User registation working. Sidebar built. Dashboard built. TOTP enable works - TOTP login works

2025-10-23 18:07:27 +11:00
parent 56f7dd7b3c
commit 256cbe3a48
26 changed files with 1278 additions and 119 deletions
--- a/.env.example
+++ b/.env.example
@@ -0,0 +1,26 @@
 # Rails Configuration
 SECRET_KEY_BASE=generate-with-bin-rails-secret
 RAILS_ENV=development
 # Database
 # SQLite database files are stored in the storage/ directory
 # In production with Docker, mount this as a persistent volume
 # SMTP Configuration (for sending emails)
 SMTP_ADDRESS=smtp.example.com
 SMTP_PORT=587
 SMTP_DOMAIN=example.com
 SMTP_USERNAME=your-username
 SMTP_PASSWORD=your-password
 SMTP_AUTHENTICATION=plain
 SMTP_ENABLE_STARTTLS=true
 # Application Configuration
 CLINCH_HOST=http://localhost:9000
 CLINCH_FROM_EMAIL=noreply@example.com
 # Optional: Force SSL in production
 # FORCE_SSL=true
 # Optional: Set custom port
 # PORT=9000
--- a/Procfile.dev
+++ b/Procfile.dev
@@ -1,2 +1,2 @@
-web: bin/rails server
+web: bin/rails server -b 0.0.0.0 -p 3035
 css: bin/rails tailwindcss:watch
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # Clinch
-**A lightweight, self-hosted identity & SSO portal for home-labs**
+**A lightweight, self-hosted identity & SSO portal**
 Clinch gives you one place to manage users and lets any web app authenticate against it without maintaining its own user table.
--- a/app/controllers/dashboard_controller.rb
+++ b/app/controllers/dashboard_controller.rb
@@ -0,0 +1,12 @@
 class DashboardController < ApplicationController
  def index
    # First run: redirect to signup
    if User.count.zero?
      redirect_to signup_path
      return
    end
    # User must be authenticated
    @user = Current.session.user
  end
 end
--- a/app/controllers/profiles_controller.rb
+++ b/app/controllers/profiles_controller.rb
@@ -0,0 +1,45 @@
 class ProfilesController < ApplicationController
  def show
    @user = Current.session.user
    @active_sessions = @user.sessions.active.order(last_activity_at: :desc)
  end
  def update
    @user = Current.session.user
    if params[:user][:password].present?
      # Updating password - requires current password
      unless @user.authenticate(params[:user][:current_password])
        @user.errors.add(:current_password, "is incorrect")
        @active_sessions = @user.sessions.active.order(last_activity_at: :desc)
        render :show, status: :unprocessable_entity
        return
      end
      if @user.update(password_params)
        redirect_to profile_path, notice: "Password updated successfully."
      else
        @active_sessions = @user.sessions.active.order(last_activity_at: :desc)
        render :show, status: :unprocessable_entity
      end
    else
      # Updating email
      if @user.update(email_params)
        redirect_to profile_path, notice: "Email updated successfully."
      else
        @active_sessions = @user.sessions.active.order(last_activity_at: :desc)
        render :show, status: :unprocessable_entity
      end
    end
  end
  private
  def email_params
    params.require(:user).permit(:email_address)
  end
  def password_params
    params.require(:user).permit(:password, :password_confirmation)
  end
 end
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -1,21 +1,47 @@
 class SessionsController < ApplicationController
  allow_unauthenticated_access only: %i[ new create ]
-  rate_limit to: 10, within: 3.minutes, only: :create, with: -> { redirect_to new_session_path, alert: "Try again later." }
+  rate_limit to: 10, within: 3.minutes, only: :create, with: -> { redirect_to signin_path, alert: "Too many attempts. Try again later." }
  def new
    # Redirect to signup if this is first run
    redirect_to signup_path if User.count.zero?
  end
  def create
-    if user = User.authenticate_by(params.permit(:email_address, :password))
+    user = User.authenticate_by(params.permit(:email_address, :password))
-      start_new_session_for user
+
-      redirect_to after_authentication_url
+    if user.nil?
-    else
+      redirect_to signin_path, alert: "Invalid email address or password."
-      redirect_to new_session_path, alert: "Try another email address or password."
+      return
    end
    # Check if user is active
    unless user.status == "active"
      redirect_to signin_path, alert: "Your account is not active. Please contact an administrator."
      return
    end
    # Check if TOTP is required
    if user.totp_enabled?
      # TODO: Implement TOTP verification flow
      # For now, reject login if TOTP is enabled
      redirect_to signin_path, alert: "Two-factor authentication is enabled but not yet implemented. Please contact an administrator."
      return
    end
    # Sign in successful
    start_new_session_for user
    redirect_to after_authentication_url, notice: "Signed in successfully."
  end
  def destroy
    terminate_session
-    redirect_to new_session_path, status: :see_other
+    redirect_to signin_path, status: :see_other, notice: "Signed out successfully."
  end
  def destroy_other
    session = Current.session.user.sessions.find(params[:id])
    session.destroy
    redirect_to profile_path, notice: "Session revoked successfully."
  end
 end
--- a/app/controllers/totp_controller.rb
+++ b/app/controllers/totp_controller.rb
@@ -0,0 +1,84 @@
 class TotpController < ApplicationController
  before_action :set_user
  before_action :redirect_if_totp_enabled, only: [:new, :create]
  before_action :require_totp_enabled, only: [:backup_codes, :verify_password, :destroy]
  # GET /totp/new - Show QR code to set up TOTP
  def new
    # Generate TOTP secret but don't save yet
    @totp_secret = ROTP::Base32.random
    @provisioning_uri = ROTP::TOTP.new(@totp_secret, issuer: "Clinch").provisioning_uri(@user.email_address)
    # Generate QR code
    require "rqrcode"
    @qr_code = RQRCode::QRCode.new(@provisioning_uri)
  end
  # POST /totp - Verify TOTP code and enable 2FA
  def create
    totp_secret = params[:totp_secret]
    code = params[:code]
    # Verify the code works
    totp = ROTP::TOTP.new(totp_secret)
    if totp.verify(code, drift_behind: 30, drift_ahead: 30)
      # Save the secret and generate backup codes
      @user.totp_secret = totp_secret
      @user.backup_codes = generate_backup_codes
      @user.save!
      # Redirect to backup codes page with success message
      redirect_to backup_codes_totp_path, notice: "Two-factor authentication has been enabled successfully! Save these backup codes now."
    else
      redirect_to new_totp_path, alert: "Invalid verification code. Please try again."
    end
  end
  # GET /totp/backup_codes - Show backup codes (requires password)
  def backup_codes
    # This will be shown after password verification
    @backup_codes = @user.parsed_backup_codes
  end
  # POST /totp/verify_password - Verify password before showing backup codes
  def verify_password
    if @user.authenticate(params[:password])
      redirect_to backup_codes_totp_path
    else
      redirect_to profile_path, alert: "Incorrect password."
    end
  end
  # DELETE /totp - Disable TOTP (requires password)
  def destroy
    unless @user.authenticate(params[:password])
      redirect_to profile_path, alert: "Incorrect password. Could not disable 2FA."
      return
    end
    @user.disable_totp!
    redirect_to profile_path, notice: "Two-factor authentication has been disabled."
  end
  private
  def set_user
    @user = Current.session.user
  end
  def redirect_if_totp_enabled
    if @user.totp_enabled?
      redirect_to profile_path, alert: "Two-factor authentication is already enabled."
    end
  end
  def require_totp_enabled
    unless @user.totp_enabled?
      redirect_to profile_path, alert: "Two-factor authentication is not enabled."
    end
  end
  def generate_backup_codes
    Array.new(10) { SecureRandom.alphanumeric(8).upcase }.to_json
  end
 end
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -0,0 +1,36 @@
 class UsersController < ApplicationController
  allow_unauthenticated_access only: %i[ new create ]
  before_action :ensure_first_run, only: %i[ new create ]
  def new
    @user = User.new
  end
  def create
    @user = User.new(user_params)
    # First user becomes admin automatically
    @user.admin = true if User.count.zero?
    @user.status = "active"
    if @user.save
      start_new_session_for @user
      redirect_to root_path, notice: "Welcome to Clinch! Your account has been created."
    else
      render :new, status: :unprocessable_entity
    end
  end
  private
  def user_params
    params.require(:user).permit(:email_address, :password, :password_confirmation)
  end
  def ensure_first_run
    # Only allow signup if there are no users (first-run scenario)
    if User.exists?
      redirect_to signin_path, alert: "Registration is closed. Please sign in."
