ok := _c.mutation.Token(); ok {
 		_spec.SetField(groupinvitationtoken.FieldToken, field.TypeBytes, value)
 		_node.Token = value
 	}
-	if value, ok := gitc.mutation.ExpiresAt(); ok {
+	if value, ok := _c.mutation.ExpiresAt(); ok {
 		_spec.SetField(groupinvitationtoken.FieldExpiresAt, field.TypeTime, value)
 		_node.ExpiresAt = value
 	}
-	if value, ok := gitc.mutation.Uses(); ok {
+	if value, ok := _c.mutation.Uses(); ok {
 		_spec.SetField(groupinvitationtoken.FieldUses, field.TypeInt, value)
 		_node.Uses = value
 	}
-	if nodes := gitc.mutation.GroupIDs(); len(nodes) > 0 {
+	if nodes := _c.mutation.GroupIDs(); len(nodes) > 0 {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.M2O,
 			Inverse: true,
@@ -274,16 +274,16 @@ type GroupInvitationTokenCreateBulk struct {
 }
 
 // Save creates the GroupInvitationToken entities in the database.
-func (gitcb *GroupInvitationTokenCreateBulk) Save(ctx context.Context) ([]*GroupInvitationToken, error) {
-	if gitcb.err != nil {
-		return nil, gitcb.err
+func (_c *GroupInvitationTokenCreateBulk) Save(ctx context.Context) ([]*GroupInvitationToken, error) {
+	if _c.err != nil {
+		return nil, _c.err
 	}
-	specs := make([]*sqlgraph.CreateSpec, len(gitcb.builders))
-	nodes := make([]*GroupInvitationToken, len(gitcb.builders))
-	mutators := make([]Mutator, len(gitcb.builders))
-	for i := range gitcb.builders {
+	specs := make([]*sqlgraph.CreateSpec, len(_c.builders))
+	nodes := make([]*GroupInvitationToken, len(_c.builders))
+	mutators := make([]Mutator, len(_c.builders))
+	for i := range _c.builders {
 		func(i int, root context.Context) {
-			builder := gitcb.builders[i]
+			builder := _c.builders[i]
 			builder.defaults()
 			var mut Mutator = MutateFunc(func(ctx context.Context, m Mutation) (Value, error) {
 				mutation, ok := m.(*GroupInvitationTokenMutation)
@@ -297,11 +297,11 @@ func (gitcb *GroupInvitationTokenCreateBulk) Save(ctx context.Context) ([]*Group
 				var err error
 				nodes[i], specs[i] = builder.createSpec()
 				if i < len(mutators)-1 {
-					_, err = mutators[i+1].Mutate(root, gitcb.builders[i+1].mutation)
+					_, err = mutators[i+1].Mutate(root, _c.builders[i+1].mutation)
 				} else {
 					spec := &sqlgraph.BatchCreateSpec{Nodes: specs}
 					// Invoke the actual operation on the latest mutation in the chain.
-					if err = sqlgraph.BatchCreate(ctx, gitcb.driver, spec); err != nil {
+					if err = sqlgraph.BatchCreate(ctx, _c.driver, spec); err != nil {
 						if sqlgraph.IsConstraintError(err) {
 							err = &ConstraintError{msg: err.Error(), wrap: err}
 						}
@@ -321,7 +321,7 @@ func (gitcb *GroupInvitationTokenCreateBulk) Save(ctx context.Context) ([]*Group
 		}(i, ctx)
 	}
 	if len(mutators) > 0 {
-		if _, err := mutators[0].Mutate(ctx, gitcb.builders[0].mutation); err != nil {
+		if _, err := mutators[0].Mutate(ctx, _c.builders[0].mutation); err != nil {
 			return nil, err
 		}
 	}
@@ -329,8 +329,8 @@ func (gitcb *GroupInvitationTokenCreateBulk) Save(ctx context.Context) ([]*Group
 }
 
 // SaveX is like Save, but panics if an error occurs.
-func (gitcb *GroupInvitationTokenCreateBulk) SaveX(ctx context.Context) []*GroupInvitationToken {
-	v, err := gitcb.Save(ctx)
+func (_c *GroupInvitationTokenCreateBulk) SaveX(ctx context.Context) []*GroupInvitationToken {
+	v, err := _c.Save(ctx)
 	if err != nil {
 		panic(err)
 	}
@@ -338,14 +338,14 @@ func (gitcb *GroupInvitationTokenCreateBulk) SaveX(ctx context.Context) []*Group
 }
 
 // Exec executes the query.
-func (gitcb *GroupInvitationTokenCreateBulk) Exec(ctx context.Context) error {
-	_, err := gitcb.Save(ctx)
+func (_c *GroupInvitationTokenCreateBulk) Exec(ctx context.Context) error {
+	_, err := _c.Save(ctx)
 	return err
 }
 
 // ExecX is like Exec, but panics if an error occurs.
-func (gitcb *GroupInvitationTokenCreateBulk) ExecX(ctx context.Context) {
-	if err := gitcb.Exec(ctx); err != nil {
+func (_c *GroupInvitationTokenCreateBulk) ExecX(ctx context.Context) {
+	if err := _c.Exec(ctx); err != nil {
 		panic(err)
 	}
 }

backend/internal/data/ent/groupinvitationtoken_delete.go

@@ -20,56 +20,56 @@ type GroupInvitationTokenDelete struct {
 }
 
 // Where appends a list predicates to the GroupInvitationTokenDelete builder.
-func (gitd *GroupInvitationTokenDelete) Where(ps ...predicate.GroupInvitationToken) *GroupInvitationTokenDelete {
-	gitd.mutation.Where(ps...)
-	return gitd
+func (_d *GroupInvitationTokenDelete) Where(ps ...predicate.GroupInvitationToken) *GroupInvitationTokenDelete {
+	_d.mutation.Where(ps...)
+	return _d
 }
 
 // Exec executes the deletion query and returns how many vertices were deleted.
-func (gitd *GroupInvitationTokenDelete) Exec(ctx context.Context) (int, error) {
-	return withHooks(ctx, gitd.sqlExec, gitd.mutation, gitd.hooks)
+func (_d *GroupInvitationTokenDelete) Exec(ctx context.Context) (int, error) {
+	return withHooks(ctx, _d.sqlExec, _d.mutation, _d.hooks)
 }
 
 // ExecX is like Exec, but panics if an error occurs.
-func (gitd *GroupInvitationTokenDelete) ExecX(ctx context.Context) int {
-	n, err := gitd.Exec(ctx)
+func (_d *GroupInvitationTokenDelete) ExecX(ctx context.Context) int {
+	n, err := _d.Exec(ctx)
 	if err != nil {
 		panic(err)
 	}
 	return n
 }
 
-func (gitd *GroupInvitationTokenDelete) sqlExec(ctx context.Context) (int, error) {
+func (_d *GroupInvitationTokenDelete) sqlExec(ctx context.Context) (int, error) {
 	_spec := sqlgraph.NewDeleteSpec(groupinvitationtoken.Table, sqlgraph.NewFieldSpec(groupinvitationtoken.FieldID, field.TypeUUID))
-	if ps := gitd.mutation.predicates; len(ps) > 0 {
+	if ps := _d.mutation.predicates; len(ps) > 0 {
 		_spec.Predicate = func(selector *sql.Selector) {
 			for i := range ps {
 				ps[i](selector)
 			}
 		}
 	}
-	affected, err := sqlgraph.DeleteNodes(ctx, gitd.driver, _spec)
+	affected, err := sqlgraph.DeleteNodes(ctx, _d.driver, _spec)
 	if err != nil && sqlgraph.IsConstraintError(err) {
 		err = &ConstraintError{msg: err.Error(), wrap: err}
 	}
-	gitd.mutation.done = true
+	_d.mutation.done = true
 	return affected, err
 }
 
 // GroupInvitationTokenDeleteOne is the builder for deleting a single GroupInvitationToken entity.
 type GroupInvitationTokenDeleteOne struct {
-	gitd *GroupInvitationTokenDelete
+	_d *GroupInvitationTokenDelete
 }
 
 // Where appends a list predicates to the GroupInvitationTokenDelete builder.
-func (gitdo *GroupInvitationTokenDeleteOne) Where(ps ...predicate.GroupInvitationToken) *GroupInvitationTokenDeleteOne {
-	gitdo.gitd.mutation.Where(ps...)
-	return gitdo
+func (_d *GroupInvitationTokenDeleteOne) Where(ps ...predicate.GroupInvitationToken) *GroupInvitationTokenDeleteOne {
+	_d._d.mutation.Where(ps...)
+	return _d
 }
 
 // Exec executes the deletion query.
-func (gitdo *GroupInvitationTokenDeleteOne) Exec(ctx context.Context) error {
-	n, err := gitdo.gitd.Exec(ctx)
+func (_d *GroupInvitationTokenDeleteOne) Exec(ctx context.Context) error {
+	n, err := _d._d.Exec(ctx)
 	switch {
 	case err != nil:
 		return err
@@ -81,8 +81,8 @@ func (gitdo *GroupInvitationTokenDeleteOne) Exec(ctx context.Context) error {
 }
 
 // ExecX is like Exec, but panics if an error occurs.
-func (gitdo *GroupInvitationTokenDeleteOne) ExecX(ctx context.Context) {
-	if err := gitdo.Exec(ctx); err != nil {
+func (_d *GroupInvitationTokenDeleteOne) ExecX(ctx context.Context) {
+	if err := _d.Exec(ctx); err != nil {
 		panic(err)
 	}
 }

backend/internal/data/ent/groupinvitationtoken_query.go

@@ -32,44 +32,44 @@ type GroupInvitationTokenQuery struct {
 }
 
 // Where adds a new predicate for the GroupInvitationTokenQuery builder.
-func (gitq *GroupInvitationTokenQuery) Where(ps ...predicate.GroupInvitationToken) *GroupInvitationTokenQuery {
-	gitq.predicates = append(gitq.predicates, ps...)
-	return gitq
+func (_q *GroupInvitationTokenQuery) Where(ps ...predicate.GroupInvitationToken) *GroupInvitationTokenQuery {
+	_q.predicates = append(_q.predicates, ps...)
+	return _q
 }
 
 // Limit the number of records to be returned by this query.
-func (gitq *GroupInvitationTokenQuery) Limit(limit int) *GroupInvitationTokenQuery {
-	gitq.ctx.Limit = &limit
-	return gitq
+func (_q *GroupInvitationTokenQuery) Limit(limit int) *GroupInvitationTokenQuery {
+	_q.ctx.Limit = &limit
+	return _q
 }
 
 // Offset to start from.
-func (gitq *GroupInvitationTokenQuery) Offset(offset int) *GroupInvitationTokenQuery {
-	gitq.ctx.Offset = &offset
-	return gitq
+func (_q *GroupInvitationTokenQuery) Offset(offset int) *GroupInvitationTokenQuery {
+	_q.ctx.Offset = &offset
+	return _q
 }
 
 // Unique configures the query builder to filter duplicate records on query.
 // By default, unique is set to true, and can be disabled using this method.
-func (gitq *GroupInvitationTokenQuery) Unique(unique bool) *GroupInvitationTokenQuery {
-	gitq.ctx.Unique = &unique
-	return gitq
+func (_q *GroupInvitationTokenQuery) Unique(unique bool) *GroupInvitationTokenQuery {
+	_q.ctx.Unique = &unique
+	return _q
 }
 