    end
  end
 end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -13,6 +13,7 @@ class User < ApplicationRecord
  validates :email_address, presence: true, uniqueness: { case_sensitive: false },
                           format: { with: URI::MailTo::EMAIL_REGEXP }
  validates :password, length: { minimum: 8 }, allow_nil: true
  validates :status, presence: true,
                    inclusion: { in: %w[active disabled pending_invitation] }
--- a/app/views/dashboard/index.html.erb
+++ b/app/views/dashboard/index.html.erb
@@ -0,0 +1,116 @@
 <div class="mb-8">
  <h1 class="text-3xl font-bold text-gray-900">
    Welcome, <%= @user.email_address %>
  </h1>
  <p class="mt-2 text-gray-600">
    <% if @user.admin? %>
      Administrator
    <% else %>
      User
    <% end %>
  </p>
 </div>
 <div class="grid grid-cols-1 gap-6 sm:grid-cols-2 lg:grid-cols-3">
  <!-- Active Sessions Card -->
  <div class="bg-white overflow-hidden shadow rounded-lg">
    <div class="p-5">
      <div class="flex items-center">
        <div class="flex-shrink-0">
          <svg class="h-6 w-6 text-gray-400" fill="none" stroke="currentColor" viewBox="0 0 24 24">
            <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M9.75 17L9 20l-1 1h8l-1-1-.75-3M3 13h18M5 17h14a2 2 0 002-2V5a2 2 0 00-2-2H5a2 2 0 00-2 2v10a2 2 0 002 2z"></path>
          </svg>
        </div>
        <div class="ml-5 w-0 flex-1">
          <dl>
            <dt class="text-sm font-medium text-gray-500 truncate">
              Active Sessions
            </dt>
            <dd class="text-lg font-semibold text-gray-900">
              <%= @user.sessions.active.count %>
            </dd>
          </dl>
        </div>
      </div>
    </div>
    <div class="bg-gray-50 px-5 py-3">
      <%= link_to "View all sessions", profile_path, class: "text-sm font-medium text-blue-600 hover:text-blue-500" %>
    </div>
  </div>
  <% if @user.totp_enabled? %>
    <!-- 2FA Status Card -->
    <div class="bg-white overflow-hidden shadow rounded-lg">
      <div class="p-5">
        <div class="flex items-center">
          <div class="flex-shrink-0">
            <svg class="h-6 w-6 text-green-500" fill="none" stroke="currentColor" viewBox="0 0 24 24">
              <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M9 12l2 2 4-4m5.618-4.016A11.955 11.955 0 0112 2.944a11.955 11.955 0 01-8.618 3.04A12.02 12.02 0 003 9c0 5.591 3.824 10.29 9 11.622 5.176-1.332 9-6.03 9-11.622 0-1.042-.133-2.052-.382-3.016z"></path>
            </svg>
          </div>
          <div class="ml-5 w-0 flex-1">
            <dl>
              <dt class="text-sm font-medium text-gray-500 truncate">
                Two-Factor Authentication
              </dt>
              <dd class="text-lg font-semibold text-green-600">
                Enabled
              </dd>
            </dl>
          </div>
        </div>
      </div>
      <div class="bg-gray-50 px-5 py-3">
        <%= link_to "Manage 2FA", profile_path, class: "text-sm font-medium text-blue-600 hover:text-blue-500" %>
      </div>
    </div>
  <% else %>
    <!-- 2FA Disabled Card -->
    <div class="bg-white overflow-hidden shadow rounded-lg border-2 border-yellow-200">
      <div class="p-5">
        <div class="flex items-center">
          <div class="flex-shrink-0">
            <svg class="h-6 w-6 text-yellow-500" fill="none" stroke="currentColor" viewBox="0 0 24 24">
              <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z"></path>
            </svg>
          </div>
          <div class="ml-5 w-0 flex-1">
            <dl>
              <dt class="text-sm font-medium text-gray-500 truncate">
                Two-Factor Authentication
              </dt>
              <dd class="text-lg font-semibold text-yellow-600">
                Not Enabled
              </dd>
            </dl>
          </div>
        </div>
      </div>
      <div class="bg-gray-50 px-5 py-3">
        <%= link_to "Enable 2FA", profile_path, class: "text-sm font-medium text-blue-600 hover:text-blue-500" %>
      </div>
    </div>
  <% end %>
 </div>
 <% if @user.admin? %>
  <div class="mt-8">
    <h2 class="text-xl font-semibold text-gray-900 mb-4">Admin Quick Actions</h2>
    <div class="grid grid-cols-1 gap-4 sm:grid-cols-3">
      <%= link_to admin_users_path, class: "block p-6 bg-white rounded-lg border border-gray-200 shadow-sm hover:bg-gray-50 hover:shadow-md transition" do %>
        <h3 class="text-lg font-semibold text-gray-900 mb-2">Manage Users</h3>
        <p class="text-sm text-gray-600">View, edit, and invite users</p>
      <% end %>
      <%= link_to admin_applications_path, class: "block p-6 bg-white rounded-lg border border-gray-200 shadow-sm hover:bg-gray-50 hover:shadow-md transition" do %>
        <h3 class="text-lg font-semibold text-gray-900 mb-2">Manage Applications</h3>
        <p class="text-sm text-gray-600">Register and configure applications</p>
      <% end %>
      <%= link_to admin_groups_path, class: "block p-6 bg-white rounded-lg border border-gray-200 shadow-sm hover:bg-gray-50 hover:shadow-md transition" do %>
        <h3 class="text-lg font-semibold text-gray-900 mb-2">Manage Groups</h3>
        <p class="text-sm text-gray-600">Create and organize user groups</p>
      <% end %>
    </div>
  </div>
 <% end %>
--- a/app/views/layouts/application.html.erb
+++ b/app/views/layouts/application.html.erb
@@ -24,8 +24,51 @@
  </head>
  <body>
-    <main class="container mx-auto mt-28 px-5 flex">
+    <% if authenticated? %>
-      <%= yield %>
+      <%= render "shared/sidebar" %>
-    </main>
+      <div class="lg:pl-64">
        <!-- Mobile menu button -->
        <div class="sticky top-0 z-40 flex h-16 shrink-0 items-center gap-x-4 border-b border-gray-200 bg-white px-4 shadow-sm sm:gap-x-6 sm:px-6 lg:hidden">
          <button type="button" class="-m-2.5 p-2.5 text-gray-700" id="mobile-menu-button">
            <span class="sr-only">Open sidebar</span>
            <svg class="h-6 w-6" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor">
              <path stroke-linecap="round" stroke-linejoin="round" d="M3.75 6.75h16.5M3.75 12h16.5m-16.5 5.25h16.5" />
            </svg>
          </button>
        </div>
        <main class="py-10">
          <div class="px-4 sm:px-6 lg:px-8">
            <%= render "shared/flash" %>
            <%= yield %>
          </div>
        </main>
      </div>
    <% else %>
      <!-- Public layout (signup/signin) -->
      <main class="container mx-auto mt-28 px-5 flex">
        <%= render "shared/flash" %>
        <%= yield %>
      </main>
    <% end %>
    <script>
      // Mobile sidebar toggle
      const mobileMenuButton = document.getElementById('mobile-menu-button');
      const mobileMenuClose = document.getElementById('mobile-menu-close');
      const mobileSidebarOverlay = document.getElementById('mobile-sidebar-overlay');
      if (mobileMenuButton) {
        mobileMenuButton.addEventListener('click', () => {
          mobileSidebarOverlay?.classList.remove('hidden');
        });
      }
      if (mobileMenuClose) {
        mobileMenuClose.addEventListener('click', () => {
          mobileSidebarOverlay?.classList.add('hidden');
        });
      }
    </script>
  </body>
 </html>
--- a/app/views/profiles/show.html.erb
+++ b/app/views/profiles/show.html.erb
@@ -0,0 +1,246 @@
 <div class="space-y-8">
  <div>
    <h1 class="text-3xl font-bold text-gray-900">Profile & Settings</h1>
    <p class="mt-2 text-sm text-gray-600">Manage your account settings and security preferences.</p>
  </div>
  <!-- Account Information -->
  <div class="bg-white shadow sm:rounded-lg">
    <div class="px-4 py-5 sm:p-6">
      <h3 class="text-lg font-medium leading-6 text-gray-900">Account Information</h3>
      <div class="mt-5 space-y-6">
        <%= form_with model: @user, url: profile_path, method: :patch, class: "space-y-6" do |form| %>
          <% if @user.errors.any? %>
            <div class="rounded-md bg-red-50 p-4">
              <h3 class="text-sm font-medium text-red-800">
                <%= pluralize(@user.errors.count, "error") %> prohibited this from being saved:
              </h3>
              <ul class="mt-2 list-disc list-inside text-sm text-red-700">
                <% @user.errors.each do |error| %>
                  <li><%= error.full_message %></li>
                <% end %>
              </ul>
            </div>
          <% end %>
          <div>
            <%= form.label :email_address, "Email Address", class: "block text-sm font-medium text-gray-700" %>
            <%= form.email_field :email_address,
                required: true,
                autocomplete: "email",
                class: "mt-1 block w-full rounded-md border-gray-300 shadow-sm focus:border-blue-500 focus:ring-blue-500 sm:text-sm" %>
          </div>
          <div>
            <%= form.submit "Update Email", class: "inline-flex justify-center rounded-md border border-transparent bg-blue-600 py-2 px-4 text-sm font-medium text-white shadow-sm hover:bg-blue-700 focus:outline-none focus:ring-2 focus:ring-blue-500 focus:ring-offset-2" %>
          </div>
        <% end %>
      </div>
    </div>
  </div>
  <!-- Change Password -->
  <div class="bg-white shadow sm:rounded-lg">
    <div class="px-4 py-5 sm:p-6">
      <h3 class="text-lg font-medium leading-6 text-gray-900">Change Password</h3>
      <div class="mt-5">
        <%= form_with model: @user, url: profile_path, method: :patch, class: "space-y-6" do |form| %>
          <div>