 // Order specifies how the records should be ordered.
-func (gitq *GroupInvitationTokenQuery) Order(o ...groupinvitationtoken.OrderOption) *GroupInvitationTokenQuery {
-	gitq.order = append(gitq.order, o...)
-	return gitq
+func (_q *GroupInvitationTokenQuery) Order(o ...groupinvitationtoken.OrderOption) *GroupInvitationTokenQuery {
+	_q.order = append(_q.order, o...)
+	return _q
 }
 
 // QueryGroup chains the current query on the "group" edge.
-func (gitq *GroupInvitationTokenQuery) QueryGroup() *GroupQuery {
-	query := (&GroupClient{config: gitq.config}).Query()
+func (_q *GroupInvitationTokenQuery) QueryGroup() *GroupQuery {
+	query := (&GroupClient{config: _q.config}).Query()
 	query.path = func(ctx context.Context) (fromU *sql.Selector, err error) {
-		if err := gitq.prepareQuery(ctx); err != nil {
+		if err := _q.prepareQuery(ctx); err != nil {
 			return nil, err
 		}
-		selector := gitq.sqlQuery(ctx)
+		selector := _q.sqlQuery(ctx)
 		if err := selector.Err(); err != nil {
 			return nil, err
 		}
@@ -78,7 +78,7 @@ func (gitq *GroupInvitationTokenQuery) QueryGroup() *GroupQuery {
 			sqlgraph.To(group.Table, group.FieldID),
 			sqlgraph.Edge(sqlgraph.M2O, true, groupinvitationtoken.GroupTable, groupinvitationtoken.GroupColumn),
 		)
-		fromU = sqlgraph.SetNeighbors(gitq.driver.Dialect(), step)
+		fromU = sqlgraph.SetNeighbors(_q.driver.Dialect(), step)
 		return fromU, nil
 	}
 	return query
@@ -86,8 +86,8 @@ func (gitq *GroupInvitationTokenQuery) QueryGroup() *GroupQuery {
 
 // First returns the first GroupInvitationToken entity from the query.
 // Returns a *NotFoundError when no GroupInvitationToken was found.
-func (gitq *GroupInvitationTokenQuery) First(ctx context.Context) (*GroupInvitationToken, error) {
-	nodes, err := gitq.Limit(1).All(setContextOp(ctx, gitq.ctx, ent.OpQueryFirst))
+func (_q *GroupInvitationTokenQuery) First(ctx context.Context) (*GroupInvitationToken, error) {
+	nodes, err := _q.Limit(1).All(setContextOp(ctx, _q.ctx, ent.OpQueryFirst))
 	if err != nil {
 		return nil, err
 	}
@@ -98,8 +98,8 @@ func (gitq *GroupInvitationTokenQuery) First(ctx context.Context) (*GroupInvitat
 }
 
 // FirstX is like First, but panics if an error occurs.
-func (gitq *GroupInvitationTokenQuery) FirstX(ctx context.Context) *GroupInvitationToken {
-	node, err := gitq.First(ctx)
+func (_q *GroupInvitationTokenQuery) FirstX(ctx context.Context) *GroupInvitationToken {
+	node, err := _q.First(ctx)
 	if err != nil && !IsNotFound(err) {
 		panic(err)
 	}
@@ -108,9 +108,9 @@ func (gitq *GroupInvitationTokenQuery) FirstX(ctx context.Context) *GroupInvitat
 
 // FirstID returns the first GroupInvitationToken ID from the query.
 // Returns a *NotFoundError when no GroupInvitationToken ID was found.
-func (gitq *GroupInvitationTokenQuery) FirstID(ctx context.Context) (id uuid.UUID, err error) {
+func (_q *GroupInvitationTokenQuery) FirstID(ctx context.Context) (id uuid.UUID, err error) {
 	var ids []uuid.UUID
-	if ids, err = gitq.Limit(1).IDs(setContextOp(ctx, gitq.ctx, ent.OpQueryFirstID)); err != nil {
+	if ids, err = _q.Limit(1).IDs(setContextOp(ctx, _q.ctx, ent.OpQueryFirstID)); err != nil {
 		return
 	}
 	if len(ids) == 0 {
@@ -121,8 +121,8 @@ func (gitq *GroupInvitationTokenQuery) FirstID(ctx context.Context) (id uuid.UUI
 }
 
 // FirstIDX is like FirstID, but panics if an error occurs.
-func (gitq *GroupInvitationTokenQuery) FirstIDX(ctx context.Context) uuid.UUID {
-	id, err := gitq.FirstID(ctx)
+func (_q *GroupInvitationTokenQuery) FirstIDX(ctx context.Context) uuid.UUID {
+	id, err := _q.FirstID(ctx)
 	if err != nil && !IsNotFound(err) {
 		panic(err)
 	}
@@ -132,8 +132,8 @@ func (gitq *GroupInvitationTokenQuery) FirstIDX(ctx context.Context) uuid.UUID {
 // Only returns a single GroupInvitationToken entity found by the query, ensuring it only returns one.
 // Returns a *NotSingularError when more than one GroupInvitationToken entity is found.
 // Returns a *NotFoundError when no GroupInvitationToken entities are found.
-func (gitq *GroupInvitationTokenQuery) Only(ctx context.Context) (*GroupInvitationToken, error) {
-	nodes, err := gitq.Limit(2).All(setContextOp(ctx, gitq.ctx, ent.OpQueryOnly))
+func (_q *GroupInvitationTokenQuery) Only(ctx context.Context) (*GroupInvitationToken, error) {
+	nodes, err := _q.Limit(2).All(setContextOp(ctx, _q.ctx, ent.OpQueryOnly))
 	if err != nil {
 		return nil, err
 	}
@@ -148,8 +148,8 @@ func (gitq *GroupInvitationTokenQuery) Only(ctx context.Context) (*GroupInvitati
 }
 