            <%= form.label :current_password, "Current Password", class: "block text-sm font-medium text-gray-700" %>
            <%= form.password_field :current_password,
                autocomplete: "current-password",
                placeholder: "Enter current password",
                class: "mt-1 block w-full rounded-md border-gray-300 shadow-sm focus:border-blue-500 focus:ring-blue-500 sm:text-sm" %>
          </div>
          <div>
            <%= form.label :password, "New Password", class: "block text-sm font-medium text-gray-700" %>
            <%= form.password_field :password,
                autocomplete: "new-password",
                placeholder: "Enter new password",
                class: "mt-1 block w-full rounded-md border-gray-300 shadow-sm focus:border-blue-500 focus:ring-blue-500 sm:text-sm" %>
            <p class="mt-1 text-sm text-gray-500">Must be at least 8 characters</p>
          </div>
          <div>
            <%= form.label :password_confirmation, "Confirm New Password", class: "block text-sm font-medium text-gray-700" %>
            <%= form.password_field :password_confirmation,
                autocomplete: "new-password",
                placeholder: "Confirm new password",
                class: "mt-1 block w-full rounded-md border-gray-300 shadow-sm focus:border-blue-500 focus:ring-blue-500 sm:text-sm" %>
          </div>
          <div>
            <%= form.submit "Update Password", class: "inline-flex justify-center rounded-md border border-transparent bg-blue-600 py-2 px-4 text-sm font-medium text-white shadow-sm hover:bg-blue-700 focus:outline-none focus:ring-2 focus:ring-blue-500 focus:ring-offset-2" %>
          </div>
        <% end %>
      </div>
    </div>
  </div>
  <!-- Two-Factor Authentication -->
  <div class="bg-white shadow sm:rounded-lg">
    <div class="px-4 py-5 sm:p-6">
      <h3 class="text-lg font-medium leading-6 text-gray-900">Two-Factor Authentication</h3>
      <div class="mt-2 max-w-xl text-sm text-gray-500">
        <p>Add an extra layer of security to your account by enabling two-factor authentication.</p>
      </div>
      <div class="mt-5">
        <% if @user.totp_enabled? %>
          <div class="rounded-md bg-green-50 p-4">
            <div class="flex">
              <div class="flex-shrink-0">
                <svg class="h-5 w-5 text-green-400" viewBox="0 0 20 20" fill="currentColor">
                  <path fill-rule="evenodd" d="M10 18a8 8 0 100-16 8 8 0 000 16zm3.857-9.809a.75.75 0 00-1.214-.882l-3.483 4.79-1.88-1.88a.75.75 0 10-1.06 1.061l2.5 2.5a.75.75 0 001.137-.089l4-5.5z" clip-rule="evenodd" />
                </svg>
              </div>
              <div class="ml-3 flex-1">
                <p class="text-sm font-medium text-green-800">
                  Two-factor authentication is enabled
                </p>
              </div>
            </div>
          </div>
          <div class="mt-4 flex gap-3">
            <button type="button" onclick="showDisable2FAModal()" class="inline-flex items-center rounded-md border border-red-300 bg-white px-4 py-2 text-sm font-medium text-red-700 shadow-sm hover:bg-red-50 focus:outline-none focus:ring-2 focus:ring-red-500 focus:ring-offset-2">
              Disable 2FA
            </button>
            <button type="button" onclick="showViewBackupCodesModal()" class="inline-flex items-center rounded-md border border-gray-300 bg-white px-4 py-2 text-sm font-medium text-gray-700 shadow-sm hover:bg-gray-50 focus:outline-none focus:ring-2 focus:ring-blue-500 focus:ring-offset-2">
              View Backup Codes
            </button>
          </div>
        <% else %>
          <%= link_to new_totp_path, class: "inline-flex items-center rounded-md border border-transparent bg-blue-600 px-4 py-2 text-sm font-medium text-white shadow-sm hover:bg-blue-700 focus:outline-none focus:ring-2 focus:ring-blue-500 focus:ring-offset-2" do %>
            Enable 2FA
          <% end %>
        <% end %>
      </div>
    </div>
  </div>
  <!-- Disable 2FA Modal -->
  <div id="disable-2fa-modal" class="hidden fixed inset-0 bg-gray-500 bg-opacity-75 flex items-center justify-center z-50">
    <div class="bg-white rounded-lg px-4 pt-5 pb-4 shadow-xl max-w-md w-full">
      <div class="sm:flex sm:items-start">
        <div class="mx-auto flex h-12 w-12 flex-shrink-0 items-center justify-center rounded-full bg-red-100 sm:mx-0 sm:h-10 sm:w-10">
          <svg class="h-6 w-6 text-red-600" fill="none" viewBox="0 0 24 24" stroke="currentColor">
            <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z" />
          </svg>
        </div>
        <div class="mt-3 text-center sm:mt-0 sm:ml-4 sm:text-left flex-1">
          <h3 class="text-lg font-medium leading-6 text-gray-900">Disable Two-Factor Authentication</h3>
          <div class="mt-2">
            <p class="text-sm text-gray-500">Enter your password to disable 2FA. This will make your account less secure.</p>
          </div>
          <%= form_with url: totp_path, method: :delete, class: "mt-4" do |form| %>
            <div>
              <%= password_field_tag :password, nil,
                  placeholder: "Enter your password",
                  autocomplete: "current-password",
                  required: true,
                  class: "block w-full rounded-md border-gray-300 shadow-sm focus:border-red-500 focus:ring-red-500 sm:text-sm" %>
            </div>
            <div class="mt-4 flex gap-3">
              <%= form.submit "Disable 2FA",
                  class: "inline-flex justify-center rounded-md border border-transparent bg-red-600 px-4 py-2 text-sm font-medium text-white shadow-sm hover:bg-red-700 focus:outline-none focus:ring-2 focus:ring-red-500 focus:ring-offset-2" %>
              <button type="button" onclick="hideDisable2FAModal()" class="inline-flex justify-center rounded-md border border-gray-300 bg-white px-4 py-2 text-sm font-medium text-gray-700 shadow-sm hover:bg-gray-50 focus:outline-none focus:ring-2 focus:ring-blue-500 focus:ring-offset-2">
                Cancel
              </button>
            </div>
          <% end %>
        </div>
      </div>
    </div>
  </div>
  <!-- View Backup Codes Modal -->
  <div id="view-backup-codes-modal" class="hidden fixed inset-0 bg-gray-500 bg-opacity-75 flex items-center justify-center z-50">
    <div class="bg-white rounded-lg px-4 pt-5 pb-4 shadow-xl max-w-md w-full">
      <div>
        <h3 class="text-lg font-medium leading-6 text-gray-900">View Backup Codes</h3>
        <div class="mt-2">
          <p class="text-sm text-gray-500">Enter your password to view your backup codes.</p>
        </div>
        <%= form_with url: verify_password_totp_path, method: :post, class: "mt-4" do |form| %>
          <div>
            <%= password_field_tag :password, nil,
                placeholder: "Enter your password",
                autocomplete: "current-password",
                required: true,
                class: "block w-full rounded-md border-gray-300 shadow-sm focus:border-blue-500 focus:ring-blue-500 sm:text-sm" %>
          </div>
          <div class="mt-4 flex gap-3">
            <%= form.submit "View Codes",
                class: "inline-flex justify-center rounded-md border border-transparent bg-blue-600 px-4 py-2 text-sm font-medium text-white shadow-sm hover:bg-blue-700 focus:outline-none focus:ring-2 focus:ring-blue-500 focus:ring-offset-2" %>
            <button type="button" onclick="hideViewBackupCodesModal()" class="inline-flex justify-center rounded-md border border-gray-300 bg-white px-4 py-2 text-sm font-medium text-gray-700 shadow-sm hover:bg-gray-50 focus:outline-none focus:ring-2 focus:ring-blue-500 focus:ring-offset-2">
              Cancel
            </button>
          </div>
        <% end %>
      </div>
    </div>
  </div>
  <script>
    function showDisable2FAModal() {
      document.getElementById('disable-2fa-modal').classList.remove('hidden');
    }
    function hideDisable2FAModal() {
      document.getElementById('disable-2fa-modal').classList.add('hidden');
    }
    function showViewBackupCodesModal() {
      document.getElementById('view-backup-codes-modal').classList.remove('hidden');
    }
    function hideViewBackupCodesModal() {
      document.getElementById('view-backup-codes-modal').classList.add('hidden');
    }
  </script>
  <!-- Active Sessions -->
  <div class="bg-white shadow sm:rounded-lg">
    <div class="px-4 py-5 sm:p-6">
      <h3 class="text-lg font-medium leading-6 text-gray-900">Active Sessions</h3>
      <div class="mt-2 max-w-xl text-sm text-gray-500">
        <p>These devices are currently signed in to your account. Revoke any sessions that you don't recognize.</p>
      </div>
      <div class="mt-5">
        <% if @active_sessions.any? %>
          <ul role="list" class="divide-y divide-gray-200">
            <% @active_sessions.each do |session| %>
              <li class="py-4">
                <div class="flex items-center justify-between">
                  <div class="flex flex-col">
                    <p class="text-sm font-medium text-gray-900">
                      <%= session.device_name || "Unknown Device" %>
                      <% if session.id == Current.session.id %>
                        <span class="ml-2 inline-flex items-center rounded-full bg-green-100 px-2.5 py-0.5 text-xs font-medium text-green-800">
                          This device
                        </span>
                      <% end %>
                    </p>
                    <p class="mt-1 text-sm text-gray-500">