 // OnlyX is like Only, but panics if an error occurs.
-func (gitq *GroupInvitationTokenQuery) OnlyX(ctx context.Context) *GroupInvitationToken {
-	node, err := gitq.Only(ctx)
+func (_q *GroupInvitationTokenQuery) OnlyX(ctx context.Context) *GroupInvitationToken {
+	node, err := _q.Only(ctx)
 	if err != nil {
 		panic(err)
 	}
@@ -159,9 +159,9 @@ func (gitq *GroupInvitationTokenQuery) OnlyX(ctx context.Context) *GroupInvitati
 // OnlyID is like Only, but returns the only GroupInvitationToken ID in the query.
 // Returns a *NotSingularError when more than one GroupInvitationToken ID is found.
 // Returns a *NotFoundError when no entities are found.
-func (gitq *GroupInvitationTokenQuery) OnlyID(ctx context.Context) (id uuid.UUID, err error) {
+func (_q *GroupInvitationTokenQuery) OnlyID(ctx context.Context) (id uuid.UUID, err error) {
 	var ids []uuid.UUID
-	if ids, err = gitq.Limit(2).IDs(setContextOp(ctx, gitq.ctx, ent.OpQueryOnlyID)); err != nil {
+	if ids, err = _q.Limit(2).IDs(setContextOp(ctx, _q.ctx, ent.OpQueryOnlyID)); err != nil {
 		return
 	}
 	switch len(ids) {
@@ -176,8 +176,8 @@ func (gitq *GroupInvitationTokenQuery) OnlyID(ctx context.Context) (id uuid.UUID
 }
 
 // OnlyIDX is like OnlyID, but panics if an error occurs.
-func (gitq *GroupInvitationTokenQuery) OnlyIDX(ctx context.Context) uuid.UUID {
-	id, err := gitq.OnlyID(ctx)
+func (_q *GroupInvitationTokenQuery) OnlyIDX(ctx context.Context) uuid.UUID {
+	id, err := _q.OnlyID(ctx)
 	if err != nil {
 		panic(err)
 	}
@@ -185,18 +185,18 @@ func (gitq *GroupInvitationTokenQuery) OnlyIDX(ctx context.Context) uuid.UUID {
 }
 
 // All executes the query and returns a list of GroupInvitationTokens.
-func (gitq *GroupInvitationTokenQuery) All(ctx context.Context) ([]*GroupInvitationToken, error) {
-	ctx = setContextOp(ctx, gitq.ctx, ent.OpQueryAll)
-	if err := gitq.prepareQuery(ctx); err != nil {
+func (_q *GroupInvitationTokenQuery) All(ctx context.Context) ([]*GroupInvitationToken, error) {
+	ctx = setContextOp(ctx, _q.ctx, ent.OpQueryAll)
+	if err := _q.prepareQuery(ctx); err != nil {
 		return nil, err
 	}
 	qr := querierAll[[]*GroupInvitationToken, *GroupInvitationTokenQuery]()
-	return withInterceptors[[]*GroupInvitationToken](ctx, gitq, qr, gitq.inters)
+	return withInterceptors[[]*GroupInvitationToken](ctx, _q, qr, _q.inters)
 }
 
 // AllX is like All, but panics if an error occurs.
-func (gitq *GroupInvitationTokenQuery) AllX(ctx context.Context) []*GroupInvitationToken {
-	nodes, err := gitq.All(ctx)
+func (_q *GroupInvitationTokenQuery) AllX(ctx context.Context) []*GroupInvitationToken {
+	nodes, err := _q.All(ctx)
 	if err != nil {
 		panic(err)
 	}
@@ -204,20 +204,20 @@ func (gitq *GroupInvitationTokenQuery) AllX(ctx context.Context) []*GroupInvitat
 }
 
 // IDs executes the query and returns a list of GroupInvitationToken IDs.
-func (gitq *GroupInvitationTokenQuery) IDs(ctx context.Context) (ids []uuid.UUID, err error) {
-	if gitq.ctx.Unique == nil && gitq.path != nil {
-		gitq.Unique(true)
+func (_q *GroupInvitationTokenQuery) IDs(ctx context.Context) (ids []uuid.UUID, err error) {
+	if _q.ctx.Unique == nil && _q.path != nil {
+		_q.Unique(true)
 	}
-	ctx = setContextOp(ctx, gitq.ctx, ent.OpQueryIDs)
-	if err = gitq.Select(groupinvitationtoken.FieldID).Scan(ctx, &ids); err != nil {
+	ctx = setContextOp(ctx, _q.ctx, ent.OpQueryIDs)
+	if err = _q.Select(groupinvitationtoken.FieldID).Scan(ctx, &ids); err != nil {
 		return nil, err
 	}
 	return ids, nil
 }
 
 // IDsX is like IDs, but panics if an error occurs.
-func (gitq *GroupInvitationTokenQuery) IDsX(ctx context.Context) []uuid.UUID {
-	ids, err := gitq.IDs(ctx)
+func (_q *GroupInvitationTokenQuery) IDsX(ctx context.Context) []uuid.UUID {
+	ids, err := _q.IDs(ctx)
 	if err != nil {
 		panic(err)
 	}
@@ -225,17 +225,17 @@ func (gitq *GroupInvitationTokenQuery) IDsX(ctx context.Context) []uuid.UUID {
 }
 