                      <%= session.ip_address %>
                    </p>
                    <p class="mt-1 text-xs text-gray-400">
                      Last active <%= time_ago_in_words(session.last_activity_at || session.updated_at) %> ago
                    </p>
                  </div>
                  <% if session.id != Current.session.id %>
                    <%= button_to "Revoke", session_path(session), method: :delete,
                        class: "inline-flex items-center rounded-md border border-gray-300 bg-white px-3 py-2 text-sm font-medium text-gray-700 shadow-sm hover:bg-gray-50 focus:outline-none focus:ring-2 focus:ring-blue-500 focus:ring-offset-2",
                        form: { data: { turbo_confirm: "Are you sure you want to revoke this session?" } } %>
                  <% end %>
                </div>
              </li>
            <% end %>
          </ul>
        <% else %>
          <p class="text-sm text-gray-500">No other active sessions.</p>
        <% end %>
      </div>
    </div>
  </div>
 </div>
--- a/app/views/sessions/new.html.erb
+++ b/app/views/sessions/new.html.erb
@@ -1,31 +1,37 @@
 <div class="mx-auto md:w-2/3 w-full">
-  <% if alert = flash[:alert] %>
+  <div class="mb-8">
-    <p class="py-2 px-3 bg-red-50 mb-5 text-red-500 font-medium rounded-lg inline-block" id="alert"><%= alert %></p>
+    <h1 class="font-bold text-4xl">Sign in to Clinch</h1>
-  <% end %>
+  </div>
-  <% if notice = flash[:notice] %>
+  <%= form_with url: signin_path, class: "contents" do |form| %>
    <p class="py-2 px-3 bg-green-50 mb-5 text-green-500 font-medium rounded-lg inline-block" id="notice"><%= notice %></p>
  <% end %>
  <h1 class="font-bold text-4xl">Sign in</h1>
  <%= form_with url: session_url, class: "contents" do |form| %>
    <div class="my-5">
-      <%= form.email_field :email_address, required: true, autofocus: true, autocomplete: "username", placeholder: "Enter your email address", value: params[:email_address], class: "block shadow-sm rounded-md border border-gray-400 focus:outline-blue-600 px-3 py-2 mt-2 w-full" %>
+      <%= form.label :email_address, "Email Address", class: "block font-medium text-sm text-gray-700" %>
      <%= form.email_field :email_address,
          required: true,
          autofocus: true,
          autocomplete: "username",
          placeholder: "your@email.com",
          value: params[:email_address],
          class: "block shadow-sm rounded-md border border-gray-400 focus:outline-blue-600 px-3 py-2 mt-2 w-full" %>
    </div>
    <div class="my-5">
-      <%= form.password_field :password, required: true, autocomplete: "current-password", placeholder: "Enter your password", maxlength: 72, class: "block shadow-sm rounded-md border border-gray-400 focus:outline-blue-600 px-3 py-2 mt-2 w-full" %>
+      <%= form.label :password, class: "block font-medium text-sm text-gray-700" %>
      <%= form.password_field :password,
          required: true,
          autocomplete: "current-password",
          placeholder: "Enter your password",
          maxlength: 72,
          class: "block shadow-sm rounded-md border border-gray-400 focus:outline-blue-600 px-3 py-2 mt-2 w-full" %>
    </div>
-    <div class="col-span-6 sm:flex sm:items-center sm:gap-4">
+    <div class="my-5">
-      <div class="inline">
+      <%= form.submit "Sign in",
-        <%= form.submit "Sign in", class: "w-full sm:w-auto text-center rounded-md px-3.5 py-2.5 bg-blue-600 hover:bg-blue-500 text-white inline-block font-medium cursor-pointer" %>
+          class: "w-full rounded-md px-3.5 py-2.5 bg-blue-600 hover:bg-blue-500 text-white font-medium cursor-pointer" %>
-      </div>
+    </div>
-      <div class="mt-4 text-sm text-gray-500 sm:mt-0">
+    <div class="mt-4 text-sm text-gray-600 text-center">
-        <%= link_to "Forgot password?", new_password_path, class: "text-gray-700 underline hover:no-underline" %>
+      <%= link_to "Forgot your password?", new_password_path, class: "text-blue-600 hover:text-blue-500 underline" %>
      </div>
    </div>
  <% end %>
 </div>
--- a/app/views/shared/_flash.html.erb
+++ b/app/views/shared/_flash.html.erb
@@ -0,0 +1,29 @@
 <% if flash[:alert] %>
  <div class="mb-4 rounded-lg bg-red-50 p-4" role="alert">
    <div class="flex">
      <div class="flex-shrink-0">
        <svg class="h-5 w-5 text-red-400" viewBox="0 0 20 20" fill="currentColor">
          <path fill-rule="evenodd" d="M10 18a8 8 0 100-16 8 8 0 000 16zM8.707 7.293a1 1 0 00-1.414 1.414L8.586 10l-1.293 1.293a1 1 0 101.414 1.414L10 11.414l1.293 1.293a1 1 0 001.414-1.414L11.414 10l1.293-1.293a1 1 0 00-1.414-1.414L10 8.586 8.707 7.293z" clip-rule="evenodd"/>
        </svg>
      </div>
      <div class="ml-3">
        <p class="text-sm font-medium text-red-800"><%= flash[:alert] %></p>
      </div>
    </div>
  </div>
 <% end %>
 <% if flash[:notice] %>
  <div class="mb-4 rounded-lg bg-green-50 p-4" role="alert">
    <div class="flex">
      <div class="flex-shrink-0">
        <svg class="h-5 w-5 text-green-400" viewBox="0 0 20 20" fill="currentColor">
          <path fill-rule="evenodd" d="M10 18a8 8 0 100-16 8 8 0 000 16zm3.707-9.293a1 1 0 00-1.414-1.414L9 10.586 7.707 9.293a1 1 0 00-1.414 1.414l2 2a1 1 0 001.414 0l4-4z" clip-rule="evenodd"/>
        </svg>
      </div>
      <div class="ml-3">
        <p class="text-sm font-medium text-green-800"><%= flash[:notice] %></p>
      </div>
    </div>
  </div>
 <% end %>
--- a/app/views/shared/_sidebar.html.erb
+++ b/app/views/shared/_sidebar.html.erb
@@ -0,0 +1,186 @@
 <% if authenticated? %>
  <%
    current_path = request.path
    user = Current.session.user
  %>
  <!-- Desktop sidebar -->
  <div class="hidden lg:fixed lg:inset-y-0 lg:z-50 lg:flex lg:w-64 lg:flex-col">
    <div class="flex grow flex-col gap-y-5 overflow-y-auto border-r border-gray-200 bg-white px-6 pb-4">
      <!-- Branding and User Info -->
      <div class="flex flex-col pt-5 pb-4 border-b border-gray-200">
        <div class="flex items-center">
          <h1 class="text-2xl font-bold text-gray-900">Clinch</h1>
        </div>
        <div class="mt-2">
          <p class="text-sm text-gray-600 truncate"><%= user.email_address %></p>
          <% if user.admin? %>
            <span class="inline-flex items-center rounded-full bg-blue-100 px-2 py-0.5 text-xs font-medium text-blue-800 mt-1">
              Administrator
            </span>
          <% end %>
        </div>
      </div>
      <nav class="flex flex-1 flex-col">
        <ul role="list" class="flex flex-1 flex-col gap-y-7">
          <li>
            <ul role="list" class="-mx-2 space-y-1">
              <!-- Dashboard -->
              <li>
                <%= link_to root_path, class: "group flex gap-x-3 rounded-md p-2 text-sm font-semibold leading-6 #{ current_path == '/' ? 'bg-gray-50 text-blue-600' : 'text-gray-700 hover:text-blue-600 hover:bg-gray-50' }" do %>
                  <svg class="h-6 w-6 shrink-0" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor">
                    <path stroke-linecap="round" stroke-linejoin="round" d="M2.25 12l8.954-8.955c.44-.439 1.152-.439 1.591 0L21.75 12M4.5 9.75v10.125c0 .621.504 1.125 1.125 1.125H9.75v-4.875c0-.621.504-1.125 1.125-1.125h2.25c.621 0 1.125.504 1.125 1.125V21h4.125c.621 0 1.125-.504 1.125-1.125V9.75M8.25 21h8.25" />
                  </svg>
                  Dashboard
                <% end %>
              </li>
              <% if user.admin? %>
                <!-- Admin: Users -->
                <li>
                  <%= link_to admin_users_path, class: "group flex gap-x-3 rounded-md p-2 text-sm font-semibold leading-6 #{ current_path.start_with?('/admin/users') ? 'bg-gray-50 text-blue-600' : 'text-gray-700 hover:text-blue-600 hover:bg-gray-50' }" do %>
                    <svg class="h-6 w-6 shrink-0" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor">
                      <path stroke-linecap="round" stroke-linejoin="round" d="M15 19.128a9.38 9.38 0 002.625.372 9.337 9.337 0 004.121-.952 4.125 4.125 0 00-7.533-2.493M15 19.128v-.003c0-1.113-.285-2.16-.786-3.07M15 19.128v.106A12.318 12.318 0 018.624 21c-2.331 0-4.512-.645-6.374-1.766l-.001-.109a6.375 6.375 0 0111.964-3.07M12 6.375a3.375 3.375 0 11-6.75 0 3.375 3.375 0 016.75 0zm8.25 2.25a2.625 2.625 0 11-5.25 0 2.625 2.625 0 015.25 0z" />
                    </svg>
                    Users
                  <% end %>
                </li>
                <!-- Admin: Applications -->
                <li>
                  <%= link_to admin_applications_path, class: "group flex gap-x-3 rounded-md p-2 text-sm font-semibold leading-6 #{ current_path.start_with?('/admin/applications') ? 'bg-gray-50 text-blue-600' : 'text-gray-700 hover:text-blue-600 hover:bg-gray-50' }" do %>
                    <svg class="h-6 w-6 shrink-0" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor">
                      <path stroke-linecap="round" stroke-linejoin="round" d="M3.75 6A2.25 2.25 0 016 3.75h2.25A2.25 2.25 0 0110.5 6v2.25a2.25 2.25 0 01-2.25 2.25H6a2.25 2.25 0 01-2.25-2.25V6zM3.75 15.75A2.25 2.25 0 016 13.5h2.25a2.25 2.25 0 012.25 2.25V18a2.25 2.25 0 01-2.25 2.25H6A2.25 2.25 0 013.75 18v-2.25zM13.5 6a2.25 2.25 0 012.25-2.25H18A2.25 2.25 0 0120.25 6v2.25A2.25 2.25 0 0118 10.5h-2.25a2.25 2.25 0 01-2.25-2.25V6zM13.5 15.75a2.25 2.25 0 012.25-2.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-2.25A2.25 2.25 0 0113.5 18v-2.25z" />
                    </svg>
                    Applications
                  <% end %>
                </li>
                <!-- Admin: Groups -->
                <li>
                  <%= link_to admin_groups_path, class: "group flex gap-x-3 rounded-md p-2 text-sm font-semibold leading-6 #{ current_path.start_with?('/admin/groups') ? 'bg-gray-50 text-blue-600' : 'text-gray-700 hover:text-blue-600 hover:bg-gray-50' }" do %>
                    <svg class="h-6 w-6 shrink-0" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor">
                      <path stroke-linecap="round" stroke-linejoin="round" d="M18 18.72a9.094 9.094 0 003.741-.479 3 3 0 00-4.682-2.72m.94 3.198l.001.031c0 .225-.012.447-.037.666A11.944 11.944 0 0112 21c-2.17 0-4.207-.576-5.963-1.584A6.062 6.062 0 016 18.719m12 0a5.971 5.971 0 00-.941-3.197m0 0A5.995 5.995 0 0012 12.75a5.995 5.995 0 00-5.058 2.772m0 0a3 3 0 00-4.681 2.72 8.986 8.986 0 003.74.477m.94-3.197a5.971 5.971 0 00-.94 3.197M15 6.75a3 3 0 11-6 0 3 3 0 016 0zm6 3a2.25 2.25 0 11-4.5 0 2.25 2.25 0 014.5 0zm-13.5 0a2.25 2.25 0 11-4.5 0 2.25 2.25 0 014.5 0z" />
                    </svg>
                    Groups
                  <% end %>
                </li>
              <% end %>
              <!-- Profile -->
              <li>
                <%= link_to profile_path, class: "group flex gap-x-3 rounded-md p-2 text-sm font-semibold leading-6 #{ current_path == '/profile' ? 'bg-gray-50 text-blue-600' : 'text-gray-700 hover:text-blue-600 hover:bg-gray-50' }" do %>
                  <svg class="h-6 w-6 shrink-0" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor">
                    <path stroke-linecap="round" stroke-linejoin="round" d="M17.982 18.725A7.488 7.488 0 0012 15.75a7.488 7.488 0 00-5.982 2.975m11.963 0a9 9 0 10-11.963 0m11.963 0A8.966 8.966 0 0112 21a8.966 8.966 0 01-5.982-2.275M15 9.75a3 3 0 11-6 0 3 3 0 016 0z" />
                  </svg>
                  Profile
                <% end %>
              </li>
              <!-- Sign Out -->
              <li>
                <%= link_to signout_path, data: { turbo_method: :delete }, class: "group flex gap-x-3 rounded-md p-2 text-sm font-semibold leading-6 text-red-600 hover:text-red-700 hover:bg-red-50" do %>
                  <svg class="h-6 w-6 shrink-0" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor">
                    <path stroke-linecap="round" stroke-linejoin="round" d="M15.75 9V5.25A2.25 2.25 0 0013.5 3h-6a2.25 2.25 0 00-2.25 2.25v13.5A2.25 2.25 0 007.5 21h6a2.25 2.25 0 002.25-2.25V15M12 9l-3 3m0 0l3 3m-3-3h12.75" />
                  </svg>
                  Sign Out
                <% end %>
              </li>
            </ul>
          </li>
        </ul>
      </nav>
    </div>
  </div>
  <!-- Mobile sidebar overlay -->
  <div class="relative z-50 lg:hidden hidden" id="mobile-sidebar-overlay">
    <div class="fixed inset-0 bg-gray-900/80"></div>
    <div class="fixed inset-0 flex">
      <div class="relative mr-16 flex w-full max-w-xs flex-1">
        <div class="absolute left-full top-0 flex w-16 justify-center pt-5">
          <button type="button" class="-m-2.5 p-2.5" id="mobile-menu-close">
            <span class="sr-only">Close sidebar</span>
            <svg class="h-6 w-6 text-white" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor">
              <path stroke-linecap="round" stroke-linejoin="round" d="M6 18L18 6M6 6l12 12" />
            </svg>
          </button>
        </div>
        <div class="flex grow flex-col gap-y-5 overflow-y-auto bg-white px-6 pb-2">
          <!-- Branding and User Info -->
          <div class="flex flex-col pt-5 pb-4 border-b border-gray-200">
            <div class="flex items-center">
              <h1 class="text-2xl font-bold text-gray-900">Clinch</h1>
            </div>
            <div class="mt-2">
              <p class="text-sm text-gray-600 truncate"><%= user.email_address %></p>
              <% if user.admin? %>
                <span class="inline-flex items-center rounded-full bg-blue-100 px-2 py-0.5 text-xs font-medium text-blue-800 mt-1">
                  Administrator
                </span>
              <% end %>
            </div>
          </div>
          <nav class="flex flex-1 flex-col">
            <!-- Same nav items as desktop -->
            <ul role="list" class="-mx-2 space-y-1">
              <li>
                <%= link_to root_path, class: "group flex gap-x-3 rounded-md p-2 text-sm font-semibold leading-6 text-gray-700 hover:text-blue-600 hover:bg-gray-50" do %>
                  <svg class="h-6 w-6 shrink-0" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor">
                    <path stroke-linecap="round" stroke-linejoin="round" d="M2.25 12l8.954-8.955c.44-.439 1.152-.439 1.591 0L21.75 12M4.5 9.75v10.125c0 .621.504 1.125 1.125 1.125H9.75v-4.875c0-.621.504-1.125 1.125-1.125h2.25c.621 0 1.125.504 1.125 1.125V21h4.125c.621 0 1.125-.504 1.125-1.125V9.75M8.25 21h8.25" />
                  </svg>
                  Dashboard
                <% end %>
              </li>
              <% if user.admin? %>
                <li>
                  <%= link_to admin_users_path, class: "group flex gap-x-3 rounded-md p-2 text-sm font-semibold leading-6 text-gray-700 hover:text-blue-600 hover:bg-gray-50" do %>
                    <svg class="h-6 w-6 shrink-0" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor">
                      <path stroke-linecap="round" stroke-linejoin="round" d="M15 19.128a9.38 9.38 0 002.625.372 9.337 9.337 0 004.121-.952 4.125 4.125 0 00-7.533-2.493M15 19.128v-.003c0-1.113-.285-2.16-.786-3.07M15 19.128v.106A12.318 12.318 0 018.624 21c-2.331 0-4.512-.645-6.374-1.766l-.001-.109a6.375 6.375 0 0111.964-3.07M12 6.375a3.375 3.375 0 11-6.75 0 3.375 3.375 0 016.75 0zm8.25 2.25a2.625 2.625 0 11-5.25 0 2.625 2.625 0 015.25 0z" />
                    </svg>
                    Users
                  <% end %>
                </li>
                <li>
                  <%= link_to admin_applications_path, class: "group flex gap-x-3 rounded-md p-2 text-sm font-semibold leading-6 text-gray-700 hover:text-blue-600 hover:bg-gray-50" do %>
                    <svg class="h-6 w-6 shrink-0" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor">
                      <path stroke-linecap="round" stroke-linejoin="round" d="M3.75 6A2.25 2.25 0 016 3.75h2.25A2.25 2.25 0 0110.5 6v2.25a2.25 2.25 0 01-2.25 2.25H6a2.25 2.25 0 01-2.25-2.25V6zM3.75 15.75A2.25 2.25 0 016 13.5h2.25a2.25 2.25 0 012.25 2.25V18a2.25 2.25 0 01-2.25 2.25H6A2.25 2.25 0 013.75 18v-2.25zM13.5 6a2.25 2.25 0 012.25-2.25H18A2.25 2.25 0 0120.25 6v2.25A2.25 2.25 0 0118 10.5h-2.25a2.25 2.25 0 01-2.25-2.25V6zM13.5 15.75a2.25 2.25 0 012.25-2.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-2.25A2.25 2.25 0 0113.5 18v-2.25z" />
                    </svg>
                    Applications
                  <% end %>
                </li>
                <li>
                  <%= link_to admin_groups_path, class: "group flex gap-x-3 rounded-md p-2 text-sm font-semibold leading-6 text-gray-700 hover:text-blue-600 hover:bg-gray-50" do %>
                    <svg class="h-6 w-6 shrink-0" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor">
                      <path stroke-linecap="round" stroke-linejoin="round" d="M18 18.72a9.094 9.094 0 003.741-.479 3 3 0 00-4.682-2.72m.94 3.198l.001.031c0 .225-.012.447-.037.666A11.944 11.944 0 0112 21c-2.17 0-4.207-.576-5.963-1.584A6.062 6.062 0 016 18.719m12 0a5.971 5.971 0 00-.941-3.197m0 0A5.995 5.995 0 0012 12.75a5.995 5.995 0 00-5.058 2.772m0 0a3 3 0 00-4.681 2.72 8.986 8.986 0 003.74.477m.94-3.197a5.971 5.971 0 00-.94 3.197M15 6.75a3 3 0 11-6 0 3 3 0 016 0zm6 3a2.25 2.25 0 11-4.5 0 2.25 2.25 0 014.5 0zm-13.5 0a2.25 2.25 0 11-4.5 0 2.25 2.25 0 014.5 0z" />
                    </svg>
                    Groups
                  <% end %>
                </li>
              <% end %>
              <li>
                <%= link_to profile_path, class: "group flex gap-x-3 rounded-md p-2 text-sm font-semibold leading-6 text-gray-700 hover:text-blue-600 hover:bg-gray-50" do %>
                  <svg class="h-6 w-6 shrink-0" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor">
                    <path stroke-linecap="round" stroke-linejoin="round" d="M17.982 18.725A7.488 7.488 0 0012 15.75a7.488 7.488 0 00-5.982 2.975m11.963 0a9 9 0 10-11.963 0m11.963 0A8.966 8.966 0 0112 21a8.966 8.966 0 01-5.982-2.275M15 9.75a3 3 0 11-6 0 3 3 0 016 0z" />
                  </svg>
                  Profile
                <% end %>
              </li>
              <li>
                <%= link_to signout_path, data: { turbo_method: :delete }, class: "group flex gap-x-3 rounded-md p-2 text-sm font-semibold leading-6 text-red-600 hover:text-red-700 hover:bg-red-50" do %>
                  <svg class="h-6 w-6 shrink-0" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor">
                    <path stroke-linecap="round" stroke-linejoin="round" d="M15.75 9V5.25A2.25 2.25 0 0013.5 3h-6a2.25 2.25 0 00-2.25 2.25v13.5A2.25 2.25 0 007.5 21h6a2.25 2.25 0 002.25-2.25V15M12 9l-3 3m0 0l3 3m-3-3h12.75" />
                  </svg>
                  Sign Out
                <% end %>
              </li>
            </ul>
          </nav>
        </div>
      </div>
    </div>
  </div>
 <% end %>
--- a/app/views/totp/backup_codes.html.erb
+++ b/app/views/totp/backup_codes.html.erb
@@ -0,0 +1,78 @@
 <div class="max-w-2xl mx-auto">
  <div class="mb-8">
    <h1 class="text-3xl font-bold text-gray-900">Backup Codes</h1>
    <p class="mt-2 text-sm text-gray-600">
      Save these backup codes in a safe place. Each code can only be used once.