 // Count returns the count of the given query.
-func (gitq *GroupInvitationTokenQuery) Count(ctx context.Context) (int, error) {
-	ctx = setContextOp(ctx, gitq.ctx, ent.OpQueryCount)
-	if err := gitq.prepareQuery(ctx); err != nil {
+func (_q *GroupInvitationTokenQuery) Count(ctx context.Context) (int, error) {
+	ctx = setContextOp(ctx, _q.ctx, ent.OpQueryCount)
+	if err := _q.prepareQuery(ctx); err != nil {
 		return 0, err
 	}
-	return withInterceptors[int](ctx, gitq, querierCount[*GroupInvitationTokenQuery](), gitq.inters)
+	return withInterceptors[int](ctx, _q, querierCount[*GroupInvitationTokenQuery](), _q.inters)
 }
 
 // CountX is like Count, but panics if an error occurs.
-func (gitq *GroupInvitationTokenQuery) CountX(ctx context.Context) int {
-	count, err := gitq.Count(ctx)
+func (_q *GroupInvitationTokenQuery) CountX(ctx context.Context) int {
+	count, err := _q.Count(ctx)
 	if err != nil {
 		panic(err)
 	}
@@ -243,9 +243,9 @@ func (gitq *GroupInvitationTokenQuery) CountX(ctx context.Context) int {
 }
 
 // Exist returns true if the query has elements in the graph.
-func (gitq *GroupInvitationTokenQuery) Exist(ctx context.Context) (bool, error) {
-	ctx = setContextOp(ctx, gitq.ctx, ent.OpQueryExist)
-	switch _, err := gitq.FirstID(ctx); {
+func (_q *GroupInvitationTokenQuery) Exist(ctx context.Context) (bool, error) {
+	ctx = setContextOp(ctx, _q.ctx, ent.OpQueryExist)
+	switch _, err := _q.FirstID(ctx); {
 	case IsNotFound(err):
 		return false, nil
 	case err != nil:
@@ -256,8 +256,8 @@ func (gitq *GroupInvitationTokenQuery) Exist(ctx context.Context) (bool, error)
 }
 
 // ExistX is like Exist, but panics if an error occurs.
-func (gitq *GroupInvitationTokenQuery) ExistX(ctx context.Context) bool {
-	exist, err := gitq.Exist(ctx)
+func (_q *GroupInvitationTokenQuery) ExistX(ctx context.Context) bool {
+	exist, err := _q.Exist(ctx)
 	if err != nil {
 		panic(err)
 	}
@@ -266,32 +266,32 @@ func (gitq *GroupInvitationTokenQuery) ExistX(ctx context.Context) bool {
 
 // Clone returns a duplicate of the GroupInvitationTokenQuery builder, including all associated steps. It can be
 // used to prepare common query builders and use them differently after the clone is made.
-func (gitq *GroupInvitationTokenQuery) Clone() *GroupInvitationTokenQuery {
-	if gitq == nil {
+func (_q *GroupInvitationTokenQuery) Clone() *GroupInvitationTokenQuery {
+	if _q == nil {
 		return nil
 	}
 	return &GroupInvitationTokenQuery{
-		config:     gitq.config,
-		ctx:        gitq.ctx.Clone(),
-		order:      append([]groupinvitationtoken.OrderOption{}, gitq.order...),
-		inters:     append([]Interceptor{}, gitq.inters...),
-		predicates: append([]predicate.GroupInvitationToken{}, gitq.predicates...),
-		withGroup:  gitq.withGroup.Clone(),
+		config:     _q.config,
+		ctx:        _q.ctx.Clone(),
+		order:      append([]groupinvitationtoken.OrderOption{}, _q.order...),
+		inters:     append([]Interceptor{}, _q.inters...),
+		predicates: append([]predicate.GroupInvitationToken{}, _q.predicates...),
+		withGroup:  _q.withGroup.Clone(),
 		// clone intermediate query.
-		sql:  gitq.sql.Clone(),
-		path: gitq.path,
+		sql:  _q.sql.Clone(),
+		path: _q.path,
 	}
 }
 
 // WithGroup tells the query-builder to eager-load the nodes that are connected to
 // the "group" edge. The optional arguments are used to configure the query builder of the edge.
-func (gitq *GroupInvitationTokenQuery) WithGroup(opts ...func(*GroupQuery)) *GroupInvitationTokenQuery {
-	query := (&GroupClient{config: gitq.config}).Query()
+func (_q *GroupInvitationTokenQuery) WithGroup(opts ...func(*GroupQuery)) *GroupInvitationTokenQuery {
+	query := (&GroupClient{config: _q.config}).Query()
 	for _, opt := range opts {
 		opt(query)
 	}
-	gitq.withGroup = query
-	return gitq
+	_q.withGroup = query
+	return _q
 }
 