    </p>
  </div>
  <div class="bg-white shadow sm:rounded-lg">
    <div class="px-4 py-5 sm:p-6">
      <div class="rounded-md bg-yellow-50 p-4 mb-6">
        <div class="flex">
          <svg class="h-5 w-5 text-yellow-400 mr-3 flex-shrink-0" viewBox="0 0 20 20" fill="currentColor">
            <path fill-rule="evenodd" d="M8.485 2.495c.673-1.167 2.357-1.167 3.03 0l6.28 10.875c.673 1.167-.17 2.625-1.516 2.625H3.72c-1.347 0-2.189-1.458-1.515-2.625L8.485 2.495zM10 5a.75.75 0 01.75.75v3.5a.75.75 0 01-1.5 0v-3.5A.75.75 0 0110 5zm0 9a1 1 0 100-2 1 1 0 000 2z" clip-rule="evenodd" />
          </svg>
          <div class="text-sm text-yellow-800">
            <p class="font-medium">Save these codes now!</p>
            <p class="mt-1">Store them somewhere safe. You won't be able to see them again without re-entering your password.</p>
          </div>
        </div>
      </div>
      <div class="grid grid-cols-2 gap-4 p-6 bg-gray-50 rounded-lg font-mono">
        <% @backup_codes.each do |code| %>
          <div class="text-center text-lg tracking-wider py-2 px-4 bg-white rounded border border-gray-200">
            <%= code %>
          </div>
        <% end %>
      </div>
      <div class="mt-6 flex gap-3">
        <button onclick="downloadBackupCodes()" class="inline-flex items-center rounded-md border border-gray-300 bg-white py-2 px-4 text-sm font-medium text-gray-700 shadow-sm hover:bg-gray-50 focus:outline-none focus:ring-2 focus:ring-blue-500 focus:ring-offset-2">
          <svg class="h-4 w-4 mr-2" fill="none" viewBox="0 0 24 24" stroke="currentColor">
            <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M4 16v1a3 3 0 003 3h10a3 3 0 003-3v-1m-4-4l-4 4m0 0l-4-4m4 4V4" />
          </svg>
          Download Codes
        </button>
        <button onclick="printBackupCodes()" class="inline-flex items-center rounded-md border border-gray-300 bg-white py-2 px-4 text-sm font-medium text-gray-700 shadow-sm hover:bg-gray-50 focus:outline-none focus:ring-2 focus:ring-blue-500 focus:ring-offset-2">
          <svg class="h-4 w-4 mr-2" fill="none" viewBox="0 0 24 24" stroke="currentColor">
            <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M17 17h2a2 2 0 002-2v-4a2 2 0 00-2-2H5a2 2 0 00-2 2v4a2 2 0 002 2h2m2 4h6a2 2 0 002-2v-4a2 2 0 00-2-2H9a2 2 0 00-2 2v4a2 2 0 002 2zm8-12V5a2 2 0 00-2-2H9a2 2 0 00-2 2v4h10z" />
          </svg>
          Print Codes
        </button>
      </div>
      <div class="mt-8">
        <%= link_to "Done", profile_path,
            class: "inline-flex justify-center rounded-md border border-transparent bg-blue-600 py-2 px-4 text-sm font-medium text-white shadow-sm hover:bg-blue-700 focus:outline-none focus:ring-2 focus:ring-blue-500 focus:ring-offset-2" %>
      </div>
    </div>
  </div>
 </div>
 <script>
  const backupCodes = <%= raw @backup_codes.to_json %>;
  function downloadBackupCodes() {
    const content = "Clinch Backup Codes\n" +
                    "===================\n\n" +
                    backupCodes.join("\n") +
                    "\n\nSave these codes in a secure location.";
    const blob = new Blob([content], { type: 'text/plain' });
    const url = window.URL.createObjectURL(blob);
    const a = document.createElement('a');
    a.href = url;
    a.download = 'clinch-backup-codes.txt';
    document.body.appendChild(a);
    a.click();
    document.body.removeChild(a);
    window.URL.revokeObjectURL(url);
  }
  function printBackupCodes() {
    window.print();
  }
 </script>
--- a/app/views/totp/new.html.erb
+++ b/app/views/totp/new.html.erb
@@ -0,0 +1,75 @@
 <div class="max-w-2xl mx-auto">
  <div class="mb-8">
    <h1 class="text-3xl font-bold text-gray-900">Enable Two-Factor Authentication</h1>
    <p class="mt-2 text-sm text-gray-600">
      Scan the QR code below with your authenticator app, then enter the verification code to confirm.
    </p>
  </div>
  <div class="bg-white shadow sm:rounded-lg">
    <div class="px-4 py-5 sm:p-6">
      <!-- Step 1: Scan QR Code -->
      <div class="mb-8">
        <h3 class="text-lg font-medium text-gray-900 mb-4">Step 1: Scan QR Code</h3>
        <div class="flex justify-center p-6 bg-gray-50 rounded-lg">
          <%= @qr_code.as_svg(
                module_size: 4,
                color: "000",
                shape_rendering: "crispEdges",
                standalone: true
              ).html_safe %>
        </div>
        <p class="mt-4 text-sm text-gray-600 text-center">
          Use an authenticator app like Google Authenticator, Authy, or 1Password to scan this code.
        </p>
      </div>
      <!-- Manual Entry Option -->
      <div class="mb-8 p-4 bg-blue-50 rounded-lg">
        <p class="text-sm font-medium text-blue-900 mb-2">Can't scan the QR code?</p>
        <p class="text-sm text-blue-800">Enter this key manually in your authenticator app:</p>
        <code class="mt-2 block p-2 bg-white rounded text-sm font-mono break-all"><%= @totp_secret %></code>
      </div>
      <!-- Step 2: Verify -->
      <div>
        <h3 class="text-lg font-medium text-gray-900 mb-4">Step 2: Verify</h3>
        <%= form_with url: totp_path, method: :post, class: "space-y-4" do |form| %>
          <%= hidden_field_tag :totp_secret, @totp_secret %>
          <div>
            <%= label_tag :code, "Verification Code", class: "block text-sm font-medium text-gray-700" %>
            <%= text_field_tag :code,
                nil,
                placeholder: "000000",
                maxlength: 6,
                required: true,
                autofocus: true,
                autocomplete: "off",
                class: "mt-1 block w-full rounded-md border-gray-300 shadow-sm focus:border-blue-500 focus:ring-blue-500 text-center text-2xl tracking-widest font-mono" %>
            <p class="mt-1 text-sm text-gray-500">Enter the 6-digit code from your authenticator app</p>
          </div>
          <div class="flex gap-3">
            <%= form.submit "Verify and Enable 2FA",
                class: "inline-flex justify-center rounded-md border border-transparent bg-blue-600 py-2 px-4 text-sm font-medium text-white shadow-sm hover:bg-blue-700 focus:outline-none focus:ring-2 focus:ring-blue-500 focus:ring-offset-2" %>
            <%= link_to "Cancel", profile_path,
                class: "inline-flex justify-center rounded-md border border-gray-300 bg-white py-2 px-4 text-sm font-medium text-gray-700 shadow-sm hover:bg-gray-50 focus:outline-none focus:ring-2 focus:ring-blue-500 focus:ring-offset-2" %>
          </div>
        <% end %>
      </div>
    </div>
  </div>
  <div class="mt-6 p-4 bg-yellow-50 rounded-lg">
    <div class="flex">
      <svg class="h-5 w-5 text-yellow-400 mr-3 flex-shrink-0" viewBox="0 0 20 20" fill="currentColor">
        <path fill-rule="evenodd" d="M8.485 2.495c.673-1.167 2.357-1.167 3.03 0l6.28 10.875c.673 1.167-.17 2.625-1.516 2.625H3.72c-1.347 0-2.189-1.458-1.515-2.625L8.485 2.495zM10 5a.75.75 0 01.75.75v3.5a.75.75 0 01-1.5 0v-3.5A.75.75 0 0110 5zm0 9a1 1 0 100-2 1 1 0 000 2z" clip-rule="evenodd" />
      </svg>
      <div class="text-sm text-yellow-800">
        <p class="font-medium">Important: Save your backup codes</p>
        <p class="mt-1">After verifying, you'll be shown backup codes. Save these in a safe place - they can be used to access your account if you lose your device.</p>
      </div>
    </div>
  </div>
 </div>
--- a/app/views/users/new.html.erb
+++ b/app/views/users/new.html.erb
@@ -0,0 +1,62 @@
 <div class="mx-auto md:w-2/3 w-full">
  <div class="mb-8">
    <h1 class="font-bold text-4xl">Welcome to Clinch</h1>
    <p class="mt-2 text-gray-600">Create your admin account to get started</p>
  </div>
  <%= form_with model: @user, url: signup_path, class: "contents" do |form| %>
    <% if @user.errors.any? %>
      <div class="bg-red-50 text-red-500 px-3 py-2 font-medium rounded-lg mt-3">
        <h2><%= pluralize(@user.errors.count, "error") %> prohibited this account from being saved:</h2>
        <ul class="list-disc list-inside">
          <% @user.errors.each do |error| %>
            <li><%= error.full_message %></li>
          <% end %>
        </ul>
      </div>
    <% end %>
    <div class="my-5">
      <%= form.label :email_address, class: "block font-medium text-sm text-gray-700" %>
      <%= form.email_field :email_address,
          required: true,
          autofocus: true,
          autocomplete: "email",
          placeholder: "admin@example.com",
          class: "block shadow-sm rounded-md border border-gray-400 focus:outline-blue-600 px-3 py-2 mt-2 w-full" %>
    </div>
    <div class="my-5">
      <%= form.label :password, class: "block font-medium text-sm text-gray-700" %>
      <%= form.password_field :password,
          required: true,
          autocomplete: "new-password",
          placeholder: "Enter a strong password",
          maxlength: 72,
          class: "block shadow-sm rounded-md border border-gray-400 focus:outline-blue-600 px-3 py-2 mt-2 w-full" %>
      <p class="mt-1 text-sm text-gray-500">Must be at least 8 characters</p>
    </div>
    <div class="my-5">
      <%= form.label :password_confirmation, "Confirm Password", class: "block font-medium text-sm text-gray-700" %>
      <%= form.password_field :password_confirmation,
          required: true,
          autocomplete: "new-password",
          placeholder: "Re-enter your password",
          maxlength: 72,
          class: "block shadow-sm rounded-md border border-gray-400 focus:outline-blue-600 px-3 py-2 mt-2 w-full" %>
    </div>
    <div class="my-5">
      <%= form.submit "Create Admin Account",
          class: "w-full rounded-md px-3.5 py-2.5 bg-blue-600 hover:bg-blue-500 text-white font-medium cursor-pointer" %>
    </div>
    <div class="mt-4 p-4 bg-blue-50 rounded-lg">
      <p class="text-sm text-blue-900">
        <strong>Note:</strong> This is a first-run setup. You're creating the initial administrator account.
        After this, you'll be able to invite other users from the admin dashboard.
      </p>
    </div>
  <% end %>
 </div>
--- a/config/cable.yml
+++ b/config/cable.yml
@@ -1,9 +1,11 @@
-# Async adapter only works within the same process, so for manually triggering cable updates from a console,
+# Using Solid Cable for development (same as production).
 # and seeing results in the browser, you must do so from the web console (running inside the dev process),
 # not a terminal started via bin/rails console! Add "console" to any action or any ERB template view
 # to make the web console appear.
 development:
-  adapter: async
+  adapter: solid_cable
  connects_to:
    database:
      writing: cable
  polling_interval: 0.1.seconds
  message_retention: 1.day
 test:
  adapter: test
--- a/config/cache.yml
+++ b/config/cache.yml
@@ -6,6 +6,7 @@ default: &default
    namespace: <%= Rails.env %>
 development:
  database: cache
  <<: *default
 test:
--- a/config/database.yml
+++ b/config/database.yml
@@ -10,8 +10,21 @@ default: &default
  timeout: 5000
 development:
-  <<: *default
+  primary:
-  database: storage/development.sqlite3
+    <<: *default
    database: storage/development.sqlite3
  cache:
    <<: *default
    database: storage/development_cache.sqlite3
    migrations_paths: db/cache_migrate
  queue:
    <<: *default
    database: storage/development_queue.sqlite3
    migrations_paths: db/queue_migrate
  cable:
    <<: *default
    database: storage/development_cable.sqlite3
    migrations_paths: db/cable_migrate
 # Warning: The database defined as "test" will be erased and
 # re-generated from your development database when you run "rake".
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@@ -25,8 +25,8 @@ Rails.application.configure do
    config.action_controller.perform_caching = false
  end
-  # Change to :null_store to avoid any caching.
+  # Use Solid Cache for development (same as production).
-  config.cache_store = :memory_store
+  config.cache_store = :solid_cache_store
  # Store uploaded files on the local file system (see config/storage.yml for options).
  config.active_storage.service = :local
@@ -40,6 +40,9 @@ Rails.application.configure do
  # Set localhost to be used by links generated in mailer templates.
  config.action_mailer.default_url_options = { host: "localhost", port: 3000 }
  # Log with request_id as a tag (same as production).
  config.log_tags = [ :request_id ]
  # Print deprecation notices to the Rails logger.
  config.active_support.deprecation = :log
@@ -55,6 +58,11 @@ Rails.application.configure do
  # Highlight code that enqueued background job in logs.
  config.active_job.verbose_enqueue_logs = true
  # Use Solid Queue for background jobs (same as production).
  config.active_job.queue_adapter = :solid_queue
  config.solid_queue.connects_to = { database: { writing: :queue } }
  # Highlight code that triggered redirect in logs.
  config.action_dispatch.verbose_redirect_logs = true
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -1,16 +1,46 @@
 Rails.application.routes.draw do
  resource :session
  resources :passwords, param: :token
  mount ActionCable.server => "/cable"
  # Define your application routes per the DSL in https://guides.rubyonrails.org/routing.html
  # Reveal health status on /up that returns 200 if the app boots with no exceptions, otherwise 500.
  # Can be used by load balancers and uptime monitors to verify that the app is live.
  get "up" => "rails/health#show", as: :rails_health_check
  # Authentication routes
  get "/signup", to: "users#new", as: :signup
  post "/signup", to: "users#create"
  get "/signin", to: "sessions#new", as: :signin
  post "/signin", to: "sessions#create"
  delete "/signout", to: "sessions#destroy", as: :signout
  # Authenticated routes
  root "dashboard#index"
  resource :profile, only: [:show, :update]
  resources :sessions, only: [] do
    member do
      delete :destroy, action: :destroy_other
    end
  end
  # TOTP (2FA) routes
  get '/totp/new', to: 'totp#new', as: :new_totp
  post '/totp', to: 'totp#create', as: :totp
  delete '/totp', to: 'totp#destroy'
  get '/totp/backup_codes', to: 'totp#backup_codes', as: :backup_codes_totp
  post '/totp/verify_password', to: 'totp#verify_password', as: :verify_password_totp
  # Admin routes
  namespace :admin do
    root "dashboard#index"
    resources :users
    resources :applications
    resources :groups
  end
  # Render dynamic PWA files from app/views/pwa/* (remember to link manifest in application.html.erb)
  # get "manifest" => "rails/pwa#manifest", as: :pwa_manifest
  # get "service-worker" => "rails/pwa#service_worker", as: :pwa_service_worker
  # Defines the root path route ("/")
  # root "posts#index"
 end
--- a/db/cable_schema.rb
+++ b/db/cable_schema.rb
@@ -1,9 +1,21 @@
-ActiveRecord::Schema[7.1].define(version: 1) do
+# This file is auto-generated from the current state of the database. Instead
 # of editing this file, please use the migrations feature of Active Record to
 # incrementally modify your database, and then regenerate this schema definition.
 #
 # This file is the source Rails uses to define your schema when running `bin/rails
 # db:schema:load`. When creating a new database, `bin/rails db:schema:load` tends to
 # be faster and is potentially less error prone than running all of your
 # migrations from scratch. Old migrations may fail to apply correctly if those
 # migrations use external dependencies or application code.
 #
 # It's strongly recommended that you check this file into your version control system.
 ActiveRecord::Schema[8.1].define(version: 1) do
  create_table "solid_cable_messages", force: :cascade do |t|
    t.binary "channel", limit: 1024, null: false
    t.binary "payload", limit: 536870912, null: false
    t.datetime "created_at", null: false
    t.integer "channel_hash", limit: 8, null: false
    t.datetime "created_at", null: false
    t.binary "payload", limit: 536870912, null: false
    t.index ["channel"], name: "index_solid_cable_messages_on_channel"
    t.index ["channel_hash"], name: "index_solid_cable_messages_on_channel_hash"
    t.index ["created_at"], name: "index_solid_cable_messages_on_created_at"
--- a/db/cache_schema.rb
+++ b/db/cache_schema.rb
@@ -1,12 +1,22 @@
-# frozen_string_literal: true
+# This file is auto-generated from the current state of the database. Instead
 # of editing this file, please use the migrations feature of Active Record to
 # incrementally modify your database, and then regenerate this schema definition.
 #
 # This file is the source Rails uses to define your schema when running `bin/rails
 # db:schema:load`. When creating a new database, `bin/rails db:schema:load` tends to
 # be faster and is potentially less error prone than running all of your
 # migrations from scratch. Old migrations may fail to apply correctly if those
 # migrations use external dependencies or application code.
 #
 # It's strongly recommended that you check this file into your version control system.
-ActiveRecord::Schema[7.2].define(version: 1) do
+ActiveRecord::Schema[8.1].define(version: 1) do
  create_table "solid_cache_entries", force: :cascade do |t|
    t.binary "key", limit: 1024, null: false
    t.binary "value", limit: 536870912, null: false
    t.datetime "created_at", null: false
    t.integer "key_hash", limit: 8, null: false
    t.integer "byte_size", limit: 4, null: false
    t.datetime "created_at", null: false
    t.binary "key", limit: 1024, null: false
    t.integer "key_hash", limit: 8, null: false
    t.binary "value", limit: 536870912, null: false
    t.index ["byte_size"], name: "index_solid_cache_entries_on_byte_size"
    t.index ["key_hash", "byte_size"], name: "index_solid_cache_entries_on_key_hash_and_byte_size"
    t.index ["key_hash"], name: "index_solid_cache_entries_on_key_hash", unique: true