 // GroupBy is used to group vertices by one or more fields/columns.
@@ -308,10 +308,10 @@ func (gitq *GroupInvitationTokenQuery) WithGroup(opts ...func(*GroupQuery)) *Gro
 //		GroupBy(groupinvitationtoken.FieldCreatedAt).
 //		Aggregate(ent.Count()).
 //		Scan(ctx, &v)
-func (gitq *GroupInvitationTokenQuery) GroupBy(field string, fields ...string) *GroupInvitationTokenGroupBy {
-	gitq.ctx.Fields = append([]string{field}, fields...)
-	grbuild := &GroupInvitationTokenGroupBy{build: gitq}
-	grbuild.flds = &gitq.ctx.Fields
+func (_q *GroupInvitationTokenQuery) GroupBy(field string, fields ...string) *GroupInvitationTokenGroupBy {
+	_q.ctx.Fields = append([]string{field}, fields...)
+	grbuild := &GroupInvitationTokenGroupBy{build: _q}
+	grbuild.flds = &_q.ctx.Fields
 	grbuild.label = groupinvitationtoken.Label
 	grbuild.scan = grbuild.Scan
 	return grbuild
@@ -329,55 +329,55 @@ func (gitq *GroupInvitationTokenQuery) GroupBy(field string, fields ...string) *
 //	client.GroupInvitationToken.Query().
 //		Select(groupinvitationtoken.FieldCreatedAt).
 //		Scan(ctx, &v)
-func (gitq *GroupInvitationTokenQuery) Select(fields ...string) *GroupInvitationTokenSelect {
-	gitq.ctx.Fields = append(gitq.ctx.Fields, fields...)
-	sbuild := &GroupInvitationTokenSelect{GroupInvitationTokenQuery: gitq}
+func (_q *GroupInvitationTokenQuery) Select(fields ...string) *GroupInvitationTokenSelect {
+	_q.ctx.Fields = append(_q.ctx.Fields, fields...)
+	sbuild := &GroupInvitationTokenSelect{GroupInvitationTokenQuery: _q}
 	sbuild.label = groupinvitationtoken.Label
-	sbuild.flds, sbuild.scan = &gitq.ctx.Fields, sbuild.Scan
+	sbuild.flds, sbuild.scan = &_q.ctx.Fields, sbuild.Scan
 	return sbuild
 }
 
 // Aggregate returns a GroupInvitationTokenSelect configured with the given aggregations.
-func (gitq *GroupInvitationTokenQuery) Aggregate(fns ...AggregateFunc) *GroupInvitationTokenSelect {
-	return gitq.Select().Aggregate(fns...)
+func (_q *GroupInvitationTokenQuery) Aggregate(fns ...AggregateFunc) *GroupInvitationTokenSelect {
+	return _q.Select().Aggregate(fns...)
 }
 
-func (gitq *GroupInvitationTokenQuery) prepareQuery(ctx context.Context) error {
-	for _, inter := range gitq.inters {
+func (_q *GroupInvitationTokenQuery) prepareQuery(ctx context.Context) error {
+	for _, inter := range _q.inters {
 		if inter == nil {
 			return fmt.Errorf("ent: uninitialized interceptor (forgotten import ent/runtime?)")
 		}
 		if trv, ok := inter.(Traverser); ok {
-			if err := trv.Traverse(ctx, gitq); err != nil {
+			if err := trv.Traverse(ctx, _q); err != nil {
 				return err
 			}
 		}
 	}
-	for _, f := range gitq.ctx.Fields {
+	for _, f := range _q.ctx.Fields {
 		if !groupinvitationtoken.ValidColumn(f) {
 			return &ValidationError{Name: f, err: fmt.Errorf("ent: invalid field %q for query", f)}
 		}
 	}
-	if gitq.path != nil {
-		prev, err := gitq.path(ctx)
+	if _q.path != nil {
+		prev, err := _q.path(ctx)
 		if err != nil {
 			return err
 		}
-		gitq.sql = prev
+		_q.sql = prev
 	}
 	return nil
 }
 
-func (gitq *GroupInvitationTokenQuery) sqlAll(ctx context.Context, hooks ...queryHook) ([]*GroupInvitationToken, error) {
+func (_q *GroupInvitationTokenQuery) sqlAll(ctx context.Context, hooks ...queryHook) ([]*GroupInvitationToken, error) {
 	var (
 		nodes       = []*GroupInvitationToken{}
-		withFKs     = gitq.withFKs
-		_spec       = gitq.querySpec()
+		withFKs     = _q.withFKs
+		_spec       = _q.querySpec()
 		loadedTypes = [1]bool{
-			gitq.withGroup != nil,
+			_q.withGroup != nil,
 		}
 	)
-	if gitq.withGroup != nil {
+	if _q.withGroup != nil {
 		withFKs = true
 	}
 	if withFKs {
@@ -387,7 +387,7 @@ func (gitq *GroupInvitationTokenQuery) sqlAll(ctx context.Context, hooks ...quer
 		return (*GroupInvitationToken).scanValues(nil, columns)
 	}
 	_spec.Assign = func(columns []string, values []any) error {
-		node := &GroupInvitationToken{config: gitq.config}
+		node := &GroupInvitationToken{config: _q.config}
 		nodes = append(nodes, node)
 		node.Edges.loadedTypes = loadedTypes
 		return node.assignValues(columns, values)
@@ -395,14 +395,14 @@ func (gitq *GroupInvitationTokenQuery) sqlAll(ctx context.Context, hooks ...quer
 	for i := range hooks {
 		hooks[i](ctx, _spec)
 	}
-	if err := sqlgraph.QueryNodes(ctx, gitq.driver, _spec); err != nil {
+	if err := sqlgraph.QueryNodes(ctx, _q.driver, _spec); err != nil {
 		return nil, err
 	}
 	if len(nodes) == 0 {
 		return nodes, nil
 	}
-	if query := gitq.withGroup; query != nil {
-		if err := gitq.loadGroup(ctx, query, nodes, nil,
+	if query := _q.withGroup; query != nil {
+		if err := _q.loadGroup(ctx, query, nodes, nil,
 			func(n *GroupInvitationToken, e *Group) { n.Edges.Group = e }); err != nil {
 			return nil, err
 		}
@@ -410,7 +410,7 @@ func (gitq *GroupInvitationTokenQuery) sqlAll(ctx context.Context, hooks ...quer
 	return nodes, nil
 }
 
-func (gitq *GroupInvitationTokenQuery) loadGroup(ctx context.Context, query *GroupQuery, nodes []*GroupInvitationToken, init func(*GroupInvitationToken), assign func(*GroupInvitationToken, *Group)) error {
+func (_q *GroupInvitationTokenQuery) loadGroup(ctx context.Context, query *GroupQuery, nodes []*GroupInvitationToken, init func(*GroupInvitationToken), assign func(*GroupInvitationToken, *Group)) error {
 	ids := make([]uuid.UUID, 0, len(nodes))
 	nodeids := make(map[uuid.UUID][]*GroupInvitationToken)
 	for i := range nodes {
@@ -443,24 +443,24 @@ func (gitq *GroupInvitationTokenQuery) loadGroup(ctx context.Context, query *Gro
 	return nil
 }
 
-func (gitq *GroupInvitationTokenQuery) sqlCount(ctx context.Context) (int, error) {
-	_spec := gitq.querySpec()
-	_spec.Node.Columns = gitq.ctx.Fields
-	if len(gitq.ctx.Fields) > 0 {
-		_spec.Unique = gitq.ctx.Unique != nil && *gitq.ctx.Unique
+func (_q *GroupInvitationTokenQuery) sqlCount(ctx context.Context) (int, error) {
+	_spec := _q.querySpec()
+	_spec.Node.Columns = _q.ctx.Fields
+	if len(_q.ctx.Fields) > 0 {
+		_spec.Unique = _q.ctx.Unique != nil && *_q.ctx.Unique
 	}
-	return sqlgraph.CountNodes(ctx, gitq.driver, _spec)
+	return sqlgraph.CountNodes(ctx, _q.driver, _spec)
 }
 
-func (gitq *GroupInvitationTokenQuery) querySpec() *sqlgraph.QuerySpec {
+func (_q *GroupInvitationTokenQuery) querySpec() *sqlgraph.QuerySpec {
 	_spec := sqlgraph.NewQuerySpec(groupinvitationtoken.Table, groupinvitationtoken.Columns, sqlgraph.NewFieldSpec(groupinvitationtoken.FieldID, field.TypeUUID))
-	_spec.From = gitq.sql
-	if unique := gitq.ctx.Unique; unique != nil {
+	_spec.From = _q.sql
+	if unique := _q.ctx.Unique; unique != nil {
 		_spec.Unique = *unique
-	} else if gitq.path != nil {
+	} else if _q.path != nil {
 		_spec.Unique = true
 	}
-	if fields := gitq.ctx.Fields; len(fields) > 0 {
+	if fields := _q.ctx.Fields; len(fields) > 0 {
 		_spec.Node.Columns = make([]string, 0, len(fields))
 		_spec.Node.Columns = append(_spec.Node.Columns, groupinvitationtoken.FieldID)
 		for i := range fields {
@@ -469,20 +469,20 @@ func (gitq *GroupInvitationTokenQuery) querySpec() *sqlgraph.QuerySpec {
 			}
 		}
 	}
-	if ps := gitq.predicates; len(ps) > 0 {
+	if ps := _q.predicates; len(ps) > 0 {
 		_spec.Predicate = func(selector *sql.Selector) {
 			for i := range ps {
 				ps[i](selector)
 			}
 		}
 	}
-	if limit := gitq.ctx.Limit; limit != nil {
+	if limit := _q.ctx.Limit; limit != nil {
 		_spec.Limit = *limit
 	}
-	if offset := gitq.ctx.Offset; offset != nil {
+	if offset := _q.ctx.Offset; offset != nil {
 		_spec.Offset = *offset
 	}
-	if ps := gitq.order; len(ps) > 0 {
+	if ps := _q.order; len(ps) > 0 {
 		_spec.Order = func(selector *sql.Selector) {
 			for i := range ps {
 				ps[i](selector)
@@ -492,33 +492,33 @@ func (gitq *GroupInvitationTokenQuery) querySpec() *sqlgraph.QuerySpec {
 	return _spec
 }
 
-func (gitq *GroupInvitationTokenQuery) sqlQuery(ctx context.Context) *sql.Selector {
-	builder := sql.Dialect(gitq.driver.Dialect())
+func (_q *GroupInvitationTokenQuery) sqlQuery(ctx context.Context) *sql.Selector {
+	builder := sql.Dialect(_q.driver.Dialect())
 	t1 := builder.Table(groupinvitationtoken.Table)
-	columns := gitq.ctx.Fields
+	columns := _q.ctx.Fields
 	if len(columns) == 0 {
 		columns = groupinvitationtoken.Columns
 	}
 	selector := builder.Select(t1.Columns(columns...)...).From(t1)
-	if gitq.sql != nil {
-		selector = gitq.sql
+	if _q.sql != nil {
+		selector = _q.sql
 		selector.Select(selector.Columns(columns...)...)
 	}
-	if gitq.ctx.Unique != nil && *gitq.ctx.Unique {
+	if _q.ctx.Unique != nil && *_q.ctx.Unique {
 		selector.Distinct()
 	}
-	for _, p := range gitq.predicates {
+	for _, p := range _q.predicates {
 		p(selector)
 	}
-	for _, p := range gitq.order {
+	for _, p := range _q.order {
 		p(selector)
 	}
-	if offset := gitq.ctx.Offset; offset != nil {
+	if offset := _q.ctx.Offset; offset != nil {
 		// limit is mandatory for offset clause. We start
 		// with default value, and override it below if needed.
 		selector.Offset(*offset).Limit(math.MaxInt32)
 	}
-	if limit := gitq.ctx.Limit; limit != nil {
+	if limit := _q.ctx.Limit; limit != nil {
 		selector.Limit(*limit)
 	}
 	return selector
@@ -531,41 +531,41 @@ type GroupInvitationTokenGroupBy struct {
 }
 