--- a/db/queue_schema.rb
+++ b/db/queue_schema.rb
@@ -1,123 +1,135 @@
-ActiveRecord::Schema[7.1].define(version: 1) do
+# This file is auto-generated from the current state of the database. Instead
 # of editing this file, please use the migrations feature of Active Record to
 # incrementally modify your database, and then regenerate this schema definition.
 #
 # This file is the source Rails uses to define your schema when running `bin/rails
 # db:schema:load`. When creating a new database, `bin/rails db:schema:load` tends to
 # be faster and is potentially less error prone than running all of your
 # migrations from scratch. Old migrations may fail to apply correctly if those
 # migrations use external dependencies or application code.
 #
 # It's strongly recommended that you check this file into your version control system.
 ActiveRecord::Schema[8.1].define(version: 1) do
  create_table "solid_queue_blocked_executions", force: :cascade do |t|
    t.bigint "job_id", null: false
    t.string "queue_name", null: false
    t.integer "priority", default: 0, null: false
    t.string "concurrency_key", null: false
    t.datetime "expires_at", null: false
    t.datetime "created_at", null: false
-    t.index [ "concurrency_key", "priority", "job_id" ], name: "index_solid_queue_blocked_executions_for_release"
+    t.datetime "expires_at", null: false
-    t.index [ "expires_at", "concurrency_key" ], name: "index_solid_queue_blocked_executions_for_maintenance"
+    t.bigint "job_id", null: false
-    t.index [ "job_id" ], name: "index_solid_queue_blocked_executions_on_job_id", unique: true
+    t.integer "priority", default: 0, null: false
    t.string "queue_name", null: false
    t.index ["concurrency_key", "priority", "job_id"], name: "index_solid_queue_blocked_executions_for_release"
    t.index ["expires_at", "concurrency_key"], name: "index_solid_queue_blocked_executions_for_maintenance"
    t.index ["job_id"], name: "index_solid_queue_blocked_executions_on_job_id", unique: true
  end
  create_table "solid_queue_claimed_executions", force: :cascade do |t|
    t.datetime "created_at", null: false
    t.bigint "job_id", null: false
    t.bigint "process_id"
-    t.datetime "created_at", null: false
+    t.index ["job_id"], name: "index_solid_queue_claimed_executions_on_job_id", unique: true
-    t.index [ "job_id" ], name: "index_solid_queue_claimed_executions_on_job_id", unique: true
+    t.index ["process_id", "job_id"], name: "index_solid_queue_claimed_executions_on_process_id_and_job_id"
    t.index [ "process_id", "job_id" ], name: "index_solid_queue_claimed_executions_on_process_id_and_job_id"
  end
  create_table "solid_queue_failed_executions", force: :cascade do |t|
    t.bigint "job_id", null: false
    t.text "error"
    t.datetime "created_at", null: false
-    t.index [ "job_id" ], name: "index_solid_queue_failed_executions_on_job_id", unique: true
+    t.text "error"
    t.bigint "job_id", null: false
    t.index ["job_id"], name: "index_solid_queue_failed_executions_on_job_id", unique: true
  end
  create_table "solid_queue_jobs", force: :cascade do |t|
    t.string "queue_name", null: false
    t.string "class_name", null: false
    t.text "arguments"
    t.integer "priority", default: 0, null: false
    t.string "active_job_id"
-    t.datetime "scheduled_at"
+    t.text "arguments"
-    t.datetime "finished_at"
+    t.string "class_name", null: false
    t.string "concurrency_key"
    t.datetime "created_at", null: false
    t.datetime "finished_at"
    t.integer "priority", default: 0, null: false
    t.string "queue_name", null: false
    t.datetime "scheduled_at"
    t.datetime "updated_at", null: false
-    t.index [ "active_job_id" ], name: "index_solid_queue_jobs_on_active_job_id"
+    t.index ["active_job_id"], name: "index_solid_queue_jobs_on_active_job_id"
-    t.index [ "class_name" ], name: "index_solid_queue_jobs_on_class_name"
+    t.index ["class_name"], name: "index_solid_queue_jobs_on_class_name"
-    t.index [ "finished_at" ], name: "index_solid_queue_jobs_on_finished_at"
+    t.index ["finished_at"], name: "index_solid_queue_jobs_on_finished_at"
-    t.index [ "queue_name", "finished_at" ], name: "index_solid_queue_jobs_for_filtering"
+    t.index ["queue_name", "finished_at"], name: "index_solid_queue_jobs_for_filtering"
-    t.index [ "scheduled_at", "finished_at" ], name: "index_solid_queue_jobs_for_alerting"
+    t.index ["scheduled_at", "finished_at"], name: "index_solid_queue_jobs_for_alerting"
  end
  create_table "solid_queue_pauses", force: :cascade do |t|
    t.string "queue_name", null: false
    t.datetime "created_at", null: false
-    t.index [ "queue_name" ], name: "index_solid_queue_pauses_on_queue_name", unique: true
+    t.string "queue_name", null: false
    t.index ["queue_name"], name: "index_solid_queue_pauses_on_queue_name", unique: true
  end
  create_table "solid_queue_processes", force: :cascade do |t|
    t.datetime "created_at", null: false
    t.string "hostname"
    t.string "kind", null: false
    t.datetime "last_heartbeat_at", null: false
    t.bigint "supervisor_id"
    t.integer "pid", null: false
    t.string "hostname"
    t.text "metadata"
    t.datetime "created_at", null: false
    t.string "name", null: false
-    t.index [ "last_heartbeat_at" ], name: "index_solid_queue_processes_on_last_heartbeat_at"
+    t.integer "pid", null: false
-    t.index [ "name", "supervisor_id" ], name: "index_solid_queue_processes_on_name_and_supervisor_id", unique: true
+    t.bigint "supervisor_id"
-    t.index [ "supervisor_id" ], name: "index_solid_queue_processes_on_supervisor_id"
+    t.index ["last_heartbeat_at"], name: "index_solid_queue_processes_on_last_heartbeat_at"
    t.index ["name", "supervisor_id"], name: "index_solid_queue_processes_on_name_and_supervisor_id", unique: true
    t.index ["supervisor_id"], name: "index_solid_queue_processes_on_supervisor_id"
  end
  create_table "solid_queue_ready_executions", force: :cascade do |t|
    t.bigint "job_id", null: false
    t.string "queue_name", null: false
    t.integer "priority", default: 0, null: false
    t.datetime "created_at", null: false
-    t.index [ "job_id" ], name: "index_solid_queue_ready_executions_on_job_id", unique: true
+    t.bigint "job_id", null: false
-    t.index [ "priority", "job_id" ], name: "index_solid_queue_poll_all"
+    t.integer "priority", default: 0, null: false
-    t.index [ "queue_name", "priority", "job_id" ], name: "index_solid_queue_poll_by_queue"
+    t.string "queue_name", null: false
    t.index ["job_id"], name: "index_solid_queue_ready_executions_on_job_id", unique: true
    t.index ["priority", "job_id"], name: "index_solid_queue_poll_all"
    t.index ["queue_name", "priority", "job_id"], name: "index_solid_queue_poll_by_queue"
  end
  create_table "solid_queue_recurring_executions", force: :cascade do |t|
    t.bigint "job_id", null: false
    t.string "task_key", null: false
    t.datetime "run_at", null: false
    t.datetime "created_at", null: false
-    t.index [ "job_id" ], name: "index_solid_queue_recurring_executions_on_job_id", unique: true
+    t.bigint "job_id", null: false
-    t.index [ "task_key", "run_at" ], name: "index_solid_queue_recurring_executions_on_task_key_and_run_at", unique: true
+    t.datetime "run_at", null: false
    t.string "task_key", null: false
    t.index ["job_id"], name: "index_solid_queue_recurring_executions_on_job_id", unique: true
    t.index ["task_key", "run_at"], name: "index_solid_queue_recurring_executions_on_task_key_and_run_at", unique: true
  end
  create_table "solid_queue_recurring_tasks", force: :cascade do |t|
    t.string "key", null: false
    t.string "schedule", null: false
    t.string "command", limit: 2048
    t.string "class_name"
    t.text "arguments"
-    t.string "queue_name"
+    t.string "class_name"
-    t.integer "priority", default: 0
+    t.string "command", limit: 2048
    t.boolean "static", default: true, null: false
    t.text "description"
    t.datetime "created_at", null: false
    t.text "description"
    t.string "key", null: false
    t.integer "priority", default: 0
    t.string "queue_name"
    t.string "schedule", null: false
    t.boolean "static", default: true, null: false
    t.datetime "updated_at", null: false
-    t.index [ "key" ], name: "index_solid_queue_recurring_tasks_on_key", unique: true
+    t.index ["key"], name: "index_solid_queue_recurring_tasks_on_key", unique: true
-    t.index [ "static" ], name: "index_solid_queue_recurring_tasks_on_static"
+    t.index ["static"], name: "index_solid_queue_recurring_tasks_on_static"
  end
  create_table "solid_queue_scheduled_executions", force: :cascade do |t|
    t.bigint "job_id", null: false
    t.string "queue_name", null: false
    t.integer "priority", default: 0, null: false
    t.datetime "scheduled_at", null: false
    t.datetime "created_at", null: false
-    t.index [ "job_id" ], name: "index_solid_queue_scheduled_executions_on_job_id", unique: true
+    t.bigint "job_id", null: false
-    t.index [ "scheduled_at", "priority", "job_id" ], name: "index_solid_queue_dispatch_all"
+    t.integer "priority", default: 0, null: false
    t.string "queue_name", null: false
    t.datetime "scheduled_at", null: false
    t.index ["job_id"], name: "index_solid_queue_scheduled_executions_on_job_id", unique: true
    t.index ["scheduled_at", "priority", "job_id"], name: "index_solid_queue_dispatch_all"
  end
  create_table "solid_queue_semaphores", force: :cascade do |t|
    t.string "key", null: false
    t.integer "value", default: 1, null: false
    t.datetime "expires_at", null: false
    t.datetime "created_at", null: false
    t.datetime "expires_at", null: false
    t.string "key", null: false
    t.datetime "updated_at", null: false
-    t.index [ "expires_at" ], name: "index_solid_queue_semaphores_on_expires_at"
+    t.integer "value", default: 1, null: false
-    t.index [ "key", "value" ], name: "index_solid_queue_semaphores_on_key_and_value"
+    t.index ["expires_at"], name: "index_solid_queue_semaphores_on_expires_at"
-    t.index [ "key" ], name: "index_solid_queue_semaphores_on_key", unique: true
+    t.index ["key", "value"], name: "index_solid_queue_semaphores_on_key_and_value"
    t.index ["key"], name: "index_solid_queue_semaphores_on_key", unique: true
  end
  add_foreign_key "solid_queue_blocked_executions", "solid_queue_jobs", column: "job_id", on_delete: :cascade
`@@ -1,2 +1,2 @@`
	`web: bin/rails server`	`web: bin/rails server -b 0.0.0.0 -p 3035`
	`css: bin/rails tailwindcss:watch`	`css: bin/rails tailwindcss:watch`