 // Aggregate adds the given aggregation functions to the group-by query.
-func (gitgb *GroupInvitationTokenGroupBy) Aggregate(fns ...AggregateFunc) *GroupInvitationTokenGroupBy {
-	gitgb.fns = append(gitgb.fns, fns...)
-	return gitgb
+func (_g *GroupInvitationTokenGroupBy) Aggregate(fns ...AggregateFunc) *GroupInvitationTokenGroupBy {
+	_g.fns = append(_g.fns, fns...)
+	return _g
 }
 
 // Scan applies the selector query and scans the result into the given value.
-func (gitgb *GroupInvitationTokenGroupBy) Scan(ctx context.Context, v any) error {
-	ctx = setContextOp(ctx, gitgb.build.ctx, ent.OpQueryGroupBy)
-	if err := gitgb.build.prepareQuery(ctx); err != nil {
+func (_g *GroupInvitationTokenGroupBy) Scan(ctx context.Context, v any) error {
+	ctx = setContextOp(ctx, _g.build.ctx, ent.OpQueryGroupBy)
+	if err := _g.build.prepareQuery(ctx); err != nil {
 		return err
 	}
-	return scanWithInterceptors[*GroupInvitationTokenQuery, *GroupInvitationTokenGroupBy](ctx, gitgb.build, gitgb, gitgb.build.inters, v)
+	return scanWithInterceptors[*GroupInvitationTokenQuery, *GroupInvitationTokenGroupBy](ctx, _g.build, _g, _g.build.inters, v)
 }
 
-func (gitgb *GroupInvitationTokenGroupBy) sqlScan(ctx context.Context, root *GroupInvitationTokenQuery, v any) error {
+func (_g *GroupInvitationTokenGroupBy) sqlScan(ctx context.Context, root *GroupInvitationTokenQuery, v any) error {
 	selector := root.sqlQuery(ctx).Select()
-	aggregation := make([]string, 0, len(gitgb.fns))
-	for _, fn := range gitgb.fns {
+	aggregation := make([]string, 0, len(_g.fns))
+	for _, fn := range _g.fns {
 		aggregation = append(aggregation, fn(selector))
 	}
 	if len(selector.SelectedColumns()) == 0 {
-		columns := make([]string, 0, len(*gitgb.flds)+len(gitgb.fns))
-		for _, f := range *gitgb.flds {
+		columns := make([]string, 0, len(*_g.flds)+len(_g.fns))
+		for _, f := range *_g.flds {
 			columns = append(columns, selector.C(f))
 		}
 		columns = append(columns, aggregation...)
 		selector.Select(columns...)
 	}
-	selector.GroupBy(selector.Columns(*gitgb.flds...)...)
+	selector.GroupBy(selector.Columns(*_g.flds...)...)
 	if err := selector.Err(); err != nil {
 		return err
 	}
 	rows := &sql.Rows{}
 	query, args := selector.Query()
-	if err := gitgb.build.driver.Query(ctx, query, args, rows); err != nil {
+	if err := _g.build.driver.Query(ctx, query, args, rows); err != nil {
 		return err
 	}
 	defer rows.Close()
@@ -579,27 +579,27 @@ type GroupInvitationTokenSelect struct {
 }
 
 // Aggregate adds the given aggregation functions to the selector query.
-func (gits *GroupInvitationTokenSelect) Aggregate(fns ...AggregateFunc) *GroupInvitationTokenSelect {
-	gits.fns = append(gits.fns, fns...)
-	return gits
+func (_s *GroupInvitationTokenSelect) Aggregate(fns ...AggregateFunc) *GroupInvitationTokenSelect {
+	_s.fns = append(_s.fns, fns...)
+	return _s
 }
 
 // Scan applies the selector query and scans the result into the given value.
-func (gits *GroupInvitationTokenSelect) Scan(ctx context.Context, v any) error {
-	ctx = setContextOp(ctx, gits.ctx, ent.OpQuerySelect)
-	if err := gits.prepareQuery(ctx); err != nil {
+func (_s *GroupInvitationTokenSelect) Scan(ctx context.Context, v any) error {
+	ctx = setContextOp(ctx, _s.ctx, ent.OpQuerySelect)
+	if err := _s.prepareQuery(ctx); err != nil {
 		return err
 	}
-	return scanWithInterceptors[*GroupInvitationTokenQuery, *GroupInvitationTokenSelect](ctx, gits.GroupInvitationTokenQuery, gits, gits.inters, v)
+	return scanWithInterceptors[*GroupInvitationTokenQuery, *GroupInvitationTokenSelect](ctx, _s.GroupInvitationTokenQuery, _s, _s.inters, v)
 }
 
-func (gits *GroupInvitationTokenSelect) sqlScan(ctx context.Context, root *GroupInvitationTokenQuery, v any) error {
+func (_s *GroupInvitationTokenSelect) sqlScan(ctx context.Context, root *GroupInvitationTokenQuery, v any) error {
 	selector := root.sqlQuery(ctx)
-	aggregation := make([]string, 0, len(gits.fns))
-	for _, fn := range gits.fns {
+	aggregation := make([]string, 0, len(_s.fns))
+	for _, fn := range _s.fns {
 		aggregation = append(aggregation, fn(selector))
 	}
-	switch n := len(*gits.selector.flds); {
+	switch n := len(*_s.selector.flds); {
 	case n == 0 && len(aggregation) > 0:
 		selector.Select(aggregation...)
 	case n != 0 && len(aggregation) > 0:
@@ -607,7 +607,7 @@ func (gits *GroupInvitationTokenSelect) sqlScan(ctx context.Context, root *Group
 	}
 	rows := &sql.Rows{}
 	query, args := selector.Query()
-	if err := gits.driver.Query(ctx, query, args, rows); err != nil {
+	if err := _s.driver.Query(ctx, query, args, rows); err != nil {
 		return err
 	}
 	defer rows.Close()